pwndbg (/pa\u028an\u02c8di\u02ccb\u028c\u0261/) is a GDB and LLDB plug-in that makes debugging suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers. It has a boatload of features, see our Features page and CHEATSHEET (feel free to print it!). If you have any questions you may read the documentation or asks us in our Discord server.
"},{"location":"#why","title":"Why?","text":"Vanilla GDB and LLDB are terrible to use for reverse engineering and exploit development. Typing x/30gx $rsp or navigating cumbersome LLDB commands is not fun and often provides minimal information. The year is 2025, and core debuggers still lack many user-friendly features such as a robust hexdump command. WinDbg users are completely lost when they occasionally need to bump into GDB or LLDB.
Pwndbg is a Python module which can be loaded into GDB or run as a REPL interface for LLDB. It provides a suite of utilities and enhancements that fill the gaps left by these debuggers, smoothing out rough edges and making them more user-friendly.
"},{"location":"#installation","title":"Installation","text":"See installation instructions.
"},{"location":"#what-about","title":"What about ...?","text":"Many past (gdbinit, PEDA) and present projects (GEF, bata24/GEF) offer great features, but are hard to extend and are packaged as large single files (103KB, 195KB, 423KB, 4.12MB). Pwndbg aims to replace them with a faster, cleaner, and more robust implementation.
"},{"location":"#when-to-use-gdb-or-lldb","title":"When to Use GDB or LLDB?","text":"Pwndbg supports both GDB and LLDB, and each debugger has its own strengths. Here's a quick guide to help you decide which one to use:
Use Case Supported Debugger Debugging Linux binaries or ELF files GDB, LLDB Debugging Mach-O binaries on macOS LLDB Linux kernel debugging (qemu-system) GDB, LLDB Linux user-space emulation (qemu-user) GDB Embedded debugging (ARM Cortex M* or RISC-V/32) GDB, LLDB Pwndbg ensures a consistent experience across both, so switching between them is seamless.
The LLDB implementation in pwndbg is still in early-stage and may contain bugs or limitations. Known issues are tracked in GitHub Issues.
If you encounter any problems, feel free to report them or discuss on our Discord server.
"},{"location":"#compatibility-table","title":"Compatibility Table","text":"Feature Supported Version Notes pwndbg-gdb - Python 3.10+ - GDB 12.1+ Battle-tested on Ubuntu 22.04/24.04 pwndbg-lldb - Python 3.12+ - LLDB 19+ Experimental/early-stage support qemu-user QEMU 8.1+ vFile API is needed for vmmap qemu-system QEMU 6.2+ Supported version since ubuntu 22.04"},{"location":"#contributing","title":"Contributing","text":"Pull requests are welcome \u2764\ufe0f. Check out the Contributing Guide.
"},{"location":"#acknowledgements","title":"Acknowledgements","text":"Pwndbg was originally created by Zach Riggle, who is no longer with us. We want to thank Zach for all of his contributions to pwndbg and the wider security community.
"},{"location":"features/","title":"Features","text":""},{"location":"features/#features","title":"Features","text":"Pwndbg has a great deal of useful features. You can a see all available commands at any time by typing the pwndbg command or by checking the Commands section of the documentation. For configuration and theming see the Configuration section. Below is a subset of commands which are easy to capture in screenshots.
"},{"location":"features/#disassembly-and-emulation","title":"Disassembly and Emulation","text":"Pwndbg leverages the capstone and unicorn engines, along with its own instrospection, to display, annotate and emulate instructions.
Operands of instructions are resolved, conditions evaluated, and only the instructions that will actually be executed are shown.
This is incredibly useful when stepping through jump tables, PLT entries, and ROPping.
"},{"location":"features/#context","title":"Context","text":"A useful summary of the current execution context is printed every time the debugger stops (e.g. breakpoint or single-step), displaying all registers, the stack, call frames, disassembly, and additionally recursively dereferencing all pointers. All memory addresses are color-coded to the type of memory they represent.
A history of previous context output is kept which can be accessed using the contextprev and contextnext commands.
"},{"location":"features/#arguments","title":"Arguments","text":"All function call sites are annotated with the arguments to those functions. This works best with debugging symbols, but also works in the most common case where an imported function (e.g. libc function via GOT or PLT) is used.
"},{"location":"features/#splitting-layouting-context","title":"Splitting / Layouting Context","text":"The context sections can be distributed among different tty by using the contextoutput command. Thus, if you want to make better use of some of the empty space in the default Pwndbg output, you can split the panes in your terminal and redirect the various contexts among them.
See Splitting the Context for more information.
"},{"location":"features/#gdb-tui","title":"GDB TUI","text":"The context sections are available as native GDB TUI windows named pwndbg_[sectionname]. There are some predefined layouts coming with Pwndbg which you can select using layout pwndbg or layout pwndbg_code.
See GDB TUI for more information.
"},{"location":"features/#watch-expressions","title":"Watch Expressions","text":"You can add expressions to be watched by the context. Those expressions are evaluated and shown on every context refresh. For instance by doing contextwatch execute \"info args\" we can see the arguments of every function we are in (here we are in mmap):
See contextwatch for more information.
"},{"location":"features/#integrations","title":"Integrations","text":""},{"location":"features/#ghidra","title":"Ghidra","text":"With the help of radare2 or rizin it is possible to show the decompiled source code of the ghidra decompiler.
See Ghidra Integration for more information.
"},{"location":"features/#ida-probinary-ninja","title":"IDA Pro/Binary Ninja","text":"Pwndbg is capable of integrating with IDA Pro or Binary Ninja by installing an XMLRPC server in the decompiler as a plugin, and then querying it for information.
This allows extraction of comments, decompiled lines of source, breakpoints, symbols, and synchronized debugging (single-steps update the cursor in the decompiler).
See Binary Ninja Integration or IDA Integration for setup information.
"},{"location":"features/#heap-inspection","title":"Heap Inspection","text":"Pwndbg provides commands for inspecting the heap and the allocator's state. Currently supported are:
- glibc malloc
- jemalloc
- linux's buddy allocator
- linux's SLUB allocator
See some of the commands for glibc malloc:
"},{"location":"features/#lldb","title":"LLDB","text":"While most other GDB plugins are well GDB plugins, Pwndbg's implementation is debugger-agnostic. You can use Pwndbg with LLDB!
"},{"location":"features/#windbg-compatibility","title":"WinDbg Compatibility","text":"For those coming from a Windows background, Pwndbg has a complete WinDbg compatibility layer. You can dd, dps, eq, and even eb $rip 90 to your heart's content.
"},{"location":"features/#go-debugging","title":"Go Debugging","text":"Pwndbg has support for dumping complex Go values like maps and slices, including automatically parsing out type layouts in certain cases.
See the Go debugging guide for more information.
"},{"location":"features/#so-many-commands","title":"So many commands","text":"Go take a look at Commands! Here is some cool stuff you can do to get you started.
"},{"location":"features/#process-state-inspection","title":"Process State Inspection","text":"Use the procinfo command in order to inspect the current process state, like UID, GID, Groups, SELinux context, and open file descriptors! Pwndbg works particularly well with remote GDB debugging like with Android phones.
"},{"location":"features/#rop-gadgets","title":"ROP Gadgets","text":"Tools for finding rop gadgets statically don't know about everything that will be loaded into the address space and they can make mistakes about which addresses will actually end up executable. You can now rop at runtime with Pwndbg's rop and ropper.
"},{"location":"features/#search","title":"Search","text":"Pwndbg makes searching the target memory space easy, with a complete and easy-to-use interface. Whether you're searching for bytes, strings, or various sizes of integer values or pointers, it's a simple command away.
"},{"location":"features/#finding-leaks","title":"Finding Leaks","text":"Finding leak chains can be done using the leakfind and probeleak commands. They recursively inspect address ranges for pointers, and report on all pointers found.
"},{"location":"features/#telescope","title":"Telescope","text":"Inspecting memory dumps is easy with the telescope command. It recursively dereferences a range of memory, letting you see everything at once. As an added bonus, Pwndbg checks all of the available registers to see if they point into the memory range.
"},{"location":"features/#virtual-memory-maps","title":"Virtual Memory Maps","text":"Pwndbg enhances the standard memory map listing and allows easy searching with vmmap.
"},{"location":"features/#tracking-glibc-heap-allocations","title":"Tracking glibc heap allocations","text":"It can be very useful to see allocations happening in real time. It can give us a good idea of what the allocation pattern of a program looks like, and allows us to make informed decisions on how to optimize or attack it. The track-heap command does just that.
"},{"location":"features/#tracking-the-got","title":"Tracking the GOT","text":"The Procedure Linkage Table (PLT) and Global Offset Table (GOT) are very interesting exploitation targets since they contain many often-accessed function pointers. You can track how your program goes through the GOT using the track-got command.
"},{"location":"features/#attach-to-a-process-by-name","title":"Attach to a process by name","text":"The days of running pidof in a different terminal are over. Use attachp to attach to any process by name, pid, arguments or device file!
"},{"location":"setup/","title":"Setup","text":"There are multiple ways to install Pwndbg, depending on whether you want to use it with GDB, with LLDB, use a portable release, or install it from source.
"},{"location":"setup/#installing-pwndbg-gdb","title":"Installing pwndbg-gdb","text":"Install via curl/sh (Linux/macOS)
curl -qsL 'https://install.pwndbg.re' | sh -s -- -t pwndbg-gdb\n
Install via Homebrew (macOS) brew install pwndbg/tap/pwndbg-gdb\n
Install via the Nix package manager (Linux/macOS) nix shell github:pwndbg/pwndbg\n
"},{"location":"setup/#through-package-manager","title":"Through package manager","text":"When installing with GDB, you may also download a package to install through your package manager of choice. Download the package from the releases page and pick the appropriate download from the second table.
RPM-based Systems (CentOS/Alma/Rocky/RHEL):
dnf install ./pwndbg-2025.05.30.x86_64.rpm\n
DEB-based Systems (Debian/Ubuntu/Kali): apt install ./pwndbg_2025.05.30_amd64.deb\n
Alpine: apk add --allow-untrusted ./pwndbg_2025.05.30_x86_64.apk\n
Arch Linux: pacman -U ./pwndbg-2025.05.30-1-x86_64.pkg.tar.zst\n
"},{"location":"setup/#installing-pwndbg-lldb","title":"Installing pwndbg-lldb","text":"These installation methods provide the
pwndbg-lldb ./your-binary\n
command. Install via curl/sh (Linux/macOS)
curl -qsL 'https://install.pwndbg.re' | sh -s -- -t pwndbg-lldb\n
Install via Homebrew (macOS) brew install pwndbg/tap/pwndbg-lldb\n
Install via the Nix package manager (Linux/macOS): nix shell github:pwndbg/pwndbg#pwndbg-lldb\n
"},{"location":"setup/#download-the-portable-version","title":"Download the Portable Version","text":"You can download a portable release on the Pwndbg releases page. There are seperate releases for GDB and LLDB. Use the first table to pick the appropriate download for your system architecture. You can then unpack the archive with:
tar -v -xf <archive-name>\n
And run Pwndbg with ./pwndbg/bin/pwndbg\n
or ./pwndbg/bin/pwndbg-lldb\n
depending on which version you installed. You may add the appropriate file to your shell's PATH."},{"location":"setup/#installing-from-source","title":"Installing from source","text":"See contributing/Installing Pwndbg from source, you do not need the \"The development environment\" section.
"},{"location":"blog/","title":"Blog","text":""},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/","title":"Pwndbg coding sprints report","text":"(originally posted on https://disconnect3d.pl/2022/08/21/pwndbg-coding-sprints/)
This blog post is a report of the two coding sprints for the Pwndbg project that I organized first on the EuroPython 2022 conference and then, taking inspiration from the previous one, in the Hackerspace Krak\u00f3w, located in Cracow, Poland.
PS: If you are only looking for a list of things done, scroll down!
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#where-i-got-the-idea-for-sprints","title":"Where I got the idea for sprints?","text":"I have recently attended the EuroPython 2022 conference and I enjoyed the \u201csprints\u201d there. In short, a sprint is a semi-organized event, where anyone can announce a project they will be working on and others can join them. This helps both the projects and the event participants to learn about the project and to make first-time contributions. At the EuroPython conference, there were 16 officially announced projects, but I know that even more projects were being worked on in practice. Of course, other communities or conferences also do this (e.g. NixCon).
At the EuroPython conference, I announced my own sprint to work on the Pwndbg project that I maintain. Having no expectations, I felt excited when four people showed up to learn something new and hack together on the project. Later, taking inspiration from it, I organized another sprint, this time in Cracow in the local Hackerspace with even a bigger response. Below, you can read a small report on the two sprints that have happened.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#my-general-idea-for-a-pwndbg-sprint","title":"My general idea for a Pwndbg sprint","text":"Pwndbg is written in Python, so on one hand is easy to hack on, but on the other hand it is a plugin for GDB, a console debugger for native programs (e.g. ones written in C, C++, Go or Rust). The general idea of Pwndbg is to alleviate the pain points of working with and improve the UX of GDB when debugging assembly code, reverse engineering a binary or during exploit development.
Since not everyone is familiar with debuggers or the underlyings of programs execution (e.g. assembly code, CPU registers or stack or heap memory) I knew that I had to make some introduction to those concepts and if possible, prepare a list of simple tasks, so that people can get familiar with the codebase and the tool and contribute something.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#europython-2022-sprint","title":"EuroPython 2022 sprint","text":"On the first sprint, four people showed up, mostly having no prior experience with the topic. We started with an introduction to what GDB and Pwndbg are and why and when they are useful.
For this, I took a small C program that had a buffer overflow bug:
#include <stdio.h>\n#include <string.h>\n\nint main(int argc, char* argv[]) {\n char name[16] = {0};\n\n // NOTE: We copy the `argv[1]` string which may be of arbitrary length\n // into the `name` buffer which is only of 16-bytes long. Thus, we can\n // overwrite the stack memory of the program past the `name` buffer.\n strcpy(name, argv[1]);\n\n printf(\"Hello %s!\\n\", name);\n}\n
Then, after compiling it (gcc main.c), we ran the program twice to see that it will crash if we provide a too long string as its argument:
$ ./a.out Disconnect3d\nHello Disconnect3d!\n\n$ ./a.out Disconnect3d_at_EuroPython\nHello Disconnect3d_at_EuroPython!\n*** stack smashing detected ***: <unknown> terminated\nAborted (core dumped)\n
Then, I explained that the \"stack smashing detected\" we see is the \"stack canaries\" (also called \"stack cookies\") exploit mitigation added by compilers. This compiler feature adds a special 8-bytes canary value after the function's local variables located on the stack, so that then a stack frame may look like this:
------------------------------ lower addresses\nchar name[16]; |\nuint8_t canary[8]; |\nvoid* function_return_address; V\n------------------------------ higher addresses\n
This local stack canary value is then filled in just after the function\u2019s prologue and is verified against a global value before the function returns to see if the stack was not corrupted (starting from the canary). Of course this may not detect all possible stack memory corruptions but it often makes it impossible to exploit a program (e.g. by changing the return address, also located on the stack), knowing just this vulnerability.
The stack canary mitigation can also be disabled. And if it were done (by passing in a -fno-stack-protector flag during compilation), we would get a different result when running the resulting program:
$ gcc -fno-stack-protector buf.c\n\n$ ./a.out Disconnect3d_on_EuroPython\nHello Disconnect3d_on_EuroPython!\nSegmentation fault (core dumped)\n
Now, the \"stack smashing detected\" is gone, but the program still crashed, because we still corrupted a part of its memory that we shouldn't have touched in a way that made the program do illegal things (e.g. accessing unmapped memory).
During the sprint, we also ran a GDB+Pwndbg session to see the exact instructions that placed the canary value on the stack memory, to see that our input string was located just before it and how the canary was checked just before the function was returned.
I am not going to describe all of this here, but you can see some of it in the below asciinema recording.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#hackerspace-krakow-sprint","title":"Hackerspace Krak\u00f3w sprint","text":"Since the second sprint was an ad-hoc event, I had to organize it myself. As a member of Hackerspace Krak\u00f3w, I was able to reserve the hackerspace's softroom, which is a perfect place for people to hack on things using their computers. Then, I advertised the event on the Hackerspace's mailing list and on a few other mediums.
I did not expect many people to come, especially that I advertised the sprint ~2 days before the event.
But... 8 people (!) showed up (excluding me). I prepared a document with some basic information and tasks, which can be found here (though, it is in Polish and it was modified during and after the sprint).
I won't lie: most people that came were friends of mine, some of which I play CTFs with. However, not all of them had really used or developed Pwndbg before.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#accomplishments-from-the-two-sprints","title":"Accomplishments from the two sprints","text":"On the EP sprint, since we were just a group of four, we focused on small improvements to the codebase. In total, we did the following: * reviewed and merged the fs/gs_base fetching improvement PR, * pinned the project's dependencies, * updated the unicorn dependency version, * added a \"tip of the day\" feature, * improved the UX of using Pwndbg within a Python virtual environment, * and also worked on enhancing the display of arguments when stopping on a call to the printf functions family.
The last item from the list was the hardest to jump on and it still requires enhancements until it is merged. Nonetheless, all of this was a nice outcome from the whole sprint :).
On the second sprint, while we were a bigger group, we had much more limited time (since instead of having ~8 hours, we had just a few). Anyway, we were able to do the following:
- Cleanup some code leftover after dropping Python 2 support,
- Added documentation on how to debug Pwndbg using PyCharm remote debugging,
- Reviewed and merged the PRs that sets
$base_heap variable and a tip for it, which may be useful for heap exploitation, - Fix the X30 register display on AARCH64 targets,
- Fix
context args display when PC/IP register pointed to unmapped memory, - Fixed the
xor and memfrob commands and added tests for them (! :D), - Worked on adding a way to dump memory that can be copied right away as C or Python code (this needs to be changed to a command flag),
- Investigated a potential parsing issue, even looking at GDB's command parsing source code, implemented potential patch, which only later turned out to be redundant and the issue to be invalid.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#summary-and-whats-next","title":"Summary and what's next?","text":"Organizing those sprints helped me to get back to develop the Pwndbg project more and and attract more people to contribute to it. I also think that more conferences should have this kind of attractions (similarly as more conferences should have lightning talk sessions, heh).
Regarding the Pwndbg sprints, I am organizing another one this week in Cracow on Tuesday, so if you live nearby and are interested in learning about Pwndbg or contributing to the project, feel invited! :)
PS: Thanks a lot to @arturcygan for reviewing this blog post.
"},{"location":"commands/","title":"Index","text":""},{"location":"commands/#commands","title":"Commands","text":""},{"location":"commands/#breakpoint","title":"Breakpoint","text":" - break-if-not-taken - Breaks on a branch if it is not taken.
- break-if-taken - Breaks on a branch if it is taken.
- breakrva - Break at RVA from PIE base.
- ignore - Set ignore-count of breakpoint number N to COUNT.
"},{"location":"commands/#context","title":"Context","text":" - context - Print out the currently enabled context sections.
- contextnext - Select next entry in context history.
- contextoutput - Sets the output of a context section.
- contextprev - Select previous entry in context history.
- contextsearch - Search for a string in the context history and select that entry.
- contextunwatch - Removes an expression previously added to be watched.
- contextwatch - Adds an expression to be shown on context.
- regs - Print out all registers and enhance the information.
"},{"location":"commands/#developer","title":"Developer","text":" - dev-dump-instruction - Dump internal PwndbgInstruction attributes.
- log-level - Set the log level.
"},{"location":"commands/#disassemble","title":"Disassemble","text":" - emulate - Like nearpc, but will emulate instructions from the current $PC forward.
- nearpc - Disassemble near a specified address.
"},{"location":"commands/#glibc-ptmalloc2-heap","title":"GLibc ptmalloc2 Heap","text":" - arena - Print the contents of an arena.
- arenas - List this process's arenas.
- bins - Print the contents of all an arena's bins and a thread's tcache.
- fastbins - Print the contents of an arena's fastbins.
- find-fake-fast - Find candidate fake fast or tcache chunks overlapping the specified address.
- heap - Iteratively print chunks on a heap.
- hi - Searches all heaps to find if an address belongs to a chunk. If yes, prints the chunk.
- largebins - Print the contents of an arena's largebins.
- malloc-chunk - Print a chunk.
- mp - Print the mp_ struct's contents.
- smallbins - Print the contents of an arena's smallbins.
- tcache - Print a thread's tcache contents.
- tcachebins - Print the contents of a tcache.
- top-chunk - Print relevant information about an arena's top chunk.
- try-free - Check what would happen if free was called with given address.
- unsortedbin - Print the contents of an arena's unsortedbin.
- vis-heap-chunks - Visualize chunks on a heap.
"},{"location":"commands/#integrations","title":"Integrations","text":" - ai - Ask GPT-3 a question about the current debugging context.
- bn-sync - Synchronize Binary Ninja's cursor with GDB.
- decomp - Use the current integration to decompile code near an address.
- j - Synchronize IDA's cursor with GDB.
- r2 - Launches radare2.
- r2pipe - Execute stateful radare2 commands through r2pipe.
- rop - Dump ROP gadgets with Jon Salwan's ROPgadget tool.
- ropper - ROP gadget search with ropper.
- rz - Launches rizin.
- rzpipe - Execute stateful rizin commands through rzpipe.
- save-ida - Save the ida database.
"},{"location":"commands/#kernel","title":"Kernel","text":" - binder - Show Android Binder information
- buddydump - Displays metadata and freelists of the buddy allocator.
- kbase - Finds the kernel virtual base address.
- kchecksec - Checks for kernel hardening configuration options.
- kcmdline - Return the kernel commandline (/proc/cmdline).
- kconfig - Outputs the kernel config (requires CONFIG_IKCONFIG).
- klookup - Lookup kernel symbols
- knft-dump - Dump all nftables: tables, chains, rules, expressions
- knft-list-chains - Dump netfilter chains form a specific table
- knft-list-exprs - Dump only expressions from specific rule
- knft-list-flowtables - Dump netfilter flowtables from a specific table
- knft-list-objects - Dump netfilter objects from a specific table
- knft-list-rules - Dump netfilter rules form a specific chain
- knft-list-sets - Dump netfilter sets from a specific table
- knft-list-tables - Dump netfliter tables from a specific network namespace
- kversion - Outputs the kernel version (/proc/version).
- msr - Read or write to Model Specific Register (MSR)
- p2v - Translate physical address to its corresponding virtual address.
- pagewalk - Performs pagewalk.
- slab - Prints information about the linux kernel's slab allocator SLUB.
- v2p - Translate virtual address to its corresponding physical address.
"},{"location":"commands/#linuxlibcelf","title":"Linux/libc/ELF","text":" - argc - Prints out the number of arguments.
- argv - Prints out the contents of argv.
- aslr - Check the current ASLR status, or turn it on/off.
- auxv-explore - Explore and print information from the Auxiliary ELF Vector.
- auxv - Print information from the Auxiliary ELF Vector.
- elfsections - Prints the section mappings contained in the ELF header.
- envp - Prints out the contents of the environment.
- errno - Converts errno (or argument) to its string representation.
- got - Show the state of the Global Offset Table.
- gotplt - Prints any symbols found in the .got.plt section if it exists.
- libcinfo - Show libc version and link to its sources
- linkmap - Show the state of the Link Map
- onegadget - Find gadgets which single-handedly give code execution.
- piebase - Calculate VA of RVA from PIE base.
- plt - Prints any symbols found in Procedure Linkage Table sections if any exist.
- strings - Extracts and displays ASCII strings from readable memory pages of the debugged process.
- threads - List all threads belonging to the selected inferior.
- tls - Print out base address of the current Thread Local Storage (TLS).
- track-got - Controls GOT tracking
- track-heap - Manages the heap tracker.
"},{"location":"commands/#memory","title":"Memory","text":" - distance - Print the distance between the two arguments, or print the offset to the address's page base.
- dump-register-frame - Display the registers saved to memory for a certain frame type
- gdt - Decode X86-64 GDT entries at address
- go-dump - Dumps a Go value of a given type at a specified address.
- go-type - Dumps a Go runtime reflection type at a specified address.
- hexdump - Hexdumps data at the specified address or module name.
- leakfind - Attempt to find a leak chain given a starting address.
- memfrob - Memfrobs a region of memory (xor with '*').
- mmap - Calls the mmap syscall and prints its resulting address.
- mprotect - Calls the mprotect syscall and prints its result value.
- p2p - Pointer to pointer chain search. Searches given mapping for all pointers that point to specified mapping.
- probeleak - Pointer scan for possible offset leaks.
- search - Search memory for byte sequences, strings, pointers, and integer values.
- telescope - Recursively dereferences pointers starting at the specified address.
- vmmap-add - Add virtual memory map page.
- vmmap-clear - Clear the vmmap cache.
- vmmap-explore - Explore a page, trying to guess permissions.
- vmmap - Print virtual memory map pages.
- xinfo - Shows offsets of the specified address from various useful locations.
- xor - XOR
count bytes at address with the key key.
"},{"location":"commands/#misc","title":"Misc","text":" - asm - Assemble shellcode into bytes
- checksec - Prints out the binary security settings using
checksec. - comm - Put comments in assembly code.
- cyclic - Cyclic pattern creator/finder.
- cymbol - Add, show, load, edit, or delete custom structures in plain C.
- down - Select and print stack frame called by this one.
- dt - Dump out information on a type (e.g. ucontext_t).
- dumpargs - Prints determined arguments for call/syscall instruction.
- getfile - Gets the current file.
- hex2ptr - Converts a space-separated hex string to a little-endian address.
- hijack-fd - Replace a file descriptor of a debugged process.
- ipi - Start an interactive IPython prompt.
- patch-list - List all patches.
- patch-revert - Revert patch at given address.
- patch - Patches given instruction with given code or bytes.
- plist - Dumps the elements of a linked list.
- sigreturn - Display the SigreturnFrame at the specific address
- spray - Spray memory with cyclic() generated values
- tips - Shows tips.
- up - Select and print stack frame that called this one.
- valist - Dumps the arguments of a va_list.
- vmmap-load - Load virtual memory map pages from ELF file.
"},{"location":"commands/#process","title":"Process","text":" - killthreads - Kill all or given threads.
- pid - Gets the pid.
- procinfo - Display information about the running process.
"},{"location":"commands/#pwndbg","title":"Pwndbg","text":" - bugreport - Generate a bug report.
- config - Shows Pwndbg-specific configuration.
- configfile - Generates a configuration file for the current Pwndbg options.
- heap-config - Shows heap related configuration.
- memoize - Toggles memoization (caching).
- profiler - Utilities for profiling Pwndbg.
- pwndbg - Prints out a list of all Pwndbg commands.
- reinit-pwndbg - Makes Pwndbg reinitialize all state.
- reload - Reload Pwndbg.
- theme - Shows Pwndbg-specific theme configuration.
- themefile - Generates a configuration file for the current Pwndbg theme options.
- version - Displays Pwndbg and its important deps versions.
"},{"location":"commands/#register","title":"Register","text":" - cpsr - Print out ARM CPSR or xPSR register.
- fsbase - Prints out the FS base address. See also $fsbase.
- gsbase - Prints out the GS base address. See also $gsbase.
- setflag - Modify the flags register.
"},{"location":"commands/#stack","title":"Stack","text":" - canary - Print out the current stack canary.
- retaddr - Print out the stack addresses that contain return addresses.
- stack-explore - Explore stack from all threads.
- stack - Dereferences on stack data with specified count and offset.
- stackf - Dereferences on stack data, printing the entire stack frame with specified count and offset .
"},{"location":"commands/#start","title":"Start","text":" - attachp - Attaches to a given pid, process name, process found with partial argv match or to a device file.
- entry - Start the debugged program stopping at its entrypoint address.
- sstart - Alias for 'tbreak __libc_start_main; run'.
- start - Start the debugged program stopping at the first convenient location
"},{"location":"commands/#stepnextcontinue","title":"Step/Next/Continue","text":" - nextcall - Breaks at the next call instruction.
- nextjmp - Breaks at the next jump instruction.
- nextproginstr - Breaks at the next instruction that belongs to the running program.
- nextret - Breaks at next return-like instruction.
- nextsyscall - Breaks at the next syscall not taking branches.
- stepover - Breaks on the instruction after this one.
- stepret - Breaks at next return-like instruction by 'stepping' to it.
- stepsyscall - Breaks at the next syscall by taking branches.
- stepuntilasm - Breaks on the next matching instruction.
- xuntil - Continue execution until an address or expression.
"},{"location":"commands/#windbg","title":"WinDbg","text":" - bc - Clear the breakpoint with the specified index.
- bd - Disable the breakpoint with the specified index.
- be - Enable the breakpoint with the specified index.
- bl - List breakpoints.
- bp - Set a breakpoint at the specified address.
- da - Dump a string at the specified address.
- db - Starting at the specified address, dump N bytes.
- dc - Starting at the specified address, hexdump.
- dd - Starting at the specified address, dump N dwords.
- dds - Dump pointers and symbols at the specified address.
- dq - Starting at the specified address, dump N qwords.
- ds - Dump a string at the specified address.
- dw - Starting at the specified address, dump N words.
- eb - Write hex bytes at the specified address.
- ed - Write hex dwords at the specified address.
- eq - Write hex qwords at the specified address.
- ew - Write hex words at the specified address.
- ez - Write a string at the specified address.
- eza - Write a string at the specified address.
- go - WinDbg compatibility alias for 'continue' command.
- k - Print a backtrace (alias 'bt').
- ln - List the symbols nearest to the provided value.
- pc - WinDbg compatibility alias for 'nextcall' command.
- peb - Not be windows.
"},{"location":"commands/#jemalloc-heap","title":"jemalloc Heap","text":" - jemalloc-extent-info - Prints extent information for the given address
- jemalloc-find-extent - Returns extent information for pointer address allocated by jemalloc
- jemalloc-heap - Prints all extents information
"},{"location":"commands/breakpoint/break-if-not-taken/","title":"Break if not taken","text":""},{"location":"commands/breakpoint/break-if-not-taken/#break-if-not-taken","title":"break-if-not-taken","text":"(only in GDB)
usage: break-if-not-taken [-h] branch\n
Breaks on a branch if it is not taken.
"},{"location":"commands/breakpoint/break-if-not-taken/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help branch The branch instruction to break on."},{"location":"commands/breakpoint/break-if-not-taken/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/breakpoint/break-if-taken/","title":"Break if taken","text":""},{"location":"commands/breakpoint/break-if-taken/#break-if-taken","title":"break-if-taken","text":"(only in GDB)
usage: break-if-taken [-h] branch\n
Breaks on a branch if it is taken.
"},{"location":"commands/breakpoint/break-if-taken/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help branch The branch instruction to break on."},{"location":"commands/breakpoint/break-if-taken/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/breakpoint/breakrva/","title":"Breakrva","text":""},{"location":"commands/breakpoint/breakrva/#breakrva","title":"breakrva","text":"(only in GDB)
usage: breakrva [-h] [offset] [module]\n
Break at RVA from PIE base.
Alias: brva
"},{"location":"commands/breakpoint/breakrva/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help offset Offset to add. (default: 0) module Module to choose as base. Defaults to the target executable. (default: '')"},{"location":"commands/breakpoint/breakrva/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/breakpoint/ignore/","title":"Ignore","text":""},{"location":"commands/breakpoint/ignore/#ignore","title":"ignore","text":"(only in GDB)
usage: ignore [-h] [N] COUNT\n
Set ignore-count of breakpoint number N to COUNT.
While the ignore count is positive, execution will not stop on the breakpoint.
By default, if `N' is ommitted, the last breakpoint (i.e. greatest breakpoint number) will be used.
"},{"location":"commands/breakpoint/ignore/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help bpnum The breakpoint number N. count The number to set COUNT."},{"location":"commands/breakpoint/ignore/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/context/","title":"Context","text":""},{"location":"commands/context/context/#context","title":"context","text":"usage: context [-h] [--on] [--off] [subcontext ...]\n
Print out the currently enabled context sections.
This is the text that gets printed on every stop. It can be useful to run this command manually when you change some process/debugger state but don't want to step/continue (e.g. after using the down and up commands).
Alias: ctx
"},{"location":"commands/context/context/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help subcontext Submenu to display: 'regs', 'disasm', 'code', 'stack', 'backtrace', 'ghidra', 'args', 'threads', 'heap_tracker', 'expressions', and/or 'last_signal'"},{"location":"commands/context/context/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --on Show the section(s) in subsequent context commands again. The section(s) have to be in the 'context-sections' list. --off Do not show the section(s) in subsequent context commands even though they might be in the 'context-sections' list."},{"location":"commands/context/context/#notes","title":"Notes","text":"To see more commands related to context control run:
pwndbg -c context\n
To see context configuration run: config context\n
"},{"location":"commands/context/context/#usage-example","title":"Usage example","text":""},{"location":"commands/context/contextnext/","title":"Contextnext","text":""},{"location":"commands/context/contextnext/#contextnext","title":"contextnext","text":"usage: contextnext [-h] [count]\n
Select next entry in context history.
Alias: ctxn
"},{"location":"commands/context/contextnext/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count The number of entries to go forward in history (default: 1)"},{"location":"commands/context/contextnext/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextoutput/","title":"Contextoutput","text":""},{"location":"commands/context/contextoutput/#contextoutput","title":"contextoutput","text":"usage: contextoutput [-h] section path clearing [banner] [width]\n
Sets the output of a context section.
Alias: ctx-out
"},{"location":"commands/context/contextoutput/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help section The section which is to be configured. ('regs', 'disasm', 'code', 'stack', 'backtrace', 'ghidra', 'args', 'threads', 'heap_tracker', 'expressions', and/or 'last_signal') path The path to which the output is written clearing Indicates whether to clear the output banner Where a banner should be placed: both, top , bottom, none (default: 'both') width Sets a fixed width (used for banner). Set to None for auto"},{"location":"commands/context/contextoutput/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextprev/","title":"Contextprev","text":""},{"location":"commands/context/contextprev/#contextprev","title":"contextprev","text":"usage: contextprev [-h] [count]\n
Select previous entry in context history.
Alias: ctxp
"},{"location":"commands/context/contextprev/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count The number of entries to go back in history (default: 1)"},{"location":"commands/context/contextprev/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextsearch/","title":"Contextsearch","text":""},{"location":"commands/context/contextsearch/#contextsearch","title":"contextsearch","text":"usage: contextsearch [-h] needle [section]\n
Search for a string in the context history and select that entry.
Alias: ctxsearch
"},{"location":"commands/context/contextsearch/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help needle The string to search for in the context history section The section to search in. If not provided, search in all sections"},{"location":"commands/context/contextsearch/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextunwatch/","title":"Contextunwatch","text":""},{"location":"commands/context/contextunwatch/#contextunwatch","title":"contextunwatch","text":"usage: contextunwatch [-h] num\n
Removes an expression previously added to be watched.
Aliases: ctx-unwatch, cunwatch
"},{"location":"commands/context/contextunwatch/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help num The expression number to be removed from context"},{"location":"commands/context/contextunwatch/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextwatch/","title":"Contextwatch","text":""},{"location":"commands/context/contextwatch/#contextwatch","title":"contextwatch","text":"usage: contextwatch [-h] [{eval,execute}] expression\n
Adds an expression to be shown on context.
To remove an expression, see cunwatch.
Aliases: ctx-watch, cwatch
"},{"location":"commands/context/contextwatch/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help cmd Command to be used with the expression. - eval: the expression is parsed and evaluated as in the debugged language. - execute: the expression is executed as a GDB command. (default: 'eval') expression The expression to be evaluated and shown in context"},{"location":"commands/context/contextwatch/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextwatch/#examples","title":"Examples","text":"For watching variables/expressions:\n cwatch BUF\n cwatch ITEMS[0]\n\nFor running commands:\n cwatch execute \"ds BUF\"\n cwatch execute \"x/20x $rsp\"\n cwatch execute \"info args\"\n
"},{"location":"commands/context/regs/","title":"Regs","text":""},{"location":"commands/context/regs/#regs","title":"regs","text":"usage: regs [-h] [regs ...]\n
Print out all registers and enhance the information.
"},{"location":"commands/context/regs/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help regs Registers to be shown"},{"location":"commands/context/regs/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/developer/dev-dump-instruction/","title":"Dev dump instruction","text":""},{"location":"commands/developer/dev-dump-instruction/#dev-dump-instruction","title":"dev-dump-instruction","text":"usage: dev-dump-instruction [-h] [-e] [-n] [address]\n
Dump internal PwndbgInstruction attributes.
Useful for debugging the disassembly and annotation subsystems in Pwndbg. See https://pwndbg.re/pwndbg/dev/contributing/improving-annotations/#bug-root-cause for more information.
"},{"location":"commands/developer/dev-dump-instruction/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to get the enhanced instruction from - must be in cache."},{"location":"commands/developer/dev-dump-instruction/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -e --emulate Force the use of emulation when enhancing the instruction, regardless of global 'emulate' setting. -n --no-emulate Disable the use of emulation when enhancing the instruction, regardless of global 'emulate' setting."},{"location":"commands/developer/log-level/","title":"Log level","text":""},{"location":"commands/developer/log-level/#log-level","title":"log-level","text":"usage: log-level [-h] [{debug,info,warning,error,critical}]\n
Set the log level.
"},{"location":"commands/developer/log-level/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help level The log level to set. (default: 'warning')"},{"location":"commands/developer/log-level/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/disassemble/emulate/","title":"Emulate","text":""},{"location":"commands/disassemble/emulate/#emulate","title":"emulate","text":"usage: emulate [-h] [pc] [lines]\n
Like nearpc, but will emulate instructions from the current $PC forward.
"},{"location":"commands/disassemble/emulate/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help pc Address to emulate near. lines Number of lines to show on either side of the address."},{"location":"commands/disassemble/emulate/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/disassemble/nearpc/","title":"Nearpc","text":""},{"location":"commands/disassemble/nearpc/#nearpc","title":"nearpc","text":"usage: nearpc [-h] [-e] [pc] [lines]\n
Disassemble near a specified address.
Aliases: pdisass, u
"},{"location":"commands/disassemble/nearpc/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help pc Address to disassemble near. If this is the only argument and the value provided is small enough, it is interpreted as lines instead. lines Number of lines to show on either side of the address."},{"location":"commands/disassemble/nearpc/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -e --emulate Whether to emulate instructions to find the next ones or just linearly disassemble."},{"location":"commands/glibc_ptmalloc2_heap/arena/","title":"Arena","text":""},{"location":"commands/glibc_ptmalloc2_heap/arena/#arena","title":"arena","text":"usage: arena [-h] [addr]\n
Print the contents of an arena.
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/arena/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/arena/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/arenas/","title":"Arenas","text":""},{"location":"commands/glibc_ptmalloc2_heap/arenas/#arenas","title":"arenas","text":"usage: arenas [-h]\n
List this process's arenas.
"},{"location":"commands/glibc_ptmalloc2_heap/arenas/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/bins/","title":"Bins","text":""},{"location":"commands/glibc_ptmalloc2_heap/bins/#bins","title":"bins","text":"usage: bins [-h] [addr] [tcache_addr]\n
Print the contents of all an arena's bins and a thread's tcache.
Default to the current thread's arena and tcache.
"},{"location":"commands/glibc_ptmalloc2_heap/bins/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena. tcache_addr Address of the tcache."},{"location":"commands/glibc_ptmalloc2_heap/bins/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/fastbins/","title":"Fastbins","text":""},{"location":"commands/glibc_ptmalloc2_heap/fastbins/#fastbins","title":"fastbins","text":"usage: fastbins [-h] [-v] [addr]\n
Print the contents of an arena's fastbins.
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/fastbins/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/fastbins/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Show all fastbins, including empty ones"},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/","title":"Find fake fast","text":""},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/#find-fake-fast","title":"find-fake-fast","text":"usage: find-fake-fast [-h] [--align] [--glibc-fastbin-bug]\n [--partial-overwrite]\n target_address [max_candidate_size]\n
Find candidate fake fast or tcache chunks overlapping the specified address.
"},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help target_address Address of the word-sized value to overlap. max_candidate_size Maximum size of fake chunks to find."},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --align Whether the fake chunk must be aligned to MALLOC_ALIGNMENT. This is required for tcache chunks and for all chunks when Safe Linking is enabled -b --glibc-fastbin-bug Does the GLIBC fastbin size field bug affect the candidate size field width? -p --partial-overwrite Consider partial overwrite candidates, default behavior only shows word-size overwrites."},{"location":"commands/glibc_ptmalloc2_heap/heap/","title":"Heap","text":""},{"location":"commands/glibc_ptmalloc2_heap/heap/#heap","title":"heap","text":"usage: heap [-h] [-v] [-s] [addr]\n
Iteratively print chunks on a heap.
Default to the current thread's active heap.
"},{"location":"commands/glibc_ptmalloc2_heap/heap/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the first chunk (malloc_chunk struct start, prev_size field)."},{"location":"commands/glibc_ptmalloc2_heap/heap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Print all chunk fields, even unused ones. -s --simple Simply print malloc_chunk struct's contents."},{"location":"commands/glibc_ptmalloc2_heap/hi/","title":"Hi","text":""},{"location":"commands/glibc_ptmalloc2_heap/hi/#hi","title":"hi","text":"usage: hi [-h] [-v] [-s] [-f] addr\n
Searches all heaps to find if an address belongs to a chunk. If yes, prints the chunk.
"},{"location":"commands/glibc_ptmalloc2_heap/hi/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the interest."},{"location":"commands/glibc_ptmalloc2_heap/hi/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Print all chunk fields, even unused ones. -s --simple Simply print malloc_chunk struct's contents. -f --fake Allow fake chunks. If set, displays any memory as a heap chunk (even if its not a real chunk)."},{"location":"commands/glibc_ptmalloc2_heap/largebins/","title":"Largebins","text":""},{"location":"commands/glibc_ptmalloc2_heap/largebins/#largebins","title":"largebins","text":"usage: largebins [-h] [-v] [addr]\n
Print the contents of an arena's largebins.
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/largebins/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/largebins/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Show all largebins, including empty ones"},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/","title":"Malloc chunk","text":""},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/#malloc-chunk","title":"malloc-chunk","text":"usage: malloc-chunk [-h] [-f] [-v] [-s] [-d] [-n NEXT] addr\n
Print a chunk.
"},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the chunk (malloc_chunk struct start, prev_size field)."},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -f --fake Is this a fake chunk? -v --verbose Print all chunk fields, even unused ones. -s --simple Simply print malloc_chunk struct's contents. -d --dump Print a hexdump of the chunk. -n --next Print the next N chunks after the specified address. (default: 0)"},{"location":"commands/glibc_ptmalloc2_heap/mp/","title":"Mp","text":""},{"location":"commands/glibc_ptmalloc2_heap/mp/#mp","title":"mp","text":"usage: mp [-h]\n
Print the mp_ struct's contents.
"},{"location":"commands/glibc_ptmalloc2_heap/mp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/smallbins/","title":"Smallbins","text":""},{"location":"commands/glibc_ptmalloc2_heap/smallbins/#smallbins","title":"smallbins","text":"usage: smallbins [-h] [-v] [addr]\n
Print the contents of an arena's smallbins.
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/smallbins/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/smallbins/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Show all smallbins, including empty ones"},{"location":"commands/glibc_ptmalloc2_heap/tcache/","title":"Tcache","text":""},{"location":"commands/glibc_ptmalloc2_heap/tcache/#tcache","title":"tcache","text":"usage: tcache [-h] [addr]\n
Print a thread's tcache contents.
Default to the current thread's tcache.
"},{"location":"commands/glibc_ptmalloc2_heap/tcache/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the tcache."},{"location":"commands/glibc_ptmalloc2_heap/tcache/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/","title":"Tcachebins","text":""},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/#tcachebins","title":"tcachebins","text":"usage: tcachebins [-h] [-v] [addr]\n
Print the contents of a tcache.
Default to the current thread's tcache.
"},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr The address of the tcache bins."},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Show all tcachebins, including empty ones"},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/","title":"Top chunk","text":""},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/#top-chunk","title":"top-chunk","text":"usage: top-chunk [-h] [addr]\n
Print relevant information about an arena's top chunk.
Default to current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/try-free/","title":"Try free","text":""},{"location":"commands/glibc_ptmalloc2_heap/try-free/#try-free","title":"try-free","text":"usage: try-free [-h] addr\n
Check what would happen if free was called with given address.
"},{"location":"commands/glibc_ptmalloc2_heap/try-free/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address passed to free"},{"location":"commands/glibc_ptmalloc2_heap/try-free/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/","title":"Unsortedbin","text":""},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/#unsortedbin","title":"unsortedbin","text":"usage: unsortedbin [-h] [-v] [addr]\n
Print the contents of an arena's unsortedbin.
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Show the \"all\" bin even if it's empty"},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/","title":"Vis heap chunks","text":""},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/#vis-heap-chunks","title":"vis-heap-chunks","text":"usage: vis-heap-chunks [-h] [--beyond_top] [--no_truncate] [--all_chunks]\n [count] [addr]\n
Visualize chunks on a heap.
Default to the current arena's active heap.
Alias: vis
"},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count Number of chunks to visualize. If the value is big enough and addr isn't provided, this is interpreted as addr instead. (default: 10) addr Address of the first chunk."},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -b --beyond_top Attempt to keep printing beyond the top chunk. -n --no_truncate Display all the chunk contents (Ignore the max-visualize-chunk-size configuration). -a --all_chunks Display all chunks (Ignore the default-visualize-chunk-number configuration)."},{"location":"commands/integrations/ai/","title":"Ai","text":""},{"location":"commands/integrations/ai/#ai","title":"ai","text":"(only in GDB)
usage: ai [-h] [-M MODEL] [-t TEMPERATURE] [-m MAX_TOKENS] [-v] [-L]\n [-c COMMAND]\n [question ...]\n
Ask GPT-3 a question about the current debugging context.
"},{"location":"commands/integrations/ai/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help question The question to ask."},{"location":"commands/integrations/ai/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -M --model The OpenAI model to use. -t --temperature The temperature to use. -m --max-tokens The maximum number of tokens to generate. -v --verbose Print the prompt and response. -L --list-models List the available models. -c --command Run a command in the GDB debugger and ask a question about the output."},{"location":"commands/integrations/bn-sync/","title":"Bn sync","text":""},{"location":"commands/integrations/bn-sync/#bn-sync","title":"bn-sync","text":"usage: bn-sync [-h]\n
Synchronize Binary Ninja's cursor with GDB.
Alias: bns
"},{"location":"commands/integrations/bn-sync/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/decomp/","title":"Decomp","text":""},{"location":"commands/integrations/decomp/#decomp","title":"decomp","text":"usage: decomp [-h] [addr] [lines]\n
Use the current integration to decompile code near an address.
"},{"location":"commands/integrations/decomp/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address to decompile near. lines Number of lines of decompilation to show."},{"location":"commands/integrations/decomp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/j/","title":"J","text":""},{"location":"commands/integrations/j/#j","title":"j","text":"(only in GDB)
usage: j [-h]\n
Synchronize IDA's cursor with GDB.
"},{"location":"commands/integrations/j/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/r2/","title":"R2","text":""},{"location":"commands/integrations/r2/#r2","title":"r2","text":"usage: r2 [-h] [--no-seek] [--no-rebase] [arguments ...]\n
Launches radare2.
Alias: radare2
"},{"location":"commands/integrations/r2/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help arguments Arguments to pass to radare"},{"location":"commands/integrations/r2/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --no-seek Do not seek to current pc --no-rebase Do not set the base address for PIE according to the current mapping"},{"location":"commands/integrations/r2/#examples","title":"Examples","text":"pwndbg> r2 -- -S -AA\nWARN: Relocs has not been applied. Please use `-e bin.relocs.apply=true` or `-e bin.cache=true` next time\nINFO: Analyze all flags starting with sym. and entry0 (aa)\n[...]\nINFO: Debugger commands disabled in sandbox mode\n[0x0001d3d0]> help\n\nWelcome to radare2!\n[...]\n
"},{"location":"commands/integrations/r2pipe/","title":"R2pipe","text":""},{"location":"commands/integrations/r2pipe/#r2pipe","title":"r2pipe","text":"usage: r2pipe [-h] arguments [arguments ...]\n
Execute stateful radare2 commands through r2pipe.
"},{"location":"commands/integrations/r2pipe/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help arguments Arguments to pass to r2pipe"},{"location":"commands/integrations/r2pipe/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/r2pipe/#examples","title":"Examples","text":"pwndbg> r2pipe pdf @ sym.main\n ; ICOD XREF from entry0 @ 0x1d3e8(r)\n\u250c 6786: int main (uint32_t argc, char **argv, char **envp);\n\u2502 `- args(rdi, rsi, rdx) vars(21:sp[0x40..0x18c])\n\u2502 0x0001b920 f30f1efa endbr64\n\u2502 0x0001b924 4157 push r15\n\u2502 0x0001b926 4156 push r14\n\u2502 0x0001b928 4155 push r13\n\u2502 0x0001b92a 4154 push r12\n[...]\n\u2502 0x0001b966 85c0 test eax, eax\n\u2502 \u250c\u2500< 0x0001b968 7545 jne 0x1b9af\n\u2502 \u2502 0x0001b96a e8311b0100 call sym.xtrace_init\n\u2502 \u2502 0x0001b96f e80cff0000 call sym.check_dev_tty\n\u2502 \u2502 ; CODE XREF from main @ 0x1b988(x)\n\u2502 \u250c\u2500\u2500> 0x0001b974 833dd1680f.. cmp dword [obj.debugging_login_shell], 0 ; [0x11224c:4]=0\n\u2502 \u250c\u2500\u2500\u2500< 0x0001b97b 743d je 0x1b9ba\n\u2502 \u2502\u254e\u2502 0x0001b97d bf03000000 mov edi, 3\n[...]\n
"},{"location":"commands/integrations/rop/","title":"Rop","text":""},{"location":"commands/integrations/rop/#rop","title":"rop","text":"usage: rop [-h] [--grep GREP] [--memlimit MEMLIMIT] [argument ...]\n
Dump ROP gadgets with Jon Salwan's ROPgadget tool.
Alias: ropgadget
"},{"location":"commands/integrations/rop/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help argument Arguments to pass to ROPgadget"},{"location":"commands/integrations/rop/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --grep String to grep the output for --memlimit String to grep the output for (default: '50MB')"},{"location":"commands/integrations/rop/#examples","title":"Examples","text":"pwndbg> rop --grep 'pop rdi' -- --nojop\nGadgets information\n============================================================\n[...]\n0x0007dce8 : pop rdi ; or dword ptr [rax], eax ; add rsp, 0x28 ; ret\n0x0007d838 : pop rdi ; or dword ptr [rax], eax ; je 0x7d840 ; ret\n0x0005b13d : pop rdi ; pop rbp ; ret\n0x0001ee23 : pop rdi ; ret\n\nUnique gadgets found: 8514\n
"},{"location":"commands/integrations/ropper/","title":"Ropper","text":""},{"location":"commands/integrations/ropper/#ropper","title":"ropper","text":"(only in GDB)
usage: ropper [-h] [argument ...]\n
ROP gadget search with ropper.
"},{"location":"commands/integrations/ropper/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help argument Arguments to pass to ropper"},{"location":"commands/integrations/ropper/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/ropper/#examples","title":"Examples","text":"pwndbg> ropper -- --console\n[INFO] Load gadgets from cache\n[LOAD] loading... 100%\n[LOAD] removing double gadgets... 100%\n(bash/ELF/x86_64)>\n----\npwndbg> ropper -- --search 'pop rdi; ret;'\n[INFO] Load gadgets from cache\n[LOAD] loading... 100%\n[LOAD] removing double gadgets... 100%\n[INFO] Searching for gadgets: pop rdi; ret;\n\n[INFO] File: /usr/bin/bash\n0x000000000001ee23: pop rdi; ret;\n
"},{"location":"commands/integrations/rz/","title":"Rz","text":""},{"location":"commands/integrations/rz/#rz","title":"rz","text":"usage: rz [-h] [--no-seek] [--no-rebase] [arguments ...]\n
Launches rizin.
Alias: rizin
"},{"location":"commands/integrations/rz/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help arguments Arguments to pass to rizin"},{"location":"commands/integrations/rz/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --no-seek Do not seek to current pc --no-rebase Do not set the base address for PIE according to the current mapping"},{"location":"commands/integrations/rz/#examples","title":"Examples","text":"pwndbg> rz -- -AA\n[x] Analyze all flags starting with sym. and entry0 (aa)\n[x] Analyze function calls\n[...]\n[x] Enable constraint types analysis for variables\n -- Use 'e asm.offset=true' to show offsets in 16bit segment addressing mode.\n[0x0001d3d0]>\n
"},{"location":"commands/integrations/rzpipe/","title":"Rzpipe","text":""},{"location":"commands/integrations/rzpipe/#rzpipe","title":"rzpipe","text":"usage: rzpipe [-h] arguments [arguments ...]\n
Execute stateful rizin commands through rzpipe.
"},{"location":"commands/integrations/rzpipe/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help arguments Arguments to pass to rzpipe"},{"location":"commands/integrations/rzpipe/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/rzpipe/#examples","title":"Examples","text":"pwndbg> rzpipe pdf @ sym.main\n ; DATA XREF from entry0 @ 0x1d3e8\n\u250c int main(int argc, char **argv, char **envp);\n\u2502 ; arg int argc @ rdi\n\u2502 ; arg char **argv @ rsi\n\u2502 ; arg char **envp @ rdx\n[...]\n\u2502 ; var uint64_t var_18ch @ stack - 0x18c\n\u2502 ; var int64_t var_188h @ stack - 0x188\n[...]\n\u2502 ; var int64_t canary @ stack - 0x40\n\u2502 0x0001b920 endbr64\n\u2502 0x0001b924 push r15\n\u2502 0x0001b926 push r14\n\u2502 0x0001b928 push r13\n\u2502 0x0001b92a push r12\n[...]\n\u2502 0x0001b966 test eax, eax\n\u2502 \u250c\u2500< 0x0001b968 jne 0x1b9af\n\u2502 \u2502 0x0001b96a call sym.xtrace_init\n\u2502 \u2502 0x0001b96f call sym.check_dev_tty\n\u2502 \u2502 ; CODE XREF from main @ 0x1b988\n\u2502 \u250c\u2500\u2500> 0x0001b974 cmp dword [obj.debugging_login_shell], 0 ; [0x11224c:4]=0\n\u2502 \u250c\u2500\u2500\u2500< 0x0001b97b je 0x1b9ba\n\u2502 \u2502\u254e\u2502 0x0001b97d mov edi, 3 ; int s\n[...]\n
"},{"location":"commands/integrations/save-ida/","title":"Save ida","text":""},{"location":"commands/integrations/save-ida/#save-ida","title":"save-ida","text":"(only in GDB)
usage: save-ida [-h]\n
Save the ida database.
"},{"location":"commands/integrations/save-ida/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/jemalloc_heap/jemalloc-extent-info/","title":"Jemalloc extent info","text":""},{"location":"commands/jemalloc_heap/jemalloc-extent-info/#jemalloc-extent-info","title":"jemalloc-extent-info","text":"usage: jemalloc-extent-info [-h] [-v] addr\n
Prints extent information for the given address
"},{"location":"commands/jemalloc_heap/jemalloc-extent-info/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the extent metadata"},{"location":"commands/jemalloc_heap/jemalloc-extent-info/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Print all chunk fields, even unused ones."},{"location":"commands/jemalloc_heap/jemalloc-find-extent/","title":"Jemalloc find extent","text":""},{"location":"commands/jemalloc_heap/jemalloc-find-extent/#jemalloc-find-extent","title":"jemalloc-find-extent","text":"usage: jemalloc-find-extent [-h] addr\n
Returns extent information for pointer address allocated by jemalloc
"},{"location":"commands/jemalloc_heap/jemalloc-find-extent/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the allocated memory location"},{"location":"commands/jemalloc_heap/jemalloc-find-extent/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/jemalloc_heap/jemalloc-heap/","title":"Jemalloc heap","text":""},{"location":"commands/jemalloc_heap/jemalloc-heap/#jemalloc-heap","title":"jemalloc-heap","text":"usage: jemalloc-heap [-h]\n
Prints all extents information
"},{"location":"commands/jemalloc_heap/jemalloc-heap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/binder/","title":"Binder","text":""},{"location":"commands/kernel/binder/#binder","title":"binder","text":"usage: binder [-h]\n
Show Android Binder information
"},{"location":"commands/kernel/binder/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/buddydump/","title":"Buddydump","text":""},{"location":"commands/kernel/buddydump/#buddydump","title":"buddydump","text":"usage: buddydump [-h] [-z {DMA,DMA32,Normal,HighMem,Movable,Device}]\n [-o ORDER]\n [-m {Unmovable,Movable,Reclaimable,HighAtomic,CMA,Isolate}]\n [-p] [-c CPU] [-n NODE] [-f FIND]\n
Displays metadata and freelists of the buddy allocator.
"},{"location":"commands/kernel/buddydump/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -z --zone Displays/searches lists only in the specified zone. -o --order Displays/searches lists only with the specified order. -m --mtype Displays/searches lists only with the specified mtype. -p --pcp-only Displays/searches only PCP lists. -c --cpu CPU nr for searching PCP. -n --node (default: 0) -f --find The address to find in page free lists."},{"location":"commands/kernel/kbase/","title":"Kbase","text":""},{"location":"commands/kernel/kbase/#kbase","title":"kbase","text":"usage: kbase [-h] [-r]\n
Finds the kernel virtual base address.
"},{"location":"commands/kernel/kbase/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -r --rebase rebase loaded symbol file"},{"location":"commands/kernel/kchecksec/","title":"Kchecksec","text":""},{"location":"commands/kernel/kchecksec/#kchecksec","title":"kchecksec","text":"usage: kchecksec [-h]\n
Checks for kernel hardening configuration options.
"},{"location":"commands/kernel/kchecksec/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/kcmdline/","title":"Kcmdline","text":""},{"location":"commands/kernel/kcmdline/#kcmdline","title":"kcmdline","text":"usage: kcmdline [-h]\n
Return the kernel commandline (/proc/cmdline).
"},{"location":"commands/kernel/kcmdline/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/kconfig/","title":"Kconfig","text":""},{"location":"commands/kernel/kconfig/#kconfig","title":"kconfig","text":"usage: kconfig [-h] [config_name]\n
Outputs the kernel config (requires CONFIG_IKCONFIG).
"},{"location":"commands/kernel/kconfig/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help config_name A config name to search for"},{"location":"commands/kernel/kconfig/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/klookup/","title":"Klookup","text":""},{"location":"commands/kernel/klookup/#klookup","title":"klookup","text":"usage: klookup [-h] symbol\n
Lookup kernel symbols
"},{"location":"commands/kernel/klookup/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help symbol Address or symbol name to lookup"},{"location":"commands/kernel/klookup/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/knft-dump/","title":"Knft dump","text":""},{"location":"commands/kernel/knft-dump/#knft-dump","title":"knft-dump","text":"usage: knft-dump [-h] [nsid]\n
Dump all nftables: tables, chains, rules, expressions
"},{"location":"commands/kernel/knft-dump/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help nsid Network Namespace ID"},{"location":"commands/kernel/knft-dump/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/knft-list-chains/","title":"Knft list chains","text":""},{"location":"commands/kernel/knft-list-chains/#knft-list-chains","title":"knft-list-chains","text":"usage: knft-list-chains [-h] [--nsid NSID] [table_family] [table_name]\n
Dump netfilter chains form a specific table
"},{"location":"commands/kernel/knft-list-chains/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Netfilter table family (inet, ip, ip6, netdev, bridge, arp) table_name Table name"},{"location":"commands/kernel/knft-list-chains/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-exprs/","title":"Knft list exprs","text":""},{"location":"commands/kernel/knft-list-exprs/#knft-list-exprs","title":"knft-list-exprs","text":"usage: knft-list-exprs [-h] [--nsid NSID]\n [table_family] [table_name] [chain_name] [rule_id]\n
Dump only expressions from specific rule
"},{"location":"commands/kernel/knft-list-exprs/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Table family, eg: inet, ip, ip6, netdev, bridge, arp table_name Table name chain_name Chain name rule_id Rule Handle ID"},{"location":"commands/kernel/knft-list-exprs/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-flowtables/","title":"Knft list flowtables","text":""},{"location":"commands/kernel/knft-list-flowtables/#knft-list-flowtables","title":"knft-list-flowtables","text":"usage: knft-list-flowtables [-h] [--nsid NSID] [table_family] [table_name]\n
Dump netfilter flowtables from a specific table
"},{"location":"commands/kernel/knft-list-flowtables/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Netfilter table family (inet, ip, ip6, netdev, bridge, arp) table_name Table name"},{"location":"commands/kernel/knft-list-flowtables/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-objects/","title":"Knft list objects","text":""},{"location":"commands/kernel/knft-list-objects/#knft-list-objects","title":"knft-list-objects","text":"usage: knft-list-objects [-h] [--nsid NSID] [table_family] [table_name]\n
Dump netfilter objects from a specific table
"},{"location":"commands/kernel/knft-list-objects/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Table family, eg: inet, ip, ip6, netdev, bridge, arp table_name Table name"},{"location":"commands/kernel/knft-list-objects/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-rules/","title":"Knft list rules","text":""},{"location":"commands/kernel/knft-list-rules/#knft-list-rules","title":"knft-list-rules","text":"usage: knft-list-rules [-h] [--nsid NSID]\n [table_family] [table_name] [chain_name]\n
Dump netfilter rules form a specific chain
"},{"location":"commands/kernel/knft-list-rules/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Table family, eg: inet, ip, ip6, netdev, bridge, arp table_name Table name chain_name Chain name"},{"location":"commands/kernel/knft-list-rules/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-sets/","title":"Knft list sets","text":""},{"location":"commands/kernel/knft-list-sets/#knft-list-sets","title":"knft-list-sets","text":"usage: knft-list-sets [-h] [--nsid NSID] [table_family] [table_name]\n
Dump netfilter sets from a specific table
"},{"location":"commands/kernel/knft-list-sets/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Table family, eg: inet, ip, ip6, netdev, bridge, arp table_name Table name"},{"location":"commands/kernel/knft-list-sets/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-tables/","title":"Knft list tables","text":""},{"location":"commands/kernel/knft-list-tables/#knft-list-tables","title":"knft-list-tables","text":"usage: knft-list-tables [-h] [--nsid NSID]\n
Dump netfliter tables from a specific network namespace
"},{"location":"commands/kernel/knft-list-tables/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/kversion/","title":"Kversion","text":""},{"location":"commands/kernel/kversion/#kversion","title":"kversion","text":"usage: kversion [-h]\n
Outputs the kernel version (/proc/version).
"},{"location":"commands/kernel/kversion/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/msr/","title":"Msr","text":""},{"location":"commands/kernel/msr/#msr","title":"msr","text":"usage: msr [-h] [-w [write_value]] [-l] [-r [MSR_RANGE]] [msr]\n
Read or write to Model Specific Register (MSR)
"},{"location":"commands/kernel/msr/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help msr MSR value or name"},{"location":"commands/kernel/msr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -w --write value to write in MSR -l --list list common MSRs for the current arch -r --range dash separated range of MSRs to read (eg. --range=1-10 where 10 is included)"},{"location":"commands/kernel/p2v/","title":"P2v","text":""},{"location":"commands/kernel/p2v/#p2v","title":"p2v","text":"usage: p2v [-h] paddr\n
Translate physical address to its corresponding virtual address.
"},{"location":"commands/kernel/p2v/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help paddr"},{"location":"commands/kernel/p2v/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/pagewalk/","title":"Pagewalk","text":""},{"location":"commands/kernel/pagewalk/#pagewalk","title":"pagewalk","text":"usage: pagewalk [-h] [--pgd ENTRY] vaddr\n
Performs pagewalk.
"},{"location":"commands/kernel/pagewalk/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help vaddr virtual address to walk"},{"location":"commands/kernel/pagewalk/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --pgd"},{"location":"commands/kernel/slab/","title":"Slab","text":""},{"location":"commands/kernel/slab/#slab","title":"slab","text":"usage: slab [-h] {list,info,contains} ...\n
Prints information about the linux kernel's slab allocator SLUB.
"},{"location":"commands/kernel/slab/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help command"},{"location":"commands/kernel/slab/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/v2p/","title":"V2p","text":""},{"location":"commands/kernel/v2p/#v2p","title":"v2p","text":"usage: v2p [-h] vaddr\n
Translate virtual address to its corresponding physical address.
"},{"location":"commands/kernel/v2p/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help vaddr"},{"location":"commands/kernel/v2p/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/argc/","title":"Argc","text":""},{"location":"commands/linux_libc_elf/argc/#argc","title":"argc","text":"usage: argc [-h]\n
Prints out the number of arguments.
"},{"location":"commands/linux_libc_elf/argc/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/argv/","title":"Argv","text":""},{"location":"commands/linux_libc_elf/argv/#argv","title":"argv","text":"usage: argv [-h] [i]\n
Prints out the contents of argv.
"},{"location":"commands/linux_libc_elf/argv/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help i Index of the argument to print out."},{"location":"commands/linux_libc_elf/argv/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/aslr/","title":"Aslr","text":""},{"location":"commands/linux_libc_elf/aslr/#aslr","title":"aslr","text":"usage: aslr [-h] [{on,off}]\n
Check the current ASLR status, or turn it on/off.
Does not take effect until the program is restarted.
"},{"location":"commands/linux_libc_elf/aslr/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help state Turn ASLR on or off (takes effect when target is started)"},{"location":"commands/linux_libc_elf/aslr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/auxv-explore/","title":"Auxv explore","text":""},{"location":"commands/linux_libc_elf/auxv-explore/#auxv-explore","title":"auxv-explore","text":"usage: auxv-explore [-h]\n
Explore and print information from the Auxiliary ELF Vector.
"},{"location":"commands/linux_libc_elf/auxv-explore/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/auxv/","title":"Auxv","text":""},{"location":"commands/linux_libc_elf/auxv/#auxv","title":"auxv","text":"usage: auxv [-h]\n
Print information from the Auxiliary ELF Vector.
"},{"location":"commands/linux_libc_elf/auxv/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/elfsections/","title":"Elfsections","text":""},{"location":"commands/linux_libc_elf/elfsections/#elfsections","title":"elfsections","text":"usage: elfsections [-h] [-R]\n
Prints the section mappings contained in the ELF header. If binary not start or use --no-rebase, the section permission based on section flags.
"},{"location":"commands/linux_libc_elf/elfsections/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -R --no-rebase Print the non-rebased section address."},{"location":"commands/linux_libc_elf/elfsections/#examples","title":"Examples","text":"elfsections\nelfsections --no-rebase\n
"},{"location":"commands/linux_libc_elf/envp/","title":"Envp","text":""},{"location":"commands/linux_libc_elf/envp/#envp","title":"envp","text":"usage: envp [-h] [name]\n
Prints out the contents of the environment.
Aliases: env, environ
"},{"location":"commands/linux_libc_elf/envp/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help name Name of the environment variable to see."},{"location":"commands/linux_libc_elf/envp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/errno/","title":"Errno","text":""},{"location":"commands/linux_libc_elf/errno/#errno","title":"errno","text":"usage: errno [-h] [err]\n
Converts errno (or argument) to its string representation.
"},{"location":"commands/linux_libc_elf/errno/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help err Errno; if not passed, it is retrieved from __errno_location"},{"location":"commands/linux_libc_elf/errno/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/got/","title":"Got","text":""},{"location":"commands/linux_libc_elf/got/#got","title":"got","text":"(only in GDB)
usage: got [-h] [-p PATH_FILTER | -a] [-r] [symbol_filter]\n
Show the state of the Global Offset Table.
"},{"location":"commands/linux_libc_elf/got/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help symbol_filter Filter results by symbol name. (default: '')"},{"location":"commands/linux_libc_elf/got/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -p --path Filter results by library/objfile path. (default: '') -a --all Process all libs/obfjiles including the target executable. -r --show-readonly Also display read-only entries (which are filtered out by default)."},{"location":"commands/linux_libc_elf/got/#examples","title":"Examples","text":"> got\n Print all writable GOT entries in the executable.\n> got -r puts\n Print all GOT entries that contain the string \"puts\".\n> got -p libc\n Print all writable GOT entries used by libc. (And any other loaded\n object files that contain the string \"libc\" in their path).\n> got -ra\n Print all GOT entries in the address space.\n
"},{"location":"commands/linux_libc_elf/gotplt/","title":"Gotplt","text":""},{"location":"commands/linux_libc_elf/gotplt/#gotplt","title":"gotplt","text":"usage: gotplt [-h]\n
Prints any symbols found in the .got.plt section if it exists.
"},{"location":"commands/linux_libc_elf/gotplt/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/libcinfo/","title":"Libcinfo","text":""},{"location":"commands/linux_libc_elf/libcinfo/#libcinfo","title":"libcinfo","text":"usage: libcinfo [-h]\n
Show libc version and link to its sources
"},{"location":"commands/linux_libc_elf/libcinfo/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/linkmap/","title":"Linkmap","text":""},{"location":"commands/linux_libc_elf/linkmap/#linkmap","title":"linkmap","text":"usage: linkmap [-h]\n
Show the state of the Link Map
"},{"location":"commands/linux_libc_elf/linkmap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/onegadget/","title":"Onegadget","text":""},{"location":"commands/linux_libc_elf/onegadget/#onegadget","title":"onegadget","text":"usage: onegadget [-h] [--show-unsat] [--no-unknown] [-v]\n
Find gadgets which single-handedly give code execution.
Uses the onegadget tool by david942j.
"},{"location":"commands/linux_libc_elf/onegadget/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --show-unsat Show unsatisfiable gadgets. --no-unknown Do not show unknown gadgets. -v --verbose Show verbose output."},{"location":"commands/linux_libc_elf/piebase/","title":"Piebase","text":""},{"location":"commands/linux_libc_elf/piebase/#piebase","title":"piebase","text":"usage: piebase [-h] [offset] [module]\n
Calculate VA of RVA from PIE base.
"},{"location":"commands/linux_libc_elf/piebase/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help offset Offset from PIE base. (default: 0) module Module to choose as base. Defaults to the target executable. (default: '')"},{"location":"commands/linux_libc_elf/piebase/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/plt/","title":"Plt","text":""},{"location":"commands/linux_libc_elf/plt/#plt","title":"plt","text":"usage: plt [-h]\n
Prints any symbols found in Procedure Linkage Table sections if any exist.
"},{"location":"commands/linux_libc_elf/plt/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/strings/","title":"Strings","text":""},{"location":"commands/linux_libc_elf/strings/#strings","title":"strings","text":"usage: strings [-h] [-n N] [--save-as SAVE_AS] [page_names ...]\n
Extracts and displays ASCII strings from readable memory pages of the debugged process.
"},{"location":"commands/linux_libc_elf/strings/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help page_names Mapping to search [e.g. libc]. Can be used with multiple mappings [e.g libc heap stack] (default: '[]')"},{"location":"commands/linux_libc_elf/strings/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n Minimum length of ASCII strings to include (default: 4) --save-as Sets the filename for the output of this command [e.g. --save-as='out.txt']"},{"location":"commands/linux_libc_elf/threads/","title":"Threads","text":""},{"location":"commands/linux_libc_elf/threads/#threads","title":"threads","text":"usage: threads [-h] [-c] [num_threads]\n
List all threads belonging to the selected inferior.
"},{"location":"commands/linux_libc_elf/threads/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help num_threads Number of threads to display. Omit to display all threads."},{"location":"commands/linux_libc_elf/threads/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -c --config Respect context-max-threads config to limit number of threads displayed."},{"location":"commands/linux_libc_elf/tls/","title":"Tls","text":""},{"location":"commands/linux_libc_elf/tls/#tls","title":"tls","text":"usage: tls [-h] [-p] [-a]\n
Print out base address of the current Thread Local Storage (TLS).
"},{"location":"commands/linux_libc_elf/tls/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -p --pthread-self Try to get the address of TLS by calling pthread_self(). -a --all Do not truncate the dump output."},{"location":"commands/linux_libc_elf/track-got/","title":"Track got","text":""},{"location":"commands/linux_libc_elf/track-got/#track-got","title":"track-got","text":"(only in GDB)
usage: track-got [-h] {enable,disable,info,query} ...\n
Controls GOT tracking
"},{"location":"commands/linux_libc_elf/track-got/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/track-heap/","title":"Track heap","text":""},{"location":"commands/linux_libc_elf/track-heap/#track-heap","title":"track-heap","text":"(only in GDB)
usage: track-heap [-h] {enable,disable,toggle-break} ...\n
Manages the heap tracker.
The heap tracker is a module that tracks usage of the GLibc heap and looks for user errors such as double frees and use after frees.
Currently, the following errors can be detected: - Use After Free
"},{"location":"commands/linux_libc_elf/track-heap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/distance/","title":"Distance","text":""},{"location":"commands/memory/distance/#distance","title":"distance","text":"usage: distance [-h] a [b]\n
Print the distance between the two arguments, or print the offset to the address's page base.
"},{"location":"commands/memory/distance/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help a The first address. b The second address."},{"location":"commands/memory/distance/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/dump-register-frame/","title":"Dump register frame","text":""},{"location":"commands/memory/dump-register-frame/#dump-register-frame","title":"dump-register-frame","text":"usage: dump-register-frame [-h] [-p]\n {armcm-exception,armcm-exception2} [address]\n
Display the registers saved to memory for a certain frame type
"},{"location":"commands/memory/dump-register-frame/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help frame_type The type of frame to print address The address to read the frame from"},{"location":"commands/memory/dump-register-frame/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -p --print Show addresses of frame values"},{"location":"commands/memory/gdt/","title":"Gdt","text":""},{"location":"commands/memory/gdt/#gdt","title":"gdt","text":"usage: gdt [-h] address [count]\n
Decode X86-64 GDT entries at address
See also:
- https://wiki.osdev.org/Global_Descriptor_Table
- https://wiki.osdev.org/GDT_Tutorial
"},{"location":"commands/memory/gdt/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address x86-64 GDTR base address (e.g. read from sgdt instruction from [16:79] bits) count Number of entries to dump (should be (GDTR.size+1)/8) (default: 8)"},{"location":"commands/memory/gdt/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/gdt/#notes","title":"Notes","text":"In 64-bit mode, the Base and Limit values are ignored, each descriptor covers the entire linear address space regardless of what they are set to.
"},{"location":"commands/memory/go-dump/","title":"Go dump","text":""},{"location":"commands/memory/go-dump/#go-dump","title":"go-dump","text":"usage: go-dump [-h] [-x] [-f [DECIMALS]] [-d] [-p] ty address\n
Dumps a Go value of a given type at a specified address.
Alias: god
"},{"location":"commands/memory/go-dump/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help ty Go type of value to dump, e.g. map[int]string, or the address of a type to resolve at runtime, e.g. 0x408860 address Address to dump"},{"location":"commands/memory/go-dump/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -x --hex Display non-pointer integers as hex -f --decimals Configures the number of decimal places to display for floating points -d --debug Shows debug info, like addresses for slice/map elements, slice capacity, etc. -p --pretty Enables pretty printing"},{"location":"commands/memory/go-type/","title":"Go type","text":""},{"location":"commands/memory/go-type/#go-type","title":"go-type","text":"usage: go-type [-h] address\n
Dumps a Go runtime reflection type at a specified address.
Alias: goty
"},{"location":"commands/memory/go-type/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address to dump"},{"location":"commands/memory/go-type/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/hexdump/","title":"Hexdump","text":""},{"location":"commands/memory/hexdump/#hexdump","title":"hexdump","text":"usage: hexdump [-h] [address] [count]\n
Hexdumps data at the specified address or module name.
"},{"location":"commands/memory/hexdump/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address or module name to dump (default: $sp) count Number of bytes to dump (default: 64)"},{"location":"commands/memory/hexdump/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/leakfind/","title":"Leakfind","text":""},{"location":"commands/memory/leakfind/#leakfind","title":"leakfind","text":"usage: leakfind [-h] [-p [PAGE_NAME]] [-o [MAX_OFFSET]] [-d [MAX_DEPTH]]\n [-s [STEP]] [--negative_offset [NEGATIVE_OFFSET]]\n [address]\n
Attempt to find a leak chain given a starting address.
Scans memory near the given address, looks for pointers, and continues that process to attempt to find leaks.
"},{"location":"commands/memory/leakfind/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Starting address to find a leak chain from (default: $sp)"},{"location":"commands/memory/leakfind/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -p --page_name Substring required to be part of the name of any found pages -o --max_offset Max offset to add to addresses when looking for leak (default: 72) -d --max_depth Maximum depth to follow pointers to (default: 4) -s --step Step to add between pointers so they are considered. For example, if this is 4 it would only consider pointers at an offset divisible by 4 from the starting pointer (default: 1) --negative_offset Max negative offset to search before an address when looking for a leak (default: 0)"},{"location":"commands/memory/leakfind/#examples","title":"Examples","text":"pwndbg> leakfind $rsp --page_name=filename --max_offset=0x48 --max_depth=6.\nThis would look for any chains of leaks that point to a section in filename\nwhich begin near $rsp, are never 0x48 bytes further from a known pointer,\nand are a maximum length of 6.\n
"},{"location":"commands/memory/memfrob/","title":"Memfrob","text":""},{"location":"commands/memory/memfrob/#memfrob","title":"memfrob","text":"usage: memfrob [-h] address count\n
Memfrobs a region of memory (xor with '*').
"},{"location":"commands/memory/memfrob/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to start xoring at. count The number of bytes to xor."},{"location":"commands/memory/memfrob/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/mmap/","title":"Mmap","text":""},{"location":"commands/memory/mmap/#mmap","title":"mmap","text":"usage: mmap [-h] [--quiet] [--force] addr length [prot] [flags] [fd] [offset]\n
Calls the mmap syscall and prints its resulting address.
Note that the mmap syscall may fail for various reasons (see man mmap) and, in case of failure, its return value will not be a valid pointer.
PROT values: NONE (0), READ (1), WRITE (2), EXEC (4)
MAP values: SHARED (1), PRIVATE (2), SHARED_VALIDATE (3), FIXED (0x10), ANONYMOUS (0x20)
Flags and protection values can be either a string containing the names of the flags or permissions or a single number corresponding to the bitwise OR of the protection and flag numbers.
"},{"location":"commands/memory/mmap/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address hint to be given to mmap. length Length of the mapping, in bytes. Needs to be greater than zero. prot Prot enum or int as in mmap(2). Eg. \"PROT_READ|PROT_EXEC\" or 7 (for RWX). (default: '7') flags Flags enum or int as in mmap(2). Eg. \"MAP_PRIVATE|MAP_ANONYMOUS\" or 0x22. (default: '0x22') fd File descriptor of the file to be mapped, or -1 if using MAP_ANONYMOUS. (default: -1) offset Offset from the start of the file, in bytes, if using file based mapping. (default: 0)"},{"location":"commands/memory/mmap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -q --quiet Disable address validity warnings and hints -f --force Force potentially unsafe actions to happen"},{"location":"commands/memory/mmap/#examples","title":"Examples","text":"mmap 0x0 4096 PROT_READ|PROT_WRITE|PROT_EXEC MAP_PRIVATE|MAP_ANONYMOUS -1 0\n - Maps a new private+anonymous page with RWX permissions at a location\n decided by the kernel.\n\nmmap 0x0 4096 PROT_READ MAP_PRIVATE 10 0\n - Maps 4096 bytes of the file pointed to by file descriptor number 10 with\n read permission at a location decided by the kernel.\n\nmmap 0xdeadbeef 0x1000\n - Maps a new private+anonymous page with RWX permissions at a page boundary\n near 0xdeadbeef.\n
"},{"location":"commands/memory/mprotect/","title":"Mprotect","text":""},{"location":"commands/memory/mprotect/#mprotect","title":"mprotect","text":"usage: mprotect [-h] addr length prot\n
Calls the mprotect syscall and prints its result value.
Note that the mprotect syscall may fail for various reasons (see man mprotect) and a non-zero error return value can be decoded with the errno <value> command.
"},{"location":"commands/memory/mprotect/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Page-aligned address to all mprotect on. length Count of bytes to call mprotect on. Needs to be multiple of page size. prot Prot string as in mprotect(2). Eg. \"PROT_READ|PROT_EXEC\", \"rx\", or \"5\""},{"location":"commands/memory/mprotect/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/mprotect/#examples","title":"Examples","text":"mprotect $rsp 4096 PROT_READ|PROT_WRITE|PROT_EXEC\nmprotect $rsp 4096 rwx\nmprotect $rsp 4096 7\nmprotect some_symbol 0x1000 PROT_NONE\n
"},{"location":"commands/memory/p2p/","title":"P2p","text":""},{"location":"commands/memory/p2p/#p2p","title":"p2p","text":"usage: p2p [-h] mapping_names [mapping_names ...]\n
Pointer to pointer chain search. Searches given mapping for all pointers that point to specified mapping.
Any chain length greater than 0 is valid. If only one mapping is given it just looks for any pointers in that mapping.
"},{"location":"commands/memory/p2p/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help mapping_names Mapping name"},{"location":"commands/memory/p2p/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/probeleak/","title":"Probeleak","text":""},{"location":"commands/memory/probeleak/#probeleak","title":"probeleak","text":"usage: probeleak [-h] [--max-distance MAX_DISTANCE] [--point-to POINT_TO]\n [--max-ptrs MAX_PTRS] [--flags FLAGS]\n [address] [count]\n
Pointer scan for possible offset leaks.
"},{"location":"commands/memory/probeleak/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Leak memory address (default: $sp) count Leak size in bytes (default: 64)"},{"location":"commands/memory/probeleak/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --max-distance Max acceptable distance between memory page boundary and leaked pointer (default: 0) --point-to Mapping name of the page that you want the pointers point to --max-ptrs Stop search after find n pointers, default 0 (default: 0) --flags flags of the page that you want the pointers point to. [e.g. rwx]"},{"location":"commands/memory/probeleak/#examples","title":"Examples","text":"> probeleak $rsp 0x64\nLeaks 0x64 bytes starting at stack pointer and search for valid pointers.\n> probeleak $rsp 0x64 --max-dist 0x10\nAs above, but pointers may point 0x10 bytes outside of memory page.\n> probeleak $rsp 0x64 --point-to libc --max-ptrs 1 --flags rwx\nLeaks 0x64 bytes starting at stack pointer and search for one valid pointer\nwhich points to a libc rwx page.\n
"},{"location":"commands/memory/search/","title":"Search","text":""},{"location":"commands/memory/search/#search","title":"search","text":"usage: search [-h] [-t {byte,short,word,dword,qword,pointer,string,bytes,asm}]\n [-1] [-2] [-4] [-8] [-p] [--asm]\n [--arch {powerpc64,aarch64,powerpc,riscv32,riscv64,sparc64,mips64,msp430,alpha,amd64,sparc,thumb,cris,i386,ia64,m68k,mips,s390,none,avr,arm,vax}]\n [--asmbp] [-x] [-e] [-w] [-s STEP] [-l LIMIT] [-a ALIGNED]\n [--save] [--no-save] [-n] [--trunc-out]\n value [mapping_name]\n
Search memory for byte sequences, strings, pointers, and integer values.
By default search results are cached. If you want to cache all results, but only print a subset, use --trunc-out. If you want to cache only a subset of results, and print the results immediately, use --limit. The latter is specially useful if you're searching a huge section of memory.
"},{"location":"commands/memory/search/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help value Value to search for mapping_name Mapping to search [e.g. libc]"},{"location":"commands/memory/search/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -t --type Size of search target (default: 'bytes') -1 --byte Search for a 1-byte integer -2 --short Search for a 2-byte integer -4 --dword Search for a 4-byte integer -8 --qword Search for an 8-byte integer -p --pointer Search for a pointer-width integer --asm Search for an assembly instruction --arch Target architecture --asmbp Set breakpoint for found assembly instruction -x --hex Target is a hex-encoded (for bytes/strings) -e --executable Search executable segments only -w --writable Search writable segments only -s --step Step search address forward to next alignment after each hit (ex: 0x1000) -l --limit Max results before quitting the search. Differs from --trunc-out in that it will not save all search results before quitting -a --aligned Result must be aligned to this byte boundary --save Save results for further searches with --next. Default comes from config 'auto-save-search' --no-save Invert --save -n --next Search only locations returned by previous search with --save --trunc-out Truncate the output to 20 results. Differs from --limit in that it will first save all search results"},{"location":"commands/memory/telescope/","title":"Telescope","text":""},{"location":"commands/memory/telescope/#telescope","title":"telescope","text":"usage: telescope [-h] [-r] [-f] [-i] [address] [count]\n
Recursively dereferences pointers starting at the specified address.
"},{"location":"commands/memory/telescope/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to telescope at. (default: $sp) count The number of lines to show. (default: 8)"},{"location":"commands/memory/telescope/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -r --reverse Show previous addresses instead of next ones -f --frame Show the stack frame, from rsp to rbp -i --inverse Show the stack reverse growth"},{"location":"commands/memory/vmmap-add/","title":"Vmmap add","text":""},{"location":"commands/memory/vmmap-add/#vmmap-add","title":"vmmap-add","text":"usage: vmmap-add [-h] start size [flags] [offset]\n
Add virtual memory map page.
"},{"location":"commands/memory/vmmap-add/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help start Starting virtual address size Size of the address space, in bytes flags Flags set by the ELF file (r - read, w - write, x - executable) (default: '') offset Offset into the original ELF file that the data is loaded from (default: 0)"},{"location":"commands/memory/vmmap-add/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/vmmap-clear/","title":"Vmmap clear","text":""},{"location":"commands/memory/vmmap-clear/#vmmap-clear","title":"vmmap-clear","text":"usage: vmmap-clear [-h]\n
Clear the vmmap cache.
"},{"location":"commands/memory/vmmap-clear/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/vmmap-explore/","title":"Vmmap explore","text":""},{"location":"commands/memory/vmmap-explore/#vmmap-explore","title":"vmmap-explore","text":"usage: vmmap-explore [-h] address\n
Explore a page, trying to guess permissions.
"},{"location":"commands/memory/vmmap-explore/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address of the page to explore"},{"location":"commands/memory/vmmap-explore/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/vmmap/","title":"Vmmap","text":""},{"location":"commands/memory/vmmap/#vmmap","title":"vmmap","text":"usage: vmmap [-h] [-w] [-x] [-A LINES_AFTER] [-B LINES_BEFORE] [-C CONTEXT]\n [--gaps]\n [gdbval_or_str]\n
Print virtual memory map pages.
Unnamed mappings are named as [anon_%#x] where %#x is high part of their start address. This is useful for filtering with vmmap or search commands.
Known issues with vmmap: For QEMU user targets, the QEMU's gdbstub does not provide memory maps information to GDB until [0] is finished & merged. We try to deal with it without parsing the QEMU process' /proc/$pid/maps file, but if our approach fails, we simply create a [0, 0xffff...] vmmap which is not great and may result in lack of proper colors or inability to search memory with the search command.
For QEMU kernel, we use gdb-pt-dump that parses page tables from the guest by reading /proc/$pid/mem of QEMU process. If this does not work for you, use set kernel-vmmap-via-page-tables off to refer to our old method of reading vmmap info from monitor info mem command exposed by QEMU. Note that the latter may be slower and will not give full vmmaps permission information.
For coredump debugging, GDB also lacks all vmmap info but we do our best to get it back by using the info proc mappings and maintenance info sections commands.
As a last resort, we sometimes try to explore the addresses in CPU registers and if they are readable by GDB, we determine their bounds and create an \"\" vmmap. However, this method is slow and is not used on each GDB stop.
Memory pages can also be added manually with the use of vmmap-add, vmmap-clear and vmmap-load commands. This may be useful for bare metal debugging.
[0] https://lore.kernel.org/all/20220221030910.3203063-1-dominik.b.czarnota@gmail.com/
Aliases: lm, address, vprot, libs
"},{"location":"commands/memory/vmmap/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help gdbval_or_str Address or module name filter"},{"location":"commands/memory/vmmap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -w --writable Display writable maps only -x --executable Display executable maps only -A --lines-after Number of pages to display after result (default: 1) -B --lines-before Number of pages to display before result (default: 1) -C --context Number of pages to display around the result --gaps Display unmapped memory gap information in the memory map."},{"location":"commands/memory/xinfo/","title":"Xinfo","text":""},{"location":"commands/memory/xinfo/#xinfo","title":"xinfo","text":"usage: xinfo [-h] [address]\n
Shows offsets of the specified address from various useful locations.
"},{"location":"commands/memory/xinfo/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address to inspect (default: $pc)"},{"location":"commands/memory/xinfo/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/xor/","title":"Xor","text":""},{"location":"commands/memory/xor/#xor","title":"xor","text":"usage: xor [-h] address key count\n
XOR count bytes at address with the key key.
"},{"location":"commands/memory/xor/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to start xoring at. key The key to use. count The number of bytes to xor."},{"location":"commands/memory/xor/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/asm/","title":"Asm","text":""},{"location":"commands/misc/asm/#asm","title":"asm","text":"usage: asm [-h] [-f {hex,string}]\n [--arch {powerpc64,aarch64,powerpc,riscv32,riscv64,sparc64,mips64,msp430,alpha,amd64,sparc,thumb,cris,i386,ia64,m68k,mips,s390,none,avr,arm,vax}]\n [-v AVOID] [-n] [-z] [-i INFILE]\n [shellcode ...]\n
Assemble shellcode into bytes
"},{"location":"commands/misc/asm/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help shellcode Assembler code to assemble (default: '[]')"},{"location":"commands/misc/asm/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -f --format Output format (default: 'hex') --arch Target architecture -v --avoid Encode the shellcode to avoid the listed bytes (provided as hex) -n --newline Encode the shellcode to avoid newlines -z --zero Encode the shellcode to avoid NULL bytes -i --infile Specify input file"},{"location":"commands/misc/checksec/","title":"Checksec","text":""},{"location":"commands/misc/checksec/#checksec","title":"checksec","text":"usage: checksec [-h] [-f FILE]\n
Prints out the binary security settings using checksec.
"},{"location":"commands/misc/checksec/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -f --file Specify the file to run checksec on."},{"location":"commands/misc/checksec/#examples","title":"Examples","text":"pwndbg> checksec\nFile: /usr/bin/bash\nArch: amd64\nRELRO: Full RELRO\nStack: Canary found\nNX: NX enabled\nPIE: PIE enabled\nSHSTK: Enabled\nIBT: Enabled\n
"},{"location":"commands/misc/comm/","title":"Comm","text":""},{"location":"commands/misc/comm/#comm","title":"comm","text":"usage: comm [-h] [--addr address] comment\n
Put comments in assembly code.
"},{"location":"commands/misc/comm/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help comment The text you want to comment"},{"location":"commands/misc/comm/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --addr Address to write comments"},{"location":"commands/misc/cyclic/","title":"Cyclic","text":""},{"location":"commands/misc/cyclic/#cyclic","title":"cyclic","text":"usage: cyclic [-h] [-a charset] [-n length] [-l lookup_value]\n [count] [filename]\n
Cyclic pattern creator/finder.
"},{"location":"commands/misc/cyclic/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count Number of characters to print from the sequence (default: print the entire sequence) (default: 100) filename Name (path) of the file to save the cyclic pattern to"},{"location":"commands/misc/cyclic/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --alphabet The alphabet to use in the cyclic pattern (default: abcdefghijklmnopqrstuvwxyz) -n --length Size of the unique subsequences (defaults to the pointer size for the current arch) -o --lookup Do a lookup instead of printing the sequence (accepts constant values as well as expressions)"},{"location":"commands/misc/cymbol/","title":"Cymbol","text":""},{"location":"commands/misc/cymbol/#cymbol","title":"cymbol","text":"(only in GDB)
usage: cymbol [-h] [-a name] [-f filepath] [-r name] [-e name] [-l name]\n [-s name]\n
Add, show, load, edit, or delete custom structures in plain C.
"},{"location":"commands/misc/cymbol/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --add Add a new custom structure -f --file Add a new custom structure from header file -r --remove Remove an existing custom structure -e --edit Edit an existing custom structure -l --load Load an existing custom structure -s --show Show the source code of an existing custom structure"},{"location":"commands/misc/down/","title":"Down","text":""},{"location":"commands/misc/down/#down","title":"down","text":"(only in GDB)
usage: down [-h] [n]\n
Select and print stack frame called by this one.
Aliases: do, dow
"},{"location":"commands/misc/down/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help n The number of stack frames to go down. (default: 1)"},{"location":"commands/misc/down/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/dt/","title":"Dt","text":""},{"location":"commands/misc/dt/#dt","title":"dt","text":"usage: dt [-h] typename [address]\n
Dump out information on a type (e.g. ucontext_t).
Optionally overlay that information at an address.
"},{"location":"commands/misc/dt/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help typename The name of the structure being dumped. Use quotes if the type contains spaces (e.g. \"struct malloc_state\"). address The address of the structure."},{"location":"commands/misc/dt/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/dumpargs/","title":"Dumpargs","text":""},{"location":"commands/misc/dumpargs/#dumpargs","title":"dumpargs","text":"usage: dumpargs [-h] [-f]\n
Prints determined arguments for call/syscall instruction.
Alias: args
"},{"location":"commands/misc/dumpargs/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -f --force Force displaying of all arguments."},{"location":"commands/misc/getfile/","title":"Getfile","text":""},{"location":"commands/misc/getfile/#getfile","title":"getfile","text":"(only in GDB)
usage: getfile [-h]\n
Gets the current file.
"},{"location":"commands/misc/getfile/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/hex2ptr/","title":"Hex2ptr","text":""},{"location":"commands/misc/hex2ptr/#hex2ptr","title":"hex2ptr","text":"usage: hex2ptr [-h] hex_string\n
Converts a space-separated hex string to a little-endian address.
"},{"location":"commands/misc/hex2ptr/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help hex_string Hexadecimal string to convert (e.g., '00 70 75 c1 cd ef 59 00')."},{"location":"commands/misc/hex2ptr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/hijack-fd/","title":"Hijack fd","text":""},{"location":"commands/misc/hijack-fd/#hijack-fd","title":"hijack-fd","text":"usage: hijack-fd [-h] fdnum newfile\n
Replace a file descriptor of a debugged process.
The new file descriptor can point to:
- a file
- a pipe
- a socket
- a device, etc.
"},{"location":"commands/misc/hijack-fd/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help fdnum File descriptor (FD) number to be replaced with the specified new socket or file. newfile Specify a file or a socket. For files, the filename must start with / (e.g., /etc/passwd). For sockets, the following formats are allowed: - 127.0.0.1:80 (default is TCP) - tcp://[::1]:80 - udp://example.com:80 - tcp+ipv6://example.com:80"},{"location":"commands/misc/hijack-fd/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/hijack-fd/#examples","title":"Examples","text":"1. Redirect STDOUT to a file:\n `hijack-fd 1 /dev/null`\n\n2. Redirect STDERR to a socket:\n `hijack-fd 2 tcp://localhost:8888`\n
"},{"location":"commands/misc/ipi/","title":"Ipi","text":""},{"location":"commands/misc/ipi/#ipi","title":"ipi","text":"(only in GDB)
usage: ipi [-h]\n
Start an interactive IPython prompt.
"},{"location":"commands/misc/ipi/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/patch-list/","title":"Patch list","text":""},{"location":"commands/misc/patch-list/#patch-list","title":"patch-list","text":"usage: patch-list [-h]\n
List all patches.
"},{"location":"commands/misc/patch-list/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/patch-revert/","title":"Patch revert","text":""},{"location":"commands/misc/patch-revert/#patch-revert","title":"patch-revert","text":"usage: patch-revert [-h] address\n
Revert patch at given address.
"},{"location":"commands/misc/patch-revert/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address to revert patch on"},{"location":"commands/misc/patch-revert/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/patch/","title":"Patch","text":""},{"location":"commands/misc/patch/#patch","title":"patch","text":"usage: patch [-h] [-q] address ins\n
Patches given instruction with given code or bytes.
"},{"location":"commands/misc/patch/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to patch ins instruction[s]"},{"location":"commands/misc/patch/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -q --quiet don't print anything"},{"location":"commands/misc/plist/","title":"Plist","text":""},{"location":"commands/misc/plist/#plist","title":"plist","text":"usage: plist [-h] [-s SENTINEL] [-i INNER_NAME] [-f FIELD_NAME] [-o OFFSET]\n [-c COUNT]\n path next\n
Dumps the elements of a linked list.
This command traverses the linked list beginning at a given element, dumping its contents and the contents of all the elements that come after it in the list. Traversal is configurable and can handle multiple types of linked lists, but will always stop when a cycle is detected.
The path to the first element can be any GDB expression that evaluates to either the first element directly, or a to pointer to it. The next element is the name of the field containing the next pointer, in either the structure itself or in the structure given by --inner.
An address value may be given with --sentinel that signals the end of the list. By default, the value used is NULL (0).
If only one field inside each node is desired, it can be printed exclusively by specifying its name with --field.
This command supports traversing three types of linked lists, classified by how the next pointer can be found in the structure and what type it is: 1 - Next pointer is field of structure, type is the same as structure. 2 - Next pointer is field of inner nested structure, pointed to type is the same as outer structure. 3 - Next pointer is field of inner nested structure, pointed to type is the same as inner structure. Types 2 and 3 require --inner to be specified.
Example 1:
struct node {\n int value;\n struct node *next;\n};\nstruct node node_c = { 2, NULL };\nstruct node node_b = { 1, &node_c };\nstruct node node_a = { 0, &node_b };\n
pwndbg> plist node_a next 0x4000011050 : { value = 0, next = 0x4000011040 } 0x4000011040 : { value = 1, next = 0x4000011010 } 0x4000011010 : { value = 2, next = 0x0 }
Example 2:
struct node_inner_a {\n struct node_inner_a *next;\n};\nstruct inner_a_node {\n int value;\n struct node_inner_a inner;\n};\nstruct inner_a_node inner_a_node_c = { 2, { NULL } };\nstruct inner_a_node inner_a_node_b = { 1, { &inner_a_node_c.inner } };\nstruct inner_a_node inner_a_node_a = { 0, { &inner_a_node_b.inner } };\n
pwndbg> plist inner_a_node_a -i inner next 0x4000011070 : { value = 0, inner = { next = 0x4000011068 } } 0x4000011060 : { value = 1, inner = { next = 0x4000011028 } } 0x4000011020 : { value = 2, inner = { next = 0x0 } }
Example 3:
struct inner_b_node;\nstruct node_inner_b {\n struct inner_b_node *next;\n};\nstruct inner_b_node {\n int value;\n struct node_inner_b inner;\n};\nstruct inner_b_node inner_b_node_c = { 2, { NULL } };\nstruct inner_b_node inner_b_node_b = { 1, { &inner_b_node_c } };\nstruct inner_b_node inner_b_node_a = { 0, { &inner_b_node_b } };\n
pwndbg> plist inner_b_node_a -i inner next 0x4000011090 : { value = 0, inner = { next = 0x4000011080 } } 0x4000011080 : { value = 1, inner = { next = 0x4000011030 } } 0x4000011030 : { value = 2, inner = { next = 0x0 } }"},{"location":"commands/misc/plist/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help path The first element of the linked list next The name of the field pointing to the next element in the list"},{"location":"commands/misc/plist/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -s --sentinel The address that stands in for an end of list marker in a non-cyclic list (default: 0) -i --inner The name of the inner nested structure where the next pointer is stored -f --field The name of the field to be displayed, if only one is desired -o --offset The offset of the first list element to display. Defaults to zero. (default: 0) -c --count The number of elements to display. Defaults to the value of dereference-limit."},{"location":"commands/misc/sigreturn/","title":"Sigreturn","text":""},{"location":"commands/misc/sigreturn/#sigreturn","title":"sigreturn","text":"
usage: sigreturn [-h] [-a] [-p] [address]\n
Display the SigreturnFrame at the specific address
"},{"location":"commands/misc/sigreturn/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to read the frame from"},{"location":"commands/misc/sigreturn/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all Show all values in the frame in addition to common registers -p --print Show addresses of frame values"},{"location":"commands/misc/spray/","title":"Spray","text":""},{"location":"commands/misc/spray/#spray","title":"spray","text":"usage: spray [-h] [--value VALUE] [-x] addr [length]\n
Spray memory with cyclic() generated values
"},{"location":"commands/misc/spray/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address to spray length Length of byte sequence, when unspecified sprays until the end of vmmap which address belongs to (default: 0)"},{"location":"commands/misc/spray/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --value Value to spray memory with, when prefixed with '0x' treated as hex string encoded big-endian -x --only-funcptrs Spray only addresses whose values points to executable pages"},{"location":"commands/misc/tips/","title":"Tips","text":""},{"location":"commands/misc/tips/#tips","title":"tips","text":"usage: tips [-h] [-a]\n
Shows tips.
"},{"location":"commands/misc/tips/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all Show all tips."},{"location":"commands/misc/up/","title":"Up","text":""},{"location":"commands/misc/up/#up","title":"up","text":"(only in GDB)
usage: up [-h] [n]\n
Select and print stack frame that called this one.
"},{"location":"commands/misc/up/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help n The number of stack frames to go up. (default: 1)"},{"location":"commands/misc/up/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/valist/","title":"Valist","text":""},{"location":"commands/misc/valist/#valist","title":"valist","text":"usage: valist [-h] addr [count]\n
Dumps the arguments of a va_list.
"},{"location":"commands/misc/valist/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the va_list count Number of arguments to dump (default: 8)"},{"location":"commands/misc/valist/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/vmmap-load/","title":"Vmmap load","text":""},{"location":"commands/misc/vmmap-load/#vmmap-load","title":"vmmap-load","text":"usage: vmmap-load [-h] [filename]\n
Load virtual memory map pages from ELF file.
"},{"location":"commands/misc/vmmap-load/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help filename ELF filename, by default uses current loaded filename."},{"location":"commands/misc/vmmap-load/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/process/killthreads/","title":"Killthreads","text":""},{"location":"commands/process/killthreads/#killthreads","title":"killthreads","text":"(only in GDB)
usage: killthreads [-h] [-a] [thread_ids ...]\n
Kill all or given threads.
Switches to given threads and calls pthread_exit(0) on them. This is performed with scheduler-locking to prevent other threads from operating at the same time.
Killing all other threads may be useful to use GDB checkpoints, e.g., to test given input & restart the execution to the point of interest (checkpoint).
"},{"location":"commands/process/killthreads/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help thread_ids Thread IDs to kill."},{"location":"commands/process/killthreads/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all Kill all threads except the current one."},{"location":"commands/process/pid/","title":"Pid","text":""},{"location":"commands/process/pid/#pid","title":"pid","text":"usage: pid [-h]\n
Gets the pid.
Alias: getpid
"},{"location":"commands/process/pid/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/process/procinfo/","title":"Procinfo","text":""},{"location":"commands/process/procinfo/#procinfo","title":"procinfo","text":"usage: procinfo [-h]\n
Display information about the running process.
"},{"location":"commands/process/procinfo/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/bugreport/","title":"Bugreport","text":""},{"location":"commands/pwndbg/bugreport/#bugreport","title":"bugreport","text":"usage: bugreport [-h] [--run-browser | --use-gh]\n
Generate a bug report.
"},{"location":"commands/pwndbg/bugreport/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -b --run-browser Open browser on github/issues/new -g --use-gh Create issue using Github CLI"},{"location":"commands/pwndbg/config/","title":"Config","text":""},{"location":"commands/pwndbg/config/#config","title":"config","text":"usage: config [-h] [filter_pattern]\n
Shows Pwndbg-specific configuration.
"},{"location":"commands/pwndbg/config/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help filter_pattern Filter to apply to config parameters names/descriptions"},{"location":"commands/pwndbg/config/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/configfile/","title":"Configfile","text":""},{"location":"commands/pwndbg/configfile/#configfile","title":"configfile","text":"(only in GDB)
usage: configfile [-h] [--show-all]\n
Generates a configuration file for the current Pwndbg options.
"},{"location":"commands/pwndbg/configfile/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --show-all Display all configuration options."},{"location":"commands/pwndbg/heap-config/","title":"Heap config","text":""},{"location":"commands/pwndbg/heap-config/#heap-config","title":"heap-config","text":"usage: heap-config [-h] [filter_pattern]\n
Shows heap related configuration.
"},{"location":"commands/pwndbg/heap-config/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help filter_pattern Filter to apply to config parameters names/descriptions"},{"location":"commands/pwndbg/heap-config/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/memoize/","title":"Memoize","text":""},{"location":"commands/pwndbg/memoize/#memoize","title":"memoize","text":"usage: memoize [-h]\n
Toggles memoization (caching).
Useful for diagnosing caching-related bugs. Decreases performance.
"},{"location":"commands/pwndbg/memoize/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/profiler/","title":"Profiler","text":""},{"location":"commands/pwndbg/profiler/#profiler","title":"profiler","text":"usage: profiler [-h] {start,stop} ...\n
Utilities for profiling Pwndbg.
Check out the ./profiling folder for other useful utilities. Use ./profiling/print_stats.py to generate a report from a .pstats file.
"},{"location":"commands/pwndbg/profiler/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help command"},{"location":"commands/pwndbg/profiler/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/pwndbg/","title":"Pwndbg","text":""},{"location":"commands/pwndbg/pwndbg/#pwndbg","title":"pwndbg","text":"usage: pwndbg [-h] [-c CATEGORY_ | --list-categories] [filter_pattern]\n
Prints out a list of all Pwndbg commands.
"},{"location":"commands/pwndbg/pwndbg/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help filter_pattern Filter to apply to commands names/docs"},{"location":"commands/pwndbg/pwndbg/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -c --category Filter commands by category --list-categories List command categories"},{"location":"commands/pwndbg/reinit-pwndbg/","title":"Reinit pwndbg","text":""},{"location":"commands/pwndbg/reinit-pwndbg/#reinit-pwndbg","title":"reinit-pwndbg","text":"(only in GDB)
usage: reinit-pwndbg [-h]\n
Makes Pwndbg reinitialize all state.
"},{"location":"commands/pwndbg/reinit-pwndbg/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/reload/","title":"Reload","text":""},{"location":"commands/pwndbg/reload/#reload","title":"reload","text":"(only in GDB)
usage: reload [-h]\n
Reload Pwndbg.
"},{"location":"commands/pwndbg/reload/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/theme/","title":"Theme","text":""},{"location":"commands/pwndbg/theme/#theme","title":"theme","text":"usage: theme [-h] [filter_pattern]\n
Shows Pwndbg-specific theme configuration.
"},{"location":"commands/pwndbg/theme/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help filter_pattern Filter to apply to theme parameters names/descriptions"},{"location":"commands/pwndbg/theme/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/themefile/","title":"Themefile","text":""},{"location":"commands/pwndbg/themefile/#themefile","title":"themefile","text":"(only in GDB)
usage: themefile [-h] [--show-all]\n
Generates a configuration file for the current Pwndbg theme options.
"},{"location":"commands/pwndbg/themefile/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --show-all Force displaying of all theme options."},{"location":"commands/pwndbg/version/","title":"Version","text":""},{"location":"commands/pwndbg/version/#version","title":"version","text":"(only in GDB)
usage: version [-h]\n
Displays Pwndbg and its important deps versions.
"},{"location":"commands/pwndbg/version/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/register/cpsr/","title":"Cpsr","text":""},{"location":"commands/register/cpsr/#cpsr","title":"cpsr","text":"usage: cpsr [-h] [cpsr_value]\n
Print out ARM CPSR or xPSR register.
Aliases: xpsr, pstate
"},{"location":"commands/register/cpsr/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help cpsr_value Parse the given CPSR value instead of the actual one."},{"location":"commands/register/cpsr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/register/fsbase/","title":"Fsbase","text":""},{"location":"commands/register/fsbase/#fsbase","title":"fsbase","text":"(only in GDB)
usage: fsbase [-h]\n
Prints out the FS base address. See also $fsbase.
"},{"location":"commands/register/fsbase/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/register/gsbase/","title":"Gsbase","text":""},{"location":"commands/register/gsbase/#gsbase","title":"gsbase","text":"(only in GDB)
usage: gsbase [-h]\n
Prints out the GS base address. See also $gsbase.
"},{"location":"commands/register/gsbase/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/register/setflag/","title":"Setflag","text":""},{"location":"commands/register/setflag/#setflag","title":"setflag","text":"usage: setflag [-h] flag value\n
Modify the flags register.
Alias: flag
"},{"location":"commands/register/setflag/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help flag Flag for which you want to change the value value Value to which you want to set the flag - only valid options are 0 and 1"},{"location":"commands/register/setflag/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/register/setflag/#examples","title":"Examples","text":"On X86/X64:\n setflag ZF 1 -- set zero flag\n setflag CF 0 -- unset carry flag\n\nOn ARM:\n setflag Z 0 -- unset the Z cpsr/xpsr flag\n\nTo see flags registers:\n info reg eflags -- on x86/x64\n info reg cpsr/xpsr -- on ARM (specific register may vary)\n
"},{"location":"commands/register/setflag/#notes","title":"Notes","text":"This command supports flags registers that are defined for architectures in the pwndbg/regs.py file.
"},{"location":"commands/stack/canary/","title":"Canary","text":""},{"location":"commands/stack/canary/#canary","title":"canary","text":"usage: canary [-h] [-a]\n
Print out the current stack canary.
"},{"location":"commands/stack/canary/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all Print out stack canaries for all threads instead of the current thread only."},{"location":"commands/stack/retaddr/","title":"Retaddr","text":""},{"location":"commands/stack/retaddr/#retaddr","title":"retaddr","text":"usage: retaddr [-h]\n
Print out the stack addresses that contain return addresses.
"},{"location":"commands/stack/retaddr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/stack/stack-explore/","title":"Stack explore","text":""},{"location":"commands/stack/stack-explore/#stack-explore","title":"stack-explore","text":"usage: stack-explore [-h]\n
Explore stack from all threads.
"},{"location":"commands/stack/stack-explore/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/stack/stack/","title":"Stack","text":""},{"location":"commands/stack/stack/#stack","title":"stack","text":"usage: stack [-h] [-f] [-i] [count] [offset]\n
Dereferences on stack data with specified count and offset.
"},{"location":"commands/stack/stack/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count number of element to dump (default: 8) offset Element offset from $sp (support negative offset) (default: 0)"},{"location":"commands/stack/stack/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -f --frame Show the stack frame, from rsp to rbp -i --inverse Show reverse stack growth"},{"location":"commands/stack/stackf/","title":"Stackf","text":""},{"location":"commands/stack/stackf/#stackf","title":"stackf","text":"usage: stackf [-h] [count] [offset]\n
Dereferences on stack data, printing the entire stack frame with specified count and offset .
"},{"location":"commands/stack/stackf/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count number of element to dump (default: 8) offset Element offset from $sp (support negative offset) (default: 0)"},{"location":"commands/stack/stackf/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/start/attachp/","title":"Attachp","text":""},{"location":"commands/start/attachp/#attachp","title":"attachp","text":"(only in GDB)
usage: attachp [-h] [--no-truncate] [--retry] [--user USER] [-e] [-a] [target]\n
Attaches to a given pid, process name, process found with partial argv match or to a device file.
This command wraps the original GDB attach command to add the ability to debug a process with a given name or partial name match. In such cases, the process identifier is fetched via the pidof <name> command first. If no matches are found, then it uses the ps -eo pid,args command to search for partial name matches.
Original GDB attach command help: Attach to a process or file outside of GDB. This command attaches to another target, of the same type as your last \"target\" command (\"info files\" will show your target stack). The command may take as argument a process id or a device file. For a process id, you must have permission to send the process a signal, and it must have the same effective uid as the debugger. When using \"attach\" with a process id, the debugger finds the program running in the process, looking first in the current working directory, or (if not found there) using the source file search path (see the \"directory\" command). You can also use the \"file\" command to specify the program, and to load its symbol table.
"},{"location":"commands/start/attachp/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help target pid, process name, part of cmdline to be matched or device file to attach to (uses current loaded file name if not provided)"},{"location":"commands/start/attachp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --no-truncate dont truncate command args --retry retry until a target is found --user username or uid to filter by -e --exact get the pid only for an exact command name match -a --all get pids also for partial cmdline matches etc"},{"location":"commands/start/entry/","title":"Entry","text":""},{"location":"commands/start/entry/#entry","title":"entry","text":"usage: entry [-h] [args ...]\n
Start the debugged program stopping at its entrypoint address.
Note that the entrypoint may not be the first instruction executed by the program. If you want to stop on the first executed instruction, use the GDB's starti command.
Args may include \"*\", or \"[...]\"; they are expanded using the shell that will start the program (specified by the \"$SHELL\" environment variable). Input and output redirection with \">\", \"<\", or \">>\" are also allowed.
With no arguments, uses arguments last specified (with \"run\" or \"set args\"). To cancel previous arguments and run with no arguments, use \"set args\" without arguments.
To start the inferior without using a shell, use \"set startup-with-shell off\".
"},{"location":"commands/start/entry/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help args The arguments to run the binary with."},{"location":"commands/start/entry/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/start/sstart/","title":"Sstart","text":""},{"location":"commands/start/sstart/#sstart","title":"sstart","text":"(only in GDB)
usage: sstart [-h]\n
Alias for 'tbreak __libc_start_main; run'.
"},{"location":"commands/start/sstart/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/start/start/","title":"Start","text":""},{"location":"commands/start/start/#start","title":"start","text":"(only in GDB)
usage: start [-h] [args ...]\n
Start the debugged program stopping at the first convenient location from this list: main, _main, start, _start, init or _init. You may specify arguments to give it.
Args may include \"*\", or \"[...]\"; they are expanded using the shell that will start the program (specified by the \"$SHELL\" environment variable). Input and output redirection with \">\", \"<\", or \">>\" are also allowed.
With no arguments, uses arguments last specified (with \"run\" or \"set args\"). To cancel previous arguments and run with no arguments, use \"set args\" without arguments.
To start the inferior without using a shell, use \"set startup-with-shell off\".
Aliases: main, init
"},{"location":"commands/start/start/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help args The arguments to run the binary with."},{"location":"commands/start/start/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/nextcall/","title":"Nextcall","text":""},{"location":"commands/step_next_continue/nextcall/#nextcall","title":"nextcall","text":"usage: nextcall [-h] [symbol_regex]\n
Breaks at the next call instruction.
"},{"location":"commands/step_next_continue/nextcall/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help symbol_regex A regex matching the name of next symbol to be broken on before calling."},{"location":"commands/step_next_continue/nextcall/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/nextjmp/","title":"Nextjmp","text":""},{"location":"commands/step_next_continue/nextjmp/#nextjmp","title":"nextjmp","text":"usage: nextjmp [-h]\n
Breaks at the next jump instruction.
Alias: nextjump
"},{"location":"commands/step_next_continue/nextjmp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/nextproginstr/","title":"Nextproginstr","text":""},{"location":"commands/step_next_continue/nextproginstr/#nextproginstr","title":"nextproginstr","text":"usage: nextproginstr [-h]\n
Breaks at the next instruction that belongs to the running program.
"},{"location":"commands/step_next_continue/nextproginstr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/nextret/","title":"Nextret","text":""},{"location":"commands/step_next_continue/nextret/#nextret","title":"nextret","text":"usage: nextret [-h]\n
Breaks at next return-like instruction.
"},{"location":"commands/step_next_continue/nextret/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/nextsyscall/","title":"Nextsyscall","text":""},{"location":"commands/step_next_continue/nextsyscall/#nextsyscall","title":"nextsyscall","text":"usage: nextsyscall [-h]\n
Breaks at the next syscall not taking branches.
Alias: nextsc
"},{"location":"commands/step_next_continue/nextsyscall/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/stepover/","title":"Stepover","text":""},{"location":"commands/step_next_continue/stepover/#stepover","title":"stepover","text":"usage: stepover [-h] [addr]\n
Breaks on the instruction after this one.
Alias: so
"},{"location":"commands/step_next_continue/stepover/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr The address to break after."},{"location":"commands/step_next_continue/stepover/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/stepret/","title":"Stepret","text":""},{"location":"commands/step_next_continue/stepret/#stepret","title":"stepret","text":"usage: stepret [-h]\n
Breaks at next return-like instruction by 'stepping' to it.
"},{"location":"commands/step_next_continue/stepret/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/stepsyscall/","title":"Stepsyscall","text":""},{"location":"commands/step_next_continue/stepsyscall/#stepsyscall","title":"stepsyscall","text":"usage: stepsyscall [-h]\n
Breaks at the next syscall by taking branches.
Alias: stepsc
"},{"location":"commands/step_next_continue/stepsyscall/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/stepuntilasm/","title":"Stepuntilasm","text":""},{"location":"commands/step_next_continue/stepuntilasm/#stepuntilasm","title":"stepuntilasm","text":"usage: stepuntilasm [-h] mnemonic [op_str ...]\n
Breaks on the next matching instruction.
"},{"location":"commands/step_next_continue/stepuntilasm/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help mnemonic The mnemonic of the instruction op_str The operands of the instruction"},{"location":"commands/step_next_continue/stepuntilasm/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/xuntil/","title":"Xuntil","text":""},{"location":"commands/step_next_continue/xuntil/#xuntil","title":"xuntil","text":"(only in GDB)
usage: xuntil [-h] target\n
Continue execution until an address or expression.
"},{"location":"commands/step_next_continue/xuntil/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help target Location to stop execution at"},{"location":"commands/step_next_continue/xuntil/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/bc/","title":"Bc","text":""},{"location":"commands/windbg/bc/#bc","title":"bc","text":"(only in GDB)
usage: bc [-h] [which]\n
Clear the breakpoint with the specified index.
"},{"location":"commands/windbg/bc/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help which Index of the breakpoint to clear. (default: '*')"},{"location":"commands/windbg/bc/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/bd/","title":"Bd","text":""},{"location":"commands/windbg/bd/#bd","title":"bd","text":"(only in GDB)
usage: bd [-h] [which]\n
Disable the breakpoint with the specified index.
"},{"location":"commands/windbg/bd/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help which Index of the breakpoint to disable. (default: '*')"},{"location":"commands/windbg/bd/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/be/","title":"Be","text":""},{"location":"commands/windbg/be/#be","title":"be","text":"(only in GDB)
usage: be [-h] [which]\n
Enable the breakpoint with the specified index.
"},{"location":"commands/windbg/be/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help which Index of the breakpoint to enable. (default: '*')"},{"location":"commands/windbg/be/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/bl/","title":"Bl","text":""},{"location":"commands/windbg/bl/#bl","title":"bl","text":"(only in GDB)
usage: bl [-h]\n
List breakpoints.
"},{"location":"commands/windbg/bl/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/bp/","title":"Bp","text":""},{"location":"commands/windbg/bp/#bp","title":"bp","text":"(only in GDB)
usage: bp [-h] where\n
Set a breakpoint at the specified address.
"},{"location":"commands/windbg/bp/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help where The address to break at."},{"location":"commands/windbg/bp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/da/","title":"Da","text":""},{"location":"commands/windbg/da/#da","title":"da","text":"usage: da [-h] address [max]\n
Dump a string at the specified address.
"},{"location":"commands/windbg/da/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address to dump max Maximum string length (default: 256)"},{"location":"commands/windbg/da/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/db/","title":"Db","text":""},{"location":"commands/windbg/db/#db","title":"db","text":"usage: db [-h] address [count]\n
Starting at the specified address, dump N bytes.
"},{"location":"commands/windbg/db/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to dump from. count The number of bytes to dump. (default: 64)"},{"location":"commands/windbg/db/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/dc/","title":"Dc","text":""},{"location":"commands/windbg/dc/#dc","title":"dc","text":"usage: dc [-h] address [count]\n
Starting at the specified address, hexdump.
"},{"location":"commands/windbg/dc/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to dump from. count The number of bytes to hexdump. (default: 8)"},{"location":"commands/windbg/dc/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/dd/","title":"Dd","text":""},{"location":"commands/windbg/dd/#dd","title":"dd","text":"usage: dd [-h] address [count]\n
Starting at the specified address, dump N dwords.
"},{"location":"commands/windbg/dd/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to dump from. count The number of dwords to dump. (default: 16)"},{"location":"commands/windbg/dd/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/dds/","title":"Dds","text":""},{"location":"commands/windbg/dds/#dds","title":"dds","text":"usage: dds [-h] addr\n
Dump pointers and symbols at the specified address.
Aliases: kd, dps, dqs
"},{"location":"commands/windbg/dds/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr The address to dump from."},{"location":"commands/windbg/dds/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/dq/","title":"Dq","text":""},{"location":"commands/windbg/dq/#dq","title":"dq","text":"usage: dq [-h] address [count]\n
Starting at the specified address, dump N qwords.
"},{"location":"commands/windbg/dq/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to dump from. count The number of qwords to dump. (default: 8)"},{"location":"commands/windbg/dq/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/ds/","title":"Ds","text":""},{"location":"commands/windbg/ds/#ds","title":"ds","text":"usage: ds [-h] address [max]\n
Dump a string at the specified address.
"},{"location":"commands/windbg/ds/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address to dump max Maximum string length (default: 256)"},{"location":"commands/windbg/ds/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/dw/","title":"Dw","text":""},{"location":"commands/windbg/dw/#dw","title":"dw","text":"usage: dw [-h] address [count]\n
Starting at the specified address, dump N words.
"},{"location":"commands/windbg/dw/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to dump from. count The number of words to dump. (default: 32)"},{"location":"commands/windbg/dw/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/eb/","title":"Eb","text":""},{"location":"commands/windbg/eb/#eb","title":"eb","text":"usage: eb [-h] address [data ...]\n
Write hex bytes at the specified address.
"},{"location":"commands/windbg/eb/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The bytes to write."},{"location":"commands/windbg/eb/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/ed/","title":"Ed","text":""},{"location":"commands/windbg/ed/#ed","title":"ed","text":"usage: ed [-h] address [data ...]\n
Write hex dwords at the specified address.
"},{"location":"commands/windbg/ed/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The dwords to write."},{"location":"commands/windbg/ed/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/eq/","title":"Eq","text":""},{"location":"commands/windbg/eq/#eq","title":"eq","text":"usage: eq [-h] address [data ...]\n
Write hex qwords at the specified address.
"},{"location":"commands/windbg/eq/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The qwords to write."},{"location":"commands/windbg/eq/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/ew/","title":"Ew","text":""},{"location":"commands/windbg/ew/#ew","title":"ew","text":"usage: ew [-h] address [data ...]\n
Write hex words at the specified address.
"},{"location":"commands/windbg/ew/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The words to write."},{"location":"commands/windbg/ew/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/ez/","title":"Ez","text":""},{"location":"commands/windbg/ez/#ez","title":"ez","text":"usage: ez [-h] address data\n
Write a string at the specified address.
"},{"location":"commands/windbg/ez/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The string to write."},{"location":"commands/windbg/ez/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/eza/","title":"Eza","text":""},{"location":"commands/windbg/eza/#eza","title":"eza","text":"usage: eza [-h] address data\n
Write a string at the specified address.
"},{"location":"commands/windbg/eza/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The string to write."},{"location":"commands/windbg/eza/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/go/","title":"Go","text":""},{"location":"commands/windbg/go/#go","title":"go","text":"(only in GDB)
usage: go [-h]\n
WinDbg compatibility alias for 'continue' command.
"},{"location":"commands/windbg/go/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/k/","title":"K","text":""},{"location":"commands/windbg/k/#k","title":"k","text":"(only in GDB)
usage: k [-h]\n
Print a backtrace (alias 'bt').
"},{"location":"commands/windbg/k/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/ln/","title":"Ln","text":""},{"location":"commands/windbg/ln/#ln","title":"ln","text":"usage: ln [-h] [value]\n
List the symbols nearest to the provided value.
"},{"location":"commands/windbg/ln/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help value The address you want the name of."},{"location":"commands/windbg/ln/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/pc/","title":"Pc","text":""},{"location":"commands/windbg/pc/#pc","title":"pc","text":"usage: pc [-h]\n
WinDbg compatibility alias for 'nextcall' command.
"},{"location":"commands/windbg/pc/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/peb/","title":"Peb","text":""},{"location":"commands/windbg/peb/#peb","title":"peb","text":"usage: peb [-h]\n
Not be windows.
"},{"location":"commands/windbg/peb/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"configuration/","title":"Configuration","text":"Pwndbg can be configured in various ways. You can tune features, control what it displays, how it displays it, and even what is going on under the hood.
There are three \"scopes\" of configuration parameters currently:
- the config scope - for generic parameters
- the heap scope - for heap-related parameters
- the theme scope - for Pwndbg theming
To see the parameters belonging to these scopes, use the config, heap-config, and theme commands respectively. You can also use the configfile and themefile commands to save your live configuration to a file which you can then load in your ~/.(gdb/lldb)init file (after sourcing Pwndbg!).
To see the value of any parameter, use show param-name. To set the value, use set param-name param-value. To see a more detailed description of the parameter use help set param-name.
If you wish to use a theme different from the default one, check out pwndbg/pwndbg-themes. If you made a theme yourself, feel free to open a PR!
"},{"location":"configuration/config/","title":"Config","text":""},{"location":"configuration/config/#config","title":"config","text":""},{"location":"configuration/config/#ai-anthropic-api-key","title":"ai-anthropic-api-key","text":"(only in GDB)
Anthropic API key.
Defaults to ANTHROPIC_API_KEY environment variable if not set.
Default: ''
"},{"location":"configuration/config/#ai-history-size","title":"ai-history-size","text":"(only in GDB)
Maximum number of questions and answers to keep in the prompt.
Default: 3
"},{"location":"configuration/config/#ai-max-tokens","title":"ai-max-tokens","text":"(only in GDB)
The maximum number of tokens to return in the response.
Useful when limiting verbosity or conserving resources. Set to a lower value to restrict output.
Default: 100
"},{"location":"configuration/config/#ai-model","title":"ai-model","text":"(only in GDB)
The name of the large language model to query.
Changing this affects the behavior, response quality, and cost (if applicable) of AI responses.
Default: 'gpt-3.5-turbo'
"},{"location":"configuration/config/#ai-ollama-endpoint","title":"ai-ollama-endpoint","text":"(only in GDB)
Ollama API endpoint.
Defaults to OLLAMA_ENDPOINT environment variable if not set.
Default: ''
"},{"location":"configuration/config/#ai-openai-api-key","title":"ai-openai-api-key","text":"(only in GDB)
OpenAI API key.
Will default to OPENAI_API_KEY environment variable if not set.
Default: ''
"},{"location":"configuration/config/#ai-show-usage","title":"ai-show-usage","text":"(only in GDB)
Whether to show how many tokens are used with each OpenAI API call.
Default: off
"},{"location":"configuration/config/#ai-stack-depth","title":"ai-stack-depth","text":"(only in GDB)
Rows of stack context to include in the prompt for the ai command.
Default: 16
"},{"location":"configuration/config/#ai-temperature","title":"ai-temperature","text":"(only in GDB)
The temperature specification for the LLM query.
This controls the degree of randomness in the response.
Default: 0
"},{"location":"configuration/config/#attachp-resolution-method","title":"attachp-resolution-method","text":"(only in GDB)
How to determine the process to attach when multiple candidates exists.
Default: 'ask' Valid values: 'none', 'oldest', 'newest', 'ask'
"},{"location":"configuration/config/#auto-explore-auxv","title":"auto-explore-auxv","text":"Stack exploration for AUXV information; it may be really slow.
Default: 'warn' Valid values: 'warn', 'yes', 'no'
"},{"location":"configuration/config/#auto-explore-pages","title":"auto-explore-pages","text":"Whether to try to infer page permissions when memory maps are missing.
This command can cause errors.
Default: 'warn' Valid values: 'yes', 'warn', 'no'
"},{"location":"configuration/config/#auto-explore-stack","title":"auto-explore-stack","text":"Stack exploration; it may be really slow.
Default: 'warn' Valid values: 'warn', 'yes', 'no'
"},{"location":"configuration/config/#auto-save-search","title":"auto-save-search","text":"Automatically pass --save to \"search\" command.
Default: off
"},{"location":"configuration/config/#bn-autosync","title":"bn-autosync","text":"Whether to automatically run bn-sync every step.
Default: off
"},{"location":"configuration/config/#bn-il-level","title":"bn-il-level","text":"The IL level to use when displaying Binary Ninja decompilation.
Default: 'hlil' Valid values: 'disasm', 'llil', 'mlil', 'hlil'
"},{"location":"configuration/config/#bn-rpc-host","title":"bn-rpc-host","text":"Binary Ninja XML-RPC server host.
Default: '127.0.0.1'
"},{"location":"configuration/config/#bn-rpc-port","title":"bn-rpc-port","text":"Binary Ninja XML-RPC server port.
Default: 31337
"},{"location":"configuration/config/#bn-timeout","title":"bn-timeout","text":"Time to wait for Binary Ninja XML-RPC, in seconds.
Default: 2
"},{"location":"configuration/config/#context-backtrace-lines","title":"context-backtrace-lines","text":"Number of lines to print in the backtrace context.
Default: 8
"},{"location":"configuration/config/#context-clear-screen","title":"context-clear-screen","text":"Whether to clear the screen before printing the context.
Default: off
"},{"location":"configuration/config/#context-code-lines","title":"context-code-lines","text":"Number of source code lines to print by the context command.
Default: 10
"},{"location":"configuration/config/#context-code-tabstop","title":"context-code-tabstop","text":"Number of spaces that a in the source code counts for.
Default: 8
"},{"location":"configuration/config/#context-disasm-lines","title":"context-disasm-lines","text":"Number of additional lines to print in the disasm context.
Default: 10
"},{"location":"configuration/config/#context-ghidra","title":"context-ghidra","text":"When to try to decompile the current function with ghidra.
Doing this is slow and requires radare2/r2pipe or rizin/rzpipe.
Default: 'never' Valid values: 'always', 'never', 'if-no-source'
"},{"location":"configuration/config/#context-history-size","title":"context-history-size","text":"Number of context history entries to store.
Default: 50
"},{"location":"configuration/config/#context-integration-decompile","title":"context-integration-decompile","text":"Whether context should fall back to decompilation with no source code.
Default: on
"},{"location":"configuration/config/#context-max-threads","title":"context-max-threads","text":"Maximum number of threads displayed by the context command.
Default: 4
"},{"location":"configuration/config/#context-output","title":"context-output","text":"Where Pwndbg should output (\"stdout\" or file/tty).
Default: 'stdout'
"},{"location":"configuration/config/#context-reserve-lines","title":"context-reserve-lines","text":"When to reserve lines after the prompt to reduce context shake.
The \"if-ctx-fits\" setting only reserves lines if the whole context would still fit vertically in the current terminal window. It doesn't take into account line-wrapping due to insufficient terminal width.
Default: 'if-ctx-fits' Valid values: 'never', 'if-ctx-fits', 'always'
"},{"location":"configuration/config/#context-sections","title":"context-sections","text":"Which context sections are displayed (controls order).
Default: 'regs disasm code ghidra stack backtrace expressions threads heap_tracker'
"},{"location":"configuration/config/#context-stack-lines","title":"context-stack-lines","text":"Number of lines to print in the stack context.
Default: 8
"},{"location":"configuration/config/#cymbol-editor","title":"cymbol-editor","text":"(only in GDB)
Path to the editor for editing custom structures.
Default: ''
"},{"location":"configuration/config/#debug-events","title":"debug-events","text":"(only in GDB)
Display internal event debugging info.
Default: off
"},{"location":"configuration/config/#default-visualize-chunk-number","title":"default-visualize-chunk-number","text":"Default number of chunks to visualize.
Default: 10
"},{"location":"configuration/config/#dereference-limit","title":"dereference-limit","text":"Max number of pointers to dereference in a chain.
Default: 5
"},{"location":"configuration/config/#disasm-annotations","title":"disasm-annotations","text":"Display annotations for instructions.
Default: on
"},{"location":"configuration/config/#disasm-inline-symbols","title":"disasm-inline-symbols","text":"Replacing constant operands with their symbol in the disassembly.
Default: on
"},{"location":"configuration/config/#disasm-telescope-depth","title":"disasm-telescope-depth","text":"Depth of telescope for disasm annotations.
Default: 3
"},{"location":"configuration/config/#disasm-telescope-string-length","title":"disasm-telescope-string-length","text":"The number of characters in strings to display in disasm annotations.
Default: 50
"},{"location":"configuration/config/#emulate","title":"emulate","text":"Unicorn emulation of code from the current PC register.
Emulate can be:
- off - no emulation is performed
- jumps-only - emulation is done only to resolve branch instructions
- on - emulation is done to resolve registers/memory values etc.
Emulation can slow down Pwndbg. Disabling it may improve performance. Emulation requires >1GB RAM being available on the system and ability to allocate RWX memory.
Default: 'on' Valid values: 'on', 'off', 'jumps-only'
"},{"location":"configuration/config/#emulate-annotations","title":"emulate-annotations","text":"Unicorn emulation for instruction annotations.
Refers to register and memory value annotations.
Default: on
"},{"location":"configuration/config/#emulate-future-annotations","title":"emulate-future-annotations","text":"Unicorn emulation for future instruction's annotations.
Default: on
"},{"location":"configuration/config/#exception-debugger","title":"exception-debugger","text":"Whether to debug exceptions raised in Pwndbg commands.
Default: off
"},{"location":"configuration/config/#exception-verbose","title":"exception-verbose","text":"Print a full stacktrace for exceptions raised in Pwndbg commands.
Default: off
"},{"location":"configuration/config/#gcc-compiler-path","title":"gcc-compiler-path","text":"(only in GDB)
Path to the gcc/g++ toolchain for generating imported symbols.
Default: ''
"},{"location":"configuration/config/#gdb-workaround-stop-event","title":"gdb-workaround-stop-event","text":"(only in GDB)
Asynchronous stop events to improve 'commands' functionality.
Note that this may cause unexpected behavior with Pwndbg or gdb.execute.
Values explained:
disabled - Disable the workaround (default).disabled-deadlock - Disable only deadlock detection; deadlocks may still occur.enabled - Enable asynchronous stop events; gdb.execute may behave unexpectedly (asynchronously).
Default: 'disabled' Valid values: 'disabled', 'disabled-deadlock', 'enabled'
"},{"location":"configuration/config/#go-dump-indent-amount","title":"go-dump-indent-amount","text":"The indent amount for go-dump pretty printing.
Default: 4
"},{"location":"configuration/config/#go-dump-line-width","title":"go-dump-line-width","text":"The soft line width for go-dump pretty printing.
Default: 80
"},{"location":"configuration/config/#guess-physmap","title":"guess-physmap","text":"Should guess physmap base address when debug symbols are not present.
Default: off
"},{"location":"configuration/config/#hexdump-bytes","title":"hexdump-bytes","text":"Number of bytes printed by hexdump command.
Default: 64
"},{"location":"configuration/config/#hexdump-group-use-big-endian","title":"hexdump-group-use-big-endian","text":"Use big-endian within each group of bytes in hexdump command.
When on, use big-endian within each group of bytes. Only applies to raw bytes, not the ASCII part. See also hexdump-highlight-group-lsb.
Default: off
"},{"location":"configuration/config/#hexdump-group-width","title":"hexdump-group-width","text":"Number of bytes grouped in hexdump command.
If -1, the architecture's pointer size is used.
Default: -1
"},{"location":"configuration/config/#hexdump-limit-mb","title":"hexdump-limit-mb","text":"The maximum size in megabytes (MB) hexdump will read.
Set the maximum size in megabytes (MB) that the hexdump command will attempt to read at once. Prevents GDB crashes due to excessive memory allocation requests. Set to 0 for unlimited (use with caution).
Default: 10
"},{"location":"configuration/config/#hexdump-width","title":"hexdump-width","text":"Line width of hexdump command.
Default: 16
"},{"location":"configuration/config/#ida-rpc-host","title":"ida-rpc-host","text":"(only in GDB)
Ida xmlrpc server address.
Default: '127.0.0.1'
"},{"location":"configuration/config/#ida-rpc-port","title":"ida-rpc-port","text":"(only in GDB)
Ida xmlrpc server port.
Default: 31337
"},{"location":"configuration/config/#ida-timeout","title":"ida-timeout","text":"(only in GDB)
Time to wait for ida xmlrpc in seconds.
Default: 2
"},{"location":"configuration/config/#integration-function-lookup","title":"integration-function-lookup","text":"Use integration to look up function type signatures.
Default: on
"},{"location":"configuration/config/#integration-provider","title":"integration-provider","text":"Which provider to use for integration features.
Default: 'none' Valid values: 'none', 'binja', 'ida'
"},{"location":"configuration/config/#integration-smart-enhance","title":"integration-smart-enhance","text":"Use integration to determine when to disassemble during enhancing.
Default: on
"},{"location":"configuration/config/#integration-symbol-lookup","title":"integration-symbol-lookup","text":"Whether to use integration to look up unknown symbols.
Default: on
"},{"location":"configuration/config/#kernel-vmmap","title":"kernel-vmmap","text":"The method to get vmmap information when debugging via QEMU kernel.
Values explained:
page-tables - read /proc/$qemu-pid/mem to parse kernel page tables to render vmmapmonitor - use QEMU's monitor info mem to render vmmapnone - disable vmmap rendering; useful if rendering is particularly slow
Note that the page-tables method will require the QEMU kernel process to be on the same machine and within the same PID namespace. Running QEMU kernel and GDB in different Docker containers will not work. Consider running both containers with --pid=host (meaning they will see and so be able to interact with all processes on the machine).
Default: 'page-tables' Valid values: 'page-tables', 'monitor', 'none'
"},{"location":"configuration/config/#left-pad-disasm","title":"left-pad-disasm","text":"Whether to left-pad disassembly.
Default: on
"},{"location":"configuration/config/#max-visualize-chunk-size","title":"max-visualize-chunk-size","text":"Max display size for heap chunks visualization (0 for display all).
Default: 0
"},{"location":"configuration/config/#nearpc-integration-comments","title":"nearpc-integration-comments","text":"Whether to show comments from integration provider.
Default: on
"},{"location":"configuration/config/#nearpc-lines","title":"nearpc-lines","text":"Number of additional lines to print for the nearpc command.
Default: 10
"},{"location":"configuration/config/#nearpc-num-opcode-bytes","title":"nearpc-num-opcode-bytes","text":"Number of opcode bytes to print for each instruction.
Default: 0
"},{"location":"configuration/config/#nearpc-opcode-separator-bytes","title":"nearpc-opcode-separator-bytes","text":"Number of spaces between opcode bytes.
Default: 1
"},{"location":"configuration/config/#nearpc-show-args","title":"nearpc-show-args","text":"Whether to show call arguments below instruction.
Default: on
"},{"location":"configuration/config/#r2decompiler","title":"r2decompiler","text":"Framework that your ghidra plugin installed.
Default: 'radare2' Valid values: 'radare2', 'rizin'
"},{"location":"configuration/config/#safe-linking","title":"safe-linking","text":"Whether glibc uses safe-linking.
Default: auto Valid values: on, off, auto.
"},{"location":"configuration/config/#show-compact-regs","title":"show-compact-regs","text":"Whether to show a compact register view with columns.
Default: off
"},{"location":"configuration/config/#show-compact-regs-columns","title":"show-compact-regs-columns","text":"The number of columns (0 for dynamic number of columns).
Default: 2
"},{"location":"configuration/config/#show-compact-regs-min-width","title":"show-compact-regs-min-width","text":"The minimum width of each column.
Default: 20
"},{"location":"configuration/config/#show-compact-regs-separation","title":"show-compact-regs-separation","text":"The number of spaces separating columns.
Default: 4
"},{"location":"configuration/config/#show-flags","title":"show-flags","text":"Whether to show flags registers.
Default: off
"},{"location":"configuration/config/#show-retaddr-reg","title":"show-retaddr-reg","text":"Whether to show return address register.
Default: on
"},{"location":"configuration/config/#show-tips","title":"show-tips","text":"Whether to display the tip of the day on startup.
Default: on
"},{"location":"configuration/config/#syntax-highlight","title":"syntax-highlight","text":"Source code / assembly syntax highlight.
Default: on
"},{"location":"configuration/config/#telescope-dont-skip-registers","title":"telescope-dont-skip-registers","text":"Don't skip a repeated line if a registers points to it.
Default: on
"},{"location":"configuration/config/#telescope-frame-print-retaddr","title":"telescope-frame-print-retaddr","text":"Print one pointer past the stack frame.
Default: on
"},{"location":"configuration/config/#telescope-framepointer-offset","title":"telescope-framepointer-offset","text":"Print offset to framepointer for each address, if sufficiently small.
Default: on
"},{"location":"configuration/config/#telescope-lines","title":"telescope-lines","text":"Number of lines to printed by the telescope command.
Default: 8
"},{"location":"configuration/config/#telescope-skip-repeating-val","title":"telescope-skip-repeating-val","text":"Whether to skip repeating values of the telescope command.
Default: on
"},{"location":"configuration/config/#telescope-skip-repeating-val-min","title":"telescope-skip-repeating-val-min","text":"Minimum amount of repeated values before skipping lines.
Default: 3
"},{"location":"configuration/config/#vmmap-prefer-relpaths","title":"vmmap-prefer-relpaths","text":"Show relative paths by default in vmmap.
Default: on
"},{"location":"configuration/heap/","title":"Heap","text":""},{"location":"configuration/heap/#heap","title":"heap","text":""},{"location":"configuration/heap/#glibc","title":"glibc","text":"Glibc version for heap heuristics resolution (e.g. 2.31).
Default: ''
"},{"location":"configuration/heap/#global-max-fast","title":"global-max-fast","text":"The address of global_max_fast.
Default: '0'
"},{"location":"configuration/heap/#heap-corruption-check-limit","title":"heap-corruption-check-limit","text":"Amount of chunks to traverse for the bin corruption check.
The bins are traversed both forwards and backwards.
Default: 64
"},{"location":"configuration/heap/#heap-dereference-limit","title":"heap-dereference-limit","text":"Number of chunks to dereference in each bin.
Default: 8
"},{"location":"configuration/heap/#main-arena","title":"main-arena","text":"The address of main_arena.
Default: '0'
"},{"location":"configuration/heap/#mp","title":"mp","text":"The address of mp_.
Default: '0'
"},{"location":"configuration/heap/#resolve-heap-via-heuristic","title":"resolve-heap-via-heuristic","text":"GDBLLDB The strategy to resolve heap via heuristic.
Values explained:
auto - Pwndbg will try to use heuristics if debug symbols are missingforce - Pwndbg will always try to use heuristics, even if debug symbols are availablenever - Pwndbg will never use heuristics to resolve the heap
If the output of the heap related command produces errors with heuristics, you can try manually setting the libc symbol addresses. For this, see the heap_config command output and set the main_arena, mp_, global_max_fast, tcache and thread_arena addresses.
Note: Pwndbg will generate more reliable results with proper debug symbols. Therefore, when debug symbols are missing, you should try to install them first if you haven't already.
They can probably be installed via the package manager of your choice. See also: https://sourceware.org/gdb/onlinedocs/gdb/Separate-Debug-Files.html .
E.g. on Ubuntu/Debian you might need to do the following steps (for 64-bit and 32-bit binaries):
sudo apt-get install libc6-dbg\nsudo dpkg --add-architecture i386\nsudo apt-get install libc-dbg:i386\n
If you used setup.sh on Arch based distro you'll need to do a power cycle or set environment variable manually like this: export DEBUGINFOD_URLS=https://debuginfod.archlinux.org\n
In addition, even you have the debug symbols of libc, you might still see the following warning when debugging a multi-threaded program:
warning: Unable to find libthread_db matching inferior's thread library, thread\ndebugging will not be available.\n
You'll need to ensure that the correct libthread_db.so is loaded. To do this, set the search path using:
set libthread-db-search-path <path having correct libthread_db.so>\n
Then, restart your program to enable proper thread debugging. Default: 'auto' Valid values: 'auto', 'force', 'never'
The strategy to resolve heap via heuristic.
Values explained:
auto - Pwndbg will try to use heuristics if debug symbols are missingforce - Pwndbg will always try to use heuristics, even if debug symbols are availablenever - Pwndbg will never use heuristics to resolve the heap
If the output of the heap related command produces errors with heuristics, you can try manually setting the libc symbol addresses. For this, see the heap_config command output and set the main_arena, mp_, global_max_fast, tcache and thread_arena addresses.
Note: Pwndbg will generate more reliable results with proper debug symbols. Therefore, when debug symbols are missing, you should try to install them first if you haven't already.
They can probably be installed via the package manager of your choice. See also: https://sourceware.org/gdb/onlinedocs/gdb/Separate-Debug-Files.html .
E.g. on Ubuntu/Debian you might need to do the following steps (for 64-bit and 32-bit binaries):
sudo apt-get install libc6-dbg\nsudo dpkg --add-architecture i386\nsudo apt-get install libc-dbg:i386\n
If you used setup.sh on Arch based distro you'll need to do a power cycle or set environment variable manually like this: export DEBUGINFOD_URLS=https://debuginfod.archlinux.org\n
Default: 'auto' Valid values: 'auto', 'force', 'never'
"},{"location":"configuration/heap/#tcache","title":"tcache","text":"The address pointed by tcache.
Default: '0'
"},{"location":"configuration/heap/#thread-arena","title":"thread-arena","text":"The address pointed by thread_arena.
Default: '0'
"},{"location":"configuration/theme/","title":"Theme","text":""},{"location":"configuration/theme/#theme","title":"theme","text":""},{"location":"configuration/theme/#backtrace-address-color","title":"backtrace-address-color","text":"Color for backtrace (address).
Default: 'none'
"},{"location":"configuration/theme/#backtrace-frame-label","title":"backtrace-frame-label","text":"Frame number label for backtrace.
Default: ''
"},{"location":"configuration/theme/#backtrace-frame-label-color","title":"backtrace-frame-label-color","text":"Color for backtrace (frame label).
Default: 'none'
"},{"location":"configuration/theme/#backtrace-prefix","title":"backtrace-prefix","text":"Prefix for current backtrace label.
Default: '\u25ba'
"},{"location":"configuration/theme/#backtrace-prefix-color","title":"backtrace-prefix-color","text":"Color for prefix of current backtrace label.
Default: 'none'
"},{"location":"configuration/theme/#backtrace-symbol-color","title":"backtrace-symbol-color","text":"Color for backtrace (symbol).
Default: 'none'
"},{"location":"configuration/theme/#banner-color","title":"banner-color","text":"Color for banner line.
Default: 'blue'
"},{"location":"configuration/theme/#banner-separator","title":"banner-separator","text":"Repeated banner separator character.
Default: '\u2500'
"},{"location":"configuration/theme/#banner-title-color","title":"banner-title-color","text":"Color for banner title.
Default: 'none'
"},{"location":"configuration/theme/#banner-title-position","title":"banner-title-position","text":"Banner title position.
Default: 'center' Valid values: 'center', 'left', 'right'
"},{"location":"configuration/theme/#banner-title-surrounding-left","title":"banner-title-surrounding-left","text":"Banner title surrounding char (left side).
Default: '[ '
"},{"location":"configuration/theme/#banner-title-surrounding-right","title":"banner-title-surrounding-right","text":"Banner title surrounding char (right side).
Default: ' ]'
"},{"location":"configuration/theme/#bn-decomp-style","title":"bn-decomp-style","text":"Decompilation highlight theme for Binary Ninja.
Default: 'dark' Valid values: 'dark', 'light'
"},{"location":"configuration/theme/#chain-arrow-color","title":"chain-arrow-color","text":"Color of chain formatting (arrow).
Default: 'normal'
"},{"location":"configuration/theme/#chain-arrow-left","title":"chain-arrow-left","text":"Left arrow of chain formatting.
Default: '\u25c2\u2014'
"},{"location":"configuration/theme/#chain-arrow-right","title":"chain-arrow-right","text":"Right arrow of chain formatting.
Default: '\u2014\u25b8'
"},{"location":"configuration/theme/#chain-contiguous-marker","title":"chain-contiguous-marker","text":"Contiguous marker of chain formatting.
Default: '...'
"},{"location":"configuration/theme/#chain-contiguous-marker-color","title":"chain-contiguous-marker-color","text":"Color of chain formatting (contiguous marker).
Default: 'normal'
"},{"location":"configuration/theme/#code-prefix","title":"code-prefix","text":"Prefix marker for 'context code' command.
Default: '\u25ba'
"},{"location":"configuration/theme/#code-prefix-color","title":"code-prefix-color","text":"Color for 'context code' command (prefix marker).
Default: 'none'
"},{"location":"configuration/theme/#comment-color","title":"comment-color","text":"Color for comment.
Default: 'gray'
"},{"location":"configuration/theme/#context-flag-bracket-color","title":"context-flag-bracket-color","text":"Color for flags register (bracket).
Default: 'none'
"},{"location":"configuration/theme/#context-flag-changed-color","title":"context-flag-changed-color","text":"Color for flags register (flag changed).
Default: 'underline'
"},{"location":"configuration/theme/#context-flag-set-color","title":"context-flag-set-color","text":"Color for flags register (flag set).
Default: 'green,bold'
"},{"location":"configuration/theme/#context-flag-unset-color","title":"context-flag-unset-color","text":"Color for flags register (flag unset).
Default: 'red'
"},{"location":"configuration/theme/#context-flag-value-color","title":"context-flag-value-color","text":"Color for flags register (register value).
Default: 'none'
"},{"location":"configuration/theme/#context-register-changed-color","title":"context-register-changed-color","text":"Color for registers label (change marker).
Default: 'red'
"},{"location":"configuration/theme/#context-register-changed-marker","title":"context-register-changed-marker","text":"Change marker for registers label.
Default: '*'
"},{"location":"configuration/theme/#context-register-color","title":"context-register-color","text":"Color for registers label.
Default: 'bold'
"},{"location":"configuration/theme/#disable-colors","title":"disable-colors","text":"Whether to color the output or not.
Default: off
"},{"location":"configuration/theme/#disasm-branch-color","title":"disasm-branch-color","text":"Color for disasm (branch/call instruction).
Default: 'bold'
"},{"location":"configuration/theme/#enhance-comment-color","title":"enhance-comment-color","text":"Color of value enhance (comment).
Default: 'none'
"},{"location":"configuration/theme/#enhance-integer-value-color","title":"enhance-integer-value-color","text":"Color of value enhance (integer).
Default: 'none'
"},{"location":"configuration/theme/#enhance-string-value-color","title":"enhance-string-value-color","text":"Color of value enhance (string).
Default: 'none'
"},{"location":"configuration/theme/#enhance-unknown-color","title":"enhance-unknown-color","text":"Color of value enhance (unknown value).
Default: 'none'
"},{"location":"configuration/theme/#go-dump-debug","title":"go-dump-debug","text":"Color for 'go-dump' command's debug info when --debug is specified.
Default: 'blue'
"},{"location":"configuration/theme/#hexdump-address-color","title":"hexdump-address-color","text":"Color for hexdump command (address label).
Default: 'none'
"},{"location":"configuration/theme/#hexdump-ascii-block-separator","title":"hexdump-ascii-block-separator","text":"Block separator char of the hexdump command.
Default: '\u2502'
"},{"location":"configuration/theme/#hexdump-byte-separator","title":"hexdump-byte-separator","text":"Separator of single bytes in hexdump (does NOT affect group separator).
Default: ' '
"},{"location":"configuration/theme/#hexdump-colorize-ascii","title":"hexdump-colorize-ascii","text":"Whether to colorize the hexdump command ascii section.
Default: on
"},{"location":"configuration/theme/#hexdump-highlight-group-lsb","title":"hexdump-highlight-group-lsb","text":"Highlight LSB of each group.
Applies only if hexdump-use-big-endian actually changes byte order.
Default: 'underline'
"},{"location":"configuration/theme/#hexdump-normal-color","title":"hexdump-normal-color","text":"Color for hexdump command (normal bytes).
Default: 'none'
"},{"location":"configuration/theme/#hexdump-offset-color","title":"hexdump-offset-color","text":"Color for hexdump command (offset label).
Default: 'none'
"},{"location":"configuration/theme/#hexdump-printable-color","title":"hexdump-printable-color","text":"Color for hexdump command (printable characters).
Default: 'bold'
"},{"location":"configuration/theme/#hexdump-separator-color","title":"hexdump-separator-color","text":"Color for hexdump command (group separator).
Default: 'none'
"},{"location":"configuration/theme/#hexdump-special-color","title":"hexdump-special-color","text":"Color for hexdump command (special bytes).
Default: 'yellow'
"},{"location":"configuration/theme/#hexdump-zero-color","title":"hexdump-zero-color","text":"Color for hexdump command (zero bytes).
Default: 'red'
"},{"location":"configuration/theme/#highlight-breakpoints","title":"highlight-breakpoints","text":"Whether to highlight breakpoints.
Default: on
"},{"location":"configuration/theme/#highlight-color","title":"highlight-color","text":"Color added to highlights like source/pc.
Default: 'green,bold'
"},{"location":"configuration/theme/#highlight-pc","title":"highlight-pc","text":"Whether to highlight the current instruction.
Default: on
"},{"location":"configuration/theme/#highlight-source","title":"highlight-source","text":"Whether to highlight the closest source line.
Default: on
"},{"location":"configuration/theme/#memory-code-color","title":"memory-code-color","text":"Color for executable memory.
Default: 'red'
"},{"location":"configuration/theme/#memory-data-color","title":"memory-data-color","text":"Color for all other writable memory.
Default: 'purple'
"},{"location":"configuration/theme/#memory-guard-color","title":"memory-guard-color","text":"Color added to all guard pages (no perms).
Default: 'cyan'
"},{"location":"configuration/theme/#memory-heap-color","title":"memory-heap-color","text":"Color for heap memory.
Default: 'blue'
"},{"location":"configuration/theme/#memory-rodata-color","title":"memory-rodata-color","text":"Color for all read only memory.
Default: 'normal'
"},{"location":"configuration/theme/#memory-stack-color","title":"memory-stack-color","text":"Color for stack memory.
Default: 'yellow'
"},{"location":"configuration/theme/#memory-wx-color","title":"memory-wx-color","text":"Color added to all WX memory.
Default: 'underline'
"},{"location":"configuration/theme/#message-breakpoint-color","title":"message-breakpoint-color","text":"Color of breakpoint messages.
Default: 'yellow'
"},{"location":"configuration/theme/#message-debug-color","title":"message-debug-color","text":"Color of debug messages.
Default: 'blue'
"},{"location":"configuration/theme/#message-error-color","title":"message-error-color","text":"Color of error messages.
Default: 'red'
"},{"location":"configuration/theme/#message-exit-color","title":"message-exit-color","text":"Color of exit messages.
Default: 'red'
"},{"location":"configuration/theme/#message-hint-color","title":"message-hint-color","text":"Color of hint and marker messages.
Default: 'yellow'
"},{"location":"configuration/theme/#message-info-color","title":"message-info-color","text":"Color of info messages.
Default: 'white'
"},{"location":"configuration/theme/#message-notice-color","title":"message-notice-color","text":"Color of notice messages.
Default: 'purple'
"},{"location":"configuration/theme/#message-signal-color","title":"message-signal-color","text":"Color of signal messages.
Default: 'bold,red'
"},{"location":"configuration/theme/#message-status-off-color","title":"message-status-off-color","text":"Color of off status messages.
Default: 'red'
"},{"location":"configuration/theme/#message-status-on-color","title":"message-status-on-color","text":"Color of on status messages.
Default: 'green'
"},{"location":"configuration/theme/#message-success-color","title":"message-success-color","text":"Color of success messages.
Default: 'green'
"},{"location":"configuration/theme/#message-system-color","title":"message-system-color","text":"Color of system messages.
Default: 'light-red'
"},{"location":"configuration/theme/#message-warning-color","title":"message-warning-color","text":"Color of warning messages.
Default: 'yellow'
"},{"location":"configuration/theme/#nearpc-address-color","title":"nearpc-address-color","text":"Color for nearpc command (address).
Default: 'normal'
"},{"location":"configuration/theme/#nearpc-argument-color","title":"nearpc-argument-color","text":"Color for nearpc command (target argument).
Default: 'bold'
"},{"location":"configuration/theme/#nearpc-branch-marker","title":"nearpc-branch-marker","text":"Branch marker line for nearpc command.
Default: ' \u2193'
"},{"location":"configuration/theme/#nearpc-branch-marker-color","title":"nearpc-branch-marker-color","text":"Color for nearpc command (branch marker line).
Default: 'normal'
"},{"location":"configuration/theme/#nearpc-branch-marker-contiguous","title":"nearpc-branch-marker-contiguous","text":"Contiguous branch marker line for nearpc command.
Default: ' '
"},{"location":"configuration/theme/#nearpc-breakpoint-color","title":"nearpc-breakpoint-color","text":"Color for nearpc command (breakpoint marker).
Default: 'red'
"},{"location":"configuration/theme/#nearpc-breakpoint-prefix","title":"nearpc-breakpoint-prefix","text":"Breakpoint marker for nearpc command.
Default: 'b+'
"},{"location":"configuration/theme/#nearpc-integration-comments-color","title":"nearpc-integration-comments-color","text":"Color for nearpc command (integration comments).
Default: 'bold'
"},{"location":"configuration/theme/#nearpc-prefix","title":"nearpc-prefix","text":"Prefix marker for nearpc command.
Default: '\u25ba'
"},{"location":"configuration/theme/#nearpc-prefix-color","title":"nearpc-prefix-color","text":"Color for nearpc command (prefix marker).
Default: 'none'
"},{"location":"configuration/theme/#nearpc-symbol-color","title":"nearpc-symbol-color","text":"Color for nearpc command (symbol).
Default: 'normal'
"},{"location":"configuration/theme/#nearpc-syscall-name-color","title":"nearpc-syscall-name-color","text":"Color for nearpc command (resolved syscall name).
Default: 'red'
"},{"location":"configuration/theme/#prompt-alive-color","title":"prompt-alive-color","text":"Prompt alive color.
Default: 'bold,green'
"},{"location":"configuration/theme/#prompt-color","title":"prompt-color","text":"Prompt color.
Default: 'bold,red'
"},{"location":"configuration/theme/#syntax-highlight-style","title":"syntax-highlight-style","text":"Source code / assembly syntax highlight stylename of pygments module.
Default: 'monokai'
"},{"location":"configuration/theme/#telescope-offset-color","title":"telescope-offset-color","text":"Color of the telescope command (offset prefix).
Default: 'normal'
"},{"location":"configuration/theme/#telescope-offset-delimiter","title":"telescope-offset-delimiter","text":"Offset delimiter of the telescope command.
Default: ':'
"},{"location":"configuration/theme/#telescope-offset-delimiter-color","title":"telescope-offset-delimiter-color","text":"Color of the telescope command (offset delimiter).
Default: 'normal'
"},{"location":"configuration/theme/#telescope-offset-separator","title":"telescope-offset-separator","text":"Offset separator of the telescope command.
Default: '\u2502'
"},{"location":"configuration/theme/#telescope-offset-separator-color","title":"telescope-offset-separator-color","text":"Color of the telescope command (offset separator).
Default: 'normal'
"},{"location":"configuration/theme/#telescope-register-color","title":"telescope-register-color","text":"Color of the telescope command (register).
Default: 'bold'
"},{"location":"configuration/theme/#telescope-repeating-marker","title":"telescope-repeating-marker","text":"Repeating values marker of the telescope command.
Default: '... \u2193'
"},{"location":"configuration/theme/#telescope-repeating-marker-color","title":"telescope-repeating-marker-color","text":"Color of the telescope command (repeating values marker).
Default: 'normal'
"},{"location":"contributing/","title":"Contributing Guide","text":""},{"location":"contributing/#contributing-overview","title":"Contributing Overview","text":"Thank you for your interest in contributing to Pwndbg!
Note that while it is recommended that your pull request (PR) links to an issue (which can be used for discussing the bug / feature), you do not need to be assigned to it - just create the PR and it will be reviewed.
To start, install Pwndbg from source and set it up for development. For common tasks see:
- Adding a command
- Adding a configuration option
- Improving annotations
Regardless of the contents of your PR, you will need to lint and test your code so make sure to read those sections. It is also likely you will need to update the documentation.
Read General developer notes to get more familiar with the various systems in place in Pwndbg. If you have any questions don't hesitate to ask us on our discord server!
"},{"location":"contributing/#linting","title":"Linting","text":"The lint.sh script runs isort, ruff, shfmt, and vermin. isort and ruff (mostly) are able to automatically fix any issues they detect. You may apply all available fixes by running
./lint.sh -f\n
Note
You can find the configuration files for these tools in pyproject.toml or by checking the arguments passed inside lint.sh.
When submitting a PR, the continuous integration (CI) job defined in .github/workflows/lint.yml will verify that running ./lint.sh succeeds, otherwise the job will fail and we won't be able to merge your PR.
It is recommended to enable the pre-push git hook to run the lint if you haven't already done so. You may re-run ./setup-dev.sh to set it.
"},{"location":"contributing/#running-tests","title":"Running tests","text":"Your PR will not be merged without passing the testing CI. Moreover, it is highly recommended you write a new test or update an existing test whenever adding new functionality to Pwndbg. To see how to do this, check out Writing tests.
To run the tests in the same environment as the testing CI, you can use the following docker commands.
# General (x86_64) test suite\ndocker compose run --rm --build ubuntu24.04-mount ./tests.sh\n# Cross-architecture tests\ndocker compose run --rm --build ubuntu24.04-mount ./crossarch-tests.sh\n# Kernel tests (x86_64 and aarch64)\ndocker compose run --rm --build ubuntu24.04-mount ./kernel-tests.sh\n# Unit tests\ndocker compose run --rm --build ubuntu24.04-mount ./unit-tests.sh\n
This comes in handy particularly for cross-architecture tests because the docker environment has all the cross-compilers installed. The active pwndbg directory is mounted, preventing the need for a full rebuild whenever you update the codebase. Remove the -mount if you want the tests to run from a clean slate (no files are mounted, meaning all binaries are recompiled each time).
If you wish to focus on some failing tests, you can filter the tests to run by providing an argument to the script, such as <docker..> ./tests.sh heap, which will only run tests that contain \"heap\" in the name. See ./tests.sh --help for more information and other options. You can also do this with the cross-arch and kernel tests.
If you want to, you may also run the tests with nix or run them bare.
"},{"location":"contributing/#running-tests-with-nix","title":"Running tests with nix","text":"You will need to build a nix-compatible gdbinit.py file, which you can do with
nix build .#pwndbg-dev\n
Then simply run the test by adding the --nix flag: ./tests.sh --nix [filter]\n
"},{"location":"contributing/#running-without-docker","title":"Running without docker","text":"If you wish to improve Pwndbg support for your distribution (or the testing infrastructure) you may run the testing suite without the docker container.
The commands are analogous to the docker commands.
# General (x86_64) test suite\n./tests.sh\n# Cross-architecture tests\n./crossarch-tests.sh\n# Kernel tests (x86_64 and aarch64)\n./kernel-tests.sh\n# Unit tests\n./unit-tests.sh\n
"},{"location":"contributing/#updating-documentation","title":"Updating Documentation","text":"All the documentation is written in markdown files in the ./docs/ folder. The docs are built into a website using mkdocs (you may see the configuration in ./mkdocs.yml), pushed to the gh-pages branch, and published via github pages. All of this happens in the CI.
In general, for your PR to be accepted you will only need to Update the auto-generated documentation.
"},{"location":"contributing/#update-the-auto-generated-documentation","title":"Update the auto-generated documentation","text":"The ./docs/commands, ./docs/functions, and ./docs/configuration folders are automatically generated1 by extracting the necessary information from the source code. If your changes modify things like a command's description, a configuration's valid values, a convenience function's arguments - i.e. pretty much anything that's user-facing - you must run
./scripts/generate-docs.sh\n
to update the documentation. You need to have a supported version of GDB and LLDB installed for this to work. Commit these changes in a separate commit. If you forget to do that the CI will detect a discrepency between the documentation and source code (using the ./scripts/verify-docs.sh script, which you may also invoke yourself) and prevent your PR from being merged (until you push new changes, re-running the CI).
"},{"location":"contributing/#manual-updates","title":"Manual updates","text":"Of course, if you wish to update some other part of the documentation, you may simply modify the necessary markdown files. All autogenerated files (or parts of files) will have noticable markers written as markdown comments, for instance:
<!-- THIS PART OF THIS FILE IS AUTOGENERATED. DO NOT MODIFY IT. See scripts/generate-docs.sh -->\n
In case you want to add something that cannot be cleanly viewed from the debugger, like a video, screenshot, or long example, every command markdown file also has a dedicated part at the bottom for hand-written text which you can use. The ./scripts/generate-docs.sh script will never delete these hand-written parts, so if you are for instance renaming a command you will have to transfer this part by copy pasting it to the new file. If you wish to preview the documentation locally, you may do so by running:
./scripts/docs-live.sh\n
The build will take some time due to the Source section being built. You may disable this by temporarily commenting these lines - api-autonav:\n modules: ['pwndbg']\n nav_section_title: \"Source\"\n
in the mkdocs.yml file. This will provide much faster build times (but make sure not to commit those changes!). Visit http://127.0.0.1:8000/pwndbg/ to see the docs. Note that the Home section will not be available (it is generated in the CI by copying the README.md), and the site will lack the version selector. -
Actually, the ./docs/configuration/index.md file is hand-written, and the intro text to the ./docs/functions/index.md file is defined in the doc generating file's source code.\u00a0\u21a9
"},{"location":"contributing/adding-a-command/","title":"Adding a Command","text":""},{"location":"contributing/adding-a-command/#command-skeleton","title":"Command skeleton","text":"To add a command to Pwndbg, create a new python file in pwndbg/commands/my_command.py where my_command is the name of the command you want to add. The most basic command looks like this:
import argparse\nimport pwndbg.commands\n\nparser = argparse.ArgumentParser(description=\"Command description.\")\nparser.add_argument(\"arg\", type=str, help=\"An example argument.\")\n\n@pwndbg.commands.Command(parser, category=pwndbg.commands.CommandCategory.MISC)\ndef my_command(arg: str) -> None:\n \"\"\"Print the argument\"\"\"\n print(f\"Argument is {arg}\")\n
Next, import this file in the load_commands function in pwndbg/commands/__init__.py. That's all you need to get it working!
pwndbg> my-command foo\nArgument is foo\n
"},{"location":"contributing/adding-a-command/#getting-started","title":"Getting started","text":"Let's see what arguments the @pwndbg.commands.Command decorator takes. It is defined in pwndbg/commands/__init__.py:
def __init__(\n self,\n parser_or_desc: argparse.ArgumentParser | str,\n *, # All further parameters are not positional\n category: CommandCategory,\n command_name: str | None = None,\n aliases: List[str] = [],\n examples: str = \"\",\n notes: str = \"\",\n only_debuggers: Set[pwndbg.dbg_mod.DebuggerType] = None,\n exclude_debuggers: Set[pwndbg.dbg_mod.DebuggerType] = None,\n ) -> None:\n # ...\n
We will cover the first four arguments now, and come back to the rest later. If your command takes no arguments you can pass the description of the command as the first argument (parser_or_desc) to the constructor. Otherwise you will be passing an argparse.ArgumentParser object there.
The only other required argument is category. The category determines how commands are grouped together in the output of the pwndbg command and in the documentation. Peruse the list of all commands inside a debugger (by running the pwndbg command) and decide in which category your command fits best. The enum of all command categories is defined at the top of the pwndbg/commands/__init__.py file.
"},{"location":"contributing/adding-a-command/#picking-a-command-name","title":"Picking a command name","text":"Next, the command_name argument. It is optional because if it is not specified the command name will be the same as the function you used to define the command (except the underscores are replaced with dashes). As such, it is generally not needed to specify this argument.
That being said, it is important to pick a good name for your command. Ideally your command name should be one to two words that are not delimited by a dash (e.g. errno, libcinfo, buddydump) since that is easiest to remember and type.
If your command is porting behavior from some other debugger or tool, you should consider using the same name they use so users don't need to relearn it when switching.
If the command name contains three or more words, you should use dashes to make it more legible. If that is the case, or if the name is long, consider providing an alias that makes it quicker to type (like vis-heap-chunks [vis]).
You provide aliases to a command by specifying a list of strings to the aliases argument. Again, you may provide aliases to help users transitioning from other tools/debuggers (e.g. nearpc [pdisass, u]).
"},{"location":"contributing/adding-a-command/#the-arguments-your-command-will-take","title":"The arguments your command will take","text":"We are using argparse.ArgumentParser from the python standard library to define command arguments. Take a look at the python documentation to see how it works. Let's take a look at an example from the source (the setflag command):
parser = argparse.ArgumentParser(description=\"Modify the flags register.\")\n\nparser.add_argument(\n \"flag\",\n type=str,\n help=\"Flag for which you want to change the value\"\n )\n\nparser.add_argument(\n \"value\",\n type=int,\n help=\"Value to which you want to set the flag - only valid options are 0 and 1\",\n)\n
For usage inside Pwndbg, to instantiate an argparse.ArgumentParser object, you must pass the description argument and may pass the epilog argument. Everything else, including prog, usage, formatter_class etc. will be set up by Pwndbg (by the @pwndbg.commands.Command decorator). Here we see only the description was provided. Add arguments to your command with parser.add_argument. Again, consult the python documentation for an explanation. One nice thing specific to Pwndbg is that by setting an argument's type to int, it will also accept debugger values and symbols that can resolve to an int. For instance:
pwndbg> setflag ZF (1-1)\nSet flag ZF=0 in flag register eflags (old val=0x206, new val=0x206)\npwndbg> setflag ZF $rdi\nSet flag ZF=1 in flag register eflags (old val=0x246, new val=0x246)\npwndbg> setflag ZF (int)main^(int)main\nSet flag ZF=0 in flag register eflags (old val=0x246, new val=0x206)\n
Be careful when deciding which arguments are positional, and which are optional. Especially take care if you have positional arguments which are not required, think about which of those will be specified more often by users and put them first. Your function signature should match the arguments you defined with argparse (and their order!), unsurprisingly the setflag function has this signature:
def setflag(flag: str, value: int) -> None:\n
You can see the help of your command with my_command -h or help my_command, so for setflag: pwndbg> help setflag\nusage: setflag [-h] flag value\n\nModify the flags register.\n\npositional arguments:\n flag Flag for which you want to change the value\n value Value to which you want to set the flag - only valid options are 0 and 1\n\noptions:\n -h, --help show this help message and exit\n\nExamples:\nOn X86/X64:\n setflag ZF 1 -- set zero flag\n setflag CF 0 -- unset carry flag\n\nOn ARM:\n setflag Z 0 -- unset the Z cpsr/xpsr flag\n\nTo see flags registers:\n info reg eflags -- on x86/x64\n info reg cpsr/xpsr -- on ARM (specific register may vary)\n\nNotes:\nThis command supports flags registers that are defined for architectures in the pwndbg/regs.py file.\n\nAlias: flag\n
Eh? Where is all that extra text coming from? Well the Alias: flag line is being automatically generated by Pwndbg but..."},{"location":"contributing/adding-a-command/#examples-notes-and-debugger-support","title":"Examples, notes, and debugger support","text":"Coming back to the arguments of the pwndbg.commands.Command constructor:
def __init__(\n self,\n parser_or_desc: argparse.ArgumentParser | str,\n *, # All further parameters are not positional\n category: CommandCategory,\n command_name: str | None = None,\n aliases: List[str] = [],\n examples: str = \"\", # <--- we left off here\n notes: str = \"\",\n only_debuggers: Set[pwndbg.dbg_mod.DebuggerType] = None,\n exclude_debuggers: Set[pwndbg.dbg_mod.DebuggerType] = None,\n ) -> None:\n # ...\n
You may supply the examples and notes arguments to add additional text at the end of the command's help. It is defined like so for setflag: @pwndbg.commands.Command(\n parser,\n aliases=[\"flag\"],\n category=CommandCategory.REGISTER,\n examples=\"\"\"\nOn X86/X64:\n setflag ZF 1 -- set zero flag\n setflag CF 0 -- unset carry flag\n\nOn ARM:\n setflag Z 0 -- unset the Z cpsr/xpsr flag\n\nTo see flags registers:\n info reg eflags -- on x86/x64\n info reg cpsr/xpsr -- on ARM (specific register may vary)\n \"\"\",\n notes=\"\"\"\nThis command supports flags registers that are defined for architectures in the pwndbg/regs.py file.\n \"\"\",\n)\n@pwndbg.commands.OnlyWhenRunning\ndef setflag(flag: str, value: int) -> None:\n # ....\n
When writing this (and the command description for that matter), you should consider what it will look like in the documentation after being parsed as markdown. As for only_debuggers and exclude_debuggers, you must use (usually one of) them if your command does not work an all debuggers that Pwndbg supports. For instance, if it uses some features from pwndbg.gdblib (which should be avoided if at all possible). In such a case, you probably also need to conditionally import it in the load_commands function.
"},{"location":"contributing/adding-a-command/#can-your-command-be-invoked-all-the-time","title":"Can your command be invoked all the time?","text":"In most cases a command cannot be legally invoked at every moment in a debugging session, or for every debugging session. For instance, you can't use heap commands if the heap isn't initialized yet, you can't use kernel commands if you're not debugging a kernel.
To make sure these cases are properly handled, Pwndbg provides certain decorators. They are defined in pwndbg/commands/__init__.py. Check the source to see an up-to-date list, but here are some important ones:
OnlyWhenRunning\nOnlyWhenLocal\nOnlyWithFile\nOnlyWhenQemuKernel\nOnlyWhenUserspace\nOnlyWithKernelDebugSyms\nOnlyWhenPagingEnabled\nOnlyWithTcache\nOnlyWhenHeapIsInitialized\nOnlyWithResolvedHeapSyms\n
Feel free to add more of these decorators yourself! Another very important one is OnlyWithArch, defined in pwndbg/aglib/proc.py. Does your command work on all architectures? If not, make sure to specify this decorator and pass in the architectures which you do support.
"},{"location":"contributing/adding-a-command/#actually-implementing-the-command","title":"Actually implementing the command","text":"There is no single right way to do it. You will want to read the source of some similar commands and see how they work. Check out the general developer notes, and feel free to ask a question on the discord server. Good luck!
"},{"location":"contributing/adding-a-parameter/","title":"Adding a Configuration Option","text":"Configuration options are also called \"parameters\" in the source. Let's take a look at an existing parameter gdb-workaround-stop-event defined in pwndbg/gdblib/events.py.
DISABLED = \"disabled\"\nDISABLED_DEADLOCK = \"disabled-deadlock\"\nENABLED = \"enabled\"\n\ngdb_workaround_stop_event = config.add_param(\n \"gdb-workaround-stop-event\",\n DISABLED,\n \"asynchronous stop events to improve 'commands' functionality\",\n help_docstring=f\"\"\"\nNote that this may cause unexpected behavior with Pwndbg or gdb.execute.\n\nValues explained:\n\n+ `{DISABLED}` - Disable the workaround (default).\n+ `{DISABLED_DEADLOCK}` - Disable only deadlock detection; deadlocks may still occur.\n+ `{ENABLED}` - Enable asynchronous stop events; gdb.execute may behave unexpectedly (asynchronously).\n \"\"\",\n param_class=pwndbg.lib.config.PARAM_ENUM,\n enum_sequence=[DISABLED, DISABLED_DEADLOCK, ENABLED],\n)\n
To understand it, let's also look at the signature of the Config.add_param function defined in pwndbg/lib/config.py: def add_param(\n self,\n name: str,\n default: Any,\n set_show_doc: str,\n *,\n help_docstring: str = \"\",\n param_class: int | None = None,\n enum_sequence: Sequence[str] | None = None,\n scope: Scope = Scope.config,\n ) -> Parameter:\n # ...\n
So, the first argument specifies the name by which the parameter will be used inside the debugger. The second argument specifies the default value of the parameter."},{"location":"contributing/adding-a-parameter/#set_show_doc","title":"set_show_doc","text":"The third argument is a very brief description of what the parameter is for. The argument is called set_show_doc due to how it is used in GDB.
pwndbg> set gdb-workaround-stop-event enabled\nSet asynchronous stop events to improve 'commands' functionality to 'enabled'.\n |------------------------------------------------------------|\n
pwndbg> show gdb-workaround-stop-event\nAsynchronous stop events to improve 'commands' functionality is 'enabled'. [...]\n|-----------------------------------------------------------|\n
It is therefore recommended to use a noun phrase rather than describe an action. However, it sometimes may be necessary to break this rule to retain the brevity of the description. The set_show_doc argument should be short because it is displayed with the config family of commands.
pwndbg> config\nName Documentation Value (Default)\n----------------------------------------------------------------------------------------------------------------------------\nai-anthropic-api-key Anthropic API key ''\nai-history-size maximum number of questions and answers to keep in the prompt 3\nai-max-tokens the maximum number of tokens to return in the response 100\nai-model the name of the large language model to query 'gpt-3.5-turbo'\nai-ollama-endpoint Ollama API endpoint ''\nai-openai-api-key OpenAI API key ''\nai-show-usage whether to show how many tokens are used with each OpenAI API call off\nai-stack-depth rows of stack context to include in the prompt for the ai command 16\nai-temperature the temperature specification for the LLM query 0\nattachp-resolution-method how to determine the process to attach when multiple candidates exists 'ask'\nauto-explore-auxv stack exploration for AUXV information; it may be really slow 'warn'\nauto-explore-pages whether to try to infer page permissions when memory maps are missing 'warn'\nauto-explore-stack stack exploration; it may be really slow 'warn'\nauto-save-search automatically pass --save to \"search\" command off\nbn-autosync whether to automatically run bn-sync every step off\n[...]\n
Because of the various contexts in which a parameter can be show, the first letter of the set_show_doc string should be lowercase (unless the first word is a name or an abbreviation) and there should be no punctuation at the end. This way, Pwndbg and GDB can more easily modify the string to fit it into these contexts."},{"location":"contributing/adding-a-parameter/#help_docstring","title":"help_docstring","text":"While help_docstring is not mandatory, it is highly recommended to use it. Put a detailed explanation of what the parameter does here, and explain any caveats. This string does not have a size limit and is shown with the following command in GDB and LLDB:
pwndbg> help set gdb-workaround-stop-event\nSet asynchronous stop events to improve 'commands' functionality.\nNote that this may cause unexpected behavior with Pwndbg or gdb.execute.\n\nValues explained:\n\n+ `disabled` - Disable the workaround (default).\n+ `disabled-deadlock` - Disable only deadlock detection; deadlocks may still occur.\n+ `enabled` - Enable asynchronous stop events; gdb.execute may behave unexpectedly (asynchronously).\n\nDefault: 'disabled'\nValid values: 'disabled', 'disabled-deadlock', 'enabled'\n
Note that the last two lines are automatically generated by Pwndbg. When writing this explanation, it is important to take into account how it will be displayed in the documentation after being parsed as markdown. See what gdb-workaround-stop-event looks like here: https://pwndbg.re/pwndbg/dev/configuration/config/#gdb-workaround-stop-event . If there wasn't an empty line between Values explained: and + `disabled`.. the list wouldn't have rendered properly.
"},{"location":"contributing/adding-a-parameter/#param_class","title":"param_class","text":"This argument describes the type of the parameter. It will be used by GDB to perform input validation when the parameter is being set so it is important to set this to the correct value. The possible values are defined in pwndbg/lib/config.py, use the most restrictive one that fits:
# Boolean value. True or False, same as in Python.\nPARAM_BOOLEAN = 0\n# Boolean value, or 'auto'.\nPARAM_AUTO_BOOLEAN = 1\n# Signed integer value. Disallows zero.\nPARAM_INTEGER = 2\n# Signed integer value.\nPARAM_ZINTEGER = 3\n# Unsigned integer value. Disallows zero.\nPARAM_UINTEGER = 4\n# Unsigned integer value.\nPARAM_ZUINTEGER = 5\n# Unlimited ZUINTEGER.\nPARAM_ZUINTEGER_UNLIMITED = 6\n# String value. Accepts escape sequences.\nPARAM_STRING = 7\n# String value, accepts only one of a number of possible values, specified at\n# parameter creation.\nPARAM_ENUM = 8\n# String value corresponding to the name of a file, if present.\nPARAM_OPTIONAL_FILENAME = 9\n
For more information (for instance about what None or \"unlimited\" mean) see https://sourceware.org/gdb/current/onlinedocs/gdb.html/Parameters-In-Python.html ."},{"location":"contributing/adding-a-parameter/#enum_sequence","title":"enum_sequence","text":"If the param_class is set to pwndbg.lib.config.PARAM_ENUM then the enum_sequence argument must be supplied as well. It should constitute an array of legal values. GDB and (our) LLDB (driver) won't allow setting the parameter to any other value. The legal values will be automatically displayed at the end of help_docstring as previously shown.
If it isn't immediately obvious what the enum values do, explain them in help_docstring using same format that gdb-workaround-stop-event uses.
"},{"location":"contributing/adding-a-parameter/#scope","title":"scope","text":"The scope argument has the default value of pwndbg.lib.config.Scope.config and is used to group parameters. The legal values are:
class Scope(Enum):\n # If you want to add another scope here, don't forget to add\n # a command which prints it!\n config = 1\n theme = 2\n heap = 3\n
The parameters of each scope are printed using a different command. The config scope is printed with config, the heap scope is printed with heap-config and the theme scope is printed with theme. The config and theme scopes also have corresponding configfile and themefile commands which export the values of all the parameters from those scopes."},{"location":"contributing/adding-a-parameter/#the-theme-scope","title":"The theme scope","text":"You should never directly pass this scope to pwndbg.config.add_param. Instead use the pwndbg.color.theme.add_param and pwndbg.color.theme.add_color_param wrapper commands like this:
# pwndbg/aglib/nearpc.py\nnearpc_branch_marker = pwndbg.color.theme.add_param(\n \"nearpc-branch-marker\", \" \u2193\", \"branch marker line for nearpc command\"\n)\n
# pwndbg/color/context.py\nconfig_highlight_color = theme.add_color_param(\n \"highlight-color\", \"green,bold\", \"color added to highlights like source/pc\"\n)\n
"},{"location":"contributing/adding-a-parameter/#using-the-parameter-in-code","title":"Using the parameter in code","text":"Usually when a parameter is defined its value is also set to a variable, for instance gdb_workaround_stop_event = ... in the initial example. This isn't necessary, as all registered parameters are available as pwndbg.config.<parameter_name_except_with_underscores> so in our example, we could also access the gdb-workaround-stop-event parameter as pwndbg.config.gdb_workaround_stop_event.
That being said, defining the variable can reduce code verbosity:
# pwndbg/aglib/godbg.py\nline_width = pwndbg.config.add_param(\n \"go-dump-line-width\", 80, \"the soft line width for go-dump pretty printing\"\n)\n
Since the variable is scoped to the godbg.py file, its name can be short, and we don't have to write pwndbg.config.go_dump_line_width every time."},{"location":"contributing/adding-a-parameter/#using-color-parameters","title":"Using color parameters","text":"Note that the theme.add_color_param() function returns a ColorParameter object instead of a Parameter. The parameter should be used via its color_function() method:
# pwndbg/aglib/godbg.py\ndef fmt_debug(self, val: str, default: str = \"\") -> str:\n if self.debug:\n return debug_color.color_function(val)\n else:\n return default\n
Though you will also see generateColorFunction(debug_color)(val) being used in the code to the same effect."},{"location":"contributing/dev-notes/","title":"Developer Notes","text":""},{"location":"contributing/dev-notes/#random-developer-notes","title":"Random developer notes","text":"Feel free to update the list below!
-
If you want to play with Pwndbg functions under GDB, you can always use GDB's pi which launches python interpreter or just py <some python line>.
-
If you want to do the same in LLDB, you should type lldb, followed by script, which brings up an interactive Python REPL. Don't forget to import pwndbg!
-
Do not access debugger-specific functionality - eg. anything that uses the gdb, lldb, or gdblib modules - from outside the proper module in pwndbg.dbg.
-
Use aglib instead of gdblib, as the latter is in the process of being removed. Both modules should have nearly identical interfaces, so doing this should be a matter of typing pwndbg.aglib.X instead of pwndbg.gdblib.X. Ideally, an issue should be opened if there is any functionality present in gdblib that's missing from aglib.
-
We have our own pwndbg.config.Parameter - read about it in Adding a Configuration Option.
-
The dashboard/display/context we are displaying is done by pwndbg/commands/context.py which is invoked through GDB's and LLDB's prompt hook, which are defined, respectively, in pwndbg/gdblib/prompt.py as prompt_hook_on_stop, and in pwndb/dbg/lldb/hooks.py as prompt_hook.
-
We change a bit GDB settings - this can be seen in pwndbg/dbg/gdb.py under GDB.setup - there are also imports for all Pwndbg submodules.
-
Pwndbg has its own event system, and thanks to it we can set up code to be invoked in response to them. The event types and the conditions in which they occurr are defined and documented in the EventType enum, and functions are registered to be called on events with the @pwndbg.dbg.event_handler decorator. Both the enum and the decorator are documented in pwndbg/dbg/__init__.py.
-
We have a caching mechanism (\"memoization\") which we use through Python's decorators - those are defined in pwndbg/lib/cache.py - just check its usages
-
To block a function before the first prompt was displayed use the pwndbg.decorators.only_after_first_prompt decorator.
-
Memory accesses should be done through pwndbg/aglib/memory.py functions.
-
Process properties can be retrieved thanks to pwndbg/aglib/proc.py - e.g. using pwndbg.aglib.proc.pid will give us current process pid
-
We have a wrapper for handling exceptions that are thrown by commands - defined in pwndbg/exception.py - current approach seems to work fine - by using set exception-verbose on - we get a stacktrace. If we want to debug stuff we can always do set exception-debugger on.
-
Some of Pwndbg's functionality require us to have an instance of pwndbg.dbg.Value - the problem with that is that there is no way to define our own types in either GDB or LLDB - we have to ask the debugger if it detected a particular type in this particular binary (that sucks). We do that in pwndbg/aglib/typeinfo.py and it works most of the time. The known bug with that is that it might not work properly for Golang binaries compiled with debugging symbols.
"},{"location":"contributing/dev-notes/#support-for-multiple-debuggers","title":"Support for Multiple Debuggers","text":"Pwndbg is a tool that supports multiple debuggers, and so using debugger-specific functionality outside of pwndbg.dbg.X is generally discouraged, with one imporant caveat, that we will get into later. When adding code to Pwndbg, one must be careful with the functionality being used.
"},{"location":"contributing/dev-notes/#the-debugger-api","title":"The Debugger API","text":"Our support for multiple debuggers is primarily achieved through use of the Debugger API, found under pwndbg/dbg/, which defines a terse set of debugging primitives that can then be built upon by the rest of Pwndbg. It comprises two parts: the interface, and the implementations. The interface contains the abstract classes and the types that lay out the \"shape\" of the functionality that may be used by the rest of Pwndbg, and the implementations, well, implement the interface on top of each supported debugger.
As a matter of clarity, it makes sense to think of the Debugger API as a debugger-agnostic version of the lldb and gdb Python modules. Compared to both modules, it is much closer in spirit to lldb than to gdb.
It is important to note that a lot of care must be exercised when adding things to the Debugger API, as one must always add implementations for all supported debuggers of whatever new functionality is being added, even if only to properly gate off debuggers in which the functionality is not supported. Additionally, it is important to keep the Debugger API interfaces as terse as possible in order to reduce code duplication. As a rule of thumb, if all the implementations of an interface are expected to share code, that interface is probably better suited for aglib, and it should be further broken down into its primitives, which can then be added to the Debugger API.
Some examples of debugging primitives are memory reads, memory writes, memory map acquisition, symbol lookup, register reads and writes, and execution frames. These are all things that one can find in both the GDB and LLDB APIs.
The entry point for the Debugger API is pwndbg.dbg, though most process-related methods are accessed through a Process object. Unless you really know what you're doing, you're going to want to use the objected yielded by pwndbg.dbg.selected_inferior() for this.
"},{"location":"contributing/dev-notes/#aglib","title":"aglib","text":"Along with the Debugger API, there is also aglib, found under pwndbg/aglib/, in which lives functionality that is both too broad for a single command, and that can be shared between multiple debuggers. Things like QEMU handling, ELF and dynamic section parsing, operating system functionality, disassembly with capstone, heap analysis, and more, all belong in aglib.
In order to facilitate the process of porting Pwndbg to the debugger-agnostic interfaces, and also because of its historical roots, aglib is intended to export the exact same functionality provided by gdblib, but on top of a debugger-agnostic foundation.
If it helps, one may think of aglib like a pwndbglib. It takes the debugging primitives provided by the Debugger API and builds the more complex and interesting bits of functionality found in Pwndbg on top of them.
"},{"location":"contributing/dev-notes/#mappings-from-gdb-and-lldb-to-the-debugger-api","title":"Mappings from GDB and LLDB to the Debugger API","text":"Here are some things one may want to do, along with how they can be achieved in the GDB, LLDB, and Pwndbg Debugger APIs.
GDBLLDBDebugger API Setting a breakpoint at an address:
gdb.Breakpoint(\"*<address>\")\n
Querying for the address of a symbol: int(gdb.lookup_symbol(<name>).value().address)\n
Setting a watchpoint at an address: gdb.Breakpoint(f\"(char[{<size>}])*{<address>}\", gdb.BP_WATCHPOINT)\n
Setting a breakpoint at an address:
lldb.target.BreakpointCreateByAddress(<address>)\n
Querying for the address of a symbol: lldb.target.FindSymbols(<name>).GetContextAtIndex(0).symbol.GetStartAddress().GetLoadAddress(lldb.target)\n
Setting a watchpoint at an address: lldb.target.WatchAddress(<address>, <size>, ...)\n
# Fetch a Process object on which we will operate.\ninf = pwndbg.dbg.selected_inferior()\n
Setting a breakpoint at an address: inf.break_at(BreakpointLocation(<address>))\n
Querying for the address of a symbol: inf.lookup_symbol(<name>)\n
Setting a watchpoint at an address: inf.break_at(WatchpointLocation(<address>, <size>))\n
"},{"location":"contributing/dev-notes/#exception-to-use-of-debugger-agnostic-interfaces","title":"Exception to use of Debugger-agnostic interfaces","text":"Some commands might not make any sense outside the context of a single debugger. For these commands, it is generally okay to talk to the debugger directly. However, they must be properly marked as debugger-specific and their loading must be properly gated off behind the correct debugger. They should ideally be placed in a separate location from the rest of the commands in pwndbg/commands/.
"},{"location":"contributing/dev-notes/#porting-public-tools","title":"Porting public tools","text":"If porting a public tool to Pwndbg, please make a point of crediting the original author. This can be added to CREDITS.md noting the original author/inspiration, and linking to the original tool/article. Also please be sure that the license of the original tool is suitable to porting into Pwndbg, such as MIT.
"},{"location":"contributing/dev-notes/#minimum-supported-versions","title":"Minimum Supported Versions","text":"Our goal is to fully support all Ubuntu LTS releases that have not reached end-of-life, with support for other platforms on a best-effort basis. Currently that means all code should work on Ubuntu 22.04, and 24.04 with GDB 12.1 and later. This means that the minimum supported Python version is 3.10, and we cannot use any newer Python features unless those features are backported to this minimum version.
Note that while all code should run without errors on these supported LTS versions, it's fine if older versions don't support all of the features of newer versions, as long as this is handled correctly and this information is shown to the user. For example, we may make use of some GDB APIs in newer versions that we aren't able to provide alternative implementations for in older versions, and so in these cases we should inform the user that the functionality can't be provided due to the version of GDB.
The lint.sh script described in the previous section runs vermin to ensure that our code does not use any features that aren't supported on Python 3.10.
"},{"location":"contributing/improving-annotations/","title":"Improving Annotations","text":"Alongside the disassembled instructions in the dashboard, Pwndbg also has the ability to display annotations - text that contains relevent information regarding the execution of the instruction. For example, on the x86 MOV instruction, we can display the concrete value that gets placed into the destination register. Likewise, we can indicate the results of mathematical operations and memory accesses. The annotation in question is always dependent on the exact instruction being annotated - we handle it in a case-by-case basis.
The main hurdle in providing annotations is determining what each instruction does, getting the relevent CPU registers and memory that are accessed, and then resolving concrete values of the operands. We call the process of determining this information \"enhancement\", as we enhance the information provided natively by GDB.
The Capstone Engine disassembly framework is used to statically determine information about instructions and their operands. Take the x86 instruction sub rax, rdx. Given the raw bytes of the machine instructions, Capstone creates an object that provides an API that, among many things, exposes the names of the operands and the fact that they are both 8-byte wide registers. It provides all the information necessary to describe each operand. It also tells the general 'group' that a instruction belongs to, like if its a JUMP-like instruction, a RET, or a CALL. These groups are architecture agnostic.
However, the Capstone Engine doesn't fill in concrete values that those registers take on. It has no way of knowing the value in rdx, nor can it actually read from memory.
To determine the actual values that the operands take on, and to determine the results of executing an instruction, we use the Unicorn Engine, a CPU emulator framework. The emulator has its own internal CPU register set and memory pages that mirror that of the host process, and it can execute instructions to mutate its internal state. Note that the Unicorn Engine cannot execute syscalls - it doesn't have knowledge of a kernel.
We have the ability to single-step the emulator - tell it to execute the instruction at the program counter inside the emulator. After doing so, we can inspect the state of the emulator - read from its registers and memory. The Unicorn Engine itself doesn't expose information regarding what each instruction is doing - what is the instruction (is it an add, mov, push?) and what registers/memory locations is it reading to and writing from? - which is why we use the Capstone engine to statically determine this information.
Using what we know about the instruction based on the Capstone engine - such as that it was a sub instruction and rax was written to - we query the emulator after stepping in to determine the results of the instruction.
We also read the program counter from the emulator to determine jumps and so we can display the instructions that will actually be executed, as opposed to displaying the instructions that follow consecutively in memory.
"},{"location":"contributing/improving-annotations/#enhancing","title":"Enhancing","text":"Everytime the inferior process stops (and when the disasm context section is displayed), we display the next handful of assembly instructions in the dashboard so the user can understand where the process is headed. The exact amount is determined by the context-disasm-lines setting.
We will be enhancing the instruction at the current program counter, as well as all the future instructions that are displayed. The end result of enhancement is that we get a list of PwndbgInstruction objects, each encapsulating relevent information regarding the instructions execution.
When the process stops, we instantiate the emulator from scratch. We copy all the registers from the host process into the emulator. For performance purposes, we register a handler to the Unicorn Engine to lazily map memory pages from the host to the emulator when they are accessed (a page fault from within the emulator), instead of immediately copying all the memory from the host to the emulator.
The enhancement is broken into a couple stops:
- First, we resolve the values of all the operands of the instruction before stepping the emulator. This means we read values from registers and dereference memory depending on the operand type. This gives us the values of operands before the instruction executes.
- Then, we step the emulator, executing a single instruction.
- We resolve the values of all operands again, giving us the
after_value of each operand. - Then, we enhance the \"condition\" field of PwndbgInstructions, where we determine if the instruction is conditional (conditional branch or conditional mov are common) and if the action is taken.
- We then determine the
next and target fields of PwndbgInstructions. next is the address that the program counter will take on after using the GDB command nexti, and target indicates the target address of branch/jump/PC-changing instructions. - With all this information determined, we now effectively have a big switch statement, matching on the instruction type, where we set the
annotation string value, which is the text that will be printed alongside the instruction in question.
We go through the enhancement process for the instruction at the program counter and then ensuing handful of instructions that are shown in the dashboard.
"},{"location":"contributing/improving-annotations/#when-to-use-emulation-reasoning-about-process-state","title":"When to use emulation / reasoning about process state","text":"When possible, we code aims to use emulation as little as possible. If there is information that can be determined statically or without the emulator, then we try to avoid emulation. This is so we can display annotations even when the Unicorn Engine is disabled. For example, say we come to a stop, and are faced with enhancing the following three instructions in the dashboard:
1. lea rax, [rip + 0xd55]\n2. > mov rsi, rax # The host process program counter is here\n3. mov rax, rsi\n
Instruction 1, the lea instruction, is already in the past - we pull our enhanced PwndbgInstruction for it from a cache.
Instruction 2, the first mov instruction, is where the host process program counter is at. If we did stepi in GDB, this instruction would be executed. In this case, there is two ways we can determine the value that gets written to rsi.
- After stepping the emulator, read from the emulators
rsi register. - Given the context of the instruction, we know the value in
rsi will come from rax. We can just read the rax register from the host. This avoids emulation.
The decision on which option to take is implemented in the annotation handler for the specific instruction. When possible, we have a preference for the second option, because it makes the annotations work even when emulation is off.
The reason we could do the second option, in this case, is because we could reason about the process state at the time this instruction would execute. This instruction is about to be executed (Program PC == instruction.address). We can safely read from rax from the host, knowing that the value we get is the true value it takes on when the instruction will execute. It must - there are no instructions in-between that could have mutated rax.
However, this will not be the case while enhancing instruction 3 while we are paused at instruction 2. This instruction is in the future, and without emulation, we cannot safely reason about the operands in question. It is reading from rsi, which might be mutated from the current value that rsi has in the stopped process (and in this case, we happen to know that it will be mutated). We must use emulation to determine the before_value of rsi in this case, and can't just read from the host processes register set. This principle applies in general - future instructions must be emulated to be fully annotated. When emulation is disable, the annotations are not as detailed since we can't fully reason about process state for future instructions.
"},{"location":"contributing/improving-annotations/#what-if-the-emulator-fails","title":"What if the emulator fails?","text":"It is possible for the emulator to fail to execute an instruction - either due to a restrictions in the engine itself, or the instruction inside segfaults and cannot continue. If the Unicorn Engine fails, there is no real way we can recover. When this happens, we simply stop emulating for the current step, and we try again the next time the process stops when we instantiate the emulator from scratch again.
"},{"location":"contributing/improving-annotations/#caching-annotations","title":"Caching annotations","text":"When we are stepping through the emulator, we want to remember the annotations of the past couple instructions. We don't want to nexti, and suddenly have the annotation of the previously executed instruction deleted. At the same time, we also never want stale annotations that might result from coming back to point in the program to which we have stepped before, such as the middle of a loop via a breakpoint.
New annotations are only created when the process stops, and we create annotations for next handful of instructions to be executed. If we continue in GDB and stop at a breakpoint, we don't want annotations to appear behind the PC that are from a previous time we were near the location in question. To avoid stale annotations while still remembering them when stepping, we have a simple caching method:
While we are doing our enhancement, we create a list containing the addresses of the future instructions that are displayed.
For example, say we have the following instructions with the first number being the memory address:
0x555555556259 <main+553> lea rax, [rsp + 0x90]\n 0x555555556261 <main+561> mov edi, 1 EDI => 1\n 0x555555556266 <main+566> mov rsi, rax\n 0x555555556269 <main+569> mov qword ptr [rsp + 0x78], rax\n 0x55555555626e <main+574> call qword ptr [rip + 0x6d6c] <fstat64>\n\n \u25ba 0x555555556274 <main+580> mov edx, 5 EDX => 5\n 0x555555556279 <main+585> lea rsi, [rip + 0x3f30] RSI => 0x55555555a1b0 \u25c2\u2014 'standard output'\n 0x555555556280 <main+592> test eax, eax\n 0x555555556282 <main+594> js main+3784 <main+3784>\n\n 0x555555556288 <main+600> mov rsi, qword ptr [rsp + 0xc8]\n 0x555555556290 <main+608> mov edi, dword ptr [rsp + 0xa8]\n
In this case, our next_addresses_cache would be [0x555555556279, 0x555555556280, 0x555555556282, 0x555555556288, 0x555555556290].
Then, the next time our program comes to a stop (after using si, n, or any GDB command that continues the process), we immediately check if the current program counter is in this list. If it is, then we can infer that the annotations are still valid, as the program has only executed a couple instructions. In all other cases, we delete our cache of annotated instructions.
We might think \"why not just check if it's the next address - 0x555555556279 in this case? Why a list of the next couple addresses?\". This is because when source code is available, step and next often skip a couple instructions. It would be jarring to remove the annotations in this case. Likewise, this method has the added benefit that if we stop somewhere, and there happens to be a breakpoint only a couple instructions in front of us that we continue to, then previous couple annotations won't be wiped.
"},{"location":"contributing/improving-annotations/#other-random-annotation-details","title":"Other random annotation details","text":" - We don't emulate through CALL instructions. This is because the function might be very long.
- We resolve symbols during the enhancement stage for operand values.
- The folder
pwndbg/aglib/disasm contains the code for enhancement. It follows an object-oriented model, with arch.py implementing the parent class with shared functionality, and the per-architecture implementations are implemented as subclasses in their own files. pwndbg/aglib/nearpc.py is responsible for getting the list of enhanced PwndbgInstruction objects and converting them to the output seen in the 'disasm' view of the dashboard.
"},{"location":"contributing/improving-annotations/#adding-or-fixing-annotations","title":"Adding or fixing annotations","text":"We annotate on an instruction-by-instruction basis. Effectively, imagine a giant switch statement that selects the correct handler to create an annotation based on the specific instruction. Many instruction types can be grouped and annotated using the same logic, such as load, store, and arithmetic instructions.
See pwndbg/aglib/disasm/aarch64.py as an example. We define sets that group instructions using the unique Capstone ID for each instruction, and inside the constructor of DisassemblyAssistant we have a mapping of instructions to a specific handler. The _set_annotation_string function will match the instruction to the correct handler, which set the instruction.annotation field.
If there is a bug in an annotation, the first order of business is finding its annotation handler. To track down where we are handling the instruction, you can search for its Capstone constant. For example, the RISC-V store byte instruction, sb, is represented as the Capstone constant RISCV_INS_SB. Or, if you are looking for the handler for the AArch64 instruction SUB, you can search the disasm code for _INS_SUB to find where we reference the appropriate Capstone constant for the instruction and following the code to the function that ultimately sets the annotation.
If an annotation is causing a crash, is it most likely due to a handler making an incorrect assumption on the number of operands, leading to a list index out of range error. One possible source of this is that a given instruction has multiple different disassembly representations. Take the RISC-V JALR instruction. It can be represented in 3 ways:
jalr rs1 # return register is implied as ra, and imm is implied as 0\njalr rs1, imm # return register is implied as ra\njalr rd, rs1, imm\n
Capstone will expose the most \"simplified\" one possible, and the underlying list of register operands will change. If the handler doesn't take these different options into account, and rather assumes that jalr always has 3 operands, then an index error can occur if the handler accesses instruction.operands[2].
"},{"location":"contributing/improving-annotations/#bug-root-cause","title":"Bug root cause","text":"When encountering an instruction that is behaving strangely (incorrect annotation, or there is a jump target when one shouldn't exist, or the target is incorrect), there are a couple routine things to check.
1. Use the dev-dump-instruction command to print all the enhancement information. With no arguments, it will dump the info from the instruction at the current address. If given an address, it will pull from the instruction cache at the corresponding location.
If the issue is not related to branches, check the operands and the resolved values for registers and memory accesses. Verify that the values are correct - are the resolved memory locations correct? Step past the instruction and use instructions like telescope and regs to read memory and verify if the claim that the annotation is making is correct. For things like memory operands, you can try to look around the resolved memory location in memory to see the actual value that the instruction dereferenced, and see if the resolved memory location is simply off by a couple bytes.
Example output of dumping a mov instruction:
mov qword ptr [rsp], rsi at 0x55555555706c (size=4) (arch: x86)\n ID: 460, mov\n Raw asm: mov qword ptr [rsp], rsi\n New asm: mov qword ptr [rsp], rsi\n Next: 0x555555557070\n Target: 0x555555557070, Target string=, const=None\n Condition: UNDETERMINED\n Groups: []\n Annotation: [0x7fffffffe000] => 0x7fffffffe248 \u2014\u25b8 0x7fffffffe618 \u25c2\u2014 '/usr/bin/ls'\n Operands: [['[0x7fffffffe000]': Symbol: None, Before: 0x7fffffffe000, After: 0x7fffffffe000, type=CS_OP_MEM, size=8, access=CS_AC_WRITE]] ['RSI': Symbol: None, Before: 0x7fffffffe248, After: 0x7fffffffe248, type=CS_OP_REG, size=8, access=CS_AC_READ]]]\n Conditional jump: False. Taken: False\n Unconditional jump: False\n Declare unconditional: None\n Can change PC: False\n Syscall: N/A\n Causes Delay slot: False\n Split: NO_SPLIT\n Call-like: False\n
2. Use the Capstone disassembler to verify the number of operands the instruction groups.
Taken the raw instruction bytes and pass them to cstool to see the information that we are working with:
cstool -d mips 0x0400000c\n
The number of operands may not match the visual appearance. You might also check the instruction groups, and verify that an instruction that we might consider a call has the Capstone call group. Capstone is not 100% correct in every single case in all architectures, so it's good to verify. Report a bug to Capstone if there appears to be an error, and in the meanwhile we can create a fix in Pwndbg to work around the current behavior.
3. Check the state of the emulator.
Go to pwndbg/emu/emulator.py and uncomment the DEBUG = -1 line. This will enable verbose debug printing. The emulator will print it's current pc at every step, and indicate important events, like memory mappings. Likewise, in pwndbg/aglib/disasm/arch.py you can set DEBUG_ENHANCEMENT = True to print register accesses to verify they are sane values.
Potential bugs:
- A register is 0 (may also be the source of a Unicorn segfault if used as a memory operand) - often means we are not copying the host processes register into the emulator. By default, we map register by name - if in Pwndbg, it's called
rax, then we find the UC constant named U.x86_const.UC_X86_REG_RAX. Sometimes, this default mapping doesn't work, sometimes do to differences in underscores (FSBASE vs FS_BASE). In these cases, we have to manually add the mapping. - Unexpected crash - the instruction at hand might require a 'coprocessor', or some information that is unavailable to Unicorn (it's QEMU under the hood).
- Instructions are just no executing - we've seen this in the case of Arm Thumb instructions. There might be some specific API/way to invoke the emulator that is required for a certain processor state.
"},{"location":"contributing/improving-annotations/#creating-small-cross-architecture-programs","title":"Creating small cross-architecture programs","text":"If you are encountering a strange behavior with a certain instruction or scenario in a non-native-architecture program, you can use some great functions from pwntools to handle the compilation and debugging. This is a great way to create a small reproducible example to isolate an issue.
The following Python program, when run from inside a tmux session, will take some AArch64 assembly, compile it, and run it with GDB attached in a new tmux pane. It will search your system for the appropriate cross compiler for the architecture at hand, and run the compiled binary with QEMU.
from pwn import *\n\ncontext.arch = \"aarch64\"\n\nAARCH64_GRACEFUL_EXIT = \"\"\"\nmov x0, 0\nmov x8, 93\nsvc 0\n\"\"\"\n\nout = make_elf_from_assembly(STORE)\n# Debug info\nprint(out)\ngdb.debug(out)\n\npause()\n
"},{"location":"contributing/making-a-gif/","title":"Making a Pwndbg gif","text":""},{"location":"contributing/making-a-gif/#the-rundown","title":"The rundown","text":"If you wish to make a gif of your terminal while using Pwndbg (usually to add an example of some command/workflow to the website) you should use charmbracelet/vhs. This ensures a consistent look to the gifs throughout the documentation, makes them easily updateable when UI changes are made, and just makes them more easily reproducable and modifiable in general.
Note
Here \"gif\" really means \"a video that loops\", in practice it is better to use .webm with .mp4 as a fallback because they are better optimized file formats.
The workflow to creating a gif is simple. Start a recording:
vhs record > my_thingy.tape\n
Whatever you now do in the terminal will be \"recorded\" to the my_thingy.tape file. Exit the shell to save the recording. The tape probably isn't ready to use as-is. You will want to add some metadata and fixup some lines. Example This is the tape used to generate the gif at https://pwndbg.re/pwndbg/dev/commands/context/context/ :
# https://github.com/charmbracelet/vhs\n\nOutput pwndbg.mp4\nOutput pwndbg.webm\n\nSet FontSize 24\nSet Width 1920\nSet Height 1080\nSet TypingSpeed 100ms\n\nSleep 1s\nType \"pwndbg /bin/sh\"\nEnter\nSleep 2s\nType \"start\"\nEnter\nSleep 3s\nType \"stepsyscall\"\nSleep 3s\nEnter 1\nSleep 3s\nType \"up\"\nSleep 1s\nEnter 1\nSleep 1s\nType \"up\"\nSleep 1s\nEnter 1\nSleep 1s\nType \"up\"\nSleep 1s\nEnter 1\nSleep 1s\nType \"context\"\nSleep 4s\nEnter 1\nSleep 7s\nType \"down\"\nSleep 1s\nEnter 1\nSleep 1s\nType \"ctx\"\nSleep 4s\nEnter 1\nSleep 7s\n
You may now run
vhs my_thingy.tape\n
and it will generate a gif with the filename you specified in the tape (the Output line in the example). Make sure to commit the .tape file along with the gif.
"},{"location":"contributing/making-a-gif/#recording-in-docker","title":"Recording in Docker","text":"If the setup for the gif is not highly involved, you may want to use a Dockerfile to generate the gif to ensure reproducability (or if wish to make sure your environment variables aren't visible during the debugging session). Here is a sample Dockerfile you can modify to your liking:
# https://github.com/charmbracelet/vhs\nFROM ghcr.io/charmbracelet/vhs\n\n# Install Pwndbg\nRUN apt update && apt install -y git \\\n && git clone https://github.com/pwndbg/pwndbg.git /pwndbg \\\n && cd /pwndbg \\\n && ./setup.sh\n\n# Create a pwndbg executable in PATH so we can run with\n# `pwndbg /bin/sh`.\nRUN echo '#!/bin/sh\\ngdb --quiet \"$@\"' > /usr/local/bin/pwndbg \\\n && chmod +x /usr/local/bin/pwndbg\n\n# Make sure uv.lock.hash is created so we don't get\n# a message about updating during the gif.\nRUN gdb /bin/sh --batch\n\n# The ENTRYPOINT and CMD are defined in the vhs docker image.\n
you can use a script like this to run it easily. #!/bin/sh\n\nset -e\n\nIMAGE_NAME=\"vhs-pwndbg\"\n\nrm -f .gdb_history\ndocker build -t \"$IMAGE_NAME\" .\ndocker run --rm -v \"$(pwd)\":/vhs \"$IMAGE_NAME\" my_thingy.tape\n
"},{"location":"contributing/setup-pwndbg-dev/","title":"Setup Pwndbg for Development","text":""},{"location":"contributing/setup-pwndbg-dev/#installing-pwndbg-from-source","title":"Installing Pwndbg from source","text":"Run the following:
git clone https://github.com/pwndbg/pwndbg\ncd pwndbg\n./setup.sh\n
Officially supported is Ubuntu 22.04 and later, but the setup script also supports the following distributions: - Debian-based OSes (via apt-get)
- Fedora and Red Hat (via dnf)
- Clear (via swiped)
- OpenSUSE LEAP (via zypper)
- Arch and Manjaro (via community AUR packages)
- Void (via xbps)
- Gentoo (via emerge)
Tip
If you have an older ubuntu version you may still use Pwndbg:
- for Ubuntu 20.04 use the 2024.08.29 release
- for Ubuntu 18.04 use the 2023.07.17: ubuntu18.04-final release
however if you wish to contribute, it is recommended you upgrade your distribution.
"},{"location":"contributing/setup-pwndbg-dev/#running-with-gdb","title":"Running with GDB","text":"Pwndbg requires GDB 12.1 or later. If the GDB version your distro provides is too old, build GDB from source:
sudo apt install libgmp-dev libmpfr-dev libreadline-dev texinfo # required by build\ngit clone git://sourceware.org/git/binutils-gdb.git\nmkdir gdb-build\ncd gdb-build\n../binutils-gdb/configure --enable-option-checking --disable-nls --disable-werror --with-system-readline --with-python=$(which python3) --with-system-gdbinit=/etc/gdb/gdbinit --enable-targets=all --disable-binutils --disable-ld --disable-gold --disable-gas --disable-sim --disable-gprof\nmake -j $(nproc)\n
Since the ./setup.sh script made it so you source Pwndbg from your ~/.gdbinit, Pwndbg will start up automatically any time you run gdb."},{"location":"contributing/setup-pwndbg-dev/#running-with-lldb","title":"Running with LLDB","text":"Pwndbg requires LLDB 19 or later. You can get it like this on Ubuntu 24.04:
sudo apt install -y lldb-19 liblldb-19-dev\n
but it will be added to your PATH as lldb-19 so you should either alias it or export it in your shell: export PATH=/usr/lib/llvm-19/bin/:$PATH\n
so you can invoke it as lldb. Also export this environment variable: export LLDB_DEBUGSERVER_PATH=/usr/lib/llvm-19/bin/lldb-server\n
Pwndbg doesn't use the lldb driver binary directly, it drives its own REPL and interacts with LLDB through liblldb. You can run Pwndbg with LLDB by running: uv run python pwndbg-lldb.py [binary-to-debug]\n
"},{"location":"contributing/setup-pwndbg-dev/#the-development-environment","title":"The development environment","text":"After installing Pwndbg like described above, there are a few ways to set up the development environment. The simplest one is by running:
./setup-dev.sh\n
but you can also use the docker container or develop using nix. Note
For a proper development environment you must be able to run Pwndbg with both GDB and LLDB, otherwise you won't be able to use some important development features (like doc generation).
"},{"location":"contributing/setup-pwndbg-dev/#development-from-docker","title":"Development from docker","text":"You can create a Docker image with everything already installed for you. You can use docker compose
docker compose run -i main\n
or build and run the container with docker build -t pwndbg .\ndocker run -it --cap-add=SYS_PTRACE --security-opt seccomp=unconfined -v `pwd`:/pwndbg pwndbg bash\n
"},{"location":"contributing/setup-pwndbg-dev/#development-using-nix","title":"Development using Nix","text":"Pwndbg supports development with Nix which installs all the required development dependencies:
- Install Nix with Determinate Nix Installer.
- Enter the development shell with
nix develop or automate this with direnv. - Run local changes with
pwndbg or pwndbg-lldb. Run tests with ./tests.sh.
"},{"location":"contributing/writing-tests/","title":"Writing Tests","text":""},{"location":"contributing/writing-tests/#overview","title":"Overview","text":"Note
This is written under the assumption you already know how to run the tests.
In Pwndbg we have four types of tests: extensive x86_64 GDB tests, cross-architecture tests, linux kernel tests and unit-tests. They are all located in subdirectories of ./tests.
The x86_64 tests encompass most of the Pwndbg testing suite. If your tests do not belong in any of the other categories, they should go here. Since we do not yet perform testing on LLDB, these are run from inside GDB and are located in the ./tests/gdb-tests directory. They can be run with ./tests.sh -t gdb (this is the default option).
The cross-architecture tests are run using qemu-user emulation. They test architecture-specific logic and are located in the ./tests/qemu-tests/tests/user directory. They can be run with ./tests.sh -t cross-arch (this is what ./qemu-tests.sh does).
The linux kernel tests are run using qemu-system emulation. They are located in the ./tests/qemu-tests/tests/system directory and run for a variety kernel configurations and architectures.
The unit tests are not run from within a debugger, but rather directly with pytest. They are located in the ./tests/unit-tests/ directory.
Here are the options supported by ./tests.sh which you can get by running ./tests.sh -h.
usage: tests.py [-h] [-t {gdb,cross-arch}] [-p] [-c] [-v] [-s] [--nix] [--collect-only] [test_name_filter]\n\nRun tests.\n\npositional arguments:\n test_name_filter run only tests that match the regex\n\noptions:\n -h, --help show this help message and exit\n -t, --type {gdb,cross-arch}\n -p, --pdb enable pdb (Python debugger) post mortem debugger on failed tests\n -c, --cov enable codecov\n -v, --verbose display all test output instead of just failing test output\n -s, --serial run tests one at a time instead of in parallel\n --nix run tests using built for nix environment\n --collect-only only show the output of test collection, don't run any tests\n
"},{"location":"contributing/writing-tests/#writing-tests_1","title":"Writing tests","text":"Each test is a Python function that runs inside of an isolated GDB session. Using a pytest fixture at the beginning of each test, GDB will attach to a binary or connect to a QEMU instance. Each test runs some commands and uses Python assert statements to verify correctness. We can access Pwndbg library code like pwndbg.aglib.regs.rsp as well as execute GDB commands with gdb.execute().
We can take a look at tests/gdb-tests/tests/test_symbol.py for an example of a simple test. Looking at a simplified version of the top-level code, we have this:
import gdb\nimport pwndbg\nimport tests\n\nBINARY = tests.binaries.get(\"symbol_1600_and_752.out\")\n
Since these tests run inside GDB, we can import the gdb Python library. We also import the tests module, which makes it easy to get the path to the test binaries located in tests/gdb-tests/tests/binaries. You should be able to reuse the binaries in this folder for most tests, but if not feel free to add a new one.
Here's a small snippet of the actual test:
def test_hexdump(start_binary):\n start_binary(BINARY)\n pwndbg.config.hexdump_group_width.value = -1\n\n gdb.execute(\"set hexdump-byte-separator\")\n stack_addr = pwndbg.aglib.regs.rsp - 0x100\n
pytest will run any function that starts with test_ as a new test, so there is no need to register your new test anywhere. The start_binary argument is a function that will run the binary you give it, and it will set some common options before starting the binary. Using start_binary is recommended if you don't need any additional customization to GDB settings before starting the binary, but if you do it's fine to not use it.
"},{"location":"contributing/writing-tests/#qemu-tests","title":"QEMU Tests","text":"Our gdb-tests run in x86. To debug other architectures, we use QEMU for emulation and attach to its debug port. These tests are located in tests/qemu-tests/tests/user. Test creation is identical to our x86 tests - create a Python function with a Pytest fixture name as the parameter (it matches based on the name), and call the argument to start debugging a binary. The qemu_assembly_run fixture takes in a Python string of assembly code, compiles it in the appropriate architecture, and runs it - no need to create an external file or edit a Makefile.
"},{"location":"functions/","title":"Index","text":""},{"location":"functions/#functions","title":"Functions","text":"Pwndbg provides a set of functions which can be used during expression evaluation to quickly perform common calculations. These can even be passed to other commands as arguments. Currently, they only work in gdb.
To see a list of all functions, including those built into GDB, use help function. To see the help of any given function use help function function_name. Function invocation must include a preceding $ sign and must include brackets. For instance, invoke the environ function like so:
pwndbg> p $environ(\"LANG\")\n$2 = (signed char *) 0x7fffffffe6da \"LANG=en_US.UTF-8\"\n
If the result of the function is being passed to a Pwndbg command, make sure to either escape the function argument's quotes, or put the whole function call in quotes. pwndbg> tele $environ(\"LANG\")\nusage: telescope [-h] [-r] [-f] [-i] [address] [count]\ntelescope: error: argument address: debugger couldn't resolve argument '$environ(LANG)':\n No symbol \"LANG\" in current context.\npwndbg> tele $environ(\\\"LANG\\\")\n00:0000\u2502 0x7fffffffe6cf \u25c2\u2014 'LANG=en_US.UTF-8'\n01:0008\u2502 0x7fffffffe6d7 \u25c2\u2014 'US.UTF-8'\n02:0010\u2502 0x7fffffffe6df \u25c2\u2014 0x4e49475542454400\n[...]\npwndbg> tele '$environ(\"LANG\")'\n00:0000\u2502 0x7fffffffe6cf \u25c2\u2014 'LANG=en_US.UTF-8'\n01:0008\u2502 0x7fffffffe6d7 \u25c2\u2014 'US.UTF-8'\n02:0010\u2502 0x7fffffffe6df \u25c2\u2014 0x4e49475542454400\n[...]\n
"},{"location":"functions/#pwndbg-functions","title":"Pwndbg functions","text":""},{"location":"functions/#argc","title":"argc","text":"argc() -> int\n
Get the number of program arguments. Evaluates to argc.
"},{"location":"functions/#example","title":"Example","text":"pwndbg> p $argc()\n$1 = 2\npwndbg> argv\n00:0000\u2502 0x7fffffffe288 \u2014\u25b8 0x7fffffffe659 \u25c2\u2014 '/usr/bin/cat'\n01:0008\u2502 0x7fffffffe290 \u2014\u25b8 0x7fffffffe666 \u25c2\u2014 'gdbinit.py'\n02:0010\u2502 0x7fffffffe298 \u25c2\u2014 0\n
"},{"location":"functions/#argv","title":"argv","text":"argv(index: gdb.Value) -> gdb.Value\n
Get the n-th program argument. Evaluate argv on the supplied value.
"},{"location":"functions/#example_1","title":"Example","text":"pwndbg> p $argv(0)\n$11 = (signed char *) 0x7fffffffe666 \"/usr/bin/sh\"\npwndbg> argv\n00:0000\u2502 0x7fffffffe2a8 \u2014\u25b8 0x7fffffffe666 \u25c2\u2014 '/usr/bin/sh'\n01:0008\u2502 0x7fffffffe2b0 \u25c2\u2014 0\n
"},{"location":"functions/#base","title":"base","text":"base(name_pattern: gdb.Value | str) -> int\n
Return the base address of the first memory mapping containing the given name.
"},{"location":"functions/#example_2","title":"Example","text":"pwndbg> p/x $base(\"libc\")\n$4 = 0x7ffff7d4b000\npwndbg> vmmap libc\n 0x7ffff7d4a000 0x7ffff7d4b000 rw-p 1000 6e000 /usr/lib/libncursesw.so.6.5\n\u25ba 0x7ffff7d4b000 0x7ffff7d6f000 r--p 24000 0 /usr/lib/libc.so.6\n\u25ba 0x7ffff7d6f000 0x7ffff7ed6000 r-xp 167000 24000 /usr/lib/libc.so.6\n\u25ba 0x7ffff7ed6000 0x7ffff7f2b000 r--p 55000 18b000 /usr/lib/libc.so.6\n\u25ba 0x7ffff7f2b000 0x7ffff7f2f000 r--p 4000 1e0000 /usr/lib/libc.so.6\n\u25ba 0x7ffff7f2f000 0x7ffff7f31000 rw-p 2000 1e4000 /usr/lib/libc.so.6\n 0x7ffff7f31000 0x7ffff7f39000 rw-p 8000 0 [anon_7ffff7f31]\npwndbg> tele $base(\\\"libc\\\")+0x1337\n00:0000\u2502 0x7ffff7d4c337 \u25c2\u2014 0x80480a04214000f0\n01:0008\u2502 0x7ffff7d4c33f \u25c2\u2014 0x8040c02204452040\n02:0010\u2502 0x7ffff7d4c347 \u25c2\u2014 0x20042400000200\n03:0018\u2502 0x7ffff7d4c34f \u25c2\u2014 0x20 /* ' ' */\n[...]\n
Beware of accidentally matching the wrong mapping. For instance, if the loaded executable contained the string \"libc\" anywhere in it's path, it would've been returned.
"},{"location":"functions/#bn_eval","title":"bn_eval","text":"bn_eval(expr: gdb.Value) -> int | None\n
Parse and evaluate a Binary Ninja expression.
Read more about binary ninja expressions here: https://api.binary.ninja/binaryninja.binaryview-module.html#binaryninja.binaryview.BinaryView.parse_expression
All registers in the current register set are available as magic variables (e.g. $rip). The $piebase magic variable is also included, with the computed executable base.
This function cannot see stack local variables.
"},{"location":"functions/#example_3","title":"Example","text":"pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:31337\nSet which provider to use for integration features to 'binja'.\npwndbg> p/x $bn_eval(\"10+20\")\n$6 = 0x30\npwndbg> p/x $bn_eval(\"main\")\n$7 = 0x1645\npwndbg> p/x $rebase($bn_eval(\"main\"))\n$8 = 0x555555555645\npwndbg> p some_global_var\nNo symbol \"some_global_var\" in current context.\npwndbg> p/x $rebase($bn_eval(\"some_global_var+$rax\"))\n$9 = 0x5555555586b8\npwndbg> p $rebase($bn_eval(\"some_global_var+$rax\")) == $bn_sym(\"some_global_var\") + $rax\n$10 = 1\npwndbg> p $bn_eval(\"$piebase+some_global_var+$rax\") == $bn_sym(\"some_global_var\") + $rax\n$11 = 1\n
"},{"location":"functions/#bn_sym","title":"bn_sym","text":"bn_sym(name_val: gdb.Value) -> int | None\n
Lookup a symbol's address by name from Binary Ninja.
This function sees symbols like functions and global variables, but not stack local variables, use bn_var for that.
"},{"location":"functions/#example_4","title":"Example","text":"pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:31337\nSet which provider to use for integration features to 'binja'.\npwndbg> p main\nNo symbol \"main\" in current context.\npwndbg> p/x $bn_sym(\"main\")\n$2 = 0x555555555645\npwndbg> b *($bn_sym(\"main\"))\nBreakpoint 1 at 0x555555555645\n
"},{"location":"functions/#bn_var","title":"bn_var","text":"bn_var(name_val: gdb.Value) -> int | None\n
Lookup a stack variable's address by name from Binary Ninja.
This function doesn't see functions or global variables, use bn_sym for that.
"},{"location":"functions/#example_5","title":"Example","text":"pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:31337\nSet which provider to use for integration features to 'binja'.\npwndbg> p user_choice\nNo symbol \"user_choice\" in current context.\npwndbg> p/x $bn_var(\"user_choice\")\n$4 = 0x7fffffffe118\npwndbg> vmmap $4\n 0x7ffff7ffe000 0x7ffff7fff000 rw-p 1000 0 [anon_7ffff7ffe]\n\u25ba 0x7ffffffde000 0x7ffffffff000 rw-p 21000 0 [stack] +0x20118\npwndbg> p/x $bn_var(\"main\")\nTypeError: Could not convert Python object: None.\nError while executing Python code.\n
"},{"location":"functions/#environ","title":"environ","text":"environ(env_name: gdb.Value) -> gdb.Value\n
Get an environment variable by name. Evaluate getenv() on the supplied value.
"},{"location":"functions/#example_6","title":"Example","text":"pwndbg> p $environ(\"LANG\")\n$2 = (signed char *) 0x7fffffffebfb \"LANG=en_US.UTF-8\"\n
"},{"location":"functions/#envp","title":"envp","text":"envp(index: gdb.Value) -> gdb.Value\n
Get the n-th environment variable. Evaluate envp on the supplied value.
"},{"location":"functions/#example_7","title":"Example","text":"pwndbg> p $envp(0x3F)\n$13 = (signed char *) 0x7fffffffef7d \"LANG=en_US.UTF-8\"\npwndbg> p $envp(0x3F) == $environ(\"LANG\")\n$14 = 1\n
"},{"location":"functions/#fsbase","title":"fsbase","text":"fsbase(offset: gdb.Value = gdb.Value(0)) -> int\n
Get the value of the FS segment register. Only valid on x86(-64).
"},{"location":"functions/#example_8","title":"Example","text":"pwndbg> p/x $fsbase()\n$3 = 0x7ffff7cdab80\npwndbg> p $fs_base == $fsbase()\n$4 = 1\npwndbg> x/gx $fsbase(0x28)\n0x7ffff7cdaba8: 0x4da926e1668e5a00\npwndbg> x/gx $fsbase(0x30)\n0x7ffff7cdabb0: 0x190a86d93bccf0ad\npwndbg> tls\nThread Local Storage (TLS) base: 0x7ffff7cdab80\nTLS is located at:\n 0x7ffff7cda000 0x7ffff7cdc000 rw-p 2000 0 [anon_7ffff7cda]\nDumping the address:\ntcbhead_t @ 0x7ffff7cdab80\n 0x00007ffff7cdab80 +0x0000 tcb : 0x7ffff7cdab80\n 0x00007ffff7cdab88 +0x0008 dtv : 0x7ffff7cdb4f0\n 0x00007ffff7cdab90 +0x0010 self : 0x7ffff7cdab80\n 0x00007ffff7cdab98 +0x0018 multiple_threads : 0x0\n 0x00007ffff7cdab9c +0x001c gscope_flag : 0x0\n 0x00007ffff7cdaba0 +0x0020 sysinfo : 0x0\n 0x00007ffff7cdaba8 +0x0028 stack_guard : 0x4da926e1668e5a00\n 0x00007ffff7cdabb0 +0x0030 pointer_guard : 0x190a86d93bccf0ad\n [...]\npwndbg> canary\n[...]\nCanary = 0x4da926e1668e5a00 (may be incorrect on != glibc)\n[...]\n
FS will usually point to the start of the TLS. If you're not providing an offset, it is usually easier to use GDB's builtin $fs_base variable."},{"location":"functions/#gsbase","title":"gsbase","text":"gsbase(offset: gdb.Value = gdb.Value(0)) -> int\n
Get the value of the GS segment register. Only valid on x86(-64).
"},{"location":"functions/#example_9","title":"Example","text":"pwndbg> p/x $gsbase()\n$1 = 0x0\n
The value of the GS register is more interesting when doing kernel debugging: pwndbg> p/x $gsbase()\n$1 = 0xffff999287a00000\npwndbg> tele $gsbase()\n00:0000\u2502 0xffff999287a00000 \u25c2\u2014 0\n... \u2193 4 skipped\n05:0028\u2502 0xffff999287a00028 \u25c2\u2014 0xd6aa9b336d52a400\n06:0030\u2502 0xffff999287a00030 \u25c2\u2014 0\n07:0038\u2502 0xffff999287a00038 \u25c2\u2014 0\npwndbg> p $gsbase() == $gs_base\n$2 = 1\n
If you're not providing an offset, it is usually easier to use GDB's builtin $gs_base variable."},{"location":"functions/#hex2ptr","title":"hex2ptr","text":"hex2ptr(hex_string: gdb.Value | str) -> int\n
Converts a hex string to a little-endian address and returns the address.
"},{"location":"functions/#example_10","title":"Example","text":"pwndbg> p/x $hex2ptr(\"20 74 ed f7 ff 7f\")\n$1 = 0x7ffff7ed7420\npwndbg> p/x $hex2ptr(\"2074edf7ff7f\")\n$2 = 0x7ffff7ed7420\npwndbg> distance '$base(\"libc\")' '$hex2ptr(\"20 74 ed f7 ff 7f\")'\n0x7ffff7d4b000->0x7ffff7ed7420 is 0x18c420 bytes (0x31884 words)\n
Especially useful for quickly converting pwntools output.
"},{"location":"functions/#ida","title":"ida","text":"ida(name: gdb.Value) -> int\n
Lookup a symbol's address by name from IDA. Evaluate ida.LocByName() on the supplied value.
This functions doesn't see stack local variables.
"},{"location":"functions/#example_11","title":"Example","text":"pwndbg> set integration-provider ida\nPwndbg successfully connected to Ida Pro xmlrpc: http://127.0.0.1:31337\nSet which provider to use for integration features to 'ida'.\npwndbg> p main\nNo symbol \"main\" in current context.\npwndbg> p/x $ida(\"main\")\n$1 = 0x555555555645\npwndbg> b *$ida(\"main\")\nBreakpoint 2 at 0x555555555645\n
"},{"location":"functions/#rebase","title":"rebase","text":"rebase(addr: gdb.Value | int) -> int\n
Return address rebased onto the executable's mappings.
"},{"location":"functions/#example_12","title":"Example","text":"pwndbg> p/x $rebase(0xd9020)\n$1 = 0x55555562d020\npwndbg> vmmap\n0x555555554000 0x55555556f000 r--p 1b000 0 /usr/bin/bash\n0x55555556f000 0x55555562d000 r-xp be000 1b000 /usr/bin/bash\n0x55555562d000 0x55555565e000 r--p 31000 d9000 /usr/bin/bash\n[...]\npwndbg> p $rebase(0xd9020) == 0x555555554000 + 0xd9020\n$2 = 1\npwndbg> tele $rebase(0xd9020)\n00:0000\u2502 0x55555562d020 \u25c2\u2014 0x204900636f6c6c61 /* 'alloc' */\n01:0008\u2502 0x55555562d028 \u25c2\u2014 'have no name!'\n02:0010\u2502 0x55555562d030 \u25c2\u2014 0x65720021656d616e /* 'name!' */\n03:0018\u2502 0x55555562d038 \u25c2\u2014 'adline stdin'\n[...]\n
"},{"location":"tutorials/env-vars/","title":"Env vars","text":""},{"location":"tutorials/env-vars/#environment-variables","title":"Environment Variables","text":"Pwndbg relies on several environment variables to customize its behavior. Below is a list of these variables and their purposes:
PATH: Standard system PATH variable used to locate executables.EDITOR, VISUAL: Used by the cymbol command to open an editor.HOME, XDG_CACHE_HOME: Used by lib.tempfile to determine temporary file locations.PWNDBG_VENV_PATH: Specifies the virtual environment path for Pwndbg. - Set to
PWNDBG_PLEASE_SKIP_VENV if you don't want Pwndbg to use a python virtual environment. You can also get this behaviour by creating a file named .skip-venv in the project root. This effectively disables the use of uv in the project.
PWNDBG_DISABLE_COLORS: Disables colored output in Pwndbg.PWNDBG_LOGLEVEL: Initial log level to use for log messages.OPENAI_API_KEY, ANTHROPIC_API_KEY: Used by the ai command for accessing respective AI APIs.GITHUB_ACTIONS, RUN_FLAKY: Used by tests_commands.py to determine the test environment.PWNDBG_PROFILE: Enables profiling for benchmarking.USE_PDB: Enables Python debugger in tests.PWNDBG_LAUNCH_TEST: Used by tests to configure test launching.PWNDBG_ARCH, PWNDBG_KERNEL_TYPE, PWNDBG_KERNEL_VERSION: Used by gdblib kernel tests to specify kernel parameters.SPHINX: Used by docs/source/conf.py, likely to be removed.PWNLIB_NOTERM=1: Set by Pwndbg to avoid terminal issues with Pwntools.
"},{"location":"tutorials/gdb-lldb-commands/","title":"GDB vs LLDB","text":"For users who are migrating from one debugger to another, here is a table comparison of some of the most common actions and how to do them in GDB and LLDB. Note that both debuggers offer shorthands for typing these commands.
Functionality GDB Command LLDB Command Start Debugging Program gdb ./your-program lldb ./your-program Set a Breakpoint break <function-name> breakpoint set --name <function-name> Set Breakpoint on Address break *<address> breakpoint set --address <address> Set Breakpoint at Line break <filename>:<line-number> breakpoint set --file <filename> --line <line-number> Set Hardware Breakpoint hbreak <function-name> breakpoint set --hardware --name <function-name> Set Hardware Breakpoint at Memory hbreak *<memory-address> breakpoint set --hardware --address <memory-address> List All Breakpoints info breakpoints breakpoint list Delete Breakpoints delete <breakpoint-number> breakpoint delete <breakpoint-number> Set Watchpoint watch <variable> watchpoint set variable <variable> Set Conditional Breakpoint break <function-name> if <condition> breakpoint set --condition \"<condition>\" Continue Execution continue process continue Next Instruction next thread step-over Step into a Function step thread step-in Step out of a Function finish thread step-out Print Threads info threads thread list Select Thread thread <thread-id> thread select <thread-id> Print Register Values info registers register read -a Print a Variable print <variable> print <variable> Display Variable on Every Stop display <variable> expression --watch <variable> Examine Memory (Hex) x/<num>x <memory-address> memory read --format x --count <num> <memory-address> Examine Memory (Integer) x/<num>d <memory-address> memory read --format d --count <num> <memory-address> Inspect Stack Trace backtrace thread backtrace Change Register Value set $<register-name> = <value> register write <register-name> <value> Check Program Status info locals frame variable Check Program Info info functions image lookup --functions Show Disassembly of Function disas <function-name> disassemble <function-name> Memory Dump (Hex) x/<num>xh <memory-address> memory read --format x --count <num> <memory-address> Memory Dump (Bytes) x/<num>bx <memory-address> memory read --format b --count <num> <memory-address> Show Process Information info process process status Quit Debugging quit quit Run Program with Arguments run <arg1> <arg2> ... process launch -- <arg1> <arg2> ... Show Current Function info frame frame info Set Sysroot set sysroot <path-to-sysroot> settings set target.sysroot <path-to-sysroot> Set Source Directory directory <path-to-source-directory> settings set target.source-map <remote-path> <local-path> Set Architecture set architecture <arch> target create --arch <arch> <executable-file> Show Settings show <setting-name> settings show <setting-name> Set File for Debugging file <executable-file> target create <executable-file> Start the Program and Run One Instruction starti process launch --stop-at-entry Enable ASLR set disable-randomization off settings set target.disable-aslr false"},{"location":"tutorials/gdb-tui/","title":"GDB TUI","text":"The context sections are available as native GDB TUI windows named pwndbg_[sectionname]. There are some predefined layouts coming with Pwndbg which you can select using layout pwndbg or layout pwndbg_code.
Use focus cmd to focus the command window and have the arrow keys scroll through the command history again. tui disable to disable TUI mode and go back to CLI mode when running commands with longer output. ctrl-x + a toggles between TUI and CLI mode quickly. Hold shift to ignore the TUI mouse integration and use the mouse normally to select text or copy data.
To create your own layout and selecting it use normal tui new-layout syntax like:
tui new-layout pwndbg_custom {-horizontal { { -horizontal { pwndbg_code 1 pwndbg_disasm 1 } 2 { {-horizontal pwndbg_legend 8 pwndbg_control 2 } 0 pwndbg_regs 1 pwndbg_stack 1 } 3 } 7 cmd 3 } 3 { pwndbg_backtrace 2 pwndbg_threads 1 pwndbg_expressions 2 } 1 } 1 status 1\nlayout pwndbg_custom\n
"},{"location":"tutorials/go-debugging/","title":"Debugging Go with Pwndbg","text":""},{"location":"tutorials/go-debugging/#basics","title":"Basics","text":"The go-dump command can be used to dump Go values during debugging. It takes the form go-dump type address_expression, and supports many different types with the same syntax as Go:
- Integer types:
int, int8, int16, int32, int64, int128, and their uint counterparts - Misc types:
bool, rune, uintptr, string - Floating point types:
float32, float64 - Complex numbers:
complex64, complex128 - Interface types:
any for interface{} (the empty interface), and interface for all non-empty interfaces - Function types:
funcptr for all function types - Pointers:
*ELEM - Slices:
[]ELEM - Arrays:
[LEN]ELEM - Maps:
map[KEY][VAL] (note that maps in Go are actually pointers to the map, whereas this map is the inner map, so you may need to use *map[KEY]VAL to dump a map)
Struct types are also supported, but the syntax is slightly different from Go in order to avoid having to compute offsets (and also to support only having partial field information on structs). Struct types are notated as OFFSET:FIELD_NAME:TYPE triples separated by semicolons then enclosed with struct(SIZE){}, e.g. struct(24){0:foo:string;16:bar:int64} to represent the 24-byte Go struct struct { foo string; bar int64 }.
Example:
pwndbg> go-dump map[string]int 0xc0000b20f0\n{\"a\": 1, \"b\": 2, \"c\": 3}\n\npwndbg> go-dump any 0xc0000ace40\n([]struct { a int; b string }) [struct {a: 1, b: \"first\"}, struct {a: 2, b: \"second\"}]\n\npwndbg> go-dump struct(24){0:a:int;8:b:string} 0xc000108120\nstruct {a: 1, b: \"first\"}\n
Some notable flags include -p to enable pretty printing, -x to display integers in hex, -f DECIMALS to set the number of decimals used to display floats, -d to enable debug printing, which displays memory addresses of everything shown in the dump.
"},{"location":"tutorials/go-debugging/#runtime-type-parsing","title":"Runtime Type Parsing","text":"Go's compiler emits type objects for every single type used by the program. This is what enables dumping interface values with go-dump without having to specify any additional type information, and can also be leveraged to dump non-interface values if the type can be located. A good way to locate types is by finding the type pointer passed into heap allocation functions like runtime.newobject or runtime.makeslice.
After finding the type pointer, the go-type command can be used to inspect a type:
pwndbg> go-type 0x49fbc0\n Name: struct { a int; b string }\n Kind: STRUCT\n Size: 24 (0x18)\nAlign: 8\nParse: struct(24){0:a:int;8:b:string}\nField a:\n Offset: 0 (0x0)\n Type name: int\n Type addr: 0x498ce0\nField b:\n Offset: 8 (0x8)\n Type name: string\n Type addr: 0x498aa0\n
The go-dump command can also take an address to a type instead of the name of a type:
pwndbg> go-dump 0x49fbc0 0xc000108120\nstruct {a: 1, b: \"first\"}\n
"},{"location":"tutorials/pwndbg-users/","title":"Pwndbg in the wild","text":"Here is a non-exhaustive list of Pwndbg mentions found in the wild. Feel free to open a PR to add more if you find them!
"},{"location":"tutorials/pwndbg-users/#talks","title":"Talks","text":" - OffensiveCon24 - Eugene Rodionov, Zi Fan Tan and Gulshan Singh
"},{"location":"tutorials/pwndbg-users/#videos","title":"Videos","text":" - Intro to pwndbg - CTF Cookbook by SloppyJoePirates CTF Writeups
- Intro to Binary Exploitation (Pwn) by CryptoCat
- Bug A Day #8 - pwndbg #2 by Bug-A-Day
"},{"location":"tutorials/pwndbg-users/#scripts","title":"Scripts","text":" - CVE-2022-24834 exploit by ptr-yudai
"},{"location":"tutorials/pycharm-debugging/","title":"Debugging with PyCharm","text":"In order to debug code with PyCharm you need to configure remote debugging.
PyCharm will start a remote debugging server which will listen for connections and Pwndbg will then connect to that server, on startup.
"},{"location":"tutorials/pycharm-debugging/#configuring-the-debugging-server","title":"Configuring the debugging server","text":"Select Run -> Edit Configurations and follow the instructions there :)
- Create a new server with the
+ button. - Put your IP in
IDE host name and select a port number. - Optionally, add a path mapping:
pycharm/pwndbg/dir=machine/pwndbg/dir - Uncheck
suspend after connect
"},{"location":"tutorials/pycharm-debugging/#configuring-pwndbg","title":"Configuring Pwndbg","text":" - Select
Run -> Edit Configurations and install the packages described in that window. pip install pydevd-pycharm~=<your_pycharm_version>- Add the following code somewhere where it will execute on GDB startup:
import pydevd_pycharm\npydevd_pycharm.settrace('<your_IP>', port=<port>, stdoutToServer=True, stderrToServer=True)\n
"},{"location":"tutorials/pycharm-debugging/#debugging","title":"Debugging","text":" - Start the debugging server in PyCharm
- Run Pwndbg
"},{"location":"tutorials/pycharm-debugging/#wsl2","title":"WSL2","text":"In order to debug using WSL2, you need to obtain your Windows IP. The easiest way to do that is to run:
cat /etc/resolv.conf\n
and then to pick the value in the nameserver line. Then use that IP in the IDE host name field, when configuring the server. Afterwards, use the same IP in pydevd_pycharm.settrace(...)"},{"location":"tutorials/splitting-the-context/","title":"Splitting / Layouting Context","text":"i.e. doing this:
In Pwndbg, the context sections can be distributed among different tty by using the contextoutput command. Example:
contextoutput stack /path/to/tty true\n
If you use a terminal or multiplexer that supports scripted pane splitting, you can write a Python script that will create the panes and distribute them to your liking whenever you start Pwndbg.
For instance, for tmux, you could write something like this:
python\nimport atexit\nimport os\nfrom pwndbg.commands.context import contextoutput, output, clear_screen\nbt = os.popen('tmux split-window -P -F \"#{pane_id}:#{pane_tty}\" -d \"cat -\"').read().strip().split(\":\")\nst = os.popen(F'tmux split-window -h -t {bt[0]} -P -F '+'\"#{pane_id}:#{pane_tty}\" -d \"cat -\"').read().strip().split(\":\")\nre = os.popen(F'tmux split-window -h -t {st[0]} -P -F '+'\"#{pane_id}:#{pane_tty}\" -d \"cat -\"').read().strip().split(\":\")\ndi = os.popen('tmux split-window -h -P -F \"#{pane_id}:#{pane_tty}\" -d \"cat -\"').read().strip().split(\":\")\npanes = dict(backtrace=bt, stack=st, regs=re, disasm=di)\nfor sec, p in panes.items():\n contextoutput(sec, p[1], True)\ncontextoutput(\"legend\", di[1], True)\natexit.register(lambda: [os.popen(F\"tmux kill-pane -t {p[0]}\").read() for p in panes.values()])\nend\n
If you're using tmux specifically, you can use pwnmux as a prebuilt layout or splitmind to easily configure the layout you want. Example
The above example uses splitmind and following configuration:
python\nimport splitmind\n(splitmind.Mind()\n .tell_splitter(show_titles=True)\n .tell_splitter(set_title=\"Main\")\n .right(display=\"backtrace\", size=\"25%\")\n .above(of=\"main\", display=\"disasm\", size=\"80%\", banner=\"top\")\n .show(\"code\", on=\"disasm\", banner=\"none\")\n .right(cmd='tty; tail -f /dev/null', size=\"65%\", clearing=False)\n .tell_splitter(set_title='Input / Output')\n .above(display=\"stack\", size=\"75%\")\n .above(display=\"legend\", size=\"25\")\n .show(\"regs\", on=\"legend\")\n .below(of=\"backtrace\", cmd=\"ipython\", size=\"30%\")\n).build(nobanner=True)\nend\n
If you're using kitty, you may check out kittydbg for a prebuilt layout.
"},{"location":"tutorials/decompiler-integration/binja-integration/","title":"Binary Ninja","text":""},{"location":"tutorials/decompiler-integration/binja-integration/#requirements","title":"Requirements","text":"You need at least the personal edition of Binary Ninja (only tested on version 4.0+) that runs at least Python 3.10 for plugins.
"},{"location":"tutorials/decompiler-integration/binja-integration/#setup","title":"Setup","text":"Copy (or symlink) binja_script.py to your plugins directory.
"},{"location":"tutorials/decompiler-integration/binja-integration/#usage","title":"Usage","text":"To start the Binary Ninja integration, open the binary you want to debug in Binary Ninja, then go to Plugins > pwndbg > Start integration on current view. This will start the XMLRPC server that Pwndbg queries for information.
Then, inside GDB, run set integration-provider binja, which will start the integration. You can run set integration-provider none to disable it again.
"},{"location":"tutorials/decompiler-integration/binja-integration/#features","title":"Features","text":"The integration currently syncs symbol names, comments, decompilation, function type signatures, and stack variables.
"},{"location":"tutorials/decompiler-integration/binja-integration/#commands","title":"Commands","text":" bn-sync: Navigate the Binary Ninja view to the current instructiondecomp ADDR NLINES: Displays the decompilation for NLINES lines at address ADDR.
"},{"location":"tutorials/decompiler-integration/binja-integration/#config-options","title":"Config Options","text":" bn-autosync: If set to yes, every step will automatically run bn-syncbn-il-level: Sets the IL level to use for decompilation. Valid values are: disasm, llil, mlil, hlilbn-rpc-host/bn-rpc-port: The host and port to connect to for the XMLRPC serverbn-timeout: The amount, in seconds, to wait for the XMLRPC server to connect
"},{"location":"tutorials/decompiler-integration/ghidra-integration/","title":"Ghidra","text":"With the help of radare2 or rizin it is possible to show the decompiled source code of the ghidra decompiler.
However, this comes with some prerequisites.
- First: you have to have installed radare2 or rizin and it must be found by GDB (within path)
- Second: you have to install the ghidra plugin for radare2 r2ghidra or install the ghidra plugin for rizin rz-ghidra
- Third: r2pipe has to be installed in the python-context GDB is using (or if you are using rizin, install rzpipe instead)
The decompiled source be shown as part of the context by adding ghidra to set context-sections or by calling ctx-ghidra [function] manually.
Be warned, the first call to both radare2/r2ghidra and rizin/rz-ghidra are rather slow! Subsequent requests for decompiled source will be faster. And it does take up some resources as the radare2/rizin instance is kept by r2pipe/rzpipe to enable faster subsequent analysis.
With those performance penalties it is reasonable to not have it launch always. Therefore it includes an option to only start it when required with set context-ghidra:
set context-ghidra always: always trigger the ghidra contextset context-ghidra never: never trigger the ghidra context except when called manuallyset context-ghidra if-no-source: invoke ghidra if no source code is available
Remark: the plugin tries to guess the correct current line and mark it with \"\u2192\", but it might get it wrong.
"},{"location":"tutorials/decompiler-integration/ida-integration/","title":"IDA","text":""},{"location":"tutorials/decompiler-integration/ida-integration/#usage","title":"Usage","text":"Open the same binary with Pwndbg and IDA. Then inside IDA go to File > Script file and select the ida_script.py file from the Pwndbg root folder. This will start the XMLRPC server that Pwndbg queries for information.
Inside the debugger, run set integration-provider ida. This will start the integration, you can run set integration-provider none to disable it.
"},{"location":"tutorials/decompiler-integration/ida-integration/#features","title":"Features","text":"The integration will sync IDA's decompilation and show it in the context. You can query for symbols and stack variables using the ida function.
"},{"location":"tutorials/decompiler-integration/ida-integration/#debugger-control","title":"Debugger Control","text":"To see an up-to-date list of things you can do regarding IDA integration, you may grep for ida like so:
pwndbg> pwndbg ida\nfind-fake-fast Find candidate fake fast or tcache chunks overlapping the specified address.\nsave-ida Save the ida database.\npwndbg> config ida\nattachp-resolution-method how to determine the process to attach when multiple candidates exists 'ask'\nida-rpc-host ida xmlrpc server address '127.0.0.1'\nida-rpc-port ida xmlrpc server port 31337\nida-timeout time to wait for ida xmlrpc in seconds 2\npwndbg> | help function | grep ida\nfunction ida -- Lookup a symbol's address by name from IDA.\n
Note that you will see some false positives. You can use the decomp command to use IDA to decompile at an arbitrary address.
"},{"location":"reference/pwndbg/","title":"pwndbg","text":""},{"location":"reference/pwndbg/#pwndbg","title":"pwndbg","text":"Modules:
-
aglib \u2013 Debugger-agnostic library that provides various functionality.
-
arguments \u2013 Function and syscall argument formatting.
-
auxv \u2013 Performs handling of the linux auxiliary vector.
-
chain \u2013 Dereference and format pointer chains.
-
color \u2013 Text colorizing and theme configuration logic.
-
commands \u2013 Pwndbg command implementations.
-
dbg \u2013 The abstracted debugger interface.
-
decorators \u2013 Project-wide function decorators.
-
emu \u2013 Emulation assistance from Unicorn.
-
enhance \u2013 Attempt to describe the data at a memory address as best as possible.
-
exception \u2013 Common exception handling.
-
gdblib \u2013 Library for handling GDB logic. Being removed in favour of aglib.
-
ghidra \u2013 Ghidra integration.
-
glibc \u2013 Get information about the GLibc
-
hexdump \u2013 Hexdump implementation, ~= stolen from pwntools.
-
integration \u2013 Decompiler integration.
-
lib \u2013 Library for non-debugger-dependant functionality.
-
log \u2013 Logging.
-
profiling \u2013 Pwndbg profiling.
-
radare2 \u2013 Radare2 integration with r2pipe.
-
rizin \u2013 Rizin integration with rzpipe.
-
search \u2013 Search the address space for byte patterns.
-
ui \u2013 A few helpers for making things print pretty-like.
-
wrappers \u2013 Specific command output wrappers.
Attributes:
"},{"location":"reference/pwndbg/#pwndbg.config","title":"config module-attribute","text":"config: Config = Config()\n
The global configuration object.
"},{"location":"reference/pwndbg/#pwndbg.__version__","title":"__version__ module-attribute","text":"__version__ = __version__\n
Pwndbg version.
"},{"location":"reference/pwndbg/#pwndbg.version","title":"version module-attribute","text":"version = __version__\n
Pwndbg version.
"},{"location":"reference/pwndbg/aglib/","title":"pwndbg.aglib","text":""},{"location":"reference/pwndbg/aglib/#pwndbg.aglib","title":"aglib","text":"Debugger-agnostic library that provides various functionality.
Takes the debugging primitives provided by the Debugger API and builds the more complex and interesting bits of functionality found in Pwndbg on top of them.
See https://pwndbg.re/pwndbg/dev/contributing/dev-notes/#aglib for more information.
Modules:
-
arch \u2013 -
argv \u2013 -
ctypes \u2013 On-the-fly endianness switching for ctypes structures.
-
disasm \u2013 -
dt \u2013 Prints structures in a manner similar to WinDbg's \"dt\" command.
-
dynamic \u2013 Dynamic linking interface.
-
elf \u2013 This file declares types and methods useful for enumerating
-
file \u2013 Retrieve files from the debuggee's filesystem. Useful when
-
godbg \u2013 -
heap \u2013 -
kernel \u2013 -
memory \u2013 -
nearpc \u2013 -
next \u2013 Commands for setting temporary breakpoints on the next
-
onegadget \u2013 -
proc \u2013 Provides values which would be available from /proc which
-
qemu \u2013 Determine whether the target is being run under QEMU.
-
regs \u2013 Reading register value from the inferior, and provides a
-
remote \u2013 Information about whether the debuggee is local (under GDB) or remote
-
saved_register_frames \u2013 -
shellcode \u2013 Shellcode
-
stack \u2013 Helpers for finding address mappings which are used as a stack.
-
strings \u2013 Functionality for resolving ASCII printable strings within
-
symbol \u2013 Looking up addresses for function names / symbols, and
-
tls \u2013 Getting Thread Local Storage (TLS) information.
-
typeinfo \u2013 Common types.
-
vmmap \u2013 -
vmmap_custom \u2013
Functions:
-
load_aglib \u2013 -
set_arch \u2013
"},{"location":"reference/pwndbg/aglib/#pwndbg.aglib.load_aglib","title":"load_aglib","text":"load_aglib()\n
"},{"location":"reference/pwndbg/aglib/#pwndbg.aglib.set_arch","title":"set_arch","text":"set_arch(pwndbg_arch: PwndbgArchitecture)\n
"},{"location":"reference/pwndbg/aglib/arch/","title":"pwndbg.aglib.arch","text":""},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch","title":"arch","text":"Classes:
Functions:
-
register_arch \u2013 -
get_pwndbg_architecture \u2013 -
get_thumb_mode_string \u2013 -
update \u2013
Attributes:
-
EndianType \u2013 -
FMT_LITTLE_ENDIAN \u2013 -
FMT_BIG_ENDIAN \u2013 -
registered_architectures (dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, PwndbgArchitecture]) \u2013 -
all_arches \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.EndianType","title":"EndianType module-attribute","text":"EndianType = Literal['little', 'big']\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.FMT_LITTLE_ENDIAN","title":"FMT_LITTLE_ENDIAN module-attribute","text":"FMT_LITTLE_ENDIAN = {1: 'B', 2: '<H', 4: '<I', 8: '<Q'}\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.FMT_BIG_ENDIAN","title":"FMT_BIG_ENDIAN module-attribute","text":"FMT_BIG_ENDIAN = {1: 'B', 2: '>H', 4: '>I', 8: '>Q'}\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.registered_architectures","title":"registered_architectures module-attribute","text":"registered_architectures: dict[\n PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, PwndbgArchitecture\n] = {}\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.all_arches","title":"all_arches module-attribute","text":"all_arches = [\n AMD64Arch(),\n i386Arch(),\n i8086Arch(),\n ArmArch(),\n ArmCortexArch(),\n AArch64Arch(),\n PowerPCArch(),\n SparcArch(),\n RISCV32Arch(),\n RISCV64Arch(),\n MipsArch(),\n Loongarch64Arch(),\n S390xArch(),\n]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture","title":"PwndbgArchitecture","text":"PwndbgArchitecture(name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)\n
Bases: ArchDefinition
This class defines the context of the currently debugged architecture as well as other related information of the platform.
This includes the following information: - Capstone/Unicorn constants - ABI information
Methods:
-
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
get_capstone_constants \u2013 Return tuple of (CAPSTONE ARCH, CAPSTONE MODE) used to instantiate the Capstone disassembler for this architecture.
-
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size (int) \u2013 -
endian (EndianType) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.max_instruction_size","title":"max_instruction_size instance-attribute","text":"max_instruction_size: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int] | None\n
Return tuple of (CAPSTONE ARCH, CAPSTONE MODE) used to instantiate the Capstone disassembler for this architecture.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch","title":"AMD64Arch","text":"AMD64Arch()\n
Bases: PwndbgArchitecture
Methods:
-
get_capstone_constants \u2013 -
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 16\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch","title":"i386Arch","text":"i386Arch()\n
Bases: PwndbgArchitecture
32-bit mode x86
Methods:
-
get_capstone_constants \u2013 -
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 16\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch","title":"i8086Arch","text":"i8086Arch()\n
Bases: PwndbgArchitecture
16-bit mode x86
Methods:
-
get_capstone_constants \u2013 -
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 16\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch","title":"ArmArch","text":"ArmArch()\n
Bases: PwndbgArchitecture
Methods:
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch","title":"ArmCortexArch","text":"ArmCortexArch()\n
Bases: PwndbgArchitecture
Cortex-M processors run the M-profile Arm architecture. This architecture is prevalent in bare-metal/embedded systems that lack operating systems. Only Thumb-2 instructions are supported, and the Thumb bit is always 1.
Methods:
-
get_capstone_constants \u2013 -
read_thumb_bit \u2013 On Cortex-M processors, the Thumb bit is architecturally defined to be 1.
-
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1]\n
On Cortex-M processors, the Thumb bit is architecturally defined to be 1.
This is the (xpsr >> 24) & 1, which is always 1.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch","title":"AArch64Arch","text":"AArch64Arch()\n
Bases: PwndbgArchitecture
Methods:
-
get_capstone_constants \u2013 -
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch","title":"PowerPCArch","text":"PowerPCArch()\n
Bases: PwndbgArchitecture
Methods:
-
get_capstone_constants \u2013 -
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch","title":"SparcArch","text":"SparcArch()\n
Bases: PwndbgArchitecture
Methods:
-
get_capstone_constants \u2013 -
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch","title":"RISCV32Arch","text":"RISCV32Arch()\n
Bases: PwndbgArchitecture
Methods:
-
get_capstone_constants \u2013 -
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 22\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch","title":"RISCV64Arch","text":"RISCV64Arch()\n
Bases: PwndbgArchitecture
Methods:
-
get_capstone_constants \u2013 -
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 22\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch","title":"MipsArch","text":"MipsArch()\n
Bases: PwndbgArchitecture
Methods:
-
get_capstone_constants \u2013 -
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 8\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch","title":"Loongarch64Arch","text":"Loongarch64Arch()\n
Bases: PwndbgArchitecture
Methods:
-
get_capstone_constants \u2013 -
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch","title":"S390xArch","text":"S390xArch()\n
Bases: PwndbgArchitecture
Methods:
-
get_capstone_constants \u2013 -
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 6\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.register_arch","title":"register_arch","text":"register_arch(arch: PwndbgArchitecture)\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.get_pwndbg_architecture","title":"get_pwndbg_architecture","text":"get_pwndbg_architecture(\n name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE,\n) -> PwndbgArchitecture | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.get_thumb_mode_string","title":"get_thumb_mode_string","text":"get_thumb_mode_string() -> Literal['arm', 'thumb'] | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.update","title":"update","text":"update() -> None\n
"},{"location":"reference/pwndbg/aglib/argv/","title":"pwndbg.aglib.argv","text":""},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv","title":"argv","text":"Functions:
-
update \u2013 -
update_state \u2013 -
argc \u2013 -
argv \u2013 -
envc \u2013 -
envp \u2013 -
environ \u2013
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.update","title":"update","text":"update() -> None\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.update_state","title":"update_state","text":"update_state() -> None\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.argc","title":"argc","text":"argc() -> int\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.argv","title":"argv","text":"argv(number: int) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.envc","title":"envc","text":"envc() -> int\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.envp","title":"envp","text":"envp(number: int) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.environ","title":"environ","text":"environ(name: str) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/ctypes/","title":"pwndbg.aglib.ctypes","text":""},{"location":"reference/pwndbg/aglib/ctypes/#pwndbg.aglib.ctypes","title":"ctypes","text":"On-the-fly endianness switching for ctypes structures.
We cannot make use of ctypes.LittleEndianStructure and ctypes.BigEndianStructure, since these use metaclass hooks to catch fields being set when the class is declared.
We need to catch on the fly. We do this by swapping out the base classes of the Structure type, and incurring a performance penalty for foreign-endianness targets.
Functions:
Attributes:
-
module \u2013 -
Structure \u2013
"},{"location":"reference/pwndbg/aglib/ctypes/#pwndbg.aglib.ctypes.module","title":"module module-attribute","text":"module = modules[__name__]\n
"},{"location":"reference/pwndbg/aglib/ctypes/#pwndbg.aglib.ctypes.Structure","title":"Structure module-attribute","text":"Structure = LittleEndianStructure\n
"},{"location":"reference/pwndbg/aglib/ctypes/#pwndbg.aglib.ctypes.update","title":"update","text":"update() -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/","title":"pwndbg.aglib.disasm","text":""},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm","title":"disasm","text":"Modules:
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/","title":"pwndbg.aglib.disasm.aarch64","text":""},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64","title":"aarch64","text":"Classes:
-
AArch64DisassemblyAssistant \u2013
Functions:
Attributes:
-
AARCH64_SINGLE_LOAD_INSTRUCTIONS (dict[int, int | None]) \u2013 -
AARCH64_SINGLE_STORE_INSTRUCTIONS (dict[int, int | None]) \u2013 -
AARCH64_EXCLUSIVE_STORE_INSTRUCTIONS \u2013 -
CONDITIONAL_SELECT_INSTRUCTIONS \u2013 -
AARCH64_EMULATED_ANNOTATIONS \u2013 -
AARCH64_CONSTANT_SHIFTS \u2013 -
AARCH64_BIT_SHIFT_MAP (dict[int, Callable[[int, int, int], int]]) \u2013 -
AARCH64_EXTEND_MAP (dict[int, Callable[[int], int]]) \u2013 -
AARCH64_MATH_INSTRUCTIONS \u2013 -
AARCH64_SHIFT_INSTRUCTIONS \u2013
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_SINGLE_LOAD_INSTRUCTIONS","title":"AARCH64_SINGLE_LOAD_INSTRUCTIONS module-attribute","text":"AARCH64_SINGLE_LOAD_INSTRUCTIONS: dict[int, int | None] = {\n AARCH64_INS_LDRB: 1,\n AARCH64_INS_ALIAS_LDRB: 1,\n AARCH64_INS_LDURB: 1,\n AARCH64_INS_ALIAS_LDURB: 1,\n AARCH64_INS_LDRSB: -1,\n AARCH64_INS_ALIAS_LDRSB: -1,\n AARCH64_INS_LDURSB: -1,\n AARCH64_INS_ALIAS_LDURSB: -1,\n AARCH64_INS_LDRH: 2,\n AARCH64_INS_ALIAS_LDRH: 2,\n AARCH64_INS_LDURH: 2,\n AARCH64_INS_ALIAS_LDURH: 2,\n AARCH64_INS_LDRSH: -2,\n AARCH64_INS_ALIAS_LDRSH: -2,\n AARCH64_INS_LDURSH: -2,\n AARCH64_INS_ALIAS_LDURSH: -2,\n AARCH64_INS_LDURSW: -4,\n AARCH64_INS_ALIAS_LDURSW: -4,\n AARCH64_INS_LDRSW: -4,\n AARCH64_INS_ALIAS_LDRSW: -4,\n AARCH64_INS_LDUR: None,\n AARCH64_INS_ALIAS_LDUR: None,\n AARCH64_INS_LDR: None,\n AARCH64_INS_ALIAS_LDR: None,\n AARCH64_INS_LDTRB: 1,\n AARCH64_INS_LDTRSB: -1,\n AARCH64_INS_LDTRH: 2,\n AARCH64_INS_LDTRSH: -2,\n AARCH64_INS_LDTRSW: -4,\n AARCH64_INS_LDTR: None,\n AARCH64_INS_ALIAS_LDTR: None,\n AARCH64_INS_LDXRB: 1,\n AARCH64_INS_LDXRH: 2,\n AARCH64_INS_LDXR: None,\n AARCH64_INS_LDARB: 1,\n AARCH64_INS_LDARH: 2,\n AARCH64_INS_LDAR: None,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_SINGLE_STORE_INSTRUCTIONS","title":"AARCH64_SINGLE_STORE_INSTRUCTIONS module-attribute","text":"AARCH64_SINGLE_STORE_INSTRUCTIONS: dict[int, int | None] = {\n AARCH64_INS_STRB: 1,\n AARCH64_INS_ALIAS_STRB: 1,\n AARCH64_INS_STURB: 1,\n AARCH64_INS_ALIAS_STURB: 1,\n AARCH64_INS_STRH: 2,\n AARCH64_INS_ALIAS_STRH: 2,\n AARCH64_INS_STURH: 2,\n AARCH64_INS_ALIAS_STURH: 2,\n AARCH64_INS_STUR: None,\n AARCH64_INS_ALIAS_STUR: None,\n AARCH64_INS_STR: None,\n AARCH64_INS_ALIAS_STR: None,\n AARCH64_INS_STTRB: 1,\n AARCH64_INS_STTRH: 2,\n AARCH64_INS_STTR: None,\n AARCH64_INS_STLRB: 1,\n AARCH64_INS_STLRH: 2,\n AARCH64_INS_STLR: None,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_EXCLUSIVE_STORE_INSTRUCTIONS","title":"AARCH64_EXCLUSIVE_STORE_INSTRUCTIONS module-attribute","text":"AARCH64_EXCLUSIVE_STORE_INSTRUCTIONS = {\n AARCH64_INS_STXRB: 1,\n AARCH64_INS_STXRH: 2,\n AARCH64_INS_STXR: None,\n AARCH64_INS_STLXRB: 1,\n AARCH64_INS_STLXRH: 2,\n AARCH64_INS_STLXR: None,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.CONDITIONAL_SELECT_INSTRUCTIONS","title":"CONDITIONAL_SELECT_INSTRUCTIONS module-attribute","text":"CONDITIONAL_SELECT_INSTRUCTIONS = {\n AARCH64_INS_CSEL,\n AARCH64_INS_CSINC,\n AARCH64_INS_CSINV,\n AARCH64_INS_CSNEG,\n AARCH64_INS_ALIAS_CSET,\n AARCH64_INS_ALIAS_CSETM,\n AARCH64_INS_ALIAS_CINC,\n AARCH64_INS_ALIAS_CINV,\n AARCH64_INS_ALIAS_CNEG,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_EMULATED_ANNOTATIONS","title":"AARCH64_EMULATED_ANNOTATIONS module-attribute","text":"AARCH64_EMULATED_ANNOTATIONS = CONDITIONAL_SELECT_INSTRUCTIONS | {\n AARCH64_INS_SXTB,\n AARCH64_INS_SXTH,\n AARCH64_INS_SXTW,\n AARCH64_INS_UXTB,\n AARCH64_INS_UXTH,\n AARCH64_INS_UXTW,\n AARCH64_INS_RBIT,\n AARCH64_INS_CLS,\n AARCH64_INS_CLZ,\n AARCH64_INS_ALIAS_BFXIL,\n AARCH64_INS_ALIAS_UBFIZ,\n AARCH64_INS_UBFM,\n AARCH64_INS_ALIAS_UBFX,\n AARCH64_INS_ALIAS_SBFIZ,\n AARCH64_INS_SBFM,\n AARCH64_INS_ALIAS_SBFX,\n AARCH64_INS_ALIAS_BFI,\n AARCH64_INS_NEG,\n AARCH64_INS_ALIAS_NEGS,\n AARCH64_INS_REV,\n AARCH64_INS_BIC,\n AARCH64_INS_BICS,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_CONSTANT_SHIFTS","title":"AARCH64_CONSTANT_SHIFTS module-attribute","text":"AARCH64_CONSTANT_SHIFTS = {\n AARCH64_SFT_LSL,\n AARCH64_SFT_LSR,\n AARCH64_SFT_ASR,\n AARCH64_SFT_ROR,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_BIT_SHIFT_MAP","title":"AARCH64_BIT_SHIFT_MAP module-attribute","text":"AARCH64_BIT_SHIFT_MAP: dict[int, Callable[[int, int, int], int]] = {\n AARCH64_SFT_LSL: logical_shift_left,\n AARCH64_SFT_LSR: logical_shift_right,\n AARCH64_SFT_ASR: arithmetic_shift_right,\n AARCH64_SFT_ROR: rotate_right,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_EXTEND_MAP","title":"AARCH64_EXTEND_MAP module-attribute","text":"AARCH64_EXTEND_MAP: dict[int, Callable[[int], int]] = {\n AARCH64_EXT_UXTB: lambda x: x & 1 << 8 - 1,\n AARCH64_EXT_UXTH: lambda x: x & 1 << 16 - 1,\n AARCH64_EXT_UXTW: lambda x: x & 1 << 32 - 1,\n AARCH64_EXT_UXTX: lambda x: x,\n AARCH64_EXT_SXTB: lambda x: to_signed(x, 8),\n AARCH64_EXT_SXTH: lambda x: to_signed(x, 16),\n AARCH64_EXT_SXTW: lambda x: to_signed(x, 32),\n AARCH64_EXT_SXTX: lambda x: to_signed(x, 64),\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_MATH_INSTRUCTIONS","title":"AARCH64_MATH_INSTRUCTIONS module-attribute","text":"AARCH64_MATH_INSTRUCTIONS = {\n AARCH64_INS_ADD: \"+\",\n AARCH64_INS_ALIAS_ADD: \"+\",\n AARCH64_INS_ADDS: \"+\",\n AARCH64_INS_ALIAS_ADDS: \"+\",\n AARCH64_INS_SUB: \"-\",\n AARCH64_INS_ALIAS_SUB: \"-\",\n AARCH64_INS_SUBS: \"-\",\n AARCH64_INS_ALIAS_SUBS: \"-\",\n AARCH64_INS_AND: \"&\",\n AARCH64_INS_ALIAS_AND: \"&\",\n AARCH64_INS_ANDS: \"&\",\n AARCH64_INS_ALIAS_ANDS: \"&\",\n AARCH64_INS_ORR: \"|\",\n AARCH64_INS_ALIAS_ORR: \"|\",\n AARCH64_INS_EOR: \"^\",\n AARCH64_INS_ALIAS_EOR: \"^\",\n AARCH64_INS_UDIV: \"/\",\n AARCH64_INS_SDIV: \"/\",\n AARCH64_INS_SMULH: \"*\",\n AARCH64_INS_SMULL: \"*\",\n AARCH64_INS_ALIAS_SMULL: \"*\",\n AARCH64_INS_UMULH: \"*\",\n AARCH64_INS_UMULL: \"*\",\n AARCH64_INS_ALIAS_UMULL: \"*\",\n AARCH64_INS_MUL: \"*\",\n AARCH64_INS_ALIAS_MUL: \"*\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_SHIFT_INSTRUCTIONS","title":"AARCH64_SHIFT_INSTRUCTIONS module-attribute","text":"AARCH64_SHIFT_INSTRUCTIONS = {\n AARCH64_INS_LSL: \"<<\",\n AARCH64_INS_ALIAS_LSL: \"<<\",\n AARCH64_INS_LSR: \">>\",\n AARCH64_INS_ALIAS_LSR: \">>\",\n AARCH64_INS_ASR: \">>s\",\n AARCH64_INS_ALIAS_ASR: \">>s\",\n AARCH64_INS_ROR: \">>r\",\n AARCH64_INS_ALIAS_ROR: \">>r\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant","title":"AArch64DisassemblyAssistant","text":"AArch64DisassemblyAssistant(architecture)\n
Bases: DisassemblyAssistant
Methods:
-
enhance \u2013 Enhance the instruction - resolving branch targets, conditionals, and adding annotations
-
can_reason_about_process_state \u2013 Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump \u2013 Debug-only method.
Attributes:
-
annotation_handlers (dict[int, Callable[[PwndbgInstruction, Emulator], None]]) \u2013 -
architecture (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
op_handlers (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.annotation_handlers","title":"annotation_handlers instance-attribute","text":"annotation_handlers: dict[\n int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n AARCH64_INS_MOV: _common_move_annotator,\n AARCH64_INS_ALIAS_MOV: _common_move_annotator,\n AARCH64_INS_MOVZ: _common_move_annotator,\n AARCH64_INS_MOVK: _common_generic_register_destination,\n AARCH64_INS_ADR: _common_generic_register_destination,\n AARCH64_INS_ADRP: _handle_adrp,\n AARCH64_INS_ALIAS_CMP: _common_cmp_annotator_builder(\"cpsr\", \"-\"),\n AARCH64_INS_ALIAS_CMN: _common_cmp_annotator_builder(\"cpsr\", \"+\"),\n AARCH64_INS_ALIAS_TST: _common_cmp_annotator_builder(\"cpsr\", \"&\"),\n AARCH64_INS_CCMP: _common_cmp_annotator_builder(\"cpsr\", \"\"),\n AARCH64_INS_CCMN: _common_cmp_annotator_builder(\"cpsr\", \"\"),\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.architecture","title":"architecture instance-attribute","text":"architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.op_handlers","title":"op_handlers instance-attribute","text":"op_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.op_names","title":"op_names instance-attribute","text":"op_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.enhance","title":"enhance","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\n
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.resolve_condition","title":"resolve_condition","text":"resolve_condition(condition: int, cpsr: int) -> InstructionCondition\n
Given a condition and the NZCV flag bits, determine when the condition is satisfied
The condition is a Capstone constant
"},{"location":"reference/pwndbg/aglib/disasm/arch/","title":"pwndbg.aglib.disasm.arch","text":""},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch","title":"arch","text":"Classes:
-
DisassemblyAssistant \u2013
Functions:
Attributes:
-
DEBUG_ENHANCEMENT \u2013 -
groups \u2013 -
ops \u2013 -
access \u2013 -
DO_NOT_EMULATE \u2013
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DEBUG_ENHANCEMENT","title":"DEBUG_ENHANCEMENT module-attribute","text":"DEBUG_ENHANCEMENT = False\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.groups","title":"groups module-attribute","text":"groups = {v: _Efor (k, v) in items() if startswith('CS_GRP_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.ops","title":"ops module-attribute","text":"ops = {v: _zfor (k, v) in items() if startswith('CS_OP_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.access","title":"access module-attribute","text":"access = {v: _3for (k, v) in items() if startswith('CS_AC_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DO_NOT_EMULATE","title":"DO_NOT_EMULATE module-attribute","text":"DO_NOT_EMULATE = {CS_GRP_INT, CS_GRP_INVALID, CS_GRP_IRET}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant","title":"DisassemblyAssistant","text":"DisassemblyAssistant(architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)\n
Methods:
-
enhance \u2013 Enhance the instruction - resolving branch targets, conditionals, and adding annotations
-
can_reason_about_process_state \u2013 Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump \u2013 Debug-only method.
Attributes:
-
architecture (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
op_handlers (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.architecture","title":"architecture instance-attribute","text":"architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.op_handlers","title":"op_handlers instance-attribute","text":"op_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.op_names","title":"op_names instance-attribute","text":"op_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.enhance","title":"enhance","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\n
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.syntax_highlight","title":"syntax_highlight","text":"syntax_highlight(ins)\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.register_assign","title":"register_assign","text":"register_assign(left: str, right: str) -> str\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.memory_assign","title":"memory_assign","text":"memory_assign(left: str, right: str) -> str\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.memory_or_register_assign","title":"memory_or_register_assign","text":"memory_or_register_assign(left: str, right: str, mem_assign: bool) -> str\n
Used when we don't know until runtime whether a codepath will annotate a register or memory location.
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.basic_enhance","title":"basic_enhance","text":"basic_enhance(ins: PwndbgInstruction) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/","title":"pwndbg.aglib.disasm.arm","text":""},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm","title":"arm","text":"Classes:
-
ArmDisassemblyAssistant \u2013
Functions:
Attributes:
-
ARM_BIT_SHIFT_MAP (dict[int, Callable[[int, int, int], int]]) \u2013 -
ARM_SINGLE_LOAD_INSTRUCTIONS \u2013 -
ARM_SINGLE_STORE_INSTRUCTIONS \u2013 -
ARM_EXCLUSIVE_STORE_INSTRUCTIONS \u2013 -
ARM_MATH_INSTRUCTIONS \u2013 -
ARM_SHIFT_INSTRUCTIONS \u2013 -
ARM_CAN_WRITE_TO_PC_INSTRUCTIONS \u2013
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_BIT_SHIFT_MAP","title":"ARM_BIT_SHIFT_MAP module-attribute","text":"ARM_BIT_SHIFT_MAP: dict[int, Callable[[int, int, int], int]] = {\n ARM_SFT_ASR: arithmetic_shift_right,\n ARM_SFT_LSL: logical_shift_left,\n ARM_SFT_LSR: logical_shift_right,\n ARM_SFT_ROR: rotate_right,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_SINGLE_LOAD_INSTRUCTIONS","title":"ARM_SINGLE_LOAD_INSTRUCTIONS module-attribute","text":"ARM_SINGLE_LOAD_INSTRUCTIONS = {\n ARM_INS_LDRB: 1,\n ARM_INS_LDRSB: -1,\n ARM_INS_LDRH: 2,\n ARM_INS_LDRSH: -2,\n ARM_INS_LDR: 4,\n ARM_INS_LDRBT: 1,\n ARM_INS_LDRSBT: -1,\n ARM_INS_LDRHT: 2,\n ARM_INS_LDRSHT: -2,\n ARM_INS_LDRT: 4,\n ARM_INS_LDREXB: 1,\n ARM_INS_LDREXH: 2,\n ARM_INS_LDREX: 4,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_SINGLE_STORE_INSTRUCTIONS","title":"ARM_SINGLE_STORE_INSTRUCTIONS module-attribute","text":"ARM_SINGLE_STORE_INSTRUCTIONS = {\n ARM_INS_STRB: 1,\n ARM_INS_STRH: 2,\n ARM_INS_STR: 4,\n ARM_INS_STRBT: 1,\n ARM_INS_STRHT: 2,\n ARM_INS_STRT: 4,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_EXCLUSIVE_STORE_INSTRUCTIONS","title":"ARM_EXCLUSIVE_STORE_INSTRUCTIONS module-attribute","text":"ARM_EXCLUSIVE_STORE_INSTRUCTIONS = {\n ARM_INS_STREXB: 1,\n ARM_INS_STREXH: 2,\n ARM_INS_STREX: 4,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_MATH_INSTRUCTIONS","title":"ARM_MATH_INSTRUCTIONS module-attribute","text":"ARM_MATH_INSTRUCTIONS = {\n ARM_INS_ADD: \"+\",\n ARM_INS_ADDW: \"+\",\n ARM_INS_SUB: \"-\",\n ARM_INS_ORR: \"|\",\n ARM_INS_AND: \"&\",\n ARM_INS_EOR: \"^\",\n ARM_INS_UDIV: \"/\",\n ARM_INS_SDIV: \"/\",\n ARM_INS_MUL: \"*\",\n ARM_INS_UMULL: \"*\",\n ARM_INS_SMULL: \"*\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_SHIFT_INSTRUCTIONS","title":"ARM_SHIFT_INSTRUCTIONS module-attribute","text":"ARM_SHIFT_INSTRUCTIONS = {\n ARM_INS_ASR: \">>s\",\n ARM_INS_ALIAS_ASR: \">>s\",\n ARM_INS_LSR: \">>\",\n ARM_INS_ALIAS_LSR: \">>\",\n ARM_INS_LSL: \"<<\",\n ARM_INS_ALIAS_LSL: \"<<\",\n ARM_INS_ROR: \">>r\",\n ARM_INS_ALIAS_ROR: \">>r\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_CAN_WRITE_TO_PC_INSTRUCTIONS","title":"ARM_CAN_WRITE_TO_PC_INSTRUCTIONS module-attribute","text":"ARM_CAN_WRITE_TO_PC_INSTRUCTIONS = {\n ARM_INS_LDM,\n ARM_INS_ALIAS_LDM,\n ARM_INS_POP,\n ARM_INS_ALIAS_POP,\n ARM_INS_LDR,\n ARM_INS_ADC,\n ARM_INS_ADD,\n ARM_INS_ADR,\n ARM_INS_AND,\n ARM_INS_ASR,\n ARM_INS_ALIAS_ASR,\n ARM_INS_BIC,\n ARM_INS_EOR,\n ARM_INS_LSL,\n ARM_INS_ALIAS_LSL,\n ARM_INS_LSR,\n ARM_INS_ALIAS_LSR,\n ARM_INS_MOV,\n ARM_INS_MVN,\n ARM_INS_ORR,\n ARM_INS_ROR,\n ARM_INS_ALIAS_ROR,\n ARM_INS_RRX,\n ARM_INS_ALIAS_RRX,\n ARM_INS_RSB,\n ARM_INS_RSC,\n ARM_INS_SBC,\n ARM_INS_SUB,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant","title":"ArmDisassemblyAssistant","text":"ArmDisassemblyAssistant(architecture, flags_reg: Literal['cpsr', 'xpsr'])\n
Bases: DisassemblyAssistant
Methods:
-
read_thumb_bit \u2013 -
enhance \u2013 Enhance the instruction - resolving branch targets, conditionals, and adding annotations
-
can_reason_about_process_state \u2013 Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump \u2013 Debug-only method.
Attributes:
-
flags_reg \u2013 -
annotation_handlers (dict[int, Callable[[PwndbgInstruction, Emulator], None]]) \u2013 -
architecture (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
op_handlers (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.flags_reg","title":"flags_reg instance-attribute","text":"flags_reg = flags_reg\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.annotation_handlers","title":"annotation_handlers instance-attribute","text":"annotation_handlers: dict[\n int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n ARM_INS_MOV: _common_move_annotator,\n ARM_INS_MOVW: _common_move_annotator,\n ARM_INS_MOVT: _common_generic_register_destination,\n ARM_INS_MVN: _common_generic_register_destination,\n ARM_INS_CMP: _common_cmp_annotator_builder(flags_reg, \"-\"),\n ARM_INS_CMN: _common_cmp_annotator_builder(flags_reg, \"+\"),\n ARM_INS_TST: _common_cmp_annotator_builder(flags_reg, \"&\"),\n ARM_INS_TEQ: _common_cmp_annotator_builder(flags_reg, \"^\"),\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.architecture","title":"architecture instance-attribute","text":"architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.op_handlers","title":"op_handlers instance-attribute","text":"op_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.op_names","title":"op_names instance-attribute","text":"op_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit(instruction: PwndbgInstruction, emu: Emulator) -> int | None\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.enhance","title":"enhance","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\n
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.itstate_from_cpsr","title":"itstate_from_cpsr","text":"itstate_from_cpsr(cpsr_value: int) -> int\n
ITSTATE == If-Then execution state bits for the Thumb IT instruction The ITSTATE bits are spread across 3 sections of Arm flags register to a total of 8 bits. This function extracts them and reorders the bits into their logical order - https://developer.arm.com/documentation/ddi0403/d/System-Level-Architecture/System-Level-Programmers--Model/Registers/The-special-purpose-program-status-registers--xPSR#:~:text=shows%20the%20assignment%20of%20the%20ICI/IT%20bits.
Bits of the flags register: EPSR[26:25] EPSR[15:12] EPSR[11:10] Bits of ITSTATE: IT[1:0] IT[7:4] IT[3:2]
The lower 5 bits has information that indicates the number of instructions in the IT Block. The top 3 bits indicate the base condition of the block. - https://developer.arm.com/documentation/ddi0406/cb/Application-Level-Architecture/Application-Level-Programmers--Model/Execution-state-registers/IT-block-state-register--ITSTATE?lang=en
If the value is zero, it means we are not in an IT block.
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/","title":"pwndbg.aglib.disasm.disassembly","text":""},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly","title":"disassembly","text":"Functionality for disassmebling code at an address, or at an address \u00b1 a few instructions.
Functions:
-
enhance_cache_listener \u2013 -
clear_on_reg_mem_change \u2013 -
get_disassembler \u2013 -
get_one_instruction \u2013 If passed an emulator, this will pass it to the DisassemblyAssistant which will
-
one \u2013 -
one_raw \u2013 -
get \u2013 -
can_run_first_emulate \u2013 Disable the emulate config variable if we don't have enough memory to use it
-
no_emulate_one \u2013 -
emulate_one \u2013 -
one_with_config \u2013 Returns a single Pwndbg Instruction at the current PC.
-
near \u2013 Disasms instructions near given address. Passing emulate makes use of
-
get_disassembly_assistant_for_current_arch \u2013 -
arch_has_disassembly_assistant \u2013
Attributes:
-
CapstoneEndian \u2013 -
CapstoneSyntax \u2013 -
next_addresses_cache (set[int]) \u2013 -
backward_cache (DefaultDict[int, int]) \u2013 -
computed_instruction_cache (DefaultDict[int, PwndbgInstruction]) \u2013 -
emulated_arm_mode_cache (DefaultDict[int, int | None]) \u2013 -
first_time_emulate \u2013 -
ALL_DISASSEMBLY_ASSISTANTS (dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, Callable[[], DisassemblyAssistant]]) \u2013
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.CapstoneEndian","title":"CapstoneEndian module-attribute","text":"CapstoneEndian = {'little': CS_MODE_LITTLE_ENDIAN, 'big': CS_MODE_BIG_ENDIAN}\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.CapstoneSyntax","title":"CapstoneSyntax module-attribute","text":"CapstoneSyntax = {'intel': CS_OPT_SYNTAX_INTEL, 'att': CS_OPT_SYNTAX_ATT}\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.next_addresses_cache","title":"next_addresses_cache module-attribute","text":"next_addresses_cache: set[int] = set()\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.backward_cache","title":"backward_cache module-attribute","text":"backward_cache: DefaultDict[int, int] = defaultdict(lambda: None)\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.computed_instruction_cache","title":"computed_instruction_cache module-attribute","text":"computed_instruction_cache: DefaultDict[int, PwndbgInstruction] = defaultdict(\n lambda: None\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.emulated_arm_mode_cache","title":"emulated_arm_mode_cache module-attribute","text":"emulated_arm_mode_cache: DefaultDict[int, int | None] = defaultdict(\n lambda: None\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.first_time_emulate","title":"first_time_emulate module-attribute","text":"first_time_emulate = True\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.ALL_DISASSEMBLY_ASSISTANTS","title":"ALL_DISASSEMBLY_ASSISTANTS module-attribute","text":"ALL_DISASSEMBLY_ASSISTANTS: dict[\n PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, Callable[[], DisassemblyAssistant]\n] = {\n \"aarch64\": lambda: AArch64DisassemblyAssistant(\"aarch64\"),\n \"i386\": lambda: X86DisassemblyAssistant(\"i386\"),\n \"x86-64\": lambda: X86DisassemblyAssistant(\"x86-64\"),\n \"arm\": lambda: ArmDisassemblyAssistant(\"arm\", \"cpsr\"),\n \"armcm\": lambda: ArmDisassemblyAssistant(\"armcm\", \"xpsr\"),\n \"mips\": lambda: MipsDisassemblyAssistant(\"mips\"),\n \"rv32\": lambda: RISCVDisassemblyAssistant(\"rv32\"),\n \"rv64\": lambda: RISCVDisassemblyAssistant(\"rv64\"),\n \"loongarch64\": lambda: Loong64DisassemblyAssistant(\"loongarch64\"),\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.enhance_cache_listener","title":"enhance_cache_listener","text":"enhance_cache_listener() -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.clear_on_reg_mem_change","title":"clear_on_reg_mem_change","text":"clear_on_reg_mem_change() -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.get_disassembler","title":"get_disassembler","text":"get_disassembler(cs_info: tuple[int, int])\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.get_one_instruction","title":"get_one_instruction","text":"get_one_instruction(\n address,\n emu: Emulator = None,\n enhance=True,\n from_cache=False,\n put_cache=False,\n assistant: DisassemblyAssistant = None,\n) -> PwndbgInstruction\n
If passed an emulator, this will pass it to the DisassemblyAssistant which will single_step the emulator to determine the operand values before and after the instruction executes.
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.one","title":"one","text":"one(\n address=None,\n emu: Emulator = None,\n enhance=True,\n from_cache=False,\n put_cache=False,\n put_backward_cache=True,\n assistant: DisassemblyAssistant = None,\n) -> PwndbgInstruction | None\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.one_raw","title":"one_raw","text":"one_raw(address=None) -> PwndbgInstruction | None\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.get","title":"get","text":"get(\n address,\n instructions=1,\n emu: Emulator = None,\n enhance=True,\n from_cache=False,\n put_cache=False,\n assistant: DisassemblyAssistant = None,\n) -> list[PwndbgInstruction]\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.can_run_first_emulate","title":"can_run_first_emulate","text":"can_run_first_emulate() -> bool\n
Disable the emulate config variable if we don't have enough memory to use it See #1534 And unicorn-engine/unicorn!1743
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.no_emulate_one","title":"no_emulate_one","text":"no_emulate_one()\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.emulate_one","title":"emulate_one","text":"emulate_one()\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.one_with_config","title":"one_with_config","text":"one_with_config()\n
Returns a single Pwndbg Instruction at the current PC.
Emulation determined by the pwndbg.config.emulate setting.
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.near","title":"near","text":"near(\n address,\n instructions=1,\n emulate=False,\n show_prev_insns=True,\n use_cache=False,\n linear=False,\n) -> tuple[list[PwndbgInstruction], int]\n
Disasms instructions near given address. Passing emulate makes use of unicorn engine to emulate instructions to predict branches that will be taken. show_prev_insns makes this show previously cached instructions (this is mostly used by context's disasm display, so user see what was previously)
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.get_disassembly_assistant_for_current_arch","title":"get_disassembly_assistant_for_current_arch","text":"get_disassembly_assistant_for_current_arch() -> DisassemblyAssistant\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.arch_has_disassembly_assistant","title":"arch_has_disassembly_assistant","text":"arch_has_disassembly_assistant(\n arch: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE | None = None,\n) -> bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/","title":"pwndbg.aglib.disasm.instruction","text":""},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction","title":"instruction","text":"Classes:
-
InstructionCondition \u2013 -
SplitType \u2013 -
PwndbgInstruction \u2013 -
PwndbgInstructionImpl \u2013 -
EnhancedOperand \u2013 -
ManualPwndbgInstruction \u2013
Functions:
-
boolean_to_instruction_condition \u2013
Attributes:
-
UNCONDITIONAL_JUMP_INSTRUCTIONS (dict[int, set[int]]) \u2013 -
BRANCH_AND_LINK_INSTRUCTIONS (dict[int, set[int]]) \u2013 -
GENERIC_UNCONDITIONAL_JUMP_GROUPS \u2013 -
GENERIC_JUMP_GROUPS \u2013 -
ALL_JUMP_GROUPS \u2013 -
FORWARD_JUMP_GROUP \u2013 -
CAPSTONE_ARCH_MAPPING_STRING \u2013
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.UNCONDITIONAL_JUMP_INSTRUCTIONS","title":"UNCONDITIONAL_JUMP_INSTRUCTIONS module-attribute","text":"UNCONDITIONAL_JUMP_INSTRUCTIONS: dict[int, set[int]] = {\n CS_ARCH_X86: {X86_INS_CALL, X86_INS_JMP},\n CS_ARCH_MIPS: {\n MIPS_INS_J,\n MIPS_INS_JR,\n MIPS_INS_JAL,\n MIPS_INS_JALR,\n MIPS_INS_JALR_HB,\n MIPS_INS_BAL,\n MIPS_INS_ALIAS_BAL,\n MIPS_INS_B,\n MIPS_INS_ALIAS_B,\n },\n CS_ARCH_SPARC: {SPARC_INS_JMP, SPARC_INS_JMPL},\n CS_ARCH_ARM: {ARM_INS_TBB, ARM_INS_TBH},\n CS_ARCH_AARCH64: {AARCH64_INS_BL, AARCH64_INS_BLR, AARCH64_INS_BR},\n CS_ARCH_RISCV: {\n RISCV_INS_JAL,\n RISCV_INS_JALR,\n RISCV_INS_C_JAL,\n RISCV_INS_C_JALR,\n RISCV_INS_C_J,\n RISCV_INS_C_JR,\n },\n CS_ARCH_PPC: {PPC_INS_B, PPC_INS_BA, PPC_INS_BL, PPC_INS_BLA},\n CS_ARCH_SYSTEMZ: {SYSTEMZ_INS_B, SYSTEMZ_INS_BAL, SYSTEMZ_INS_BALR},\n CS_ARCH_LOONGARCH: {\n LOONGARCH_INS_B,\n LOONGARCH_INS_BL,\n LOONGARCH_INS_JIRL,\n LOONGARCH_INS_ALIAS_JR,\n },\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.BRANCH_AND_LINK_INSTRUCTIONS","title":"BRANCH_AND_LINK_INSTRUCTIONS module-attribute","text":"BRANCH_AND_LINK_INSTRUCTIONS: dict[int, set[int]] = defaultdict(set)\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.GENERIC_UNCONDITIONAL_JUMP_GROUPS","title":"GENERIC_UNCONDITIONAL_JUMP_GROUPS module-attribute","text":"GENERIC_UNCONDITIONAL_JUMP_GROUPS = {CS_GRP_CALL, CS_GRP_RET, CS_GRP_IRET}\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.GENERIC_JUMP_GROUPS","title":"GENERIC_JUMP_GROUPS module-attribute","text":"GENERIC_JUMP_GROUPS = {CS_GRP_JUMP, CS_GRP_BRANCH_RELATIVE}\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ALL_JUMP_GROUPS","title":"ALL_JUMP_GROUPS module-attribute","text":"ALL_JUMP_GROUPS = GENERIC_JUMP_GROUPS | GENERIC_UNCONDITIONAL_JUMP_GROUPS\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.FORWARD_JUMP_GROUP","title":"FORWARD_JUMP_GROUP module-attribute","text":"FORWARD_JUMP_GROUP = {CS_GRP_CALL} | GENERIC_JUMP_GROUPS\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.CAPSTONE_ARCH_MAPPING_STRING","title":"CAPSTONE_ARCH_MAPPING_STRING module-attribute","text":"CAPSTONE_ARCH_MAPPING_STRING = {\n CS_ARCH_ARM: \"arm\",\n CS_ARCH_AARCH64: \"aarch64\",\n CS_ARCH_X86: \"x86\",\n CS_ARCH_PPC: \"powerpc\",\n CS_ARCH_MIPS: \"mips\",\n CS_ARCH_SPARC: \"sparc\",\n CS_ARCH_RISCV: \"RISCV\",\n CS_ARCH_SYSTEMZ: \"s390x\",\n CS_ARCH_LOONGARCH: \"loongarch\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.InstructionCondition","title":"InstructionCondition","text":" Bases: Enum
Attributes:
-
TRUE \u2013 -
FALSE \u2013 -
UNDETERMINED \u2013
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.InstructionCondition.TRUE","title":"TRUE class-attribute instance-attribute","text":"TRUE = 1\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.InstructionCondition.FALSE","title":"FALSE class-attribute instance-attribute","text":"FALSE = 2\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.InstructionCondition.UNDETERMINED","title":"UNDETERMINED class-attribute instance-attribute","text":"UNDETERMINED = 3\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.SplitType","title":"SplitType","text":" Bases: Enum
Attributes:
-
NO_SPLIT \u2013 -
BRANCH_TAKEN \u2013 -
BRANCH_NOT_TAKEN \u2013
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.SplitType.NO_SPLIT","title":"NO_SPLIT class-attribute instance-attribute","text":"NO_SPLIT = 1\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.SplitType.BRANCH_TAKEN","title":"BRANCH_TAKEN class-attribute instance-attribute","text":"BRANCH_TAKEN = 2\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.SplitType.BRANCH_NOT_TAKEN","title":"BRANCH_NOT_TAKEN class-attribute instance-attribute","text":"BRANCH_NOT_TAKEN = 3\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction","title":"PwndbgInstruction","text":" Bases: Protocol
Methods:
-
op_find \u2013 -
op_count \u2013
Attributes:
-
cs_insn (CsInsn) \u2013 -
address (int) \u2013 -
size (int) \u2013 -
mnemonic (str) \u2013 -
op_str (str) \u2013 -
groups (set[int]) \u2013 -
id (int) \u2013 -
operands (list[EnhancedOperand]) \u2013 -
asm_string (str) \u2013 -
next (int) \u2013 -
target (int) \u2013 -
target_string (str | None) \u2013 -
target_const (bool | None) \u2013 -
condition (InstructionCondition) \u2013 -
declare_conditional (bool | None) \u2013 -
declare_is_unconditional_jump (bool) \u2013 -
force_unconditional_jump_target (bool) \u2013 -
annotation (str | None) \u2013 -
annotation_padding (int | None) \u2013 -
syscall (int | None) \u2013 -
syscall_name (str | None) \u2013 -
causes_branch_delay (bool) \u2013 -
split (SplitType) \u2013 -
emulated (bool) \u2013 -
call_like (bool) \u2013 -
jump_like (bool) \u2013 -
has_jump_target (bool) \u2013 -
is_conditional_jump (bool) \u2013 -
is_unconditional_jump (bool) \u2013 -
is_conditional_jump_taken (bool) \u2013 -
bytes (bytearray) \u2013
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.cs_insn","title":"cs_insn instance-attribute","text":"cs_insn: CsInsn\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.address","title":"address instance-attribute","text":"address: int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.size","title":"size instance-attribute","text":"size: int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.mnemonic","title":"mnemonic instance-attribute","text":"mnemonic: str\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.op_str","title":"op_str instance-attribute","text":"op_str: str\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.groups","title":"groups instance-attribute","text":"groups: set[int]\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.id","title":"id instance-attribute","text":"id: int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.operands","title":"operands instance-attribute","text":"operands: list[EnhancedOperand]\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.asm_string","title":"asm_string instance-attribute","text":"asm_string: str\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.next","title":"next instance-attribute","text":"next: int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.target","title":"target instance-attribute","text":"target: int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.target_string","title":"target_string instance-attribute","text":"target_string: str | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.target_const","title":"target_const instance-attribute","text":"target_const: bool | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.condition","title":"condition instance-attribute","text":"condition: InstructionCondition\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.declare_conditional","title":"declare_conditional instance-attribute","text":"declare_conditional: bool | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.declare_is_unconditional_jump","title":"declare_is_unconditional_jump instance-attribute","text":"declare_is_unconditional_jump: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.force_unconditional_jump_target","title":"force_unconditional_jump_target instance-attribute","text":"force_unconditional_jump_target: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.annotation","title":"annotation instance-attribute","text":"annotation: str | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.annotation_padding","title":"annotation_padding instance-attribute","text":"annotation_padding: int | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.syscall","title":"syscall instance-attribute","text":"syscall: int | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.syscall_name","title":"syscall_name instance-attribute","text":"syscall_name: str | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.causes_branch_delay","title":"causes_branch_delay instance-attribute","text":"causes_branch_delay: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.split","title":"split instance-attribute","text":"split: SplitType\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.emulated","title":"emulated instance-attribute","text":"emulated: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.call_like","title":"call_like property","text":"call_like: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.jump_like","title":"jump_like property","text":"jump_like: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.has_jump_target","title":"has_jump_target property","text":"has_jump_target: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.is_conditional_jump","title":"is_conditional_jump property","text":"is_conditional_jump: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.is_unconditional_jump","title":"is_unconditional_jump property","text":"is_unconditional_jump: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.is_conditional_jump_taken","title":"is_conditional_jump_taken property","text":"is_conditional_jump_taken: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.bytes","title":"bytes property","text":"bytes: bytearray\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.op_find","title":"op_find","text":"op_find(op_type: int, position: int) -> EnhancedOperand\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.op_count","title":"op_count","text":"op_count(op_type: int) -> int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl","title":"PwndbgInstructionImpl","text":"PwndbgInstructionImpl(cs_insn: CsInsn)\n
Bases: PwndbgInstruction
Methods:
Attributes:
-
cs_insn (CsInsn) \u2013 The underlying Capstone instruction object.
-
address (int) \u2013 -
size (int) \u2013 Length of the instruction
-
mnemonic (str) \u2013 Ex: 'MOV'
-
op_str (str) \u2013 Ex: 'RAX, RDX'
-
groups (set[int]) \u2013 Capstone instruction groups that we belong to.
-
id (int) \u2013 The underlying Capstone ID for the instruction
-
operands (list[EnhancedOperand]) \u2013 -
asm_string (str) \u2013 The full string representing the instruction - mov rdi, rsp with appropriate padding.
-
next (int) \u2013 This is the address that the instruction pointer will be set to after using the \"nexti\" GDB command.
-
target (int) \u2013 This is target of instructions that change the PC, regardless of if it's conditional or not,
-
target_string (str | None) \u2013 String representation of the target address.
-
target_const (bool | None) \u2013 Whether the target is a constant expression
-
condition (InstructionCondition) \u2013 Does the condition that the instruction checks for pass?
-
declare_conditional (bool | None) \u2013 This field is used to declare if the instruction is a conditional instruction.
-
declare_is_unconditional_jump (bool) \u2013 This field is used to declare that this instruction is an unconditional jump.
-
force_unconditional_jump_target (bool) \u2013 This asserts that the .target attribute is the real target of the instruction.
-
annotation (str | None) \u2013 The string is set in the \"DisassemblyAssistant.enhance\" function.
-
annotation_padding (int | None) \u2013 The left adjustment padding that was used to previously print this.
-
syscall (int | None) \u2013 The syscall number for this instruction, if it is a syscall. Otherwise None.
-
syscall_name (str | None) \u2013 The syscall name as a string
-
causes_branch_delay (bool) \u2013 Whether or not this instruction has a single branch delay slot
-
split (SplitType) \u2013 The type of split in the disasm display this instruction causes:
-
emulated (bool) \u2013 If the enhancement successfully used emulation for this instruction
-
call_like (bool) \u2013 True if this is a call-like instruction, meaning either it's a CALL or a branch and link.
-
jump_like (bool) \u2013 True if this instruction is \"jump-like\", such as a JUMP, CALL, or RET.
-
has_jump_target (bool) \u2013 True if we have determined that this instruction can explicitly change the program counter, and
-
is_conditional_jump (bool) \u2013 True if this instruction can change the program counter conditionally.
-
is_unconditional_jump (bool) \u2013 True if we know the instruction can change the program counter, and does so unconditionally.
-
is_conditional_jump_taken (bool) \u2013 True if this is a conditional jump, and we predicted that we will take the jump
-
bytes (bytearray) \u2013 Raw machine instruction bytes
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.cs_insn","title":"cs_insn instance-attribute","text":"cs_insn: CsInsn = cs_insn\n
The underlying Capstone instruction object. Only the enhancement code should access the 'cs_insn' property
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.address","title":"address instance-attribute","text":"address: int = address\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.size","title":"size instance-attribute","text":"size: int = size\n
Length of the instruction
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.mnemonic","title":"mnemonic instance-attribute","text":"mnemonic: str = mnemonic\n
Ex: 'MOV'
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.op_str","title":"op_str instance-attribute","text":"op_str: str = op_str\n
Ex: 'RAX, RDX'
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.groups","title":"groups instance-attribute","text":"groups: set[int] = set(groups)\n
Capstone instruction groups that we belong to. Groups that apply to all architectures: CS_GRP_INVALID | CS_GRP_JUMP | CS_GRP_CALL | CS_GRP_RET | CS_GRP_INT | CS_GRP_IRET | CS_GRP_PRIVILEGE | CS_GRP_BRANCH_RELATIVE
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.id","title":"id instance-attribute","text":"id: int = alias_id if is_alias else id\n
The underlying Capstone ID for the instruction If it's an alias, use the id of the alias
Examples: X86_INS_JMP, X86_INS_CALL, RISCV_INS_C_JAL
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.operands","title":"operands instance-attribute","text":"operands: list[EnhancedOperand] = [EnhancedOperand(op) for op in operands]\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.asm_string","title":"asm_string instance-attribute","text":"asm_string: str = f'{mnemonic} {op_str}'\n
The full string representing the instruction - mov rdi, rsp with appropriate padding.
This is syntax highlighted during enhancement.
This is additionally modified during enhancement for the purposes of replacing immediate values with their corresponding symbols
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.next","title":"next instance-attribute","text":"next: int = address + size\n
This is the address that the instruction pointer will be set to after using the \"nexti\" GDB command. This means it is the address of the next instruction to be executed in all cases except \"call\" instructions.
Typically, it is self.address + self.size (the next instruction in memory)
If it is a jump and we know it is taken, then it is the value of the jump target.
Not set to \"call\" instruction targets, to indicate we will eventually (probably) return to this address
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.target","title":"target instance-attribute","text":"target: int = None\n
This is target of instructions that change the PC, regardless of if it's conditional or not, and whether or not we take the jump. This includes \"call\" and all other instructions that set the PC
If the instruction is not one that changes the PC, target is set to \"next\"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.target_string","title":"target_string instance-attribute","text":"target_string: str | None = None\n
String representation of the target address.
Colorized symbol if a symbol exists at address, else colorized address
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.target_const","title":"target_const instance-attribute","text":"target_const: bool | None = None\n
Whether the target is a constant expression
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.condition","title":"condition instance-attribute","text":"condition: InstructionCondition = UNDETERMINED\n
Does the condition that the instruction checks for pass?
For example, \"JNE\" jumps if Zero Flag is 0, else it does nothing. \"CMOVA\" conditionally performs a move depending on a flag. See 'condition' function in pwndbg.aglib.disasm.x86 for example on setting this.
UNDETERMINED if we cannot reason about the condition, or if the instruction always executes unconditionally (most instructions).
TRUE if the instruction has a conditional action, and we determine it is taken.
FALSE if the instruction has a conditional action, and we know it is not taken.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.declare_conditional","title":"declare_conditional instance-attribute","text":"declare_conditional: bool | None = None\n
This field is used to declare if the instruction is a conditional instruction. In most cases, we can determine this purely based on the instruction ID, and this field is irrelevent. However, in some arches, like Arm, the same instruction can be made conditional by certain instruction attributes. Ex: Arm, bls instruction. This is encoded as a b under the code, with an additional condition code field. In this case, sometimes a b instruction is unconditional (always branches), in other cases it is conditional. We use this field to disambiguate these cases.
True if we manually determine this instruction is a conditional instruction False if it's not a conditional instruction None if we don't have a determination (most cases)
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.declare_is_unconditional_jump","title":"declare_is_unconditional_jump instance-attribute","text":"declare_is_unconditional_jump: bool = False\n
This field is used to declare that this instruction is an unconditional jump. Most of the time, we depend on Capstone groups to check for jump instructions. However, some instructions become branches depending on the operands, such as Arm add, sub, ldr, pop, where PC is the destination register
In these cases, we want to forcefully state that this instruction mutates the PC, so we set this attribute to True.
This helps in two cases: 1. Disassembly splits 2. Instructions like stepuntilasm work better, as they detect these as branches to stop at.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.force_unconditional_jump_target","title":"force_unconditional_jump_target instance-attribute","text":"force_unconditional_jump_target: bool = False\n
This asserts that the .target attribute is the real target of the instruction. This is only relevent in the edge case that the target is the next instruction in memory (address + size). The normal check for \"target\" checks that the target is NOT the next address in memory, and here we can assert that even if that is the case, we know that the jump really does just go to where self.target is.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.annotation","title":"annotation instance-attribute","text":"annotation: str | None = None\n
The string is set in the \"DisassemblyAssistant.enhance\" function. It is used in the disasm print view to add context to the instruction, mostly operand value. This string is not used for all cases - if the instruction is a call or a jump, the 'target'. variables is used instead. See 'pwndbg.color.disasm.instruction()' for specific usage.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.annotation_padding","title":"annotation_padding instance-attribute","text":"annotation_padding: int | None = None\n
The left adjustment padding that was used to previously print this. We retain it so the output is consistent between prints
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.syscall","title":"syscall instance-attribute","text":"syscall: int | None = None\n
The syscall number for this instruction, if it is a syscall. Otherwise None.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.syscall_name","title":"syscall_name instance-attribute","text":"syscall_name: str | None = None\n
The syscall name as a string
Ex: \"openat\", \"read\"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.causes_branch_delay","title":"causes_branch_delay instance-attribute","text":"causes_branch_delay: bool = False\n
Whether or not this instruction has a single branch delay slot
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.split","title":"split instance-attribute","text":"split: SplitType = NO_SPLIT\n
The type of split in the disasm display this instruction causes:
NO_SPLIT - no extra spacing between this and the next instruction\nBRANCH_TAKEN - a newline with an arrow pointing down\nBRANCH_NOT_TAKEN - an empty newline\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.emulated","title":"emulated instance-attribute","text":"emulated: bool = False\n
If the enhancement successfully used emulation for this instruction
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.call_like","title":"call_like property","text":"call_like: bool\n
True if this is a call-like instruction, meaning either it's a CALL or a branch and link.
Checking for the CS_GRP_CALL is insufficient, as there are many \"branch and link\" instructions that are not labeled as a call
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.jump_like","title":"jump_like property","text":"jump_like: bool\n
True if this instruction is \"jump-like\", such as a JUMP, CALL, or RET. Basically, the PC is set to some target by means of this instruction.
It may still be a conditional jump - this property does not indicate whether the jump is taken or not.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.has_jump_target","title":"has_jump_target property","text":"has_jump_target: bool\n
True if we have determined that this instruction can explicitly change the program counter, and we have determined the jump target.
Edge case - the jump target MAY be the next address in memory - so we check force_unconditional_jump_target
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.is_conditional_jump","title":"is_conditional_jump property","text":"is_conditional_jump: bool\n
True if this instruction can change the program counter conditionally.
This is used, in part, to determine if the instruction deserves a \"checkmark\" in the disasm view.
This does not imply that we have resolved the .target
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.is_unconditional_jump","title":"is_unconditional_jump property","text":"is_unconditional_jump: bool\n
True if we know the instruction can change the program counter, and does so unconditionally.
This includes things like RET, CALL, and JMP (in x86).
This property is used in enhancement to determine certain codepaths when resolving .next for this instruction.
This does not imply that we have resolved the .target
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.is_conditional_jump_taken","title":"is_conditional_jump_taken property","text":"is_conditional_jump_taken: bool\n
True if this is a conditional jump, and we predicted that we will take the jump
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.bytes","title":"bytes property","text":"bytes: bytearray\n
Raw machine instruction bytes
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.op_find","title":"op_find","text":"op_find(op_type: int, position: int) -> EnhancedOperand\n
Get the operand at position @position of all operands having the same type @op_type
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.op_count","title":"op_count","text":"op_count(op_type: int) -> int\n
Return number of operands having same operand Capstone type 'op_type'
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.__repr__","title":"__repr__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand","title":"EnhancedOperand","text":"EnhancedOperand(cs_op)\n
Methods:
Attributes:
-
cs_op (Any) \u2013 Underlying Capstone operand. Takes on a different value depending on the architecture.
-
before_value (int | None) \u2013 The value of the operand before the instruction executes.
-
after_value (int | None) \u2013 The value of the operand after the instruction executes.
-
before_value_resolved (int | None) \u2013 The 'resolved' value of the operand that is actually used in the instruction logic, before the instruction executes.
-
before_value_no_modifiers (int | None) \u2013 This is a special field used in some architectures that allow operand modifiers, such as shifts and extends in Arm.
-
after_value_resolved (int | None) \u2013 The 'resolved' value of the operand after the instruction executes.
-
str (str | None) \u2013 String representing the operand
-
symbol (str | None) \u2013 Colorized symbol name for this operand, if .before_value is set and symbol exists, else None.
-
type (int) \u2013 CS_OP_REG | CS_OP_MEM | CS_OP_IMM | CS_OP_INVALID | CS_OP_FP
-
reg (int) \u2013 The underlying Capstone ID for the register
-
imm (int) \u2013 The immediate value of the operand (if applicable)
-
mem (Any) \u2013 Return the underlying Capstone mem object (if applicable)
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.cs_op","title":"cs_op instance-attribute","text":"cs_op: Any = cs_op\n
Underlying Capstone operand. Takes on a different value depending on the architecture.
x86 = capstone.x86.X86Op, arm = capstone.arm.ArmOp, mips = capstone.mips.MipsOp
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.before_value","title":"before_value instance-attribute","text":"before_value: int | None = None\n
The value of the operand before the instruction executes. This is set only if the operand value can be reasoned about.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.after_value","title":"after_value instance-attribute","text":"after_value: int | None = None\n
The value of the operand after the instruction executes. Only set when using emulation.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.before_value_resolved","title":"before_value_resolved instance-attribute","text":"before_value_resolved: int | None = None\n
The 'resolved' value of the operand that is actually used in the instruction logic, before the instruction executes. This is the same as before_value if it's not a memory operand, in which cases it's the dereferenced value.
Helpful for cases like cmp byte ptr [rip + 0x166669], 0, where first operand could be a register or a memory value to dereference, and we want the actual value used.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.before_value_no_modifiers","title":"before_value_no_modifiers instance-attribute","text":"before_value_no_modifiers: int | None = None\n
This is a special field used in some architectures that allow operand modifiers, such as shifts and extends in Arm. Capstone bundles the modifier with the operand, and when we are resolving concrete operand values, we apply the modifier. However, in some annotations we need to un-modified raw register value, which is what this field is for.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.after_value_resolved","title":"after_value_resolved instance-attribute","text":"after_value_resolved: int | None = None\n
The 'resolved' value of the operand after the instruction executes.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.str","title":"str instance-attribute","text":"str: str | None = ''\n
String representing the operand
Ex: \"RAX\", or \"[0x7fffffffd9e8]\". None if value cannot be determined.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.symbol","title":"symbol instance-attribute","text":"symbol: str | None = None\n
Colorized symbol name for this operand, if .before_value is set and symbol exists, else None.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.type","title":"type property","text":"type: int\n
CS_OP_REG | CS_OP_MEM | CS_OP_IMM | CS_OP_INVALID | CS_OP_FP
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.reg","title":"reg property","text":"reg: int\n
The underlying Capstone ID for the register
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.imm","title":"imm property","text":"imm: int\n
The immediate value of the operand (if applicable)
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.mem","title":"mem property","text":"mem: Any\n
Return the underlying Capstone mem object (if applicable)
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.__repr__","title":"__repr__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction","title":"ManualPwndbgInstruction","text":"ManualPwndbgInstruction(address: int)\n
Bases: PwndbgInstruction
GDB/LLDB's built-in disassemblers.
Instances of this class do not go through the 'enhancement' process due to lacking important information provided by Capstone. As a result of this, some of the methods raise NotImplementedError, because if they are called it indicates a bug elsewhere in the codebase.
Methods:
-
op_find \u2013 -
op_count \u2013
Attributes:
-
cs_insn (CsInsn) \u2013 -
address \u2013 -
size \u2013 -
mnemonic \u2013 -
op_str \u2013 -
groups \u2013 -
id \u2013 -
operands \u2013 -
asm_string \u2013 -
next \u2013 -
target \u2013 -
target_string \u2013 -
target_const \u2013 -
condition \u2013 -
declare_conditional \u2013 -
declare_is_unconditional_jump \u2013 -
force_unconditional_jump_target \u2013 -
annotation \u2013 -
annotation_padding \u2013 -
syscall \u2013 -
syscall_name \u2013 -
causes_branch_delay \u2013 -
split \u2013 -
emulated \u2013 -
bytes (bytearray) \u2013 -
call_like (bool) \u2013 -
jump_like (bool) \u2013 -
has_jump_target (bool) \u2013 -
is_conditional_jump (bool) \u2013 -
is_unconditional_jump (bool) \u2013 -
is_conditional_jump_taken (bool) \u2013
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.cs_insn","title":"cs_insn instance-attribute","text":"cs_insn: CsInsn = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.address","title":"address instance-attribute","text":"address = address\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.size","title":"size instance-attribute","text":"size = ins['length']\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.mnemonic","title":"mnemonic instance-attribute","text":"mnemonic = strip()\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.op_str","title":"op_str instance-attribute","text":"op_str = strip() if len(asm) > 1 else ''\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.groups","title":"groups instance-attribute","text":"groups = set()\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.id","title":"id instance-attribute","text":"id = -1\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.operands","title":"operands instance-attribute","text":"operands = []\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.asm_string","title":"asm_string instance-attribute","text":"asm_string = f'{mnemonic} {op_str}'\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.next","title":"next instance-attribute","text":"next = address + size\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.target","title":"target instance-attribute","text":"target = next\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.target_string","title":"target_string instance-attribute","text":"target_string = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.target_const","title":"target_const instance-attribute","text":"target_const = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.condition","title":"condition instance-attribute","text":"condition = UNDETERMINED\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.declare_conditional","title":"declare_conditional instance-attribute","text":"declare_conditional = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.declare_is_unconditional_jump","title":"declare_is_unconditional_jump instance-attribute","text":"declare_is_unconditional_jump = False\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.force_unconditional_jump_target","title":"force_unconditional_jump_target instance-attribute","text":"force_unconditional_jump_target = False\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.annotation","title":"annotation instance-attribute","text":"annotation = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.annotation_padding","title":"annotation_padding instance-attribute","text":"annotation_padding = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.syscall","title":"syscall instance-attribute","text":"syscall = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.syscall_name","title":"syscall_name instance-attribute","text":"syscall_name = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.causes_branch_delay","title":"causes_branch_delay instance-attribute","text":"causes_branch_delay = False\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.split","title":"split instance-attribute","text":"split = NO_SPLIT\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.emulated","title":"emulated instance-attribute","text":"emulated = False\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.bytes","title":"bytes property","text":"bytes: bytearray\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.call_like","title":"call_like property","text":"call_like: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.jump_like","title":"jump_like property","text":"jump_like: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.has_jump_target","title":"has_jump_target property","text":"has_jump_target: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.is_conditional_jump","title":"is_conditional_jump property","text":"is_conditional_jump: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.is_unconditional_jump","title":"is_unconditional_jump property","text":"is_unconditional_jump: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.is_conditional_jump_taken","title":"is_conditional_jump_taken property","text":"is_conditional_jump_taken: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.op_find","title":"op_find","text":"op_find(op_type: int, position: int) -> EnhancedOperand\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.op_count","title":"op_count","text":"op_count(op_type: int) -> int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.boolean_to_instruction_condition","title":"boolean_to_instruction_condition","text":"boolean_to_instruction_condition(condition: bool) -> InstructionCondition\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/","title":"pwndbg.aglib.disasm.loongarch64","text":""},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64","title":"loongarch64","text":"Classes:
-
Loong64DisassemblyAssistant \u2013
Attributes:
-
CONDITION_RESOLVERS (dict[int, Callable[[list[int]], bool]]) \u2013 -
LOONGARCH_LOAD_INSTRUCTIONS (dict[int, int]) \u2013 -
LOONGARCH_STORE_INSTRUCTIONS (dict[int, int]) \u2013 -
LOONGARCH_BINARY_OPERATIONS (dict[int, str]) \u2013
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.CONDITION_RESOLVERS","title":"CONDITION_RESOLVERS module-attribute","text":"CONDITION_RESOLVERS: dict[int, Callable[[list[int]], bool]] = {\n LOONGARCH_INS_BEQZ: lambda ops: ops[0] == 0,\n LOONGARCH_INS_BNEZ: lambda ops: ops[0] != 0,\n LOONGARCH_INS_BEQ: lambda ops: ops[0] == ops[1],\n LOONGARCH_INS_BNE: lambda ops: ops[0] != ops[1],\n LOONGARCH_INS_BGE: lambda ops: to_signed(ops[0], ptrsize * 8)\n >= to_signed(ops[1], ptrsize * 8),\n LOONGARCH_INS_BLT: lambda ops: to_signed(ops[0], ptrsize * 8)\n < to_signed(ops[1], ptrsize * 8),\n LOONGARCH_INS_BLTU: lambda ops: ops[0] < ops[1],\n LOONGARCH_INS_BGEU: lambda ops: ops[0] >= ops[1],\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.LOONGARCH_LOAD_INSTRUCTIONS","title":"LOONGARCH_LOAD_INSTRUCTIONS module-attribute","text":"LOONGARCH_LOAD_INSTRUCTIONS: dict[int, int] = {}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.LOONGARCH_STORE_INSTRUCTIONS","title":"LOONGARCH_STORE_INSTRUCTIONS module-attribute","text":"LOONGARCH_STORE_INSTRUCTIONS: dict[int, int] = {}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.LOONGARCH_BINARY_OPERATIONS","title":"LOONGARCH_BINARY_OPERATIONS module-attribute","text":"LOONGARCH_BINARY_OPERATIONS: dict[int, str] = {}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant","title":"Loong64DisassemblyAssistant","text":"Loong64DisassemblyAssistant(architecture)\n
Bases: DisassemblyAssistant
Methods:
-
enhance \u2013 Enhance the instruction - resolving branch targets, conditionals, and adding annotations
-
can_reason_about_process_state \u2013 Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump \u2013 Debug-only method.
Attributes:
-
annotation_handlers (dict[int, Callable[[PwndbgInstruction, Emulator], None]]) \u2013 -
architecture (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
op_handlers (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.annotation_handlers","title":"annotation_handlers instance-attribute","text":"annotation_handlers: dict[\n int, Callable[[PwndbgInstruction, Emulator], None]\n] = {}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.architecture","title":"architecture instance-attribute","text":"architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.op_handlers","title":"op_handlers instance-attribute","text":"op_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.op_names","title":"op_names instance-attribute","text":"op_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.enhance","title":"enhance","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\n
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/mips/","title":"pwndbg.aglib.disasm.mips","text":""},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips","title":"mips","text":"Classes:
-
MipsDisassemblyAssistant \u2013
Attributes:
-
BRANCH_WITHOUT_DELAY_SLOT_INSTRUCTIONS \u2013 -
BRANCH_LIKELY_INSTRUCTIONS \u2013 -
CONDITION_RESOLVERS (dict[int, Callable[[list[int]], bool]]) \u2013 -
MIPS_SIMPLE_DESTINATION_INSTRUCTIONS \u2013 -
MIPS_LOAD_INSTRUCTIONS \u2013 -
MIPS_STORE_INSTRUCTIONS \u2013 -
MIPS_BINARY_OPERATIONS \u2013
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.BRANCH_WITHOUT_DELAY_SLOT_INSTRUCTIONS","title":"BRANCH_WITHOUT_DELAY_SLOT_INSTRUCTIONS module-attribute","text":"BRANCH_WITHOUT_DELAY_SLOT_INSTRUCTIONS = {\n MIPS_INS_BC,\n MIPS_INS_BALC,\n MIPS_INS_JIALC,\n MIPS_INS_JIC,\n MIPS_INS_BLEZALC,\n MIPS_INS_BGEZALC,\n MIPS_INS_BGTZALC,\n MIPS_INS_BLTZALC,\n MIPS_INS_BEQZALC,\n MIPS_INS_BNEZALC,\n MIPS_INS_BLEZC,\n MIPS_INS_BGEZC,\n MIPS_INS_BGEUC,\n MIPS_INS_BGEIC,\n MIPS_INS_BGEUC,\n MIPS_INS_BGEIUC,\n MIPS_INS_BGTZC,\n MIPS_INS_BLTZC,\n MIPS_INS_BEQZC,\n MIPS_INS_ALIAS_BEQZC,\n MIPS_INS_BNEZC,\n MIPS_INS_ALIAS_BNEZC,\n MIPS_INS_BEQC,\n MIPS_INS_ALIAS_BEQC,\n MIPS_INS_BEQIC,\n MIPS_INS_BNEC,\n MIPS_INS_ALIAS_BNEC,\n MIPS_INS_BNEIC,\n MIPS_INS_BLTC,\n MIPS_INS_BLTIC,\n MIPS_INS_BLTUC,\n MIPS_INS_BLTIUC,\n MIPS_INS_BGEC,\n MIPS_INS_BLTUC,\n MIPS_INS_BNVC,\n MIPS_INS_BOVC,\n MIPS_INS_BRSC,\n MIPS_INS_BALRSC,\n MIPS_INS_BBEQZC,\n MIPS_INS_BBNEZC,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.BRANCH_LIKELY_INSTRUCTIONS","title":"BRANCH_LIKELY_INSTRUCTIONS module-attribute","text":"BRANCH_LIKELY_INSTRUCTIONS = {\n MIPS_INS_BC1FL,\n MIPS_INS_ALIAS_BC1FL,\n MIPS_INS_BC1TL,\n MIPS_INS_ALIAS_BC1TL,\n MIPS_INS_BEQL,\n MIPS_INS_BGEZALL,\n MIPS_INS_BGEZL,\n MIPS_INS_BGTZL,\n MIPS_INS_BLEZL,\n MIPS_INS_BLTZALL,\n MIPS_INS_BLTZL,\n MIPS_INS_BNEL,\n MIPS_INS_ALIAS_BNEZL,\n MIPS_INS_ALIAS_BEQZL,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.CONDITION_RESOLVERS","title":"CONDITION_RESOLVERS module-attribute","text":"CONDITION_RESOLVERS: dict[int, Callable[[list[int]], bool]] = {\n MIPS_INS_BEQZ: lambda ops: ops[0] == 0,\n MIPS_INS_BNEZ: lambda ops: ops[0] != 0,\n MIPS_INS_BEQ: lambda ops: ops[0] == ops[1],\n MIPS_INS_BNE: lambda ops: ops[0] != ops[1],\n MIPS_INS_BGEZ: lambda ops: to_signed(ops[0], ptrsize * 8) >= 0,\n MIPS_INS_BGEZAL: lambda ops: to_signed(ops[0], ptrsize * 8) >= 0,\n MIPS_INS_BGTZ: lambda ops: to_signed(ops[0], ptrsize * 8) > 0,\n MIPS_INS_BLEZ: lambda ops: to_signed(ops[0], ptrsize * 8) <= 0,\n MIPS_INS_BLTZAL: lambda ops: to_signed(ops[0], ptrsize * 8) < 0,\n MIPS_INS_BLTZ: lambda ops: to_signed(ops[0], ptrsize * 8) < 0,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_SIMPLE_DESTINATION_INSTRUCTIONS","title":"MIPS_SIMPLE_DESTINATION_INSTRUCTIONS module-attribute","text":"MIPS_SIMPLE_DESTINATION_INSTRUCTIONS = {\n MIPS_INS_CLO,\n MIPS_INS_CLZ,\n MIPS_INS_DCLO,\n MIPS_INS_DCLZ,\n MIPS_INS_LSA,\n MIPS_INS_DLSA,\n MIPS_INS_MFHI,\n MIPS_INS_MFLO,\n MIPS_INS_SEB,\n MIPS_INS_SEH,\n MIPS_INS_WSBH,\n MIPS_INS_SLT,\n MIPS_INS_SLTI,\n MIPS_INS_SLTIU,\n MIPS_INS_SLTU,\n MIPS_INS_MOVN,\n MIPS_INS_LDL,\n MIPS_INS_LDR,\n MIPS_INS_LWL,\n MIPS_INS_LWR,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_LOAD_INSTRUCTIONS","title":"MIPS_LOAD_INSTRUCTIONS module-attribute","text":"MIPS_LOAD_INSTRUCTIONS = {\n MIPS_INS_LB: -1,\n MIPS_INS_LBU: 1,\n MIPS_INS_LH: -2,\n MIPS_INS_LHU: 2,\n MIPS_INS_LW: -4,\n MIPS_INS_LWU: 4,\n MIPS_INS_LWPC: -4,\n MIPS_INS_LWUPC: 4,\n MIPS_INS_LD: -8,\n MIPS_INS_LDPC: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_STORE_INSTRUCTIONS","title":"MIPS_STORE_INSTRUCTIONS module-attribute","text":"MIPS_STORE_INSTRUCTIONS = {\n MIPS_INS_SB: 1,\n MIPS_INS_SH: 2,\n MIPS_INS_SW: 4,\n MIPS_INS_SD: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_BINARY_OPERATIONS","title":"MIPS_BINARY_OPERATIONS module-attribute","text":"MIPS_BINARY_OPERATIONS = {\n MIPS_INS_ADD: \"+\",\n MIPS_INS_ADDI: \"+\",\n MIPS_INS_ADDIU: \"+\",\n MIPS_INS_ADDU: \"+\",\n MIPS_INS_DADD: \"+\",\n MIPS_INS_DADDI: \"+\",\n MIPS_INS_DADDIU: \"+\",\n MIPS_INS_DADDU: \"+\",\n MIPS_INS_SUB: \"-\",\n MIPS_INS_SUBU: \"-\",\n MIPS_INS_DSUB: \"-\",\n MIPS_INS_DSUBU: \"-\",\n MIPS_INS_ANDI: \"&\",\n MIPS_INS_AND: \"&\",\n MIPS_INS_ORI: \"|\",\n MIPS_INS_OR: \"|\",\n MIPS_INS_XOR: \"^\",\n MIPS_INS_XORI: \"^\",\n MIPS_INS_SLL: \"<<\",\n MIPS_INS_SLLV: \"<<\",\n MIPS_INS_DSLL: \"<<\",\n MIPS_INS_DSLLV: \"<<\",\n MIPS_INS_SRL: \">>\",\n MIPS_INS_SRLV: \">>\",\n MIPS_INS_DSRL: \">>\",\n MIPS_INS_DSRLV: \">>\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant","title":"MipsDisassemblyAssistant","text":"MipsDisassemblyAssistant(architecture)\n
Bases: DisassemblyAssistant
Methods:
-
enhance \u2013 Enhance the instruction - resolving branch targets, conditionals, and adding annotations
-
can_reason_about_process_state \u2013 Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump \u2013 Debug-only method.
Attributes:
-
annotation_handlers (dict[int, Callable[[PwndbgInstruction, Emulator], None]]) \u2013 -
architecture (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
op_handlers (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.annotation_handlers","title":"annotation_handlers instance-attribute","text":"annotation_handlers: dict[\n int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n MIPS_INS_MOVE: _common_move_annotator,\n MIPS_INS_ALIAS_MOVE: _common_move_annotator,\n MIPS_INS_LI: _common_move_annotator,\n MIPS_INS_LUI: _lui_annotator,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.architecture","title":"architecture instance-attribute","text":"architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.op_handlers","title":"op_handlers instance-attribute","text":"op_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.op_names","title":"op_names instance-attribute","text":"op_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.enhance","title":"enhance","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\n
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/ppc/","title":"pwndbg.aglib.disasm.ppc","text":""},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc","title":"ppc","text":""},{"location":"reference/pwndbg/aglib/disasm/riscv/","title":"pwndbg.aglib.disasm.riscv","text":""},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv","title":"riscv","text":"Classes:
-
RISCVDisassemblyAssistant \u2013
Attributes:
-
RISCV_LOAD_INSTRUCTIONS \u2013 -
RISCV_STORE_INSTRUCTIONS \u2013 -
RISCV_MATH_INSTRUCTIONS \u2013 -
RISCV_EMULATED_ANNOTATIONS \u2013
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_LOAD_INSTRUCTIONS","title":"RISCV_LOAD_INSTRUCTIONS module-attribute","text":"RISCV_LOAD_INSTRUCTIONS = {\n RISCV_INS_LB: -1,\n RISCV_INS_LH: -2,\n RISCV_INS_LW: -4,\n RISCV_INS_LBU: 1,\n RISCV_INS_LHU: 2,\n RISCV_INS_LWU: 4,\n RISCV_INS_LD: 8,\n RISCV_INS_C_LW: -4,\n RISCV_INS_C_LWSP: -4,\n RISCV_INS_C_LD: 8,\n RISCV_INS_C_LDSP: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_STORE_INSTRUCTIONS","title":"RISCV_STORE_INSTRUCTIONS module-attribute","text":"RISCV_STORE_INSTRUCTIONS = {\n RISCV_INS_SB: 1,\n RISCV_INS_SH: 2,\n RISCV_INS_SW: 4,\n RISCV_INS_SD: 8,\n RISCV_INS_C_SW: 4,\n RISCV_INS_C_SWSP: 4,\n RISCV_INS_C_SD: 8,\n RISCV_INS_C_SDSP: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_MATH_INSTRUCTIONS","title":"RISCV_MATH_INSTRUCTIONS module-attribute","text":"RISCV_MATH_INSTRUCTIONS = {\n RISCV_INS_ADDI: \"+\",\n RISCV_INS_ADD: \"+\",\n RISCV_INS_C_ADDI: \"+\",\n RISCV_INS_C_ADD: \"+\",\n RISCV_INS_SUB: \"-\",\n RISCV_INS_C_SUB: \"-\",\n RISCV_INS_XORI: \"^\",\n RISCV_INS_XOR: \"^\",\n RISCV_INS_C_XOR: \"^\",\n RISCV_INS_ORI: \"|\",\n RISCV_INS_OR: \"|\",\n RISCV_INS_C_OR: \"|\",\n RISCV_INS_ANDI: \"&\",\n RISCV_INS_C_ANDI: \"&\",\n RISCV_INS_AND: \"&\",\n RISCV_INS_C_AND: \"&\",\n RISCV_INS_SLLI: \"<<\",\n RISCV_INS_C_SLLI: \"<<\",\n RISCV_INS_SLL: \"<<\",\n RISCV_INS_SRLI: \">>\",\n RISCV_INS_C_SRLI: \">>\",\n RISCV_INS_SRL: \">>\",\n RISCV_INS_SRAI: \">>s\",\n RISCV_INS_C_SRAI: \">>s\",\n RISCV_INS_SRA: \">>s\",\n RISCV_INS_MUL: \"*\",\n RISCV_INS_MULH: \"*\",\n RISCV_INS_MULHSU: \"*\",\n RISCV_INS_MULHU: \"*\",\n RISCV_INS_DIV: \"/\",\n RISCV_INS_DIVU: \"/\",\n RISCV_INS_REM: \"%\",\n RISCV_INS_REMU: \"%\",\n RISCV_INS_C_ADDI4SPN: \"+\",\n RISCV_INS_C_ADDI16SP: \"+\",\n RISCV_INS_ADDIW: \"+\",\n RISCV_INS_ADDW: \"+\",\n RISCV_INS_SUBW: \"-\",\n RISCV_INS_SLLIW: \"<<\",\n RISCV_INS_SLLW: \"<<\",\n RISCV_INS_SRLIW: \">>\",\n RISCV_INS_SRLW: \">>\",\n RISCV_INS_SRAIW: \">>s\",\n RISCV_INS_SRAW: \">>s\",\n RISCV_INS_MULW: \"*\",\n RISCV_INS_DIVW: \"/\",\n RISCV_INS_DIVUW: \"/\",\n RISCV_INS_REMW: \"%\",\n RISCV_INS_REMUW: \"%\",\n RISCV_INS_C_ADDIW: \"+\",\n RISCV_INS_C_ADDW: \"+\",\n RISCV_INS_C_SUBW: \"-\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_EMULATED_ANNOTATIONS","title":"RISCV_EMULATED_ANNOTATIONS module-attribute","text":"RISCV_EMULATED_ANNOTATIONS = {\n RISCV_INS_SLT,\n RISCV_INS_SLTU,\n RISCV_INS_SLTI,\n RISCV_INS_SLTIU,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant","title":"RISCVDisassemblyAssistant","text":"RISCVDisassemblyAssistant(architecture)\n
Bases: DisassemblyAssistant
Methods:
-
enhance \u2013 Enhance the instruction - resolving branch targets, conditionals, and adding annotations
-
can_reason_about_process_state \u2013 Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump \u2013 Debug-only method.
Attributes:
-
architecture \u2013 -
annotation_handlers (Dict[int, Callable[[PwndbgInstruction, Emulator], None]]) \u2013 -
op_handlers (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.architecture","title":"architecture instance-attribute","text":"architecture = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.annotation_handlers","title":"annotation_handlers instance-attribute","text":"annotation_handlers: Dict[\n int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n RISCV_INS_AUIPC: _auipc_annotator,\n RISCV_INS_C_MV: _common_move_annotator,\n RISCV_INS_C_LI: _common_move_annotator,\n RISCV_INS_LUI: _lui_annotator,\n RISCV_INS_C_LUI: _lui_annotator,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.op_handlers","title":"op_handlers instance-attribute","text":"op_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.op_names","title":"op_names instance-attribute","text":"op_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.enhance","title":"enhance","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\n
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/sparc/","title":"pwndbg.aglib.disasm.sparc","text":""},{"location":"reference/pwndbg/aglib/disasm/sparc/#pwndbg.aglib.disasm.sparc","title":"sparc","text":"Attributes:
-
SPARC_LOAD_INSTRUCTIONS \u2013 -
SPARC_STORE_INSTRUCTIONS \u2013
"},{"location":"reference/pwndbg/aglib/disasm/sparc/#pwndbg.aglib.disasm.sparc.SPARC_LOAD_INSTRUCTIONS","title":"SPARC_LOAD_INSTRUCTIONS module-attribute","text":"SPARC_LOAD_INSTRUCTIONS = {\n SPARC_INS_LDUB: 1,\n SPARC_INS_LDSB: 1,\n SPARC_INS_LDUH: 2,\n SPARC_INS_LDSH: 2,\n SPARC_INS_LD: 4,\n SPARC_INS_LDD: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/sparc/#pwndbg.aglib.disasm.sparc.SPARC_STORE_INSTRUCTIONS","title":"SPARC_STORE_INSTRUCTIONS module-attribute","text":"SPARC_STORE_INSTRUCTIONS = {\n SPARC_INS_STB: 1,\n SPARC_INS_STH: 2,\n SPARC_INS_ST: 4,\n SPARC_INS_STD: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/","title":"pwndbg.aglib.disasm.x86","text":""},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86","title":"x86","text":"Classes:
-
X86DisassemblyAssistant \u2013
Attributes:
-
groups \u2013 -
ops \u2013 -
regs \u2013 -
access \u2013 -
X86_MATH_INSTRUCTIONS \u2013
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.groups","title":"groups module-attribute","text":"groups = {v: _2for (k, v) in items() if startswith('X86_GRP_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.ops","title":"ops module-attribute","text":"ops = {v: _lfor (k, v) in items() if startswith('X86_OP_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.regs","title":"regs module-attribute","text":"regs = {v: _Cfor (k, v) in items() if startswith('X86_REG_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.access","title":"access module-attribute","text":"access = {v: _ofor (k, v) in items() if startswith('CS_AC_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86_MATH_INSTRUCTIONS","title":"X86_MATH_INSTRUCTIONS module-attribute","text":"X86_MATH_INSTRUCTIONS = {\n X86_INS_ADD: \"+\",\n X86_INS_SUB: \"-\",\n X86_INS_AND: \"&\",\n X86_INS_OR: \"|\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant","title":"X86DisassemblyAssistant","text":"X86DisassemblyAssistant(architecture)\n
Bases: DisassemblyAssistant
Methods:
-
handle_mov \u2013 -
handle_vmovaps \u2013 -
handle_lea \u2013 -
handle_xchg \u2013 -
handle_pop \u2013 -
handle_xor \u2013 -
handle_inc \u2013 -
handle_dec \u2013 -
memory_string_with_components_resolved \u2013 -
enhance \u2013 Enhance the instruction - resolving branch targets, conditionals, and adding annotations
-
can_reason_about_process_state \u2013 Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump \u2013 Debug-only method.
Attributes:
-
annotation_handlers (dict[int, Callable[[PwndbgInstruction, Emulator], None]]) \u2013 -
architecture (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
op_handlers (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.annotation_handlers","title":"annotation_handlers instance-attribute","text":"annotation_handlers: dict[\n int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n X86_INS_MOV: handle_mov,\n X86_INS_MOVABS: handle_mov,\n X86_INS_MOVZX: handle_mov,\n X86_INS_MOVD: handle_mov,\n X86_INS_MOVQ: handle_mov,\n X86_INS_MOVSXD: handle_mov,\n X86_INS_MOVSX: handle_mov,\n X86_INS_MOVAPS: handle_vmovaps,\n X86_INS_VMOVAPS: handle_vmovaps,\n X86_INS_LEA: handle_lea,\n X86_INS_XCHG: handle_xchg,\n X86_INS_POP: handle_pop,\n X86_INS_CMP: _common_cmp_annotator_builder(\"eflags\", \"-\"),\n X86_INS_TEST: _common_cmp_annotator_builder(\"eflags\", \"&\"),\n X86_INS_XOR: handle_xor,\n X86_INS_INC: handle_inc,\n X86_INS_DEC: handle_dec,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.architecture","title":"architecture instance-attribute","text":"architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.op_handlers","title":"op_handlers instance-attribute","text":"op_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.op_names","title":"op_names instance-attribute","text":"op_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_mov","title":"handle_mov","text":"handle_mov(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_vmovaps","title":"handle_vmovaps","text":"handle_vmovaps(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_lea","title":"handle_lea","text":"handle_lea(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_xchg","title":"handle_xchg","text":"handle_xchg(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_pop","title":"handle_pop","text":"handle_pop(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_xor","title":"handle_xor","text":"handle_xor(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_inc","title":"handle_inc","text":"handle_inc(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_dec","title":"handle_dec","text":"handle_dec(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.memory_string_with_components_resolved","title":"memory_string_with_components_resolved","text":"memory_string_with_components_resolved(\n instruction: PwndbgInstruction, op: EnhancedOperand\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.enhance","title":"enhance","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\n
Debug-only method.
"},{"location":"reference/pwndbg/aglib/dt/","title":"pwndbg.aglib.dt","text":""},{"location":"reference/pwndbg/aglib/dt/#pwndbg.aglib.dt","title":"dt","text":"Prints structures in a manner similar to WinDbg's \"dt\" command.
Functions:
"},{"location":"reference/pwndbg/aglib/dt/#pwndbg.aglib.dt.dt","title":"dt","text":"dt(\n name: str = \"\", addr: int | Value | None = None, obj: Value | None = None\n) -> str\n
Dump out a structure type WinDbg style.
"},{"location":"reference/pwndbg/aglib/dynamic/","title":"pwndbg.aglib.dynamic","text":""},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic","title":"dynamic","text":"Dynamic linking interface.
This module provides an interface to analyze various aspects of dynamically linked programs.
It also defines a hook that watches for changes to the link map communicated by ld.so, and exposes an event that other parts of pwndbg can tap into, but one that may have a somewhat obtuse beahvior, due to limitations in GDB. See r_debug_install_link_map_changed_hook for more information.
Classes:
-
LinkMapEntry \u2013 An entry in the link map.
-
DynamicSegment \u2013 Parser for the DYNAMIC segment present in a binary image.
-
CStruct \u2013 Utility class for reading fields off of C structs.
Functions:
-
is_dynamic \u2013 Returns whether the current inferior is dynamic.
-
r_debug_link_map_changed_hook \u2013 Hook that gets activated whenever the link map changes.
-
r_debug_install_link_map_changed_hook \u2013 Installs the r_debug-based hook to the change event of the link map.
-
r_debug_link_map_changed_add_listener \u2013 Install a callback to be called whenever r_debug signal of there being a
-
r_debug_link_map_changed_remove_listener \u2013 Removes a listener previously installed with
-
link_map_head \u2013 Acquires a reference to the head entry of the link map.
-
link_map \u2013 Iterator over all the entries in the link map.
-
elf32_r_sym \u2013 Returns the r_sym portion of the r_info relocation field for ELF32.
-
elf32_r_type \u2013 Returns the r_type portion of the r_info relocation field for ELF32.
-
elf64_r_sym \u2013 Returns the r_sym portion of the r_info relocation field for ELF64.
-
elf64_r_type \u2013 Returns the r_type portion of the r_info relocation field for ELF64.
Attributes:
-
R_DEBUG_LINK_MAP_CHANGED_HOOK \u2013 -
R_DEBUG_LINK_MAP_CHANGED_LISTENERS (set[Callable[..., Any]]) \u2013 -
DYNAMIC_SECTION_ALLOW_MULTIPLE \u2013 -
DYNAMIC_SECTION_REQUIRED_TAGS \u2013
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.R_DEBUG_LINK_MAP_CHANGED_HOOK","title":"R_DEBUG_LINK_MAP_CHANGED_HOOK module-attribute","text":"R_DEBUG_LINK_MAP_CHANGED_HOOK = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.R_DEBUG_LINK_MAP_CHANGED_LISTENERS","title":"R_DEBUG_LINK_MAP_CHANGED_LISTENERS module-attribute","text":"R_DEBUG_LINK_MAP_CHANGED_LISTENERS: set[Callable[..., Any]] = set()\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DYNAMIC_SECTION_ALLOW_MULTIPLE","title":"DYNAMIC_SECTION_ALLOW_MULTIPLE module-attribute","text":"DYNAMIC_SECTION_ALLOW_MULTIPLE = {DT_NEEDED}\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DYNAMIC_SECTION_REQUIRED_TAGS","title":"DYNAMIC_SECTION_REQUIRED_TAGS module-attribute","text":"DYNAMIC_SECTION_REQUIRED_TAGS = {DT_STRTAB, DT_STRSZ, DT_SYMTAB, DT_SYMENT}\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry","title":"LinkMapEntry","text":"LinkMapEntry(address)\n
An entry in the link map.
Methods:
-
name \u2013 The name of the binary image this entry describes.
-
dynamic \u2013 The pointer to the memory mapped dynamic segment of the binary image.
-
load_bias \u2013 The difference between the addresses in the data structures of the
-
next \u2013 The next entry in the chain, if any.
-
prev \u2013 The previous entry in the chain, if any.
-
__repr__ \u2013
Attributes:
-
link_map \u2013 -
link_map_address \u2013
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.link_map","title":"link_map instance-attribute","text":"link_map = link_map()\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.link_map_address","title":"link_map_address instance-attribute","text":"link_map_address = address\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.name","title":"name","text":"name()\n
The name of the binary image this entry describes.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.dynamic","title":"dynamic","text":"dynamic()\n
The pointer to the memory mapped dynamic segment of the binary image.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.load_bias","title":"load_bias","text":"load_bias()\n
The difference between the addresses in the data structures of the binary image and the actual location of the data being pointed to by them in the address space of the inferior. This number will never be negative.
Aditionally, for DYN images, such as PIE executables and shared libraries, this value is the same as the base load address of the image.
The term \"load bias\" comes from the ELF binary format loading procedure in the Linux Kernel.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.next","title":"next","text":"next()\n
The next entry in the chain, if any.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.prev","title":"prev","text":"prev()\n
The previous entry in the chain, if any.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.__repr__","title":"__repr__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment","title":"DynamicSegment","text":"DynamicSegment(address, load_bias)\n
Parser for the DYNAMIC segment present in a binary image.
Methods:
-
jmprel_has_addend \u2013 Returns whether the r_addend field is available in entries of JMPREL.
-
rela_read \u2013 Reads the requested field from the entry of the given index in RELA.
-
rel_read \u2013 Reads the requested field from the entry of the given index in REL.
-
jmprel_read \u2013 Reads the requested field from the entry of the given index in JMPREL.
-
rela_entry_count \u2013 Returns the number of RELA entries.
-
rel_entry_count \u2013 Returns the number of REL entries.
-
jmprel_entry_count \u2013 Returns the number of JMPREL entries.
-
string \u2013 Reads the string at index i from the string table.
-
symtab_read \u2013 Reads the requested field from the entry of given index in the symbol
-
dyn_array_read \u2013 Reads the requested field from the entry of given index in the dynamic
-
dyn_array_read_tag_val \u2013 Reads the d_un field from the entry of given tag in the dynamic
Attributes:
-
symtab_elem \u2013 -
jmprel_addr \u2013 -
rela_addr \u2013 -
rel_addr \u2013 -
jmprel_elem \u2013 -
rela_elem \u2013 -
rel_elem \u2013 -
jmprel_r_sym_fn \u2013 -
jmprel_r_info_fn \u2013 -
rela_r_sym_fn \u2013 -
rela_r_info_fn \u2013 -
rel_r_sym_fn \u2013 -
rel_r_info_fn \u2013 -
entries \u2013 -
address \u2013 -
load_bias \u2013 -
elf_dyn \u2013 -
entries_by_tag (dict[Any, Any]) \u2013 -
strtab_addr \u2013 -
strtab_size \u2013 -
symtab_addr \u2013 -
has_jmprel \u2013 -
has_rela \u2013 -
has_rel \u2013 -
rela_r_sym \u2013 -
rela_r_type \u2013 -
rel_r_sym \u2013 -
rel_r_type \u2013 -
jmprel_r_sym \u2013 -
jmprel_r_type \u2013
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.symtab_elem","title":"symtab_elem class-attribute instance-attribute","text":"symtab_elem = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_addr","title":"jmprel_addr class-attribute instance-attribute","text":"jmprel_addr = 0\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_addr","title":"rela_addr class-attribute instance-attribute","text":"rela_addr = 0\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_addr","title":"rel_addr class-attribute instance-attribute","text":"rel_addr = 0\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_elem","title":"jmprel_elem class-attribute instance-attribute","text":"jmprel_elem = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_elem","title":"rela_elem class-attribute instance-attribute","text":"rela_elem = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_elem","title":"rel_elem class-attribute instance-attribute","text":"rel_elem = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_sym_fn","title":"jmprel_r_sym_fn class-attribute instance-attribute","text":"jmprel_r_sym_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_info_fn","title":"jmprel_r_info_fn class-attribute instance-attribute","text":"jmprel_r_info_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_sym_fn","title":"rela_r_sym_fn class-attribute instance-attribute","text":"rela_r_sym_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_info_fn","title":"rela_r_info_fn class-attribute instance-attribute","text":"rela_r_info_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_sym_fn","title":"rel_r_sym_fn class-attribute instance-attribute","text":"rel_r_sym_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_info_fn","title":"rel_r_info_fn class-attribute instance-attribute","text":"rel_r_info_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.entries","title":"entries instance-attribute","text":"entries = count\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.address","title":"address instance-attribute","text":"address = address\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.load_bias","title":"load_bias instance-attribute","text":"load_bias = load_bias\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.elf_dyn","title":"elf_dyn instance-attribute","text":"elf_dyn = elf_dyn\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.entries_by_tag","title":"entries_by_tag class-attribute instance-attribute","text":"entries_by_tag: dict[Any, Any] = sections\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.strtab_addr","title":"strtab_addr class-attribute instance-attribute","text":"strtab_addr = dyn_array_read_tag_val(DT_STRTAB)\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.strtab_size","title":"strtab_size class-attribute instance-attribute","text":"strtab_size = dyn_array_read_tag_val(DT_STRSZ)\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.symtab_addr","title":"symtab_addr class-attribute instance-attribute","text":"symtab_addr = dyn_array_read_tag_val(DT_SYMTAB)\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.has_jmprel","title":"has_jmprel class-attribute instance-attribute","text":"has_jmprel = (\n DT_JMPREL in sections and DT_PLTREL in sections and DT_PLTRELSZ in sections\n)\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.has_rela","title":"has_rela class-attribute instance-attribute","text":"has_rela = (\n DT_RELA in sections and DT_RELASZ in sections and DT_RELAENT in sections\n)\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.has_rel","title":"has_rel class-attribute instance-attribute","text":"has_rel = DT_REL in sections and DT_RELSZ in sections and DT_RELENT in sections\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_sym","title":"rela_r_sym instance-attribute","text":"rela_r_sym = elf32_r_sym\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_type","title":"rela_r_type instance-attribute","text":"rela_r_type = elf32_r_type\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_sym","title":"rel_r_sym instance-attribute","text":"rel_r_sym = elf32_r_sym\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_type","title":"rel_r_type instance-attribute","text":"rel_r_type = elf32_r_type\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_sym","title":"jmprel_r_sym instance-attribute","text":"jmprel_r_sym = elf32_r_sym\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_type","title":"jmprel_r_type instance-attribute","text":"jmprel_r_type = elf32_r_type\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_has_addend","title":"jmprel_has_addend","text":"jmprel_has_addend()\n
Returns whether the r_addend field is available in entries of JMPREL.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_read","title":"rela_read","text":"rela_read(i, field)\n
Reads the requested field from the entry of the given index in RELA.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_read","title":"rel_read","text":"rel_read(i, field)\n
Reads the requested field from the entry of the given index in REL.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_read","title":"jmprel_read","text":"jmprel_read(i, field)\n
Reads the requested field from the entry of the given index in JMPREL.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_entry_count","title":"rela_entry_count","text":"rela_entry_count()\n
Returns the number of RELA entries.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_entry_count","title":"rel_entry_count","text":"rel_entry_count()\n
Returns the number of REL entries.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_entry_count","title":"jmprel_entry_count","text":"jmprel_entry_count()\n
Returns the number of JMPREL entries.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.string","title":"string","text":"string(i)\n
Reads the string at index i from the string table.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.symtab_read","title":"symtab_read","text":"symtab_read(i, field)\n
Reads the requested field from the entry of given index in the symbol table.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.dyn_array_read","title":"dyn_array_read","text":"dyn_array_read(i, field)\n
Reads the requested field from the entry of given index in the dynamic array.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.dyn_array_read_tag_val","title":"dyn_array_read_tag_val","text":"dyn_array_read_tag_val(tag)\n
Reads the d_un field from the entry of given tag in the dynamic array. Must not be a tag that allows multiple entries.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct","title":"CStruct","text":"CStruct(fields: list[tuple[str, Type, type]])\n
Utility class for reading fields off of C structs.
Without proper debug information it cannot be guaranteed that the calculated field offsets are correct, therefore, reasonable caution should be exercised when using this class. The assumptions made are: - Padding is added between fields so that all internal members are correctly aligned, as long as the struct itself is correctly aligned. - The alignment of the struct is the same as the alignment of its most strictly aligned member. - Padding is added to the end of the struct so that sequentially laid out instances are always correctly aligned. - Stuct sizes must be greater than or equal to 1 byte.
While these assumptions do not apply in all cases, they should be good enough for the structs in ld.so and in the ELF program images.
Methods:
-
link_map \u2013 Creates a new instance describing the ABI-stable part of the link_map
-
r_debug \u2013 Creates a new instance describing the ABI-stable part of the r_debug
-
elfNN_dyn \u2013 Creates a new instance describing the ElfNN_Dyn structure, suitable for
-
elfNN_rel \u2013 Creates a new instance describing the ElfNN_Rel structure, suitable for
-
elfNN_rela \u2013 Creates a new instance describing the ElfNN_Rela structure, suitable for
-
elf32_sym \u2013 Creates a new instance describing the Elf32_Sym srtucture.
-
elf64_sym \u2013 Creates a new instance describing the Elf64_Sym structure.
-
read \u2013 Reads the field with the given name from the struct instance located at
-
has_field \u2013 Returns whether a field with the given name exists in this struct.
Attributes:
-
types (dict[str, Type]) \u2013 -
offsets (dict[str, int]) \u2013 -
converters (dict[str, type]) \u2013 -
size \u2013 -
align \u2013
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.types","title":"types class-attribute instance-attribute","text":"types: dict[str, Type] = {}\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.offsets","title":"offsets class-attribute instance-attribute","text":"offsets: dict[str, int] = {}\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.converters","title":"converters class-attribute instance-attribute","text":"converters: dict[str, type] = {}\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.size","title":"size class-attribute instance-attribute","text":"size = current_offset\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.align","title":"align class-attribute instance-attribute","text":"align = alignment\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.link_map","title":"link_map staticmethod","text":"link_map()\n
Creates a new instance describing the ABI-stable part of the link_map struct.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.r_debug","title":"r_debug staticmethod","text":"r_debug()\n
Creates a new instance describing the ABI-stable part of the r_debug struct.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elfNN_dyn","title":"elfNN_dyn staticmethod","text":"elfNN_dyn()\n
Creates a new instance describing the ElfNN_Dyn structure, suitable for the architecture of the inferior.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elfNN_rel","title":"elfNN_rel staticmethod","text":"elfNN_rel()\n
Creates a new instance describing the ElfNN_Rel structure, suitable for the architecture of the inferior.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elfNN_rela","title":"elfNN_rela staticmethod","text":"elfNN_rela()\n
Creates a new instance describing the ElfNN_Rela structure, suitable for the architecture of the inferior.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elf32_sym","title":"elf32_sym staticmethod","text":"elf32_sym()\n
Creates a new instance describing the Elf32_Sym srtucture.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elf64_sym","title":"elf64_sym staticmethod","text":"elf64_sym()\n
Creates a new instance describing the Elf64_Sym structure.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.read","title":"read","text":"read(address, name)\n
Reads the field with the given name from the struct instance located at the given address.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.has_field","title":"has_field","text":"has_field(name) -> bool\n
Returns whether a field with the given name exists in this struct.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.is_dynamic","title":"is_dynamic","text":"is_dynamic() -> bool\n
Returns whether the current inferior is dynamic.
Not all programs are dynamically linked, or even need the dynamic loader at all. Since this module is entirely reliant on at least the presence of the dynamic loader, and really only makes sense for dynamic programs, it should not be used at all with programs that don't participate in dynamic linkage, or when there is a dynamic linker, but we have no way to talk to it.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_link_map_changed_hook","title":"r_debug_link_map_changed_hook","text":"r_debug_link_map_changed_hook() -> Callable[[StopPoint], bool]\n
Hook that gets activated whenever the link map changes.
The r_debug structure, in addition to having a refence to the head of the link map, also has, in its ABI-stable part, a reference to an address that can have a breakpoint attached to it, such that whenever the contents of the link map change, that breakpoint will be triggered1.
We take advantage of that here, by installing our own breakpoint in that location, and watching for trigger events, so that we can notify other bits of pwndbg that the contents of the link_map() function will be different.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_install_link_map_changed_hook","title":"r_debug_install_link_map_changed_hook","text":"r_debug_install_link_map_changed_hook() -> None\n
Installs the r_debug-based hook to the change event of the link map.
This function is a bit tricky, because ideally we want it to be run as soon as possible, before even the dynamic linker runs, but after both it and the main binary have been mapped into the address space of the inferior. While doing this manually would be trivial - seeing as there is a command in GDB that gives the user control at the exact place we would like -, there does not seem to be a way of easily doing this from inside Python.
Because of this, parts of the code that rely on the hook should try calling this function and firing their own listeners manually at least once.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_link_map_changed_add_listener","title":"r_debug_link_map_changed_add_listener","text":"r_debug_link_map_changed_add_listener(handler: Callable[..., Any]) -> None\n
Install a callback to be called whenever r_debug signal of there being a change in the link map link map is triggered.
Keep in mind this function may be called before the hook that calls the listeners is installed, and, until it is installed, no listener callbacks will actually be triggered. See r_debug_install_link_map_changed_hook.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_link_map_changed_remove_listener","title":"r_debug_link_map_changed_remove_listener","text":"r_debug_link_map_changed_remove_listener(handler: Callable[..., Any]) -> None\n
Removes a listener previously installed with r_debug_link_map_changed_add_listener().
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.link_map_head","title":"link_map_head","text":"link_map_head()\n
Acquires a reference to the head entry of the link map.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.link_map","title":"link_map","text":"link_map()\n
Iterator over all the entries in the link map.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf32_r_sym","title":"elf32_r_sym","text":"elf32_r_sym(r_info)\n
Returns the r_sym portion of the r_info relocation field for ELF32.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf32_r_type","title":"elf32_r_type","text":"elf32_r_type(r_info)\n
Returns the r_type portion of the r_info relocation field for ELF32.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf64_r_sym","title":"elf64_r_sym","text":"elf64_r_sym(r_info)\n
Returns the r_sym portion of the r_info relocation field for ELF64.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf64_r_type","title":"elf64_r_type","text":"elf64_r_type(r_info)\n
Returns the r_type portion of the r_info relocation field for ELF64.
"},{"location":"reference/pwndbg/aglib/elf/","title":"pwndbg.aglib.elf","text":""},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf","title":"elf","text":"This file declares types and methods useful for enumerating all of the address spaces and permissions of an ELF file in memory.
This is necessary for when access to /proc is restricted, or when working on a BSD system which simply does not have /proc.
Classes:
Functions:
-
update \u2013 -
read \u2013 -
get_elf_info \u2013 Parse and return ELFInfo.
-
get_elf_info_rebased \u2013 Parse and return ELFInfo with all virtual addresses rebased to vaddr
-
get_containing_segments \u2013 -
get_containing_sections \u2013 -
dump_section_by_name \u2013 Dump the content of a section from an ELF file, return the start address, size and content.
-
dump_relocations_by_section_name \u2013 Dump the relocation entries of a section from an ELF file, return a generator of Relocation objects.
-
exe \u2013 Return a loaded ELF header object pointing to the Ehdr of the
-
entry \u2013 Return the address of the entry point for the main executable.
-
load \u2013 -
reset_ehdr_type_loaded \u2013 -
get_ehdr \u2013 Returns an ehdr object for the ELF pointer points into.
-
get_phdrs \u2013 Returns a tuple containing (phnum, phentsize, gdb.Value),
-
iter_phdrs \u2013 -
map \u2013 Given a pointer into an ELF module, return a list of all loaded
-
map_inner \u2013
Attributes:
-
module \u2013 -
Ehdr \u2013 -
Phdr \u2013 -
T \u2013 -
ehdr_type_loaded \u2013
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.module","title":"module module-attribute","text":"module = modules[__name__]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.Ehdr","title":"Ehdr module-attribute","text":"Ehdr = Union[Elf32_Ehdr, Elf64_Ehdr]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.Phdr","title":"Phdr module-attribute","text":"Phdr = Union[Elf32_Phdr, Elf64_Phdr]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.T","title":"T module-attribute","text":"T = TypeVar('T', Union[Elf32_Ehdr, Elf64_Ehdr], Union[Elf32_Phdr, Elf64_Phdr])\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ehdr_type_loaded","title":"ehdr_type_loaded module-attribute","text":"ehdr_type_loaded = 0\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo","title":"ELFInfo","text":" Bases: NamedTuple
ELF metadata and structures.
Attributes:
-
header (dict[str, int | str]) \u2013 -
sections (list[dict[str, int | str]]) \u2013 -
segments (list[dict[str, int | str]]) \u2013 -
is_pic (bool) \u2013 -
is_pie (bool) \u2013
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.header","title":"header instance-attribute","text":"header: dict[str, int | str]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.sections","title":"sections instance-attribute","text":"sections: list[dict[str, int | str]]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.segments","title":"segments instance-attribute","text":"segments: list[dict[str, int | str]]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.is_pic","title":"is_pic property","text":"is_pic: bool\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.is_pie","title":"is_pie property","text":"is_pie: bool\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.update","title":"update","text":"update() -> None\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.read","title":"read","text":"read(typ: T, address: int, blob: bytearray | None = None) -> T\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_elf_info","title":"get_elf_info","text":"get_elf_info(filepath: str) -> ELFInfo\n
Parse and return ELFInfo.
Adds various calculated properties to the ELF header, segments and sections. Such added properties are those with prefix 'x_' in the returned dicts.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_elf_info_rebased","title":"get_elf_info_rebased","text":"get_elf_info_rebased(filepath: str, vaddr: int) -> ELFInfo\n
Parse and return ELFInfo with all virtual addresses rebased to vaddr
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_containing_segments","title":"get_containing_segments","text":"get_containing_segments(elf_filepath: str, elf_loadaddr: int, vaddr: int)\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_containing_sections","title":"get_containing_sections","text":"get_containing_sections(elf_filepath: str, elf_loadaddr: int, vaddr: int)\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.dump_section_by_name","title":"dump_section_by_name","text":"dump_section_by_name(\n filepath: str, section_name: str, try_local_path: bool = False\n) -> tuple[int, int, bytes] | None\n
Dump the content of a section from an ELF file, return the start address, size and content.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.dump_relocations_by_section_name","title":"dump_relocations_by_section_name","text":"dump_relocations_by_section_name(\n filepath: str, section_name: str, try_local_path: bool = False\n) -> tuple[Relocation, ...] | None\n
Dump the relocation entries of a section from an ELF file, return a generator of Relocation objects.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.exe","title":"exe","text":"exe() -> Ehdr | None\n
Return a loaded ELF header object pointing to the Ehdr of the main executable.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.entry","title":"entry","text":"entry() -> int\n
Return the address of the entry point for the main executable.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.load","title":"load","text":"load(pointer: int) -> Ehdr | None\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.reset_ehdr_type_loaded","title":"reset_ehdr_type_loaded","text":"reset_ehdr_type_loaded() -> None\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_ehdr","title":"get_ehdr","text":"get_ehdr(pointer: int) -> tuple[int | None, Ehdr | None]\n
Returns an ehdr object for the ELF pointer points into.
We expect the pointer to be an address from the binary.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_phdrs","title":"get_phdrs","text":"get_phdrs(pointer: int)\n
Returns a tuple containing (phnum, phentsize, gdb.Value), where the gdb.Value object is an ELF Program Header with the architecture-appropriate structure type.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.iter_phdrs","title":"iter_phdrs","text":"iter_phdrs(ehdr: Ehdr)\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.map","title":"map","text":"map(pointer: int, objfile: str = '') -> tuple[Page, ...]\n
Given a pointer into an ELF module, return a list of all loaded sections in the ELF.
Returns:
Example:
>>> pwndbg.aglib.elf.load(pwndbg.aglib.regs.pc)\n[Page('400000-4ef000 r-xp 0'),\n Page('6ef000-6f0000 r--p ef000'),\n Page('6f0000-6ff000 rw-p f0000')]\n>>> pwndbg.aglib.elf.load(0x7ffff77a2000)\n[Page('7ffff75e7000-7ffff77a2000 r-xp 0x1bb000 0'),\n Page('7ffff77a2000-7ffff79a2000 ---p 0x200000 1bb000'),\n Page('7ffff79a2000-7ffff79a6000 r--p 0x4000 1bb000'),\n Page('7ffff79a6000-7ffff79ad000 rw-p 0x7000 1bf000')]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.map_inner","title":"map_inner","text":"map_inner(ei_class: int, ehdr: Ehdr, objfile: str) -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/file/","title":"pwndbg.aglib.file","text":""},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file","title":"file","text":"Retrieve files from the debuggee's filesystem. Useful when debugging a remote process over SSH or similar, where e.g. /proc/FOO/maps is needed from the remote system.
Functions:
-
reset_remote_files \u2013 -
remote_files_dir \u2013 -
get_proc_exe_file \u2013 Returns the local path to the debugged file name.
-
can_download_remote_file \u2013 -
get_file \u2013 Downloads the specified file from the system where the current process is
-
get \u2013 Retrieves the contents of the specified file on the system
-
readlink \u2013 readlink(path) -> str
-
is_vfile_qemu_user_bug \u2013 -
vfile_readlink \u2013 Reads the target of a symbolic link on the remote system.
-
vfile_readfile \u2013 Reads the entire content of a file on the remote system.
-
vfile_open \u2013 Opens a file on the remote system and returns the file descriptor.
-
gdb_memtox_inverse \u2013 -
vfile_pread \u2013 Reads data from a file descriptor.
-
vfile_close \u2013 Closes a previously opened file descriptor.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.reset_remote_files","title":"reset_remote_files","text":"reset_remote_files() -> None\n
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.remote_files_dir","title":"remote_files_dir","text":"remote_files_dir()\n
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.get_proc_exe_file","title":"get_proc_exe_file","text":"get_proc_exe_file() -> str\n
Returns the local path to the debugged file name.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.can_download_remote_file","title":"can_download_remote_file","text":"can_download_remote_file() -> bool\n
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.get_file","title":"get_file","text":"get_file(path: str, try_local_path: bool = False) -> str\n
Downloads the specified file from the system where the current process is being debugged.
If the path is prefixed with \"target:\" the prefix is stripped (to support remote target paths properly).
If the try_local_path is set to True and the path exists locally and \"target:\" prefix is not present, it will return the local path instead of downloading the file.
Returns:
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.get","title":"get","text":"get(path: str) -> bytes\n
Retrieves the contents of the specified file on the system where the current process is being debugged.
Returns:
-
bytes \u2013 A byte array, or None.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.readlink","title":"readlink","text":"readlink(path: str) -> str\n
readlink(path) -> str
Read the link specified by 'path' on the system being debugged.
Handles local, qemu-usermode, and remote debugging cases.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.is_vfile_qemu_user_bug","title":"is_vfile_qemu_user_bug","text":"is_vfile_qemu_user_bug() -> bool\n
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_readlink","title":"vfile_readlink","text":"vfile_readlink(pathname: str | bytes) -> bytes\n
Reads the target of a symbolic link on the remote system.
:param pathname: The path to the symbolic link (string). :param buffer_size: The size of the buffer to read into (integer). :return: The target of the symbolic link as a string.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_readfile","title":"vfile_readfile","text":"vfile_readfile(filename: str, chunk_size=1000) -> Iterator[bytes]\n
Reads the entire content of a file on the remote system.
:param filename: The path to the file (string). :param chunk_size: The number of bytes to read in each iteration (integer). :return: The complete content of the file as bytes.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_open","title":"vfile_open","text":"vfile_open(filename: str, flags: int, mode: int) -> int\n
Opens a file on the remote system and returns the file descriptor.
:param filename: The path to the file (string). :param flags: Flags passed to the open call (integer, base 16). These correspond to the constant values in the enum OpenOptions from LLDB\u2019s File.h, not the traditional open(2) flags. :param mode: Mode bits for the file (integer, base 16). :return: File descriptor (integer), or raises an exception if an error occurs.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.gdb_memtox_inverse","title":"gdb_memtox_inverse","text":"gdb_memtox_inverse(data: bytes) -> bytes\n
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_pread","title":"vfile_pread","text":"vfile_pread(fd: int, size: int, offset: int) -> tuple[int, bytes]\n
Reads data from a file descriptor.
:param fd: File descriptor (integer). :param size: Number of bytes to read (integer, base 16). :param offset: Offset in the file to start reading from (integer, base 16). :return: Tuple of (bytes_read, data) where bytes_read is an integer and data is the binary data.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_close","title":"vfile_close","text":"vfile_close(fd)\n
Closes a previously opened file descriptor.
:param fd: File descriptor (integer). :return: None, or raises an exception if an error occurs.
"},{"location":"reference/pwndbg/aglib/godbg/","title":"pwndbg.aglib.godbg","text":""},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg","title":"godbg","text":"Classes:
-
FormatOpts \u2013 -
Type \u2013 -
GoTypeKind \u2013 -
GoTypeMeta \u2013 -
BackrefType \u2013 A temporary placeholder type used when dumping recursive types, e.g. type a []a
-
BasicType \u2013 A primitive Go type.
-
SliceType \u2013 A slice type in Go, notated as []inner.
-
PointerType \u2013 A pointer type in Go, notated as *inner.
-
ArrayType \u2013 An array type in Go, notated as [count]inner.
-
MapType \u2013 A map type in Go, notated as map[key]val.
-
StructType \u2013 A struct type in Go, notated as struct(SIZE){FIELDS},
-
RuntimeType \u2013 A value of a runtime reflection type in Go, notated as runtime(SIZE)ADDRESS,
Functions:
-
word_size \u2013 Gets the Go word size for the current architecture.
-
compute_offsets \u2013 Given a list of (size, alignment) for struct field types,
-
compute_named_offsets \u2013 Like compute_offsets, but takes in field names and returns a dictionary
-
load_uint \u2013 -
load_int \u2013 -
load_float \u2013 -
emit_warning \u2013 -
get_elf \u2013 -
read_buildversion \u2013 Reads a Go runtime.buildVersion string to extract the version.
-
get_go_version \u2013 Try to determine the Go version used to compile the binary.
-
get_type_start \u2013 Given the address to a type, try to find the moduledata types section containing it.
-
read_varint_str \u2013 Read a length-prefix string encoded with Go's variable length encoding.
-
read_type_name \u2013 Reads a Go type name given the address to the name.
-
decode_runtime_type \u2013 Decodes a runtime reflection type from memory, returning a (meta, type) tuplee.
-
parse_type \u2013
Attributes:
-
line_width \u2013 -
indent_amount \u2013 -
debug_color \u2013 -
hex_digits \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.line_width","title":"line_width module-attribute","text":"line_width = add_param(\n \"go-dump-line-width\", 80, \"the soft line width for go-dump pretty printing\"\n)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.indent_amount","title":"indent_amount module-attribute","text":"indent_amount = add_param(\n \"go-dump-indent-amount\", 4, \"the indent amount for go-dump pretty printing\"\n)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.debug_color","title":"debug_color module-attribute","text":"debug_color = add_color_param(\n \"go-dump-debug\",\n \"blue\",\n \"color for 'go-dump' command's debug info when --debug is specified\",\n)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.hex_digits","title":"hex_digits module-attribute","text":"hex_digits = set('0123456789abcdefABCDEFxX')\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts","title":"FormatOpts dataclass","text":"FormatOpts(\n int_hex: bool = False,\n debug: bool = False,\n pretty: bool = False,\n float_decimals: int | None = None,\n)\n
Methods:
-
fmt_int \u2013 -
fmt_float \u2013 -
fmt_str \u2013 -
fmt_bytes \u2013 -
fmt_debug \u2013 -
fmt_elems \u2013 -
fmt_ptr \u2013
Attributes:
-
int_hex (bool) \u2013 -
debug (bool) \u2013 -
pretty (bool) \u2013 -
float_decimals (int | None) \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.int_hex","title":"int_hex class-attribute instance-attribute","text":"int_hex: bool = False\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.debug","title":"debug class-attribute instance-attribute","text":"debug: bool = False\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.pretty","title":"pretty class-attribute instance-attribute","text":"pretty: bool = False\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.float_decimals","title":"float_decimals class-attribute instance-attribute","text":"float_decimals: int | None = None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_int","title":"fmt_int","text":"fmt_int(val: int) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_float","title":"fmt_float","text":"fmt_float(val: float) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_str","title":"fmt_str","text":"fmt_str(val: str) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_bytes","title":"fmt_bytes","text":"fmt_bytes(val: bytes) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_debug","title":"fmt_debug","text":"fmt_debug(val: str, default: str = '') -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_elems","title":"fmt_elems","text":"fmt_elems(elems: Iterable[str]) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_ptr","title":"fmt_ptr","text":"fmt_ptr(val: int) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type","title":"Type dataclass","text":"Type(meta: GoTypeMeta | None)\n
Bases: ABC
Methods:
-
dump \u2013 Dump a type from memory given an address and format.
-
size \u2013 Returns the size of a type in bytes.
-
get_typename \u2013 Returns the typename of a type. Should be reparsable via _parse_ty.
-
is_cyclic \u2013 Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
additional_metadata \u2013 Returns a list of lines of additional metadata to dump from the go-type command.
-
__str__ \u2013
Attributes:
-
meta (GoTypeMeta | None) \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.meta","title":"meta instance-attribute","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.dump","title":"dump abstractmethod","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
Dump a type from memory given an address and format.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.size","title":"size abstractmethod","text":"size() -> int\n
Returns the size of a type in bytes.
Used for computing array and struct layouts.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.get_typename","title":"get_typename abstractmethod","text":"get_typename() -> str\n
Returns the typename of a type. Should be reparsable via _parse_ty.
Also used to get the string representation.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.is_cyclic","title":"is_cyclic","text":"is_cyclic() -> bool\n
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\n
Returns a list of lines of additional metadata to dump from the go-type command.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind","title":"GoTypeKind","text":" Bases: IntEnum
Methods:
Attributes:
-
INVALID \u2013 -
BOOL \u2013 -
INT \u2013 -
INT8 \u2013 -
INT16 \u2013 -
INT32 \u2013 -
INT64 \u2013 -
UINT \u2013 -
UINT8 \u2013 -
UINT16 \u2013 -
UINT32 \u2013 -
UINT64 \u2013 -
UINTPTR \u2013 -
FLOAT32 \u2013 -
FLOAT64 \u2013 -
COMPLEX64 \u2013 -
COMPLEX128 \u2013 -
ARRAY \u2013 -
CHAN \u2013 -
FUNC \u2013 -
INTERFACE \u2013 -
MAP \u2013 -
POINTER \u2013 -
SLICE \u2013 -
STRING \u2013 -
STRUCT \u2013 -
UNSAFEPOINTER \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INVALID","title":"INVALID class-attribute instance-attribute","text":"INVALID = 0\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.BOOL","title":"BOOL class-attribute instance-attribute","text":"BOOL = 1\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT","title":"INT class-attribute instance-attribute","text":"INT = 2\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT8","title":"INT8 class-attribute instance-attribute","text":"INT8 = 3\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT16","title":"INT16 class-attribute instance-attribute","text":"INT16 = 4\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT32","title":"INT32 class-attribute instance-attribute","text":"INT32 = 5\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT64","title":"INT64 class-attribute instance-attribute","text":"INT64 = 6\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT","title":"UINT class-attribute instance-attribute","text":"UINT = 7\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT8","title":"UINT8 class-attribute instance-attribute","text":"UINT8 = 8\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT16","title":"UINT16 class-attribute instance-attribute","text":"UINT16 = 9\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT32","title":"UINT32 class-attribute instance-attribute","text":"UINT32 = 10\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT64","title":"UINT64 class-attribute instance-attribute","text":"UINT64 = 11\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINTPTR","title":"UINTPTR class-attribute instance-attribute","text":"UINTPTR = 12\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.FLOAT32","title":"FLOAT32 class-attribute instance-attribute","text":"FLOAT32 = 13\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.FLOAT64","title":"FLOAT64 class-attribute instance-attribute","text":"FLOAT64 = 14\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.COMPLEX64","title":"COMPLEX64 class-attribute instance-attribute","text":"COMPLEX64 = 15\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.COMPLEX128","title":"COMPLEX128 class-attribute instance-attribute","text":"COMPLEX128 = 16\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.ARRAY","title":"ARRAY class-attribute instance-attribute","text":"ARRAY = 17\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.CHAN","title":"CHAN class-attribute instance-attribute","text":"CHAN = 18\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.FUNC","title":"FUNC class-attribute instance-attribute","text":"FUNC = 19\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INTERFACE","title":"INTERFACE class-attribute instance-attribute","text":"INTERFACE = 20\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.MAP","title":"MAP class-attribute instance-attribute","text":"MAP = 21\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.POINTER","title":"POINTER class-attribute instance-attribute","text":"POINTER = 22\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.SLICE","title":"SLICE class-attribute instance-attribute","text":"SLICE = 23\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.STRING","title":"STRING class-attribute instance-attribute","text":"STRING = 24\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.STRUCT","title":"STRUCT class-attribute instance-attribute","text":"STRUCT = 25\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UNSAFEPOINTER","title":"UNSAFEPOINTER class-attribute instance-attribute","text":"UNSAFEPOINTER = 26\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.get_simple_name","title":"get_simple_name","text":"get_simple_name() -> str | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta","title":"GoTypeMeta dataclass","text":"GoTypeMeta(\n name: str,\n kind: GoTypeKind,\n addr: int,\n size: int = 0,\n align: int = 1,\n direct_iface: bool = False,\n)\n
Attributes:
-
name (str) \u2013 -
kind (GoTypeKind) \u2013 -
addr (int) \u2013 -
size (int) \u2013 -
align (int) \u2013 -
direct_iface (bool) \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.kind","title":"kind instance-attribute","text":"kind: GoTypeKind\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.addr","title":"addr instance-attribute","text":"addr: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.size","title":"size class-attribute instance-attribute","text":"size: int = 0\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.align","title":"align class-attribute instance-attribute","text":"align: int = 1\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.direct_iface","title":"direct_iface class-attribute instance-attribute","text":"direct_iface: bool = False\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType","title":"BackrefType dataclass","text":"BackrefType(meta: GoTypeMeta | None, key: int)\n
Bases: Type
A temporary placeholder type used when dumping recursive types, e.g. type a []a
Methods:
-
dump \u2013 -
size \u2013 -
get_typename \u2013 -
is_cyclic \u2013 Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
additional_metadata \u2013 Returns a list of lines of additional metadata to dump from the go-type command.
-
__str__ \u2013
Attributes:
-
key (int) \u2013 -
meta (GoTypeMeta | None) \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.key","title":"key instance-attribute","text":"key: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.meta","title":"meta instance-attribute","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.dump","title":"dump","text":"dump(addr: int, fmt: FormatOpts = FormatOpts())\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.size","title":"size","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.get_typename","title":"get_typename","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.is_cyclic","title":"is_cyclic","text":"is_cyclic() -> bool\n
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\n
Returns a list of lines of additional metadata to dump from the go-type command.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType","title":"BasicType dataclass","text":"BasicType(meta: GoTypeMeta | None, name: str, extra_meta: list[str] = list())\n
Bases: Type
A primitive Go type.
Complex numbers are laid out as a real and imaginary part (both floats). Strings are laid out as a pointer and a length.
Methodless interfaces (the interface{} type) are denoted as any, and interfaces with methods are denoted as interface.
Function pointers are denoted as funcptr.
Methods:
Attributes:
-
name (str) \u2013 -
sz (int) \u2013 -
extra_meta (list[str]) \u2013 -
meta (GoTypeMeta | None) \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.sz","title":"sz class-attribute instance-attribute","text":"sz: int = field(init=False)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.extra_meta","title":"extra_meta class-attribute instance-attribute","text":"extra_meta: list[str] = field(default_factory=list)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.meta","title":"meta instance-attribute","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.dump","title":"dump","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.size","title":"size","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.get_typename","title":"get_typename","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.__post_init__","title":"__post_init__","text":"__post_init__() -> None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.is_cyclic","title":"is_cyclic","text":"is_cyclic() -> bool\n
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType","title":"SliceType dataclass","text":"SliceType(meta: GoTypeMeta | None, inner: Type)\n
Bases: Type
A slice type in Go, notated as []inner.
Slices are laid out as a pointer, length, and capacity.
Methods:
Attributes:
-
inner (Type) \u2013 -
meta (GoTypeMeta | None) \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.inner","title":"inner instance-attribute","text":"inner: Type\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.meta","title":"meta instance-attribute","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.dump","title":"dump","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.size","title":"size","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.get_typename","title":"get_typename","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.is_cyclic","title":"is_cyclic","text":"is_cyclic() -> bool\n
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType","title":"PointerType dataclass","text":"PointerType(meta: GoTypeMeta | None, inner: Type)\n
Bases: Type
A pointer type in Go, notated as *inner.
Methods:
Attributes:
-
inner (Type) \u2013 -
meta (GoTypeMeta | None) \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.inner","title":"inner instance-attribute","text":"inner: Type\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.meta","title":"meta instance-attribute","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.dump","title":"dump","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.size","title":"size","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.get_typename","title":"get_typename","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.is_cyclic","title":"is_cyclic","text":"is_cyclic() -> bool\n
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType","title":"ArrayType dataclass","text":"ArrayType(meta: GoTypeMeta | None, inner: Type, count: int)\n
Bases: Type
An array type in Go, notated as [count]inner.
Arrays are laid out as contiguous data.
Methods:
Attributes:
-
inner (Type) \u2013 -
count (int) \u2013 -
meta (GoTypeMeta | None) \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.inner","title":"inner instance-attribute","text":"inner: Type\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.count","title":"count instance-attribute","text":"count: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.meta","title":"meta instance-attribute","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.dump","title":"dump","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.size","title":"size","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.get_typename","title":"get_typename","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.is_cyclic","title":"is_cyclic","text":"is_cyclic() -> bool\n
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType","title":"MapType dataclass","text":"MapType(meta: GoTypeMeta | None, key: Type, val: Type)\n
Bases: Type
A map type in Go, notated as map[key]val.
Note that maps in Go are actually pointers to the inner map, but the map type printer here directly prints the inner map.
Maps don't have a simple layout, and may reasonably change, but the last change was in 2017, so it probably won't.
The layout assumed is as follows (taken from src/runtime/map.go commit 1b4f1dc):
type hmap struct { count int flags uint8 B uint8 noverflow uint16 hash0 uint32 buckets unsafe.Pointer oldbuckets unsafe.Pointer nevacuate uintptr extra *mapextra }
Methods:
Attributes:
-
key (Type) \u2013 -
val (Type) \u2013 -
meta (GoTypeMeta | None) \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.key","title":"key instance-attribute","text":"key: Type\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.val","title":"val instance-attribute","text":"val: Type\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.meta","title":"meta instance-attribute","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.field_offsets","title":"field_offsets staticmethod","text":"field_offsets() -> dict[str, int]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.dump","title":"dump","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.size","title":"size","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.get_typename","title":"get_typename","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.is_cyclic","title":"is_cyclic","text":"is_cyclic() -> bool\n
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType","title":"StructType dataclass","text":"StructType(\n meta: GoTypeMeta | None,\n fields: list[tuple[str, str | Type, int]],\n sz: int,\n name: str | None = None,\n)\n
Bases: Type
A struct type in Go, notated as struct(SIZE){FIELDS}, where SIZE is the size of the struct in bytes, and FIELDS is a semicolon-separated list of OFFSET:NAME:TYPE fields.
Methods:
Attributes:
-
fields (list[tuple[str, str | Type, int]]) \u2013 -
sz (int) \u2013 -
name (str | None) \u2013 -
meta (GoTypeMeta | None) \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.fields","title":"fields instance-attribute","text":"fields: list[tuple[str, str | Type, int]]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.sz","title":"sz instance-attribute","text":"sz: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.name","title":"name class-attribute instance-attribute","text":"name: str | None = None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.meta","title":"meta instance-attribute","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.dump","title":"dump","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.size","title":"size","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.get_typename","title":"get_typename","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.is_cyclic","title":"is_cyclic","text":"is_cyclic() -> bool\n
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType","title":"RuntimeType dataclass","text":"RuntimeType(meta: GoTypeMeta | None, sz: int, addr: int)\n
Bases: Type
A value of a runtime reflection type in Go, notated as runtime(SIZE)ADDRESS, where SIZE is the size of the type's value in bytes, and ADDRESS is the address of the type.
This type is useful for serializing cyclic types.
Methods:
-
dump \u2013 -
size \u2013 -
get_typename \u2013 -
is_cyclic \u2013 Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
additional_metadata \u2013 Returns a list of lines of additional metadata to dump from the go-type command.
-
__str__ \u2013
Attributes:
-
sz (int) \u2013 -
addr (int) \u2013 -
meta (GoTypeMeta | None) \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.sz","title":"sz instance-attribute","text":"sz: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.addr","title":"addr instance-attribute","text":"addr: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.meta","title":"meta instance-attribute","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.dump","title":"dump","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.size","title":"size","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.get_typename","title":"get_typename","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.is_cyclic","title":"is_cyclic","text":"is_cyclic() -> bool\n
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\n
Returns a list of lines of additional metadata to dump from the go-type command.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.word_size","title":"word_size","text":"word_size() -> int\n
Gets the Go word size for the current architecture.
Values taken from https://github.com/golang/go/blob/20b79fd5775c39061d949569743912ad5e58b0e7/src/go/types/sizes.go#L233-L252
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.compute_offsets","title":"compute_offsets","text":"compute_offsets(fields: Iterable[tuple[int, int]]) -> list[int]\n
Given a list of (size, alignment) for struct field types, returns a list of field offsets for the struct. The last element will be the offset of the struct's end (the struct size).
Layout computation taken from src/go/types/sizes.go commit 1b4f1dc
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.compute_named_offsets","title":"compute_named_offsets","text":"compute_named_offsets(fields: Iterable[tuple[str, int, int]]) -> dict[str, int]\n
Like compute_offsets, but takes in field names and returns a dictionary mapping field name to offset instead.
Also maps in a special $size field with the size of the struct.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.load_uint","title":"load_uint","text":"load_uint(data: bytes, endian: Literal['little', 'big'] | None = None) -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.load_int","title":"load_int","text":"load_int(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.load_float","title":"load_float","text":"load_float(data: bytes) -> float\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.emit_warning","title":"emit_warning","text":"emit_warning(msg: str)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.get_elf","title":"get_elf","text":"get_elf() -> ELFInfo | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.read_buildversion","title":"read_buildversion","text":"read_buildversion(addr: int) -> str\n
Reads a Go runtime.buildVersion string to extract the version.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.get_go_version","title":"get_go_version","text":"get_go_version() -> tuple[int, ...] | None\n
Try to determine the Go version used to compile the binary.
None can be returned if the version couldn't be inferred, at which point it's probably best to assume latest version.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.get_type_start","title":"get_type_start","text":"get_type_start(addr: int | None = None) -> int | None\n
Given the address to a type, try to find the moduledata types section containing it.
Necessary to determine the base address that the type name is offset by.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.read_varint_str","title":"read_varint_str","text":"read_varint_str(addr: int) -> bytes\n
Read a length-prefix string encoded with Go's variable length encoding.
Implementation taken from https://github.com/golang/go/blob/9d33956503c0d96c0c5666d374173f7ac9756d98/src/internal/abi/type.go#L640-L649
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.read_type_name","title":"read_type_name","text":"read_type_name(addr: int) -> bytes\n
Reads a Go type name given the address to the name.
Go type names are stored as a 1 byte bitfield followed by a varint length prefixed string after 1.17.
Prior to 1.17, they were stored as a 1 byte bitfield followed by a 2 byte length prefixed string.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.decode_runtime_type","title":"decode_runtime_type","text":"decode_runtime_type(\n addr: int, keep_backrefs: bool = False\n) -> tuple[GoTypeMeta, Type | None]\n
Decodes a runtime reflection type from memory, returning a (meta, type) tuplee.
The layout assumed is as follows (taken from src/internal/abi/type.go commit 1b4f1dc):
type Type struct { Size_ uintptr PtrBytes uintptr Hash uint32 TFlag TFlag Align_ uint8 FieldAlign_ uint8 Kind_ Kind Equal func(unsafe.Pointer, unsafe.Pointer) bool GCData *byte Str NameOff PtrToThis TypeOff }
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.parse_type","title":"parse_type","text":"parse_type(ty: str) -> Type\n
"},{"location":"reference/pwndbg/aglib/heap/","title":"pwndbg.aglib.heap","text":""},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap","title":"heap","text":"Modules:
-
heap \u2013 -
jemalloc \u2013 -
ptmalloc \u2013 -
structs \u2013
Functions:
-
add_heap_param \u2013 -
update \u2013 -
reset \u2013 -
resolve_heap \u2013
Attributes:
-
current (MemoryAllocator | None) \u2013 -
main_arena \u2013 -
thread_arena \u2013 -
mp_ \u2013 -
tcache \u2013 -
global_max_fast \u2013 -
symbol_list \u2013 -
heap_chain_limit \u2013 -
heap_corruption_check_limit \u2013 -
extra_hint_for_gdb \u2013 -
resolve_heap_via_heuristic \u2013
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.current","title":"current module-attribute","text":"current: MemoryAllocator | None = None\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.main_arena","title":"main_arena module-attribute","text":"main_arena = add_heap_param('main-arena', '0', 'the address of main_arena')\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.thread_arena","title":"thread_arena module-attribute","text":"thread_arena = add_heap_param(\n \"thread-arena\", \"0\", \"the address pointed by thread_arena\"\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.mp_","title":"mp_ module-attribute","text":"mp_ = add_heap_param('mp', '0', 'the address of mp_')\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.tcache","title":"tcache module-attribute","text":"tcache = add_heap_param('tcache', '0', 'the address pointed by tcache')\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.global_max_fast","title":"global_max_fast module-attribute","text":"global_max_fast = add_heap_param(\n \"global-max-fast\", \"0\", \"the address of global_max_fast\"\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.symbol_list","title":"symbol_list module-attribute","text":"symbol_list = [main_arena, thread_arena, mp_, tcache, global_max_fast]\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.heap_chain_limit","title":"heap_chain_limit module-attribute","text":"heap_chain_limit = add_heap_param(\n \"heap-dereference-limit\",\n 8,\n \"number of chunks to dereference in each bin\",\n param_class=PARAM_UINTEGER,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.heap_corruption_check_limit","title":"heap_corruption_check_limit module-attribute","text":"heap_corruption_check_limit = add_heap_param(\n \"heap-corruption-check-limit\",\n 64,\n \"amount of chunks to traverse for the bin corruption check\",\n param_class=PARAM_UINTEGER,\n help_docstring=\"\\nThe bins are traversed both forwards and backwards.\\n\",\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.extra_hint_for_gdb","title":"extra_hint_for_gdb module-attribute","text":"extra_hint_for_gdb = \"\\nIn addition, even you have the debug symbols of libc, you might still see the\\nfollowing warning when debugging a multi-threaded program:\\n```\\nwarning: Unable to find libthread_db matching inferior's thread library, thread\\ndebugging will not be available.\\n```\\n\\nYou'll need to ensure that the correct `libthread_db.so` is loaded. To do this,\\nset the search path using:\\n```\\nset libthread-db-search-path <path having correct libthread_db.so>\\n```\\nThen, restart your program to enable proper thread debugging.\\n\"\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.resolve_heap_via_heuristic","title":"resolve_heap_via_heuristic module-attribute","text":"resolve_heap_via_heuristic = add_heap_param(\n \"resolve-heap-via-heuristic\",\n \"auto\",\n \"the strategy to resolve heap via heuristic\",\n help_docstring=\"Values explained:\\n\\n+ `auto` - Pwndbg will try to use heuristics if debug symbols are missing\\n+ `force` - Pwndbg will always try to use heuristics, even if debug symbols are available\\n+ `never` - Pwndbg will never use heuristics to resolve the heap\\n\\nIf the output of the heap related command produces errors with heuristics, you\\ncan try manually setting the libc symbol addresses.\\nFor this, see the `heap_config` command output and set the `main_arena`, `mp_`,\\n`global_max_fast`, `tcache` and `thread_arena` addresses.\\n\\nNote: Pwndbg will generate more reliable results with proper debug symbols.\\nTherefore, when debug symbols are missing, you should try to install them first\\nif you haven't already.\\n\\nThey can probably be installed via the package manager of your choice.\\nSee also: https://sourceware.org/gdb/onlinedocs/gdb/Separate-Debug-Files.html .\\n\\nE.g. on Ubuntu/Debian you might need to do the following steps (for 64-bit and\\n32-bit binaries):\\n```bash\\nsudo apt-get install libc6-dbg\\nsudo dpkg --add-architecture i386\\nsudo apt-get install libc-dbg:i386\\n```\\nIf you used setup.sh on Arch based distro you'll need to do a power cycle or set\\nenvironment variable manually like this:\\n```bash\\nexport DEBUGINFOD_URLS=https://debuginfod.archlinux.org\\n```\\n\"\n + extra_hint_for_gdb,\n param_class=PARAM_ENUM,\n enum_sequence=[\"auto\", \"force\", \"never\"],\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.add_heap_param","title":"add_heap_param","text":"add_heap_param(\n name: str,\n default: Any,\n set_show_doc: str,\n *,\n help_docstring: str = \"\",\n param_class: int | None = None,\n enum_sequence: Sequence[str] | None = None,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.update","title":"update","text":"update() -> None\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.reset","title":"reset","text":"reset() -> None\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.resolve_heap","title":"resolve_heap","text":"resolve_heap(is_first_run: bool = False) -> None\n
"},{"location":"reference/pwndbg/aglib/heap/heap/","title":"pwndbg.aglib.heap.heap","text":""},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap","title":"heap","text":"Classes:
-
MemoryAllocator \u2013 Heap abstraction layer.
"},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap.MemoryAllocator","title":"MemoryAllocator","text":"Heap abstraction layer.
Methods:
-
summarize \u2013 Returns a textual summary of the specified address.
-
containing \u2013 Returns the address of the allocation which contains 'address'.
-
is_initialized \u2013 Returns whether the allocator is initialized or not.
-
libc_has_debug_syms \u2013 Returns whether the libc has debug symbols or not.
"},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap.MemoryAllocator.summarize","title":"summarize","text":"summarize(address: int, **kwargs: Any) -> str\n
Returns a textual summary of the specified address.
Parameters:
Returns:
"},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap.MemoryAllocator.containing","title":"containing","text":"containing(address: int) -> int\n
Returns the address of the allocation which contains 'address'.
Parameters:
-
address (int) \u2013 Address to look up.
Returns:
"},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap.MemoryAllocator.is_initialized","title":"is_initialized","text":"is_initialized() -> bool\n
Returns whether the allocator is initialized or not.
Returns:
"},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap.MemoryAllocator.libc_has_debug_syms","title":"libc_has_debug_syms","text":"libc_has_debug_syms() -> bool\n
Returns whether the libc has debug symbols or not.
Returns:
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/","title":"pwndbg.aglib.heap.jemalloc","text":""},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc","title":"jemalloc","text":"Classes:
Functions:
-
mask \u2013 -
lg_floor_1 \u2013 -
lg_floor_2 \u2013 -
lg_floor_4 \u2013 -
lg_floor_8 \u2013 -
lg_floor_16 \u2013 -
lg_floor_32 \u2013 -
lg_floor_64 \u2013 -
lg_floor \u2013 -
lg_ceil \u2013
Attributes:
-
LG_VADDR \u2013 -
LG_PAGE \u2013 -
MALLOCX_ARENA_BITS \u2013 -
LG_SIZEOF_PTR \u2013 -
RTREE_NHIB \u2013 -
RTREE_NLIB \u2013 -
RTREE_NSB \u2013 -
RTREE_HEIGHT \u2013 -
LG_QUANTUM \u2013 -
SC_LG_TINY_MIN \u2013 -
SC_NTINY \u2013 -
SC_LG_NGROUP \u2013 -
SC_NGROUP \u2013 -
SC_NPSEUDO \u2013 -
SC_PTR_BITS \u2013 -
SC_LG_BASE_MAX \u2013 -
SC_LG_FIRST_REGULAR_BASE \u2013 -
SC_NREGULAR \u2013 -
SC_NSIZES \u2013 -
SC_LG_SLAB_MAXREGS \u2013 -
EDATA_BITS_ARENA_WIDTH \u2013 -
EDATA_BITS_ARENA_SHIFT \u2013 -
EDATA_BITS_ARENA_MASK \u2013 -
EDATA_BITS_SLAB_WIDTH \u2013 -
EDATA_BITS_SLAB_SHIFT \u2013 -
EDATA_BITS_SLAB_MASK \u2013 -
EDATA_BITS_COMMITTED_WIDTH \u2013 -
EDATA_BITS_COMMITTED_SHIFT \u2013 -
EDATA_BITS_COMMITTED_MASK \u2013 -
EDATA_BITS_PAI_WIDTH \u2013 -
EDATA_BITS_PAI_SHIFT \u2013 -
EDATA_BITS_PAI_MASK \u2013 -
EDATA_BITS_ZEROED_WIDTH \u2013 -
EDATA_BITS_ZEROED_SHIFT \u2013 -
EDATA_BITS_ZEROED_MASK \u2013 -
EDATA_BITS_GUARDED_WIDTH \u2013 -
EDATA_BITS_GUARDED_SHIFT \u2013 -
EDATA_BITS_GUARDED_MASK \u2013 -
EDATA_BITS_STATE_WIDTH \u2013 -
EDATA_BITS_STATE_SHIFT \u2013 -
EDATA_BITS_STATE_MASK \u2013 -
EDATA_BITS_SZIND_WIDTH \u2013 -
EDATA_BITS_SZIND_SHIFT \u2013 -
EDATA_BITS_SZIND_MASK \u2013 -
EDATA_BITS_NFREE_WIDTH \u2013 -
EDATA_BITS_NFREE_SHIFT \u2013 -
EDATA_BITS_NFREE_MASK \u2013 -
EDATA_BITS_BINSHARD_WIDTH \u2013 -
EDATA_BITS_BINSHARD_SHIFT \u2013 -
EDATA_BITS_BINSHARD_MASK \u2013 -
EDATA_BITS_IS_HEAD_WIDTH \u2013 -
EDATA_BITS_IS_HEAD_SHIFT \u2013 -
EDATA_BITS_IS_HEAD_MASK \u2013 -
rtree_levels \u2013
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.LG_VADDR","title":"LG_VADDR module-attribute","text":"LG_VADDR = 48\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.LG_PAGE","title":"LG_PAGE module-attribute","text":"LG_PAGE = 12\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.MALLOCX_ARENA_BITS","title":"MALLOCX_ARENA_BITS module-attribute","text":"MALLOCX_ARENA_BITS = 12\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.LG_SIZEOF_PTR","title":"LG_SIZEOF_PTR module-attribute","text":"LG_SIZEOF_PTR = 3\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_NHIB","title":"RTREE_NHIB module-attribute","text":"RTREE_NHIB = 1 << LG_SIZEOF_PTR + 3 - LG_VADDR\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_NLIB","title":"RTREE_NLIB module-attribute","text":"RTREE_NLIB = LG_PAGE\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_NSB","title":"RTREE_NSB module-attribute","text":"RTREE_NSB = LG_VADDR - RTREE_NLIB\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_HEIGHT","title":"RTREE_HEIGHT module-attribute","text":"RTREE_HEIGHT = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.LG_QUANTUM","title":"LG_QUANTUM module-attribute","text":"LG_QUANTUM = 4\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_TINY_MIN","title":"SC_LG_TINY_MIN module-attribute","text":"SC_LG_TINY_MIN = 3\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NTINY","title":"SC_NTINY module-attribute","text":"SC_NTINY = LG_QUANTUM - SC_LG_TINY_MIN\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_NGROUP","title":"SC_LG_NGROUP module-attribute","text":"SC_LG_NGROUP = 2\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NGROUP","title":"SC_NGROUP module-attribute","text":"SC_NGROUP = 1 << SC_LG_NGROUP\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NPSEUDO","title":"SC_NPSEUDO module-attribute","text":"SC_NPSEUDO = SC_NGROUP\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_PTR_BITS","title":"SC_PTR_BITS module-attribute","text":"SC_PTR_BITS = 1 << LG_SIZEOF_PTR * 8\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_BASE_MAX","title":"SC_LG_BASE_MAX module-attribute","text":"SC_LG_BASE_MAX = SC_PTR_BITS - 2\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_FIRST_REGULAR_BASE","title":"SC_LG_FIRST_REGULAR_BASE module-attribute","text":"SC_LG_FIRST_REGULAR_BASE = LG_QUANTUM + SC_LG_NGROUP\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NREGULAR","title":"SC_NREGULAR module-attribute","text":"SC_NREGULAR = SC_NGROUP * SC_LG_BASE_MAX - SC_LG_FIRST_REGULAR_BASE + 1 - 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NSIZES","title":"SC_NSIZES module-attribute","text":"SC_NSIZES = SC_NTINY + SC_NPSEUDO + SC_NREGULAR\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_SLAB_MAXREGS","title":"SC_LG_SLAB_MAXREGS module-attribute","text":"SC_LG_SLAB_MAXREGS = LG_PAGE - SC_LG_TINY_MIN\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ARENA_WIDTH","title":"EDATA_BITS_ARENA_WIDTH module-attribute","text":"EDATA_BITS_ARENA_WIDTH = MALLOCX_ARENA_BITS\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ARENA_SHIFT","title":"EDATA_BITS_ARENA_SHIFT module-attribute","text":"EDATA_BITS_ARENA_SHIFT = 0\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ARENA_MASK","title":"EDATA_BITS_ARENA_MASK module-attribute","text":"EDATA_BITS_ARENA_MASK = mask(EDATA_BITS_ARENA_WIDTH, EDATA_BITS_ARENA_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SLAB_WIDTH","title":"EDATA_BITS_SLAB_WIDTH module-attribute","text":"EDATA_BITS_SLAB_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SLAB_SHIFT","title":"EDATA_BITS_SLAB_SHIFT module-attribute","text":"EDATA_BITS_SLAB_SHIFT = EDATA_BITS_ARENA_WIDTH + EDATA_BITS_ARENA_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SLAB_MASK","title":"EDATA_BITS_SLAB_MASK module-attribute","text":"EDATA_BITS_SLAB_MASK = mask(EDATA_BITS_SLAB_WIDTH, EDATA_BITS_SLAB_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_COMMITTED_WIDTH","title":"EDATA_BITS_COMMITTED_WIDTH module-attribute","text":"EDATA_BITS_COMMITTED_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_COMMITTED_SHIFT","title":"EDATA_BITS_COMMITTED_SHIFT module-attribute","text":"EDATA_BITS_COMMITTED_SHIFT = EDATA_BITS_SLAB_WIDTH + EDATA_BITS_SLAB_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_COMMITTED_MASK","title":"EDATA_BITS_COMMITTED_MASK module-attribute","text":"EDATA_BITS_COMMITTED_MASK = mask(\n EDATA_BITS_COMMITTED_WIDTH, EDATA_BITS_COMMITTED_SHIFT\n)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_PAI_WIDTH","title":"EDATA_BITS_PAI_WIDTH module-attribute","text":"EDATA_BITS_PAI_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_PAI_SHIFT","title":"EDATA_BITS_PAI_SHIFT module-attribute","text":"EDATA_BITS_PAI_SHIFT = EDATA_BITS_COMMITTED_WIDTH + EDATA_BITS_COMMITTED_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_PAI_MASK","title":"EDATA_BITS_PAI_MASK module-attribute","text":"EDATA_BITS_PAI_MASK = mask(EDATA_BITS_PAI_WIDTH, EDATA_BITS_PAI_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ZEROED_WIDTH","title":"EDATA_BITS_ZEROED_WIDTH module-attribute","text":"EDATA_BITS_ZEROED_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ZEROED_SHIFT","title":"EDATA_BITS_ZEROED_SHIFT module-attribute","text":"EDATA_BITS_ZEROED_SHIFT = EDATA_BITS_PAI_WIDTH + EDATA_BITS_PAI_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ZEROED_MASK","title":"EDATA_BITS_ZEROED_MASK module-attribute","text":"EDATA_BITS_ZEROED_MASK = mask(EDATA_BITS_ZEROED_WIDTH, EDATA_BITS_ZEROED_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_GUARDED_WIDTH","title":"EDATA_BITS_GUARDED_WIDTH module-attribute","text":"EDATA_BITS_GUARDED_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_GUARDED_SHIFT","title":"EDATA_BITS_GUARDED_SHIFT module-attribute","text":"EDATA_BITS_GUARDED_SHIFT = EDATA_BITS_ZEROED_WIDTH + EDATA_BITS_ZEROED_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_GUARDED_MASK","title":"EDATA_BITS_GUARDED_MASK module-attribute","text":"EDATA_BITS_GUARDED_MASK = mask(\n EDATA_BITS_GUARDED_WIDTH, EDATA_BITS_GUARDED_SHIFT\n)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_STATE_WIDTH","title":"EDATA_BITS_STATE_WIDTH module-attribute","text":"EDATA_BITS_STATE_WIDTH = 3\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_STATE_SHIFT","title":"EDATA_BITS_STATE_SHIFT module-attribute","text":"EDATA_BITS_STATE_SHIFT = EDATA_BITS_GUARDED_WIDTH + EDATA_BITS_GUARDED_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_STATE_MASK","title":"EDATA_BITS_STATE_MASK module-attribute","text":"EDATA_BITS_STATE_MASK = mask(EDATA_BITS_STATE_WIDTH, EDATA_BITS_STATE_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SZIND_WIDTH","title":"EDATA_BITS_SZIND_WIDTH module-attribute","text":"EDATA_BITS_SZIND_WIDTH = lg_ceil(SC_NSIZES)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SZIND_SHIFT","title":"EDATA_BITS_SZIND_SHIFT module-attribute","text":"EDATA_BITS_SZIND_SHIFT = EDATA_BITS_STATE_WIDTH + EDATA_BITS_STATE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SZIND_MASK","title":"EDATA_BITS_SZIND_MASK module-attribute","text":"EDATA_BITS_SZIND_MASK = mask(EDATA_BITS_SZIND_WIDTH, EDATA_BITS_SZIND_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_NFREE_WIDTH","title":"EDATA_BITS_NFREE_WIDTH module-attribute","text":"EDATA_BITS_NFREE_WIDTH = SC_LG_SLAB_MAXREGS + 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_NFREE_SHIFT","title":"EDATA_BITS_NFREE_SHIFT module-attribute","text":"EDATA_BITS_NFREE_SHIFT = EDATA_BITS_SZIND_WIDTH + EDATA_BITS_SZIND_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_NFREE_MASK","title":"EDATA_BITS_NFREE_MASK module-attribute","text":"EDATA_BITS_NFREE_MASK = mask(EDATA_BITS_NFREE_WIDTH, EDATA_BITS_NFREE_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_BINSHARD_WIDTH","title":"EDATA_BITS_BINSHARD_WIDTH module-attribute","text":"EDATA_BITS_BINSHARD_WIDTH = 6\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_BINSHARD_SHIFT","title":"EDATA_BITS_BINSHARD_SHIFT module-attribute","text":"EDATA_BITS_BINSHARD_SHIFT = EDATA_BITS_NFREE_WIDTH + EDATA_BITS_NFREE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_BINSHARD_MASK","title":"EDATA_BITS_BINSHARD_MASK module-attribute","text":"EDATA_BITS_BINSHARD_MASK = mask(\n EDATA_BITS_BINSHARD_WIDTH, EDATA_BITS_BINSHARD_SHIFT\n)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_IS_HEAD_WIDTH","title":"EDATA_BITS_IS_HEAD_WIDTH module-attribute","text":"EDATA_BITS_IS_HEAD_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_IS_HEAD_SHIFT","title":"EDATA_BITS_IS_HEAD_SHIFT module-attribute","text":"EDATA_BITS_IS_HEAD_SHIFT = EDATA_BITS_BINSHARD_WIDTH + EDATA_BITS_BINSHARD_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_IS_HEAD_MASK","title":"EDATA_BITS_IS_HEAD_MASK module-attribute","text":"EDATA_BITS_IS_HEAD_MASK = mask(\n EDATA_BITS_IS_HEAD_WIDTH, EDATA_BITS_IS_HEAD_SHIFT\n)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.rtree_levels","title":"rtree_levels module-attribute","text":"rtree_levels = [\n [{\"bits\": RTREE_NSB, \"cumbits\": RTREE_NHIB + RTREE_NSB}],\n [\n {\"bits\": RTREE_NSB // 2, \"cumbits\": RTREE_NHIB + RTREE_NSB // 2},\n {\n \"bits\": RTREE_NSB // 2 + RTREE_NSB % 2,\n \"cumbits\": RTREE_NHIB + RTREE_NSB,\n },\n ],\n [\n {\"bits\": RTREE_NSB // 3, \"cumbits\": RTREE_NHIB + RTREE_NSB // 3},\n {\n \"bits\": RTREE_NSB // 3 + RTREE_NSB % 3 // 2,\n \"cumbits\": RTREE_NHIB + RTREE_NSB // 3 * 2 + RTREE_NSB % 3 // 2,\n },\n {\n \"bits\": RTREE_NSB // 3 + RTREE_NSB % 3 - RTREE_NSB % 3 // 2,\n \"cumbits\": RTREE_NHIB + RTREE_NSB,\n },\n ],\n]\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree","title":"RTree","text":"RTree(addr: int)\n
RTree is used by jemalloc to keep track of extents that are allocated by jemalloc. Since extent data is not stored in a doubly linked list, rtree is used to find the extent belonging to a pointer that is being freed. Implementation of rtree is similar to Linux Radix tree: https://lwn.net/Articles/175432/
Methods:
Attributes:
-
root \u2013 -
extents \u2013
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.root","title":"root property","text":"root\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.extents","title":"extents property","text":"extents\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.get_rtree","title":"get_rtree staticmethod","text":"get_rtree() -> RTree\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__rtree_leaf_maskbits","title":"__rtree_leaf_maskbits","text":"__rtree_leaf_maskbits(level)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__rtree_leafkey","title":"__rtree_leafkey","text":"__rtree_leafkey(key: int, level: int) -> int\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__subkey","title":"__subkey","text":"__subkey(key: int, level: int) -> int\n
Return a portion of the key that is used to find the node/leaf in the rtree at a specific level. Source: https://github.com/jemalloc/jemalloc/blob/5b72ac098abce464add567869d082f2097bd59a2/include/jemalloc/internal/rtree.h#L161
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__alignment_addr2base","title":"__alignment_addr2base staticmethod","text":"__alignment_addr2base(addr, alignment=64)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.lookup_hard","title":"lookup_hard","text":"lookup_hard(key: int)\n
Lookup the key in the rtree and return the value.
How it works: - Jemalloc stores the extent address in the rtree as a node and to find a specific node we need a address key.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent","title":"Extent","text":"Extent(addr: int)\n
Concept of extent (edata) is similar to chunk in glibc malloc but allocation algorithm differs a lot. - Extents are used to manage memory blocks (including jemalloc metadata) where extents sizes can vary but each block is always a multiple of the page size. - jemalloc will either allocate one large class request or multiple small class request (called slab) depending on request size. - Unlike chunks in glibc malloc, extents are not doubly linked list but are managed using rtree. - This tree is mostly used during deallocation to find the extent belonging to a pointer that is being freed. - Extents are also not stored as a header structure but externally (therefore extent metadata and actually mapped data may be very far apart).
Attributes:
-
size \u2013 May be larger in case of large size class allocation when cache_oblivious is enabled.
-
extent_address (int) \u2013 Address of the extent data structure (not the actual memory).
-
allocated_address (int) \u2013 Starting address of allocated memory
-
bsize (int) \u2013 -
bits (int) \u2013 -
bitfields (dict[str, int]) \u2013 Extract bitfields
-
state_name (str) \u2013 -
has_slab (bool) \u2013 Returns True if the extent is used for small size classes.
-
is_free (bool) \u2013 Returns True if the extent is free.
-
pai (str) \u2013 Page Allocator Interface
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.size","title":"size property","text":"size\n
May be larger in case of large size class allocation when cache_oblivious is enabled.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.extent_address","title":"extent_address property","text":"extent_address: int\n
Address of the extent data structure (not the actual memory).
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.allocated_address","title":"allocated_address property","text":"allocated_address: int\n
Starting address of allocated memory cache-oblivious large allocation alignment: When a large class allocation is made, jemalloc selects the closest size class that can fit the request and allocates that size + 4 KiB (0x1000). However, the pointer returned to user is randomized between the 'base' and 'base + 4 KiB' (0x1000) range. Source code: https://github.com/jemalloc/jemalloc/blob/a25b9b8ba91881964be3083db349991bbbbf1661/include/jemalloc/internal/arena_inlines_b.h#L505
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.bsize","title":"bsize property","text":"bsize: int\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.bits","title":"bits property","text":"bits: int\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.bitfields","title":"bitfields property","text":"bitfields: dict[str, int]\n
Extract bitfields
arena_ind: Arena from which this extent came, or all 1 bits if unassociated. slab: The slab flag indicates whether the extent is used for a slab of small regions. This helps differentiate small size classes, and it indicates whether interior pointers can be looked up via iealloc(). committed: The committed flag indicates whether physical memory is committed to the extent, whether explicitly or implicitly as on a system that overcommits and satisfies physical memory needs on demand via soft page faults. pai: The pai flag is an extent_pai_t. zeroed: The zeroed flag is used by extent recycling code to track whether memory is zero-filled. guarded: The guarded flag is used by the sanitizer to track whether the extent has page guards around it. state: The state flag is an extent_state_t. szind: The szind flag indicates usable size class index for allocations residing in this extent, regardless of whether the extent is a slab. Extent size and usable size often differ even for non-slabs, either due to sz_large_pad or promotion of sampled small regions. nfree: Number of free regions in slab. bin_shard: The shard of the bin from which this extent came.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.state_name","title":"state_name property","text":"state_name: str\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.has_slab","title":"has_slab property","text":"has_slab: bool\n
Returns True if the extent is used for small size classes. Reference for size in Table 1 at https://jemalloc.net/jemalloc.3.html At time of writing, allocations <= 0x3800 are considered as small allocations and has slabs.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.is_free","title":"is_free property","text":"is_free: bool\n
Returns True if the extent is free.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.pai","title":"pai property","text":"pai: str\n
Page Allocator Interface
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.mask","title":"mask","text":"mask(current_field_width, current_field_shift)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_1","title":"lg_floor_1","text":"lg_floor_1(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_2","title":"lg_floor_2","text":"lg_floor_2(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_4","title":"lg_floor_4","text":"lg_floor_4(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_8","title":"lg_floor_8","text":"lg_floor_8(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_16","title":"lg_floor_16","text":"lg_floor_16(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_32","title":"lg_floor_32","text":"lg_floor_32(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_64","title":"lg_floor_64","text":"lg_floor_64(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor","title":"lg_floor","text":"lg_floor(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_ceil","title":"lg_ceil","text":"lg_ceil(x)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/","title":"pwndbg.aglib.heap.ptmalloc","text":""},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc","title":"ptmalloc","text":"Classes:
-
BinType \u2013 -
Bin \u2013 -
Bins \u2013 -
ChunkField \u2013 -
Chunk \u2013 -
Heap \u2013 -
Arena \u2013 -
GlibcMemoryAllocator \u2013 -
DebugSymsHeap \u2013 -
SymbolUnresolvableError \u2013 -
HeuristicHeap \u2013
Functions:
Attributes:
-
PREV_INUSE \u2013 -
IS_MMAPPED \u2013 -
NON_MAIN_ARENA \u2013 -
SIZE_BITS \u2013 -
NONCONTIGUOUS_BIT \u2013 -
TheType \u2013 -
TheValue \u2013 -
HEAP_MAX_SIZE (int) \u2013 -
NBINS \u2013 -
BINMAPSIZE \u2013 -
TCACHE_MAX_BINS \u2013 -
NFASTBINS \u2013 -
NSMALLBINS \u2013
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.PREV_INUSE","title":"PREV_INUSE module-attribute","text":"PREV_INUSE = 1\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.IS_MMAPPED","title":"IS_MMAPPED module-attribute","text":"IS_MMAPPED = 2\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NON_MAIN_ARENA","title":"NON_MAIN_ARENA module-attribute","text":"NON_MAIN_ARENA = 4\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.SIZE_BITS","title":"SIZE_BITS module-attribute","text":"SIZE_BITS = PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NONCONTIGUOUS_BIT","title":"NONCONTIGUOUS_BIT module-attribute","text":"NONCONTIGUOUS_BIT = 2\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.TheType","title":"TheType module-attribute","text":"TheType = TypeVar('TheType', Type, Type[CStruct2GDB])\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.TheValue","title":"TheValue module-attribute","text":"TheValue = TypeVar('TheValue', Value, CStruct2GDB)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HEAP_MAX_SIZE","title":"HEAP_MAX_SIZE module-attribute","text":"HEAP_MAX_SIZE: int = None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NBINS","title":"NBINS module-attribute","text":"NBINS = 128\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BINMAPSIZE","title":"BINMAPSIZE module-attribute","text":"BINMAPSIZE = 4\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.TCACHE_MAX_BINS","title":"TCACHE_MAX_BINS module-attribute","text":"TCACHE_MAX_BINS = 64\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NFASTBINS","title":"NFASTBINS module-attribute","text":"NFASTBINS = 10\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NSMALLBINS","title":"NSMALLBINS module-attribute","text":"NSMALLBINS = 64\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType","title":"BinType","text":" Bases: str, Enum
Methods:
Attributes:
-
TCACHE \u2013 -
FAST \u2013 -
SMALL \u2013 -
LARGE \u2013 -
UNSORTED \u2013 -
NOT_IN_BIN \u2013
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.TCACHE","title":"TCACHE class-attribute instance-attribute","text":"TCACHE = 'tcachebins'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.FAST","title":"FAST class-attribute instance-attribute","text":"FAST = 'fastbins'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.SMALL","title":"SMALL class-attribute instance-attribute","text":"SMALL = 'smallbins'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.LARGE","title":"LARGE class-attribute instance-attribute","text":"LARGE = 'largebins'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.UNSORTED","title":"UNSORTED class-attribute instance-attribute","text":"UNSORTED = 'unsortedbin'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.NOT_IN_BIN","title":"NOT_IN_BIN class-attribute instance-attribute","text":"NOT_IN_BIN = 'not_in_bin'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.valid_fields","title":"valid_fields","text":"valid_fields() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin","title":"Bin","text":"Bin(\n fd_chain: list[int],\n bk_chain: list[int] | None = None,\n count: int | None = None,\n is_corrupted: bool = False,\n)\n
Methods:
-
contains_chunk \u2013 -
size_to_display_name \u2013
Attributes:
-
fd_chain \u2013 -
bk_chain \u2013 -
count \u2013 -
is_corrupted \u2013
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.fd_chain","title":"fd_chain instance-attribute","text":"fd_chain = fd_chain\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.bk_chain","title":"bk_chain instance-attribute","text":"bk_chain = bk_chain\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.count","title":"count instance-attribute","text":"count = count\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.is_corrupted","title":"is_corrupted instance-attribute","text":"is_corrupted = is_corrupted\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.contains_chunk","title":"contains_chunk","text":"contains_chunk(chunk: int) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.size_to_display_name","title":"size_to_display_name staticmethod","text":"size_to_display_name(size: int | str) -> str\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bins","title":"Bins","text":"Bins(bin_type: BinType)\n
Methods:
Attributes:
-
bins (OrderedDict[int | str, Bin]) \u2013 -
bin_type \u2013
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bins.bins","title":"bins instance-attribute","text":"bins: OrderedDict[int | str, Bin] = OrderedDict()\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bins.bin_type","title":"bin_type instance-attribute","text":"bin_type = bin_type\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bins.contains_chunk","title":"contains_chunk","text":"contains_chunk(size: int, chunk: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField","title":"ChunkField","text":" Bases: int, Enum
Attributes:
-
PREV_SIZE \u2013 -
SIZE \u2013 -
FD \u2013 -
BK \u2013 -
FD_NEXTSIZE \u2013 -
BK_NEXTSIZE \u2013
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.PREV_SIZE","title":"PREV_SIZE class-attribute instance-attribute","text":"PREV_SIZE = 1\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.SIZE","title":"SIZE class-attribute instance-attribute","text":"SIZE = 2\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.FD","title":"FD class-attribute instance-attribute","text":"FD = 3\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.BK","title":"BK class-attribute instance-attribute","text":"BK = 4\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.FD_NEXTSIZE","title":"FD_NEXTSIZE class-attribute instance-attribute","text":"FD_NEXTSIZE = 5\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.BK_NEXTSIZE","title":"BK_NEXTSIZE class-attribute instance-attribute","text":"BK_NEXTSIZE = 6\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk","title":"Chunk","text":"Chunk(addr: int, heap: Heap | None = None, arena: Arena | None = None)\n
Methods:
Attributes:
-
__slots__ \u2013 -
address \u2013 -
prev_size (int | None) \u2013 -
size (int | None) \u2013 -
real_size (int | None) \u2013 -
flags (dict[str, bool] | None) \u2013 -
non_main_arena (bool | None) \u2013 -
is_mmapped (bool | None) \u2013 -
prev_inuse (bool | None) \u2013 -
fd \u2013 -
bk \u2013 -
fd_nextsize \u2013 -
bk_nextsize \u2013 -
heap (Heap) \u2013 -
arena (Arena | None) \u2013 -
is_top_chunk \u2013
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.__slots__","title":"__slots__ class-attribute instance-attribute","text":"__slots__ = (\n \"_gdbValue\",\n \"address\",\n \"_prev_size\",\n \"_size\",\n \"_real_size\",\n \"_flags\",\n \"_non_main_arena\",\n \"_is_mmapped\",\n \"_prev_inuse\",\n \"_fd\",\n \"_bk\",\n \"_fd_nextsize\",\n \"_bk_nextsize\",\n \"_heap\",\n \"_arena\",\n \"_is_top_chunk\",\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.address","title":"address instance-attribute","text":"address = int(address)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.prev_size","title":"prev_size property","text":"prev_size: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.size","title":"size property","text":"size: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.real_size","title":"real_size property","text":"real_size: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.flags","title":"flags property","text":"flags: dict[str, bool] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.non_main_arena","title":"non_main_arena property","text":"non_main_arena: bool | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.is_mmapped","title":"is_mmapped property","text":"is_mmapped: bool | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.prev_inuse","title":"prev_inuse property","text":"prev_inuse: bool | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.fd","title":"fd property","text":"fd\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.bk","title":"bk property","text":"bk\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.fd_nextsize","title":"fd_nextsize property","text":"fd_nextsize\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.bk_nextsize","title":"bk_nextsize property","text":"bk_nextsize\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.heap","title":"heap property","text":"heap: Heap\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.arena","title":"arena property","text":"arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.is_top_chunk","title":"is_top_chunk property","text":"is_top_chunk\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.__match_renamed_field","title":"__match_renamed_field","text":"__match_renamed_field(field: str)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.next_chunk","title":"next_chunk","text":"next_chunk()\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.__contains__","title":"__contains__","text":"__contains__(addr: int) -> bool\n
This allow us to avoid extra constructions like 'if start_addr <= ptr < end_addr', etc.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap","title":"Heap","text":"Heap(addr: int, arena: Arena | None = None)\n
1) main_arena - uses the sbrk heap 2) non-main arena - heap starts after its heap_info struct (and possibly an arena) 3) non-contiguous main_arena - just a memory region 4) no arena - for fake/mmapped chunks
Methods:
-
__iter__ \u2013 -
__contains__ \u2013 -
__str__ \u2013
Attributes:
-
__slots__ \u2013 -
arena \u2013 -
start (int) \u2013 -
end (int) \u2013 -
first_chunk \u2013 -
prev \u2013
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.__slots__","title":"__slots__ class-attribute instance-attribute","text":"__slots__ = (\n \"_gdbValue\",\n \"arena\",\n \"_memory_region\",\n \"start\",\n \"end\",\n \"_prev\",\n \"first_chunk\",\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.arena","title":"arena instance-attribute","text":"arena = main_arena if arena is None else arena\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.start","title":"start instance-attribute","text":"start: int = start\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.end","title":"end instance-attribute","text":"end: int = end\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.first_chunk","title":"first_chunk instance-attribute","text":"first_chunk = Chunk(start)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.prev","title":"prev property","text":"prev\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.__iter__","title":"__iter__","text":"__iter__()\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.__contains__","title":"__contains__","text":"__contains__(addr: int) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena","title":"Arena","text":"Arena(addr: int)\n
Methods:
-
fastbins \u2013 -
__str__ \u2013
Attributes:
-
__slots__ \u2013 -
address \u2013 -
is_main_arena (bool) \u2013 -
mutex (int | None) \u2013 -
flags (int | None) \u2013 -
non_contiguous (bool | None) \u2013 -
have_fastchunks (int | None) \u2013 -
top (int | None) \u2013 -
fastbinsY (list[int]) \u2013 -
bins (list[int]) \u2013 -
binmap (list[int]) \u2013 -
next (int | None) \u2013 -
next_free (int | None) \u2013 -
system_mem (int | None) \u2013 -
active_heap (Heap) \u2013 -
heaps \u2013
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.__slots__","title":"__slots__ class-attribute instance-attribute","text":"__slots__ = (\n \"_gdbValue\",\n \"address\",\n \"_is_main_arena\",\n \"_top\",\n \"_active_heap\",\n \"_heaps\",\n \"_mutex\",\n \"_flags\",\n \"_non_contiguous\",\n \"_have_fastchunks\",\n \"_fastbinsY\",\n \"_bins\",\n \"_binmap\",\n \"_next\",\n \"_next_free\",\n \"_system_mem\",\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.address","title":"address instance-attribute","text":"address = int(address)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.is_main_arena","title":"is_main_arena property","text":"is_main_arena: bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.mutex","title":"mutex property","text":"mutex: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.flags","title":"flags property","text":"flags: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.non_contiguous","title":"non_contiguous property","text":"non_contiguous: bool | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.have_fastchunks","title":"have_fastchunks property","text":"have_fastchunks: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.top","title":"top property","text":"top: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.fastbinsY","title":"fastbinsY property","text":"fastbinsY: list[int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.bins","title":"bins property","text":"bins: list[int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.binmap","title":"binmap property","text":"binmap: list[int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.next","title":"next property","text":"next: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.next_free","title":"next_free property","text":"next_free: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.system_mem","title":"system_mem property","text":"system_mem: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.active_heap","title":"active_heap property","text":"active_heap: Heap\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.heaps","title":"heaps property","text":"heaps\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.fastbins","title":"fastbins","text":"fastbins() -> Bins\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator","title":"GlibcMemoryAllocator","text":"GlibcMemoryAllocator()\n
Bases: MemoryAllocator, Generic[TheType, TheValue]
Methods:
-
largebin_reverse_lookup \u2013 Pick the appropriate largebin_reverse_lookup_ function for this architecture.
-
largebin_size_range_from_index \u2013 -
can_be_resolved \u2013 -
has_tcache \u2013 -
chunk_flags \u2013 -
chunk_key_offset \u2013 Find the index of a field in the malloc_chunk struct.
-
get_heap \u2013 -
get_tcache \u2013 -
get_sbrk_heap_region \u2013 -
get_region \u2013 Find the memory map containing 'addr'.
-
get_bins \u2013 -
fastbin_index \u2013 -
fastbins \u2013 Returns: chain or None
-
tcachebins \u2013 Returns: tuple(chain, count) or None
-
check_chain_corrupted \u2013 Checks if the doubly linked list (of a {unsorted, small, large} bin)
-
bin_at \u2013 Modeled after glibc's bin_at function - so starts indexing from 1
-
unsortedbin \u2013 -
smallbins \u2013 -
largebins \u2013 -
largebin_index_32 \u2013 Modeled on the GLIBC malloc largebin_index_32 macro.
-
largebin_index_32_big \u2013 Modeled on the GLIBC malloc largebin_index_32_big macro.
-
largebin_index_64 \u2013 Modeled on the GLIBC malloc largebin_index_64 macro.
-
largebin_index \u2013 Pick the appropriate largebin_index_ function for this architecture.
-
is_initialized \u2013 -
is_statically_linked \u2013 -
libc_has_debug_syms \u2013 The struct malloc_chunk comes from debugging symbols and it will not be there
-
summarize \u2013 Returns a textual summary of the specified address.
-
containing \u2013 Returns the address of the allocation which contains 'address'.
Attributes:
-
largebin_reverse_lookup_32 \u2013 -
largebin_reverse_lookup_32_big \u2013 -
largebin_reverse_lookup_64 \u2013 -
main_arena (Arena | None) \u2013 -
arenas (tuple[Arena, ...]) \u2013 Return a tuple of all current arenas.
-
thread_arena (Arena | None) \u2013 -
thread_cache (TheValue | None) \u2013 -
mp (TheValue | None) \u2013 -
global_max_fast (int | None) \u2013 -
heap_info (TheType | None) \u2013 -
malloc_chunk (TheType | None) \u2013 -
malloc_state (TheType | None) \u2013 -
tcache_perthread_struct (TheType | None) \u2013 -
tcache_entry (TheType | None) \u2013 -
mallinfo (TheType | None) \u2013 -
malloc_par (TheType | None) \u2013 -
malloc_alignment (int) \u2013 Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
-
size_sz (int) \u2013 Corresponds to SIZE_SZ in glibc malloc.c
-
malloc_align_mask (int) \u2013 Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
-
minsize (int) \u2013 Corresponds to MINSIZE in glibc malloc.c
-
min_chunk_size (int) \u2013 Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
-
multithreaded (bool) \u2013 Is malloc operating within a multithreaded environment.
-
tcache_next_offset (int) \u2013
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_reverse_lookup_32","title":"largebin_reverse_lookup_32 class-attribute instance-attribute","text":"largebin_reverse_lookup_32 = (\n 512,\n 576,\n 640,\n 704,\n 768,\n 832,\n 896,\n 960,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_reverse_lookup_32_big","title":"largebin_reverse_lookup_32_big class-attribute instance-attribute","text":"largebin_reverse_lookup_32_big = (\n 1008,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 2944,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_reverse_lookup_64","title":"largebin_reverse_lookup_64 class-attribute instance-attribute","text":"largebin_reverse_lookup_64 = (\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 3008,\n 3072,\n 3136,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.main_arena","title":"main_arena property","text":"main_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.arenas","title":"arenas property","text":"arenas: tuple[Arena, ...]\n
Return a tuple of all current arenas.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.thread_arena","title":"thread_arena property","text":"thread_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.thread_cache","title":"thread_cache property","text":"thread_cache: TheValue | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.mp","title":"mp property","text":"mp: TheValue | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.global_max_fast","title":"global_max_fast property","text":"global_max_fast: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.heap_info","title":"heap_info property","text":"heap_info: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_chunk","title":"malloc_chunk property","text":"malloc_chunk: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_state","title":"malloc_state property","text":"malloc_state: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcache_perthread_struct","title":"tcache_perthread_struct property","text":"tcache_perthread_struct: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcache_entry","title":"tcache_entry property","text":"tcache_entry: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.mallinfo","title":"mallinfo property","text":"mallinfo: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_par","title":"malloc_par property","text":"malloc_par: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_alignment","title":"malloc_alignment property","text":"malloc_alignment: int\n
Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.size_sz","title":"size_sz property","text":"size_sz: int\n
Corresponds to SIZE_SZ in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_align_mask","title":"malloc_align_mask property","text":"malloc_align_mask: int\n
Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.minsize","title":"minsize property","text":"minsize: int\n
Corresponds to MINSIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.min_chunk_size","title":"min_chunk_size property","text":"min_chunk_size: int\n
Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.multithreaded","title":"multithreaded property","text":"multithreaded: bool\n
Is malloc operating within a multithreaded environment.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcache_next_offset","title":"tcache_next_offset property","text":"tcache_next_offset: int\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_reverse_lookup","title":"largebin_reverse_lookup","text":"largebin_reverse_lookup(index: int) -> int\n
Pick the appropriate largebin_reverse_lookup_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_size_range_from_index","title":"largebin_size_range_from_index","text":"largebin_size_range_from_index(index: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.can_be_resolved","title":"can_be_resolved","text":"can_be_resolved() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.has_tcache","title":"has_tcache","text":"has_tcache() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.chunk_flags","title":"chunk_flags","text":"chunk_flags(size: int) -> tuple[int, int, int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.chunk_key_offset","title":"chunk_key_offset","text":"chunk_key_offset(key: str) -> int | None\n
Find the index of a field in the malloc_chunk struct.
64bit example prev_size == 0 size == 8 fd == 16 bk == 24 ...
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_heap","title":"get_heap","text":"get_heap(addr: int) -> TheValue | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_tcache","title":"get_tcache","text":"get_tcache(tcache_addr: int | None = None) -> TheValue | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_sbrk_heap_region","title":"get_sbrk_heap_region","text":"get_sbrk_heap_region() -> Page | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_region","title":"get_region","text":"get_region(addr: int | Value | None) -> Page | None\n
Find the memory map containing 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_bins","title":"get_bins","text":"get_bins(bin_type: BinType, addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.fastbin_index","title":"fastbin_index","text":"fastbin_index(size: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.fastbins","title":"fastbins","text":"fastbins(arena_addr: int | None = None) -> Bins | None\n
Returns: chain or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcachebins","title":"tcachebins","text":"tcachebins(tcache_addr: int | None = None) -> Bins | None\n
Returns: tuple(chain, count) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.check_chain_corrupted","title":"check_chain_corrupted","text":"check_chain_corrupted(chain_fd: list[int], chain_bk: list[int]) -> bool\n
Checks if the doubly linked list (of a {unsorted, small, large} bin) defined by chain_fd, chain_bk is corrupted.
Even if the chains do not cover the whole bin, they still are expected to be of the same length.
Returns True if the bin is certainly corrupted, otherwise False.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.bin_at","title":"bin_at","text":"bin_at(\n index: int, arena_addr: int | None = None\n) -> tuple[list[int], list[int], bool] | None\n
Modeled after glibc's bin_at function - so starts indexing from 1 https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/eglibc/trusty-security/view/head:/malloc/malloc.c#L1394
bin_at(1) returns the unsorted bin
Bin 1 - Unsorted BiN Bin 2 to 63 - Smallbins Bin 64 to 126 - Largebins
Returns: tuple(chain_from_bin_fd, chain_from_bin_bk, is_chain_corrupted) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.unsortedbin","title":"unsortedbin","text":"unsortedbin(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.smallbins","title":"smallbins","text":"smallbins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebins","title":"largebins","text":"largebins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index_32","title":"largebin_index_32","text":"largebin_index_32(sz: int) -> int\n
Modeled on the GLIBC malloc largebin_index_32 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1414
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index_32_big","title":"largebin_index_32_big","text":"largebin_index_32_big(sz: int) -> int\n
Modeled on the GLIBC malloc largebin_index_32_big macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1422
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index_64","title":"largebin_index_64","text":"largebin_index_64(sz: int) -> int\n
Modeled on the GLIBC malloc largebin_index_64 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1433
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index","title":"largebin_index","text":"largebin_index(sz: int)\n
Pick the appropriate largebin_index_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.is_initialized","title":"is_initialized","text":"is_initialized()\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.is_statically_linked","title":"is_statically_linked","text":"is_statically_linked() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.libc_has_debug_syms","title":"libc_has_debug_syms","text":"libc_has_debug_syms() -> bool\n
The struct malloc_chunk comes from debugging symbols and it will not be there for statically linked binaries
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.summarize","title":"summarize","text":"summarize(address: int, **kwargs: Any) -> str\n
Returns a textual summary of the specified address.
Parameters:
Returns:
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.containing","title":"containing","text":"containing(address: int) -> int\n
Returns the address of the allocation which contains 'address'.
Parameters:
-
address (int) \u2013 Address to look up.
Returns:
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap","title":"DebugSymsHeap","text":"DebugSymsHeap()\n
Bases: GlibcMemoryAllocator[Type, Value]
Methods:
-
can_be_resolved \u2013 -
has_tcache \u2013 -
get_heap \u2013 Find & read the heap_info struct belonging to the chunk at 'addr'.
-
get_tcache \u2013 -
get_sbrk_heap_region \u2013 Return a Page object representing the sbrk heap region.
-
is_initialized \u2013 -
summarize \u2013 Returns a textual summary of the specified address.
-
containing \u2013 Returns the address of the allocation which contains 'address'.
-
libc_has_debug_syms \u2013 The struct malloc_chunk comes from debugging symbols and it will not be there
-
largebin_reverse_lookup \u2013 Pick the appropriate largebin_reverse_lookup_ function for this architecture.
-
largebin_size_range_from_index \u2013 -
chunk_flags \u2013 -
chunk_key_offset \u2013 Find the index of a field in the malloc_chunk struct.
-
get_region \u2013 Find the memory map containing 'addr'.
-
get_bins \u2013 -
fastbin_index \u2013 -
fastbins \u2013 Returns: chain or None
-
tcachebins \u2013 Returns: tuple(chain, count) or None
-
check_chain_corrupted \u2013 Checks if the doubly linked list (of a {unsorted, small, large} bin)
-
bin_at \u2013 Modeled after glibc's bin_at function - so starts indexing from 1
-
unsortedbin \u2013 -
smallbins \u2013 -
largebins \u2013 -
largebin_index_32 \u2013 Modeled on the GLIBC malloc largebin_index_32 macro.
-
largebin_index_32_big \u2013 Modeled on the GLIBC malloc largebin_index_32_big macro.
-
largebin_index_64 \u2013 Modeled on the GLIBC malloc largebin_index_64 macro.
-
largebin_index \u2013 Pick the appropriate largebin_index_ function for this architecture.
-
is_statically_linked \u2013
Attributes:
-
main_arena (Arena | None) \u2013 -
thread_arena (Arena | None) \u2013 -
thread_cache (Value | None) \u2013 Locate a thread's tcache struct. If it doesn't have one, use the main
-
mp (Value | None) \u2013 -
global_max_fast (int | None) \u2013 -
heap_info (Type | None) \u2013 -
malloc_chunk (Type | None) \u2013 -
malloc_state (Type | None) \u2013 -
tcache_perthread_struct (Type | None) \u2013 -
tcache_entry (Type | None) \u2013 -
mallinfo (Type | None) \u2013 -
malloc_par (Type | None) \u2013 -
largebin_reverse_lookup_32 \u2013 -
largebin_reverse_lookup_32_big \u2013 -
largebin_reverse_lookup_64 \u2013 -
arenas (tuple[Arena, ...]) \u2013 Return a tuple of all current arenas.
-
malloc_alignment (int) \u2013 Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
-
size_sz (int) \u2013 Corresponds to SIZE_SZ in glibc malloc.c
-
malloc_align_mask (int) \u2013 Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
-
minsize (int) \u2013 Corresponds to MINSIZE in glibc malloc.c
-
min_chunk_size (int) \u2013 Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
-
multithreaded (bool) \u2013 Is malloc operating within a multithreaded environment.
-
tcache_next_offset (int) \u2013
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.main_arena","title":"main_arena property","text":"main_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.thread_arena","title":"thread_arena property","text":"thread_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.thread_cache","title":"thread_cache property","text":"thread_cache: Value | None\n
Locate a thread's tcache struct. If it doesn't have one, use the main thread's tcache.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.mp","title":"mp property","text":"mp: Value | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.global_max_fast","title":"global_max_fast property","text":"global_max_fast: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.heap_info","title":"heap_info property","text":"heap_info: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_chunk","title":"malloc_chunk property","text":"malloc_chunk: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_state","title":"malloc_state property","text":"malloc_state: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcache_perthread_struct","title":"tcache_perthread_struct property","text":"tcache_perthread_struct: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcache_entry","title":"tcache_entry property","text":"tcache_entry: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.mallinfo","title":"mallinfo property","text":"mallinfo: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_par","title":"malloc_par property","text":"malloc_par: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup_32","title":"largebin_reverse_lookup_32 class-attribute instance-attribute","text":"largebin_reverse_lookup_32 = (\n 512,\n 576,\n 640,\n 704,\n 768,\n 832,\n 896,\n 960,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup_32_big","title":"largebin_reverse_lookup_32_big class-attribute instance-attribute","text":"largebin_reverse_lookup_32_big = (\n 1008,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 2944,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup_64","title":"largebin_reverse_lookup_64 class-attribute instance-attribute","text":"largebin_reverse_lookup_64 = (\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 3008,\n 3072,\n 3136,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.arenas","title":"arenas property","text":"arenas: tuple[Arena, ...]\n
Return a tuple of all current arenas.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_alignment","title":"malloc_alignment property","text":"malloc_alignment: int\n
Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.size_sz","title":"size_sz property","text":"size_sz: int\n
Corresponds to SIZE_SZ in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_align_mask","title":"malloc_align_mask property","text":"malloc_align_mask: int\n
Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.minsize","title":"minsize property","text":"minsize: int\n
Corresponds to MINSIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.min_chunk_size","title":"min_chunk_size property","text":"min_chunk_size: int\n
Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.multithreaded","title":"multithreaded property","text":"multithreaded: bool\n
Is malloc operating within a multithreaded environment.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcache_next_offset","title":"tcache_next_offset property","text":"tcache_next_offset: int\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.can_be_resolved","title":"can_be_resolved","text":"can_be_resolved() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.has_tcache","title":"has_tcache","text":"has_tcache() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_heap","title":"get_heap","text":"get_heap(addr: int) -> Value | None\n
Find & read the heap_info struct belonging to the chunk at 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_tcache","title":"get_tcache","text":"get_tcache(tcache_addr: int | Value | None = None) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_sbrk_heap_region","title":"get_sbrk_heap_region","text":"get_sbrk_heap_region() -> Page | None\n
Return a Page object representing the sbrk heap region. Ensure the region's start address is aligned to SIZE_SZ * 2, which compensates for the presence of GLIBC_TUNABLES.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.is_initialized","title":"is_initialized","text":"is_initialized() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.summarize","title":"summarize","text":"summarize(address: int, **kwargs: Any) -> str\n
Returns a textual summary of the specified address.
Parameters:
Returns:
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.containing","title":"containing","text":"containing(address: int) -> int\n
Returns the address of the allocation which contains 'address'.
Parameters:
-
address (int) \u2013 Address to look up.
Returns:
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.libc_has_debug_syms","title":"libc_has_debug_syms","text":"libc_has_debug_syms() -> bool\n
The struct malloc_chunk comes from debugging symbols and it will not be there for statically linked binaries
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup","title":"largebin_reverse_lookup","text":"largebin_reverse_lookup(index: int) -> int\n
Pick the appropriate largebin_reverse_lookup_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_size_range_from_index","title":"largebin_size_range_from_index","text":"largebin_size_range_from_index(index: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.chunk_flags","title":"chunk_flags","text":"chunk_flags(size: int) -> tuple[int, int, int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.chunk_key_offset","title":"chunk_key_offset","text":"chunk_key_offset(key: str) -> int | None\n
Find the index of a field in the malloc_chunk struct.
64bit example prev_size == 0 size == 8 fd == 16 bk == 24 ...
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_region","title":"get_region","text":"get_region(addr: int | Value | None) -> Page | None\n
Find the memory map containing 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_bins","title":"get_bins","text":"get_bins(bin_type: BinType, addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.fastbin_index","title":"fastbin_index","text":"fastbin_index(size: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.fastbins","title":"fastbins","text":"fastbins(arena_addr: int | None = None) -> Bins | None\n
Returns: chain or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcachebins","title":"tcachebins","text":"tcachebins(tcache_addr: int | None = None) -> Bins | None\n
Returns: tuple(chain, count) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.check_chain_corrupted","title":"check_chain_corrupted","text":"check_chain_corrupted(chain_fd: list[int], chain_bk: list[int]) -> bool\n
Checks if the doubly linked list (of a {unsorted, small, large} bin) defined by chain_fd, chain_bk is corrupted.
Even if the chains do not cover the whole bin, they still are expected to be of the same length.
Returns True if the bin is certainly corrupted, otherwise False.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.bin_at","title":"bin_at","text":"bin_at(\n index: int, arena_addr: int | None = None\n) -> tuple[list[int], list[int], bool] | None\n
Modeled after glibc's bin_at function - so starts indexing from 1 https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/eglibc/trusty-security/view/head:/malloc/malloc.c#L1394
bin_at(1) returns the unsorted bin
Bin 1 - Unsorted BiN Bin 2 to 63 - Smallbins Bin 64 to 126 - Largebins
Returns: tuple(chain_from_bin_fd, chain_from_bin_bk, is_chain_corrupted) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.unsortedbin","title":"unsortedbin","text":"unsortedbin(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.smallbins","title":"smallbins","text":"smallbins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebins","title":"largebins","text":"largebins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index_32","title":"largebin_index_32","text":"largebin_index_32(sz: int) -> int\n
Modeled on the GLIBC malloc largebin_index_32 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1414
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index_32_big","title":"largebin_index_32_big","text":"largebin_index_32_big(sz: int) -> int\n
Modeled on the GLIBC malloc largebin_index_32_big macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1422
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index_64","title":"largebin_index_64","text":"largebin_index_64(sz: int) -> int\n
Modeled on the GLIBC malloc largebin_index_64 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1433
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index","title":"largebin_index","text":"largebin_index(sz: int)\n
Pick the appropriate largebin_index_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.is_statically_linked","title":"is_statically_linked","text":"is_statically_linked() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.SymbolUnresolvableError","title":"SymbolUnresolvableError","text":"SymbolUnresolvableError(symbol: str)\n
Bases: Exception
Attributes:
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.SymbolUnresolvableError.symbol","title":"symbol instance-attribute","text":"symbol = symbol\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap","title":"HeuristicHeap","text":"HeuristicHeap()\n
Bases: GlibcMemoryAllocator[Type['pwndbg.aglib.heap.structs.CStruct2GDB'], 'pwndbg.aglib.heap.structs.CStruct2GDB']
Methods:
-
can_be_resolved \u2013 -
has_tcache \u2013 -
prompt_for_brute_force_thread_arena_permission \u2013 Check if the user wants to brute force the thread_arena's value.
-
prompt_for_brute_force_thread_cache_permission \u2013 Check if the user wants to brute force the tcache's value.
-
prompt_for_tls_address \u2013 Check if we can determine the TLS address and return it.
-
brute_force_tls_reference_in_got_section \u2013 Brute force the TLS-reference in the .got section to that can pass the validator.
-
brute_force_thread_local_variable_near_tls_base \u2013 Brute force the thread-local variable near the TLS base address that can pass the validator.
-
get_heap \u2013 Find & read the heap_info struct belonging to the chunk at 'addr'.
-
get_tcache \u2013 -
get_sbrk_heap_region \u2013 Return a Page object representing the sbrk heap region.
-
is_initialized \u2013 -
summarize \u2013 Returns a textual summary of the specified address.
-
containing \u2013 Returns the address of the allocation which contains 'address'.
-
libc_has_debug_syms \u2013 The struct malloc_chunk comes from debugging symbols and it will not be there
-
largebin_reverse_lookup \u2013 Pick the appropriate largebin_reverse_lookup_ function for this architecture.
-
largebin_size_range_from_index \u2013 -
chunk_flags \u2013 -
chunk_key_offset \u2013 Find the index of a field in the malloc_chunk struct.
-
get_region \u2013 Find the memory map containing 'addr'.
-
get_bins \u2013 -
fastbin_index \u2013 -
fastbins \u2013 Returns: chain or None
-
tcachebins \u2013 Returns: tuple(chain, count) or None
-
check_chain_corrupted \u2013 Checks if the doubly linked list (of a {unsorted, small, large} bin)
-
bin_at \u2013 Modeled after glibc's bin_at function - so starts indexing from 1
-
unsortedbin \u2013 -
smallbins \u2013 -
largebins \u2013 -
largebin_index_32 \u2013 Modeled on the GLIBC malloc largebin_index_32 macro.
-
largebin_index_32_big \u2013 Modeled on the GLIBC malloc largebin_index_32_big macro.
-
largebin_index_64 \u2013 Modeled on the GLIBC malloc largebin_index_64 macro.
-
largebin_index \u2013 Pick the appropriate largebin_index_ function for this architecture.
-
is_statically_linked \u2013
Attributes:
-
struct_module (ModuleType | None) \u2013 -
main_arena (Arena | None) \u2013 -
thread_arena (Arena | None) \u2013 -
thread_cache ('pwndbg.aglib.heap.structs.TcachePerthreadStruct' | None) \u2013 Locate a thread's tcache struct. We try to find its address in Thread Local Storage (TLS) first,
-
mp ('pwndbg.aglib.heap.structs.CStruct2GDB') \u2013 -
global_max_fast (int) \u2013 -
heap_info (type['pwndbg.aglib.heap.structs.HeapInfo'] | None) \u2013 -
malloc_chunk (type['pwndbg.aglib.heap.structs.MallocChunk'] | None) \u2013 -
malloc_state (type['pwndbg.aglib.heap.structs.MallocState'] | None) \u2013 -
tcache_perthread_struct (type['pwndbg.aglib.heap.structs.TcachePerthreadStruct'] | None) \u2013 -
tcache_entry (type['pwndbg.aglib.heap.structs.TcacheEntry'] | None) \u2013 -
mallinfo (type['pwndbg.aglib.heap.structs.CStruct2GDB'] | None) \u2013 -
malloc_par (type['pwndbg.aglib.heap.structs.MallocPar'] | None) \u2013 -
largebin_reverse_lookup_32 \u2013 -
largebin_reverse_lookup_32_big \u2013 -
largebin_reverse_lookup_64 \u2013 -
arenas (tuple[Arena, ...]) \u2013 Return a tuple of all current arenas.
-
malloc_alignment (int) \u2013 Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
-
size_sz (int) \u2013 Corresponds to SIZE_SZ in glibc malloc.c
-
malloc_align_mask (int) \u2013 Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
-
minsize (int) \u2013 Corresponds to MINSIZE in glibc malloc.c
-
min_chunk_size (int) \u2013 Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
-
multithreaded (bool) \u2013 Is malloc operating within a multithreaded environment.
-
tcache_next_offset (int) \u2013
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.struct_module","title":"struct_module property","text":"struct_module: ModuleType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.main_arena","title":"main_arena property","text":"main_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.thread_arena","title":"thread_arena property","text":"thread_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.thread_cache","title":"thread_cache property","text":"thread_cache: 'pwndbg.aglib.heap.structs.TcachePerthreadStruct' | None\n
Locate a thread's tcache struct. We try to find its address in Thread Local Storage (TLS) first, and if that fails, we guess it's at the first chunk of the heap.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.mp","title":"mp property","text":"mp: 'pwndbg.aglib.heap.structs.CStruct2GDB'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.global_max_fast","title":"global_max_fast property","text":"global_max_fast: int\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.heap_info","title":"heap_info property","text":"heap_info: type['pwndbg.aglib.heap.structs.HeapInfo'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_chunk","title":"malloc_chunk property","text":"malloc_chunk: type['pwndbg.aglib.heap.structs.MallocChunk'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_state","title":"malloc_state property","text":"malloc_state: type['pwndbg.aglib.heap.structs.MallocState'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcache_perthread_struct","title":"tcache_perthread_struct property","text":"tcache_perthread_struct: (\n type[\"pwndbg.aglib.heap.structs.TcachePerthreadStruct\"] | None\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcache_entry","title":"tcache_entry property","text":"tcache_entry: type['pwndbg.aglib.heap.structs.TcacheEntry'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.mallinfo","title":"mallinfo property","text":"mallinfo: type['pwndbg.aglib.heap.structs.CStruct2GDB'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_par","title":"malloc_par property","text":"malloc_par: type['pwndbg.aglib.heap.structs.MallocPar'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup_32","title":"largebin_reverse_lookup_32 class-attribute instance-attribute","text":"largebin_reverse_lookup_32 = (\n 512,\n 576,\n 640,\n 704,\n 768,\n 832,\n 896,\n 960,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup_32_big","title":"largebin_reverse_lookup_32_big class-attribute instance-attribute","text":"largebin_reverse_lookup_32_big = (\n 1008,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 2944,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup_64","title":"largebin_reverse_lookup_64 class-attribute instance-attribute","text":"largebin_reverse_lookup_64 = (\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 3008,\n 3072,\n 3136,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.arenas","title":"arenas property","text":"arenas: tuple[Arena, ...]\n
Return a tuple of all current arenas.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_alignment","title":"malloc_alignment property","text":"malloc_alignment: int\n
Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.size_sz","title":"size_sz property","text":"size_sz: int\n
Corresponds to SIZE_SZ in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_align_mask","title":"malloc_align_mask property","text":"malloc_align_mask: int\n
Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.minsize","title":"minsize property","text":"minsize: int\n
Corresponds to MINSIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.min_chunk_size","title":"min_chunk_size property","text":"min_chunk_size: int\n
Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.multithreaded","title":"multithreaded property","text":"multithreaded: bool\n
Is malloc operating within a multithreaded environment.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcache_next_offset","title":"tcache_next_offset property","text":"tcache_next_offset: int\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.can_be_resolved","title":"can_be_resolved","text":"can_be_resolved() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.has_tcache","title":"has_tcache","text":"has_tcache() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.prompt_for_brute_force_thread_arena_permission","title":"prompt_for_brute_force_thread_arena_permission","text":"prompt_for_brute_force_thread_arena_permission() -> bool\n
Check if the user wants to brute force the thread_arena's value.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.prompt_for_brute_force_thread_cache_permission","title":"prompt_for_brute_force_thread_cache_permission","text":"prompt_for_brute_force_thread_cache_permission() -> bool\n
Check if the user wants to brute force the tcache's value.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.prompt_for_tls_address","title":"prompt_for_tls_address","text":"prompt_for_tls_address() -> int\n
Check if we can determine the TLS address and return it.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.brute_force_tls_reference_in_got_section","title":"brute_force_tls_reference_in_got_section","text":"brute_force_tls_reference_in_got_section(\n tls_address: int, validator: Callable[[int], bool]\n) -> tuple[int, int] | None\n
Brute force the TLS-reference in the .got section to that can pass the validator.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.brute_force_thread_local_variable_near_tls_base","title":"brute_force_thread_local_variable_near_tls_base","text":"brute_force_thread_local_variable_near_tls_base(\n tls_address: int, validator: Callable[[int], bool]\n) -> tuple[int, int] | None\n
Brute force the thread-local variable near the TLS base address that can pass the validator.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_heap","title":"get_heap","text":"get_heap(addr: int) -> 'pwndbg.aglib.heap.structs.HeapInfo' | None\n
Find & read the heap_info struct belonging to the chunk at 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_tcache","title":"get_tcache","text":"get_tcache(\n tcache_addr: int | None = None,\n) -> \"pwndbg.aglib.heap.structs.TcachePerthreadStruct\" | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_sbrk_heap_region","title":"get_sbrk_heap_region","text":"get_sbrk_heap_region() -> Page\n
Return a Page object representing the sbrk heap region. Ensure the region's start address is aligned to SIZE_SZ * 2, which compensates for the presence of GLIBC_TUNABLES. This heuristic version requires some sanity checks and may raise SymbolUnresolvableError if malloc's mp_ struct can't be resolved.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.is_initialized","title":"is_initialized","text":"is_initialized() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.summarize","title":"summarize","text":"summarize(address: int, **kwargs: Any) -> str\n
Returns a textual summary of the specified address.
Parameters:
Returns:
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.containing","title":"containing","text":"containing(address: int) -> int\n
Returns the address of the allocation which contains 'address'.
Parameters:
-
address (int) \u2013 Address to look up.
Returns:
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.libc_has_debug_syms","title":"libc_has_debug_syms","text":"libc_has_debug_syms() -> bool\n
The struct malloc_chunk comes from debugging symbols and it will not be there for statically linked binaries
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup","title":"largebin_reverse_lookup","text":"largebin_reverse_lookup(index: int) -> int\n
Pick the appropriate largebin_reverse_lookup_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_size_range_from_index","title":"largebin_size_range_from_index","text":"largebin_size_range_from_index(index: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.chunk_flags","title":"chunk_flags","text":"chunk_flags(size: int) -> tuple[int, int, int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.chunk_key_offset","title":"chunk_key_offset","text":"chunk_key_offset(key: str) -> int | None\n
Find the index of a field in the malloc_chunk struct.
64bit example prev_size == 0 size == 8 fd == 16 bk == 24 ...
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_region","title":"get_region","text":"get_region(addr: int | Value | None) -> Page | None\n
Find the memory map containing 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_bins","title":"get_bins","text":"get_bins(bin_type: BinType, addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.fastbin_index","title":"fastbin_index","text":"fastbin_index(size: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.fastbins","title":"fastbins","text":"fastbins(arena_addr: int | None = None) -> Bins | None\n
Returns: chain or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcachebins","title":"tcachebins","text":"tcachebins(tcache_addr: int | None = None) -> Bins | None\n
Returns: tuple(chain, count) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.check_chain_corrupted","title":"check_chain_corrupted","text":"check_chain_corrupted(chain_fd: list[int], chain_bk: list[int]) -> bool\n
Checks if the doubly linked list (of a {unsorted, small, large} bin) defined by chain_fd, chain_bk is corrupted.
Even if the chains do not cover the whole bin, they still are expected to be of the same length.
Returns True if the bin is certainly corrupted, otherwise False.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.bin_at","title":"bin_at","text":"bin_at(\n index: int, arena_addr: int | None = None\n) -> tuple[list[int], list[int], bool] | None\n
Modeled after glibc's bin_at function - so starts indexing from 1 https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/eglibc/trusty-security/view/head:/malloc/malloc.c#L1394
bin_at(1) returns the unsorted bin
Bin 1 - Unsorted BiN Bin 2 to 63 - Smallbins Bin 64 to 126 - Largebins
Returns: tuple(chain_from_bin_fd, chain_from_bin_bk, is_chain_corrupted) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.unsortedbin","title":"unsortedbin","text":"unsortedbin(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.smallbins","title":"smallbins","text":"smallbins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebins","title":"largebins","text":"largebins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index_32","title":"largebin_index_32","text":"largebin_index_32(sz: int) -> int\n
Modeled on the GLIBC malloc largebin_index_32 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1414
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index_32_big","title":"largebin_index_32_big","text":"largebin_index_32_big(sz: int) -> int\n
Modeled on the GLIBC malloc largebin_index_32_big macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1422
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index_64","title":"largebin_index_64","text":"largebin_index_64(sz: int) -> int\n
Modeled on the GLIBC malloc largebin_index_64 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1433
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index","title":"largebin_index","text":"largebin_index(sz: int)\n
Pick the appropriate largebin_index_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.is_statically_linked","title":"is_statically_linked","text":"is_statically_linked() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.heap_for_ptr","title":"heap_for_ptr","text":"heap_for_ptr(ptr: int) -> int\n
Round a pointer to a chunk down to find its corresponding heap_info struct, the pointer must point inside a heap which does not belong to the main arena.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.fetch_chunk_metadata","title":"fetch_chunk_metadata","text":"fetch_chunk_metadata(\n address: int, include_only_fields: set[ChunkField] | None = None\n)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/","title":"pwndbg.aglib.heap.structs","text":""},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs","title":"structs","text":"Classes:
-
c_pvoid \u2013 Represents a pointer.
-
c_size_t \u2013 Represents a size_t.
-
FakeGDBField \u2013 Fake gdb.Field for compatibility
-
CStruct2GDB \u2013 -
c_malloc_state_2_26 \u2013 This class represents malloc_state struct for GLIBC < 2.27 as a ctypes struct.
-
c_malloc_state_2_12 \u2013 This class represents malloc_state struct for GLIBC < 2.22 as a ctypes struct.
-
c_malloc_state_2_27 \u2013 This class represents malloc_state struct for GLIBC >= 2.27 as a ctypes struct.
-
MallocState \u2013 This class represents malloc_state struct with interface compatible with pwndbg.dbg_mod.Value.
-
c_heap_info \u2013 This class represents heap_info struct as a ctypes struct.
-
HeapInfo \u2013 This class represents heap_info struct with interface compatible with pwndbg.dbg_mod.Value.
-
c_malloc_chunk \u2013 This class represents malloc_chunk struct as a ctypes struct.
-
MallocChunk \u2013 This class represents malloc_chunk struct with interface compatible with pwndbg.dbg_mod.Value.
-
c_tcache_perthread_struct_2_29 \u2013 This class represents tcache_perthread_struct for GLIBC < 2.30 as a ctypes struct.
-
c_tcache_perthread_struct_2_30 \u2013 This class represents the tcache_perthread_struct for GLIBC >= 2.30 as a ctypes struct.
-
TcachePerthreadStruct \u2013 This class represents tcache_perthread_struct with interface compatible with pwndbg.dbg_mod.Value.
-
c_tcache_entry_2_28 \u2013 This class represents the tcache_entry struct for GLIBC < 2.29 as a ctypes struct.
-
c_tcache_entry_2_29 \u2013 This class represents the tcache_entry struct for GLIBC >= 2.29 as a ctypes struct.
-
TcacheEntry \u2013 This class represents the tcache_entry struct with interface compatible with pwndbg.dbg_mod.Value.
-
c_malloc_par_2_23 \u2013 This class represents the malloc_par struct for GLIBC < 2.24 as a ctypes struct.
-
c_malloc_par_2_12 \u2013 This class represents the malloc_par struct for GLIBC < 2.15 as a ctypes struct.
-
c_malloc_par_2_24 \u2013 This class represents the malloc_par struct for GLIBC >= 2.24 as a ctypes struct.
-
c_malloc_par_2_26 \u2013 This class represents the malloc_par struct for GLIBC >= 2.26 as a ctypes struct.
-
c_malloc_par_2_35 \u2013 This class represents the malloc_par struct for GLIBC >= 2.35 as a ctypes struct.
-
MallocPar \u2013 This class represents the malloc_par struct with interface compatible with pwndbg.dbg_mod.Value.
Functions:
-
request2size \u2013 -
fastbin_index \u2013
Attributes:
-
GLIBC_VERSION \u2013 -
SIZE_SZ \u2013 -
MINSIZE \u2013 -
MALLOC_ALIGN \u2013 -
long_double_alignment \u2013 -
MALLOC_ALIGN_MASK \u2013 -
MAX_FAST_SIZE \u2013 -
NBINS \u2013 -
BINMAPSIZE \u2013 -
TCACHE_MAX_BINS \u2013 -
NFASTBINS \u2013 -
PTR \u2013 -
SIZE_T \u2013 -
DEFAULT_TOP_PAD \u2013 -
DEFAULT_MMAP_MAX \u2013 -
DEFAULT_MMAP_THRESHOLD \u2013 -
DEFAULT_TRIM_THRESHOLD \u2013 -
DEFAULT_PAGE_SIZE \u2013 -
TCACHE_FILL_COUNT \u2013 -
C2GDB_MAPPING \u2013 -
DEFAULT_MP_ \u2013
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.GLIBC_VERSION","title":"GLIBC_VERSION module-attribute","text":"GLIBC_VERSION = get_version()\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.SIZE_SZ","title":"SIZE_SZ module-attribute","text":"SIZE_SZ = ptrsize\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MINSIZE","title":"MINSIZE module-attribute","text":"MINSIZE = ptrsize * 4\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MALLOC_ALIGN","title":"MALLOC_ALIGN module-attribute","text":"MALLOC_ALIGN = 16\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.long_double_alignment","title":"long_double_alignment module-attribute","text":"long_double_alignment = alignof\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MALLOC_ALIGN_MASK","title":"MALLOC_ALIGN_MASK module-attribute","text":"MALLOC_ALIGN_MASK = MALLOC_ALIGN - 1\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MAX_FAST_SIZE","title":"MAX_FAST_SIZE module-attribute","text":"MAX_FAST_SIZE = 80 * SIZE_SZ // 4\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.NBINS","title":"NBINS module-attribute","text":"NBINS = 128\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.BINMAPSIZE","title":"BINMAPSIZE module-attribute","text":"BINMAPSIZE = 4\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TCACHE_MAX_BINS","title":"TCACHE_MAX_BINS module-attribute","text":"TCACHE_MAX_BINS = 64\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.NFASTBINS","title":"NFASTBINS module-attribute","text":"NFASTBINS = fastbin_index(request2size(MAX_FAST_SIZE)) + 1\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.PTR","title":"PTR module-attribute","text":"PTR = c_uint32\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.SIZE_T","title":"SIZE_T module-attribute","text":"SIZE_T = c_uint32\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_TOP_PAD","title":"DEFAULT_TOP_PAD module-attribute","text":"DEFAULT_TOP_PAD = 131072\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_MMAP_MAX","title":"DEFAULT_MMAP_MAX module-attribute","text":"DEFAULT_MMAP_MAX = 65536\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_MMAP_THRESHOLD","title":"DEFAULT_MMAP_THRESHOLD module-attribute","text":"DEFAULT_MMAP_THRESHOLD = 128 * 1024\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_TRIM_THRESHOLD","title":"DEFAULT_TRIM_THRESHOLD module-attribute","text":"DEFAULT_TRIM_THRESHOLD = 128 * 1024\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_PAGE_SIZE","title":"DEFAULT_PAGE_SIZE module-attribute","text":"DEFAULT_PAGE_SIZE = 4096\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TCACHE_FILL_COUNT","title":"TCACHE_FILL_COUNT module-attribute","text":"TCACHE_FILL_COUNT = 7\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.C2GDB_MAPPING","title":"C2GDB_MAPPING module-attribute","text":"C2GDB_MAPPING = {\n c_char: char,\n c_int8: int8,\n c_int16: int16,\n c_int32: int32,\n c_int64: int64,\n c_uint8: uint8,\n c_uint16: uint16,\n c_uint32: uint32,\n c_uint64: uint64,\n c_pvoid: pvoid,\n c_size_t: size_t,\n}\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_MP_","title":"DEFAULT_MP_ module-attribute","text":"DEFAULT_MP_ = _c_struct()\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_pvoid","title":"c_pvoid","text":" Bases: PTR
Represents a pointer.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_size_t","title":"c_size_t","text":" Bases: SIZE_T
Represents a size_t.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField","title":"FakeGDBField","text":"FakeGDBField(\n bitpos: int,\n name: str | None,\n type,\n parent_type,\n enumval: int | None = None,\n artificial: bool = False,\n is_base_class: bool = False,\n bitsize: int = 0,\n)\n
Fake gdb.Field for compatibility
Attributes:
-
bitpos \u2013 -
name \u2013 -
type \u2013 -
parent_type \u2013 -
enumval \u2013 -
artificial \u2013 -
is_base_class \u2013 -
bitsize \u2013
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.bitpos","title":"bitpos instance-attribute","text":"bitpos = bitpos\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.name","title":"name instance-attribute","text":"name = name\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.type","title":"type instance-attribute","text":"type = type\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.parent_type","title":"parent_type instance-attribute","text":"parent_type = parent_type\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.enumval","title":"enumval instance-attribute","text":"enumval = enumval\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.artificial","title":"artificial instance-attribute","text":"artificial = artificial\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.is_base_class","title":"is_base_class instance-attribute","text":"is_base_class = is_base_class\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.bitsize","title":"bitsize instance-attribute","text":"bitsize = bitsize\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB","title":"CStruct2GDB","text":"CStruct2GDB(address: int)\n
Methods:
-
__int__ \u2013 Returns the address of the C struct.
-
__getitem__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__getattr__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__eq__ \u2013 -
value_to_human_readable \u2013 Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
-
read_field \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
unqualified \u2013 Returns cls to make it compatible with the gdb.types.has_field() interface.
-
fields \u2013 Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
keys \u2013 Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
get_field_address \u2013 Returns the address of the specified field.
-
get_field_offset \u2013 Returns the offset of the specified field.
-
items \u2013 Returns a tuple of (field name, field value) pairs.
-
has_field \u2013 Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
Attributes:
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.code","title":"code class-attribute instance-attribute","text":"code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.address","title":"address instance-attribute","text":"address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.type","title":"type property","text":"type\n
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__int__","title":"__int__","text":"__int__() -> int\n
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__getattr__","title":"__getattr__","text":"__getattr__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__eq__","title":"__eq__","text":"__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.value_to_human_readable","title":"value_to_human_readable","text":"value_to_human_readable() -> str\n
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.read_field","title":"read_field","text":"read_field(field: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.unqualified","title":"unqualified classmethod","text":"unqualified()\n
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.fields","title":"fields classmethod","text":"fields() -> list[FakeGDBField]\n
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.keys","title":"keys classmethod","text":"keys() -> list[str]\n
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.get_field_address","title":"get_field_address","text":"get_field_address(field: str) -> int\n
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.get_field_offset","title":"get_field_offset classmethod","text":"get_field_offset(field: str) -> int\n
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\n
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.has_field","title":"has_field classmethod","text":"has_field(field: str) -> bool\n
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_26","title":"c_malloc_state_2_26","text":" Bases: Structure
This class represents malloc_state struct for GLIBC < 2.27 as a ctypes struct.
https://github.com/bminor/glibc/blob/1c9a5c270d8b66f30dcfaf1cb2d6cf39d3e18369/malloc/malloc.c#L1678-L1716
struct malloc_state { /* Serialize access. */ __libc_lock_define (, mutex);
/* Flags (formerly in max_fast). */\nint flags;\n\n/* Fastbins */\nmfastbinptr fastbinsY[NFASTBINS];\n\n/* Base of the topmost chunk -- not otherwise kept in a bin */\nmchunkptr top;\n\n/* The remainder from the most recent split of a small request */\nmchunkptr last_remainder;\n\n/* Normal bins packed as described above */\nmchunkptr bins[NBINS * 2 - 2];\n\n/* Bitmap of bins */\nunsigned int binmap[BINMAPSIZE];\n\n/* Linked list */\nstruct malloc_state *next;\n\n/* Linked list for free arenas. Access to this field is serialized\n by free_list_lock in arena.c. */\nstruct malloc_state *next_free;\n\n/* Number of threads attached to this arena. 0 if the arena is on\n the free list. Access to this field is serialized by\n free_list_lock in arena.c. */\nINTERNAL_SIZE_T attached_threads;\n\n/* Memory allocated from the system in this arena. */\nINTERNAL_SIZE_T system_mem;\nINTERNAL_SIZE_T max_system_mem;\n
};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12","title":"c_malloc_state_2_12","text":" Bases: Structure
This class represents malloc_state struct for GLIBC < 2.22 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.12/malloc/malloc.c#L2362-L2400
struct malloc_state { /* Serialize access. */ mutex_t mutex;
/* Flags (formerly in max_fast). */ int flags;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--if-thread_stats","title":"if THREAD_STATS","text":"/* Statistics for locking. Only used if THREAD_STATS is defined. */ long stat_lock_direct, stat_lock_loop, stat_lock_wait;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--endif","title":"endif","text":"/* Fastbins */ mfastbinptr fastbinsY[NFASTBINS];
/* Base of the topmost chunk -- not otherwise kept in a bin */ mchunkptr top;
/* The remainder from the most recent split of a small request */ mchunkptr last_remainder;
/* Normal bins packed as described above */ mchunkptr bins[NBINS * 2 - 2];
/* Bitmap of bins */ unsigned int binmap[BINMAPSIZE];
/* Linked list */ struct malloc_state *next;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--ifdef-per_thread","title":"ifdef PER_THREAD","text":"/* Linked list for free arenas. */ struct malloc_state *next_free;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--endif_1","title":"endif","text":"/* Memory allocated from the system in this arena. */ INTERNAL_SIZE_T system_mem; INTERNAL_SIZE_T max_system_mem; };
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_27","title":"c_malloc_state_2_27","text":" Bases: Structure
This class represents malloc_state struct for GLIBC >= 2.27 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L1831
struct malloc_state { /* Serialize access. */ __libc_lock_define (, mutex);
/* Flags (formerly in max_fast). */\nint flags;\n\n/* Set if the fastbin chunks contain recently inserted free blocks. */\n/* Note this is a bool but not all targets support atomics on booleans. */\nint have_fastchunks;\n\n/* Fastbins */\nmfastbinptr fastbinsY[NFASTBINS];\n\n/* Base of the topmost chunk -- not otherwise kept in a bin */\nmchunkptr top;\n\n/* The remainder from the most recent split of a small request */\nmchunkptr last_remainder;\n\n/* Normal bins packed as described above */\nmchunkptr bins[NBINS * 2 - 2];\n\n/* Bitmap of bins */\nunsigned int binmap[BINMAPSIZE];\n\n/* Linked list */\nstruct malloc_state *next;\n\n/* Linked list for free arenas. Access to this field is serialized\n by free_list_lock in arena.c. */\nstruct malloc_state *next_free;\n\n/* Number of threads attached to this arena. 0 if the arena is on\n the free list. Access to this field is serialized by\n free_list_lock in arena.c. */\nINTERNAL_SIZE_T attached_threads;\n\n/* Memory allocated from the system in this arena. */\nINTERNAL_SIZE_T system_mem;\nINTERNAL_SIZE_T max_system_mem;\n
};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState","title":"MallocState","text":"MallocState(address: int)\n
Bases: CStruct2GDB
This class represents malloc_state struct with interface compatible with pwndbg.dbg_mod.Value.
Methods:
-
__int__ \u2013 Returns the address of the C struct.
-
__getitem__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__getattr__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__eq__ \u2013 -
value_to_human_readable \u2013 Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
-
read_field \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
unqualified \u2013 Returns cls to make it compatible with the gdb.types.has_field() interface.
-
fields \u2013 Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
keys \u2013 Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
get_field_address \u2013 Returns the address of the specified field.
-
get_field_offset \u2013 Returns the offset of the specified field.
-
items \u2013 Returns a tuple of (field name, field value) pairs.
-
has_field \u2013 Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
Attributes:
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.sizeof","title":"sizeof class-attribute instance-attribute","text":"sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.code","title":"code class-attribute instance-attribute","text":"code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.address","title":"address instance-attribute","text":"address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.type","title":"type property","text":"type\n
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__int__","title":"__int__","text":"__int__() -> int\n
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__getattr__","title":"__getattr__","text":"__getattr__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__eq__","title":"__eq__","text":"__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.value_to_human_readable","title":"value_to_human_readable","text":"value_to_human_readable() -> str\n
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.read_field","title":"read_field","text":"read_field(field: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.unqualified","title":"unqualified classmethod","text":"unqualified()\n
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.fields","title":"fields classmethod","text":"fields() -> list[FakeGDBField]\n
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.keys","title":"keys classmethod","text":"keys() -> list[str]\n
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.get_field_address","title":"get_field_address","text":"get_field_address(field: str) -> int\n
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.get_field_offset","title":"get_field_offset classmethod","text":"get_field_offset(field: str) -> int\n
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\n
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.has_field","title":"has_field classmethod","text":"has_field(field: str) -> bool\n
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_heap_info","title":"c_heap_info","text":" Bases: Structure
This class represents heap_info struct as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/arena.c#L53
typedef struct _heap_info { mstate ar_ptr; /* Arena for this heap. / struct _heap_info *prev; / Previous heap. / size_t size; / Current size in bytes. / size_t mprotect_size; / Size in bytes that has been mprotected PROT_READ|PROT_WRITE. / / Make sure the following data is properly aligned, particularly that sizeof (heap_info) + 2 * SIZE_SZ is a multiple of MALLOC_ALIGNMENT. */ char pad[-6 * SIZE_SZ & MALLOC_ALIGN_MASK]; } heap_info;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo","title":"HeapInfo","text":"HeapInfo(address: int)\n
Bases: CStruct2GDB
This class represents heap_info struct with interface compatible with pwndbg.dbg_mod.Value.
Methods:
-
__int__ \u2013 Returns the address of the C struct.
-
__getitem__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__getattr__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__eq__ \u2013 -
value_to_human_readable \u2013 Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
-
read_field \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
unqualified \u2013 Returns cls to make it compatible with the gdb.types.has_field() interface.
-
fields \u2013 Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
keys \u2013 Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
get_field_address \u2013 Returns the address of the specified field.
-
get_field_offset \u2013 Returns the offset of the specified field.
-
items \u2013 Returns a tuple of (field name, field value) pairs.
-
has_field \u2013 Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
Attributes:
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.sizeof","title":"sizeof class-attribute instance-attribute","text":"sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.code","title":"code class-attribute instance-attribute","text":"code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.address","title":"address instance-attribute","text":"address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.type","title":"type property","text":"type\n
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__int__","title":"__int__","text":"__int__() -> int\n
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__getattr__","title":"__getattr__","text":"__getattr__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__eq__","title":"__eq__","text":"__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.value_to_human_readable","title":"value_to_human_readable","text":"value_to_human_readable() -> str\n
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.read_field","title":"read_field","text":"read_field(field: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.unqualified","title":"unqualified classmethod","text":"unqualified()\n
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.fields","title":"fields classmethod","text":"fields() -> list[FakeGDBField]\n
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.keys","title":"keys classmethod","text":"keys() -> list[str]\n
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.get_field_address","title":"get_field_address","text":"get_field_address(field: str) -> int\n
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.get_field_offset","title":"get_field_offset classmethod","text":"get_field_offset(field: str) -> int\n
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\n
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.has_field","title":"has_field classmethod","text":"has_field(field: str) -> bool\n
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_chunk","title":"c_malloc_chunk","text":" Bases: Structure
This class represents malloc_chunk struct as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L1154
struct malloc_chunk {
INTERNAL_SIZE_T mchunk_prev_size; /* Size of previous chunk (if free). */\nINTERNAL_SIZE_T mchunk_size; /* Size in bytes, including overhead. */\n\nstruct malloc_chunk* fd; /* double links -- used only if free. */\nstruct malloc_chunk* bk;\n\n/* Only used for large blocks: pointer to next larger size. */\nstruct malloc_chunk* fd_nextsize; /* double links -- used only if free. */\nstruct malloc_chunk* bk_nextsize;\n
};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk","title":"MallocChunk","text":"MallocChunk(address: int)\n
Bases: CStruct2GDB
This class represents malloc_chunk struct with interface compatible with pwndbg.dbg_mod.Value.
Methods:
-
__int__ \u2013 Returns the address of the C struct.
-
__getitem__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__getattr__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__eq__ \u2013 -
value_to_human_readable \u2013 Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
-
read_field \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
unqualified \u2013 Returns cls to make it compatible with the gdb.types.has_field() interface.
-
fields \u2013 Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
keys \u2013 Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
get_field_address \u2013 Returns the address of the specified field.
-
get_field_offset \u2013 Returns the offset of the specified field.
-
items \u2013 Returns a tuple of (field name, field value) pairs.
-
has_field \u2013 Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
Attributes:
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.sizeof","title":"sizeof class-attribute instance-attribute","text":"sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.code","title":"code class-attribute instance-attribute","text":"code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.address","title":"address instance-attribute","text":"address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.type","title":"type property","text":"type\n
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__int__","title":"__int__","text":"__int__() -> int\n
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__getattr__","title":"__getattr__","text":"__getattr__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__eq__","title":"__eq__","text":"__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.value_to_human_readable","title":"value_to_human_readable","text":"value_to_human_readable() -> str\n
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.read_field","title":"read_field","text":"read_field(field: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.unqualified","title":"unqualified classmethod","text":"unqualified()\n
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.fields","title":"fields classmethod","text":"fields() -> list[FakeGDBField]\n
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.keys","title":"keys classmethod","text":"keys() -> list[str]\n
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.get_field_address","title":"get_field_address","text":"get_field_address(field: str) -> int\n
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.get_field_offset","title":"get_field_offset classmethod","text":"get_field_offset(field: str) -> int\n
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\n
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.has_field","title":"has_field classmethod","text":"has_field(field: str) -> bool\n
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_perthread_struct_2_29","title":"c_tcache_perthread_struct_2_29","text":" Bases: Structure
This class represents tcache_perthread_struct for GLIBC < 2.30 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.29/malloc/malloc.c#L2916
typedef struct tcache_perthread_struct { char counts[TCACHE_MAX_BINS]; tcache_entry *entries[TCACHE_MAX_BINS]; } tcache_perthread_struct;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_perthread_struct_2_30","title":"c_tcache_perthread_struct_2_30","text":" Bases: Structure
This class represents the tcache_perthread_struct for GLIBC >= 2.30 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L3025
typedef struct tcache_perthread_struct { uint16_t counts[TCACHE_MAX_BINS]; tcache_entry *entries[TCACHE_MAX_BINS]; } tcache_perthread_struct;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct","title":"TcachePerthreadStruct","text":"TcachePerthreadStruct(address: int)\n
Bases: CStruct2GDB
This class represents tcache_perthread_struct with interface compatible with pwndbg.dbg_mod.Value.
Methods:
-
__int__ \u2013 Returns the address of the C struct.
-
__getitem__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__getattr__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__eq__ \u2013 -
value_to_human_readable \u2013 Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
-
read_field \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
unqualified \u2013 Returns cls to make it compatible with the gdb.types.has_field() interface.
-
fields \u2013 Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
keys \u2013 Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
get_field_address \u2013 Returns the address of the specified field.
-
get_field_offset \u2013 Returns the offset of the specified field.
-
items \u2013 Returns a tuple of (field name, field value) pairs.
-
has_field \u2013 Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
Attributes:
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.sizeof","title":"sizeof class-attribute instance-attribute","text":"sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.code","title":"code class-attribute instance-attribute","text":"code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.address","title":"address instance-attribute","text":"address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.type","title":"type property","text":"type\n
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__int__","title":"__int__","text":"__int__() -> int\n
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__getattr__","title":"__getattr__","text":"__getattr__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__eq__","title":"__eq__","text":"__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.value_to_human_readable","title":"value_to_human_readable","text":"value_to_human_readable() -> str\n
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.read_field","title":"read_field","text":"read_field(field: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.unqualified","title":"unqualified classmethod","text":"unqualified()\n
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.fields","title":"fields classmethod","text":"fields() -> list[FakeGDBField]\n
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.keys","title":"keys classmethod","text":"keys() -> list[str]\n
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.get_field_address","title":"get_field_address","text":"get_field_address(field: str) -> int\n
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.get_field_offset","title":"get_field_offset classmethod","text":"get_field_offset(field: str) -> int\n
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\n
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.has_field","title":"has_field classmethod","text":"has_field(field: str) -> bool\n
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_entry_2_28","title":"c_tcache_entry_2_28","text":" Bases: Structure
This class represents the tcache_entry struct for GLIBC < 2.29 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.28/malloc/malloc.c#L2888
typedef struct tcache_entry { struct tcache_entry *next; } tcache_entry;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_entry_2_29","title":"c_tcache_entry_2_29","text":" Bases: Structure
This class represents the tcache_entry struct for GLIBC >= 2.29 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L3013
typedef struct tcache_entry { struct tcache_entry next; / This field exists to detect double frees. */ uintptr_t key; } tcache_entry;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry","title":"TcacheEntry","text":"TcacheEntry(address: int)\n
Bases: CStruct2GDB
This class represents the tcache_entry struct with interface compatible with pwndbg.dbg_mod.Value.
Methods:
-
__int__ \u2013 Returns the address of the C struct.
-
__getitem__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__getattr__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__eq__ \u2013 -
value_to_human_readable \u2013 Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
-
read_field \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
unqualified \u2013 Returns cls to make it compatible with the gdb.types.has_field() interface.
-
fields \u2013 Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
keys \u2013 Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
get_field_address \u2013 Returns the address of the specified field.
-
get_field_offset \u2013 Returns the offset of the specified field.
-
items \u2013 Returns a tuple of (field name, field value) pairs.
-
has_field \u2013 Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
Attributes:
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.sizeof","title":"sizeof class-attribute instance-attribute","text":"sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.code","title":"code class-attribute instance-attribute","text":"code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.address","title":"address instance-attribute","text":"address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.type","title":"type property","text":"type\n
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__int__","title":"__int__","text":"__int__() -> int\n
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__getattr__","title":"__getattr__","text":"__getattr__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__eq__","title":"__eq__","text":"__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.value_to_human_readable","title":"value_to_human_readable","text":"value_to_human_readable() -> str\n
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.read_field","title":"read_field","text":"read_field(field: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.unqualified","title":"unqualified classmethod","text":"unqualified()\n
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.fields","title":"fields classmethod","text":"fields() -> list[FakeGDBField]\n
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.keys","title":"keys classmethod","text":"keys() -> list[str]\n
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.get_field_address","title":"get_field_address","text":"get_field_address(field: str) -> int\n
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.get_field_offset","title":"get_field_offset classmethod","text":"get_field_offset(field: str) -> int\n
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\n
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.has_field","title":"has_field classmethod","text":"has_field(field: str) -> bool\n
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_23","title":"c_malloc_par_2_23","text":" Bases: Structure
This class represents the malloc_par struct for GLIBC < 2.24 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.23/malloc/malloc.c#L1726
struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold; INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;
/* Memory map support / int n_mmaps; int n_mmaps_max; int max_n_mmaps; / the mmap_threshold is dynamic, until the user sets it manually, at which point we need to disable any dynamic behavior. */ int no_dyn_threshold;
/* Statistics / INTERNAL_SIZE_T mmapped_mem; /*INTERNAL_SIZE_T sbrked_mem;/ /INTERNAL_SIZE_T max_sbrked_mem;/ INTERNAL_SIZE_T max_mmapped_mem; INTERNAL_SIZE_T max_total_mem; /* only kept for NO_THREADS */
/* First address handed out by MORECORE/sbrk. */ char *sbrk_base; };
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_12","title":"c_malloc_par_2_12","text":" Bases: Structure
This class represents the malloc_par struct for GLIBC < 2.15 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.12/malloc/malloc.c#L2402-L2433
struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_12--ifdef-per_thread","title":"ifdef PER_THREAD","text":"INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_12--endif","title":"endif","text":"/* Memory map support / int n_mmaps; int n_mmaps_max; int max_n_mmaps; / the mmap_threshold is dynamic, until the user sets it manually, at which point we need to disable any dynamic behavior. */ int no_dyn_threshold;
/* Cache malloc_getpagesize */ unsigned int pagesize;
/* Statistics / INTERNAL_SIZE_T mmapped_mem; /*INTERNAL_SIZE_T sbrked_mem;/ /INTERNAL_SIZE_T max_sbrked_mem;/ INTERNAL_SIZE_T max_mmapped_mem; INTERNAL_SIZE_T max_total_mem; /* only kept for NO_THREADS */
/* First address handed out by MORECORE/sbrk. / char sbrk_base; };
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_24","title":"c_malloc_par_2_24","text":" Bases: Structure
This class represents the malloc_par struct for GLIBC >= 2.24 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.25/malloc/malloc.c#L1690 https://github.com/bminor/glibc/blob/glibc-2.24/malloc/malloc.c#L1719
struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold; INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;
/* Memory map support */\nint n_mmaps;\nint n_mmaps_max;\nint max_n_mmaps;\n/* the mmap_threshold is dynamic, until the user sets\n it manually, at which point we need to disable any\n dynamic behavior. */\nint no_dyn_threshold;\n\n/* Statistics */\nINTERNAL_SIZE_T mmapped_mem;\nINTERNAL_SIZE_T max_mmapped_mem;\n\n/* First address handed out by MORECORE/sbrk. */\nchar *sbrk_base;\n
};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_26","title":"c_malloc_par_2_26","text":" Bases: Structure
This class represents the malloc_par struct for GLIBC >= 2.26 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L1875
struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold; INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;
/* Memory map support */\nint n_mmaps;\nint n_mmaps_max;\nint max_n_mmaps;\n/* the mmap_threshold is dynamic, until the user sets\n it manually, at which point we need to disable any\n dynamic behavior. */\nint no_dyn_threshold;\n\n/* Statistics */\nINTERNAL_SIZE_T mmapped_mem;\nINTERNAL_SIZE_T max_mmapped_mem;\n\n/* First address handed out by MORECORE/sbrk. */\nchar *sbrk_base;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_26--if-use_tcache","title":"if USE_TCACHE","text":"/* Maximum number of buckets to use. */\nsize_t tcache_bins;\nsize_t tcache_max_bytes;\n/* Maximum number of chunks in each bucket. */\nsize_t tcache_count;\n/* Maximum number of chunks to remove from the unsorted list, which\n aren't used to prefill the cache. */\nsize_t tcache_unsorted_limit;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_26--endif","title":"endif","text":"};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35","title":"c_malloc_par_2_35","text":" Bases: Structure
This class represents the malloc_par struct for GLIBC >= 2.35 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.35/malloc/malloc.c#L1874
struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold; INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--if-have_tunables","title":"if HAVE_TUNABLES","text":"/* Transparent Large Page support. */\nINTERNAL_SIZE_T thp_pagesize;\n/* A value different than 0 means to align mmap allocation to hp_pagesize\n add hp_flags on flags. */\nINTERNAL_SIZE_T hp_pagesize;\nint hp_flags;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--endif","title":"endif","text":"/* Memory map support */\nint n_mmaps;\nint n_mmaps_max;\nint max_n_mmaps;\n/* the mmap_threshold is dynamic, until the user sets\n it manually, at which point we need to disable any\n dynamic behavior. */\nint no_dyn_threshold;\n\n/* Statistics */\nINTERNAL_SIZE_T mmapped_mem;\nINTERNAL_SIZE_T max_mmapped_mem;\n\n/* First address handed out by MORECORE/sbrk. */\nchar *sbrk_base;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--if-use_tcache","title":"if USE_TCACHE","text":"/* Maximum number of buckets to use. */\nsize_t tcache_bins;\nsize_t tcache_max_bytes;\n/* Maximum number of chunks in each bucket. */\nsize_t tcache_count;\n/* Maximum number of chunks to remove from the unsorted list, which\n aren't used to prefill the cache. */\nsize_t tcache_unsorted_limit;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--endif_1","title":"endif","text":"};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar","title":"MallocPar","text":"MallocPar(address: int)\n
Bases: CStruct2GDB
This class represents the malloc_par struct with interface compatible with pwndbg.dbg_mod.Value.
Methods:
-
__int__ \u2013 Returns the address of the C struct.
-
__getitem__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__getattr__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__eq__ \u2013 -
value_to_human_readable \u2013 Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
-
read_field \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
unqualified \u2013 Returns cls to make it compatible with the gdb.types.has_field() interface.
-
fields \u2013 Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
keys \u2013 Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
get_field_address \u2013 Returns the address of the specified field.
-
get_field_offset \u2013 Returns the offset of the specified field.
-
items \u2013 Returns a tuple of (field name, field value) pairs.
-
has_field \u2013 Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
Attributes:
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.sizeof","title":"sizeof class-attribute instance-attribute","text":"sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.code","title":"code class-attribute instance-attribute","text":"code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.address","title":"address instance-attribute","text":"address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.type","title":"type property","text":"type\n
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__int__","title":"__int__","text":"__int__() -> int\n
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__getattr__","title":"__getattr__","text":"__getattr__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__eq__","title":"__eq__","text":"__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.value_to_human_readable","title":"value_to_human_readable","text":"value_to_human_readable() -> str\n
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.read_field","title":"read_field","text":"read_field(field: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.unqualified","title":"unqualified classmethod","text":"unqualified()\n
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.fields","title":"fields classmethod","text":"fields() -> list[FakeGDBField]\n
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.keys","title":"keys classmethod","text":"keys() -> list[str]\n
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.get_field_address","title":"get_field_address","text":"get_field_address(field: str) -> int\n
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.get_field_offset","title":"get_field_offset classmethod","text":"get_field_offset(field: str) -> int\n
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\n
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.has_field","title":"has_field classmethod","text":"has_field(field: str) -> bool\n
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.request2size","title":"request2size","text":"request2size(req: int) -> int\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.fastbin_index","title":"fastbin_index","text":"fastbin_index(size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/","title":"pwndbg.aglib.kernel","text":""},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel","title":"kernel","text":"Modules:
-
kallsyms \u2013 -
macros \u2013 -
nftables \u2013 -
paging \u2013 -
rbtree \u2013 -
slab \u2013 -
vmmap \u2013
Classes:
-
ArchOps \u2013 -
x86Ops \u2013 -
i386Ops \u2013 -
x86_64Ops \u2013 -
Aarch64Ops \u2013
Functions:
-
BIT \u2013 -
has_debug_syms \u2013 -
requires_kconfig \u2013 -
requires_debug_syms \u2013 -
nproc \u2013 Returns the number of processing units available, similar to nproc(1)
-
npcplist \u2013 returns NR_PCP_LISTS (https://elixir.bootlin.com/linux/v6.13/source/include/linux/mmzone.h#L671)
-
get_first_kernel_ro \u2013 Returns the first kernel mapping which contains the linux_banner
-
load_kconfig \u2013 -
kconfig \u2013 -
kcmdline \u2013 -
kversion \u2013 -
krelease \u2013 -
is_kaslr_enabled \u2013 -
kbase \u2013 -
get_idt_entries \u2013 Retrieves the IDT entries from memory.
-
arch_ops \u2013 -
page_size \u2013 -
per_cpu \u2013 -
virt_to_phys \u2013 -
phys_to_virt \u2013 -
phys_to_pfn \u2013 -
pfn_to_phys \u2013 -
pfn_to_page \u2013 -
page_to_pfn \u2013 -
phys_to_page \u2013 -
page_to_phys \u2013 -
page_to_physmap \u2013 -
virt_to_page \u2013 -
page_to_virt \u2013 -
pfn_to_virt \u2013 -
virt_to_pfn \u2013 -
paging_enabled \u2013 -
num_numa_nodes \u2013 Returns the number of NUMA nodes that are online on the system
Attributes:
-
P \u2013 -
D \u2013 -
T \u2013
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.D","title":"D module-attribute","text":"D = TypeVar('D')\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps","title":"ArchOps","text":" Bases: ABC
Methods:
-
page_size \u2013 -
per_cpu \u2013 -
virt_to_phys \u2013 -
phys_to_virt \u2013 -
phys_to_pfn \u2013 -
pfn_to_phys \u2013 -
pfn_to_page \u2013 -
page_to_pfn \u2013 -
virt_to_pfn \u2013 -
pfn_to_virt \u2013 -
phys_to_page \u2013 -
page_to_phys \u2013 -
page_to_physmap \u2013 -
virt_to_page \u2013 -
page_to_virt \u2013
Attributes:
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_offset","title":"page_offset property","text":"page_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_size","title":"page_size abstractmethod","text":"page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.per_cpu","title":"per_cpu abstractmethod","text":"per_cpu(addr: Value, cpu=None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.virt_to_phys","title":"virt_to_phys abstractmethod","text":"virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.phys_to_virt","title":"phys_to_virt abstractmethod","text":"phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.phys_to_pfn","title":"phys_to_pfn abstractmethod","text":"phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.pfn_to_phys","title":"pfn_to_phys abstractmethod","text":"pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.pfn_to_page","title":"pfn_to_page abstractmethod","text":"pfn_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_to_pfn","title":"page_to_pfn abstractmethod","text":"page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.virt_to_pfn","title":"virt_to_pfn","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.pfn_to_virt","title":"pfn_to_virt","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.phys_to_page","title":"phys_to_page","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_to_phys","title":"page_to_phys","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_to_physmap","title":"page_to_physmap","text":"page_to_physmap(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.virt_to_page","title":"virt_to_page","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_to_virt","title":"page_to_virt","text":"page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops","title":"x86Ops","text":" Bases: ArchOps
Methods:
-
page_size \u2013 -
phys_to_virt \u2013 -
phys_to_pfn \u2013 -
pfn_to_phys \u2013 -
paging_enabled \u2013 -
per_cpu \u2013 -
virt_to_phys \u2013 -
pfn_to_page \u2013 -
page_to_pfn \u2013 -
virt_to_pfn \u2013 -
pfn_to_virt \u2013 -
phys_to_page \u2013 -
page_to_phys \u2013 -
page_to_physmap \u2013 -
virt_to_page \u2013 -
page_to_virt \u2013
Attributes:
-
ptr_size (int) \u2013 -
page_shift (int) \u2013 -
page_offset (int) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.ptr_size","title":"ptr_size abstractmethod property","text":"ptr_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_shift","title":"page_shift abstractmethod property","text":"page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_offset","title":"page_offset abstractmethod property","text":"page_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_size","title":"page_size","text":"page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.phys_to_virt","title":"phys_to_virt","text":"phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.phys_to_pfn","title":"phys_to_pfn","text":"phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.pfn_to_phys","title":"pfn_to_phys","text":"pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.paging_enabled","title":"paging_enabled staticmethod","text":"paging_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.per_cpu","title":"per_cpu abstractmethod","text":"per_cpu(addr: Value, cpu=None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.virt_to_phys","title":"virt_to_phys abstractmethod","text":"virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.pfn_to_page","title":"pfn_to_page abstractmethod","text":"pfn_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_to_pfn","title":"page_to_pfn abstractmethod","text":"page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.virt_to_pfn","title":"virt_to_pfn","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.pfn_to_virt","title":"pfn_to_virt","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.phys_to_page","title":"phys_to_page","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_to_phys","title":"page_to_phys","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_to_physmap","title":"page_to_physmap","text":"page_to_physmap(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.virt_to_page","title":"virt_to_page","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_to_virt","title":"page_to_virt","text":"page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops","title":"i386Ops","text":"i386Ops()\n
Bases: x86Ops
Methods:
-
virt_to_phys \u2013 -
per_cpu \u2013 -
pfn_to_page \u2013 -
page_to_pfn \u2013 -
page_size \u2013 -
phys_to_virt \u2013 -
phys_to_pfn \u2013 -
pfn_to_phys \u2013 -
virt_to_pfn \u2013 -
pfn_to_virt \u2013 -
phys_to_page \u2013 -
page_to_phys \u2013 -
page_to_physmap \u2013 -
virt_to_page \u2013 -
page_to_virt \u2013 -
paging_enabled \u2013
Attributes:
-
START_KERNEL_map \u2013 -
ptr_size (int) \u2013 -
page_offset (int) \u2013 -
page_shift (int) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.START_KERNEL_map","title":"START_KERNEL_map instance-attribute","text":"START_KERNEL_map = _PAGE_OFFSET\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.ptr_size","title":"ptr_size property","text":"ptr_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_offset","title":"page_offset property","text":"page_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_shift","title":"page_shift property","text":"page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.virt_to_phys","title":"virt_to_phys","text":"virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.per_cpu","title":"per_cpu","text":"per_cpu(addr: Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.pfn_to_page","title":"pfn_to_page","text":"pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_to_pfn","title":"page_to_pfn","text":"page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_size","title":"page_size","text":"page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.phys_to_virt","title":"phys_to_virt","text":"phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.phys_to_pfn","title":"phys_to_pfn","text":"phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.pfn_to_phys","title":"pfn_to_phys","text":"pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.virt_to_pfn","title":"virt_to_pfn","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.pfn_to_virt","title":"pfn_to_virt","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.phys_to_page","title":"phys_to_page","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_to_phys","title":"page_to_phys","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_to_physmap","title":"page_to_physmap","text":"page_to_physmap(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.virt_to_page","title":"virt_to_page","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_to_virt","title":"page_to_virt","text":"page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.paging_enabled","title":"paging_enabled staticmethod","text":"paging_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops","title":"x86_64Ops","text":"x86_64Ops()\n
Bases: x86Ops
Methods:
-
per_cpu \u2013 -
virt_to_phys \u2013 -
pfn_to_page \u2013 -
page_to_pfn \u2013 -
cpu_feature_capability \u2013 -
uses_5lvl_paging \u2013 -
page_size \u2013 -
phys_to_virt \u2013 -
phys_to_pfn \u2013 -
pfn_to_phys \u2013 -
virt_to_pfn \u2013 -
pfn_to_virt \u2013 -
phys_to_page \u2013 -
page_to_phys \u2013 -
page_to_physmap \u2013 -
virt_to_page \u2013 -
page_to_virt \u2013 -
paging_enabled \u2013
Attributes:
-
STRUCT_PAGE_SIZE \u2013 -
STRUCT_PAGE_SHIFT \u2013 -
phys_base \u2013 -
START_KERNEL_map \u2013 -
VMEMMAP_START \u2013 -
ptr_size (int) \u2013 -
page_offset (int) \u2013 -
page_shift (int) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.STRUCT_PAGE_SIZE","title":"STRUCT_PAGE_SIZE instance-attribute","text":"STRUCT_PAGE_SIZE = sizeof\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFT instance-attribute","text":"STRUCT_PAGE_SHIFT = int(log2(STRUCT_PAGE_SIZE))\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_base","title":"phys_base instance-attribute","text":"phys_base = 16777216\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.START_KERNEL_map","title":"START_KERNEL_map instance-attribute","text":"START_KERNEL_map = kbase()\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.VMEMMAP_START","title":"VMEMMAP_START instance-attribute","text":"VMEMMAP_START = lookup_symbol_value('vmemmap_base')\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.ptr_size","title":"ptr_size property","text":"ptr_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_offset","title":"page_offset property","text":"page_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_shift","title":"page_shift property","text":"page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.per_cpu","title":"per_cpu","text":"per_cpu(addr: Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.virt_to_phys","title":"virt_to_phys","text":"virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.pfn_to_page","title":"pfn_to_page","text":"pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_to_pfn","title":"page_to_pfn","text":"page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.cpu_feature_capability","title":"cpu_feature_capability staticmethod","text":"cpu_feature_capability(feature: int) -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.uses_5lvl_paging","title":"uses_5lvl_paging staticmethod","text":"uses_5lvl_paging() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_size","title":"page_size","text":"page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_to_virt","title":"phys_to_virt","text":"phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_to_pfn","title":"phys_to_pfn","text":"phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.pfn_to_phys","title":"pfn_to_phys","text":"pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.virt_to_pfn","title":"virt_to_pfn","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.pfn_to_virt","title":"pfn_to_virt","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_to_page","title":"phys_to_page","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_to_phys","title":"page_to_phys","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_to_physmap","title":"page_to_physmap","text":"page_to_physmap(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.virt_to_page","title":"virt_to_page","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_to_virt","title":"page_to_virt","text":"page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.paging_enabled","title":"paging_enabled staticmethod","text":"paging_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops","title":"Aarch64Ops","text":"Aarch64Ops()\n
Bases: ArchOps
Methods:
-
page_size \u2013 -
per_cpu \u2013 -
virt_to_phys \u2013 -
phys_to_virt \u2013 -
phys_to_pfn \u2013 -
pfn_to_phys \u2013 -
pfn_to_page \u2013 -
page_to_pfn \u2013 -
paging_enabled \u2013 -
virt_to_pfn \u2013 -
pfn_to_virt \u2013 -
phys_to_page \u2013 -
page_to_phys \u2013 -
page_to_physmap \u2013 -
virt_to_page \u2013 -
page_to_virt \u2013
Attributes:
-
STRUCT_PAGE_SIZE \u2013 -
STRUCT_PAGE_SHIFT \u2013 -
VA_BITS \u2013 -
PAGE_SHIFT \u2013 -
PHYS_OFFSET \u2013 -
PAGE_OFFSET \u2013 -
VMEMMAP_SHIFT \u2013 -
VMEMMAP_START \u2013 -
page_offset (int) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.STRUCT_PAGE_SIZE","title":"STRUCT_PAGE_SIZE instance-attribute","text":"STRUCT_PAGE_SIZE = sizeof\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFT instance-attribute","text":"STRUCT_PAGE_SHIFT = int(log2(STRUCT_PAGE_SIZE))\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.VA_BITS","title":"VA_BITS instance-attribute","text":"VA_BITS = int(kconfig()['ARM64_VA_BITS'])\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.PAGE_SHIFT","title":"PAGE_SHIFT instance-attribute","text":"PAGE_SHIFT = int(kconfig()['CONFIG_ARM64_PAGE_SHIFT'])\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.PHYS_OFFSET","title":"PHYS_OFFSET instance-attribute","text":"PHYS_OFFSET = u(addr)\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.PAGE_OFFSET","title":"PAGE_OFFSET instance-attribute","text":"PAGE_OFFSET = -1 << VA_BITS + 2 ** 64\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.VMEMMAP_SHIFT","title":"VMEMMAP_SHIFT instance-attribute","text":"VMEMMAP_SHIFT = PAGE_SHIFT - STRUCT_PAGE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.VMEMMAP_START","title":"VMEMMAP_START instance-attribute","text":"VMEMMAP_START = -1 << VA_BITS - VMEMMAP_SHIFT % 1 << 64\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_offset","title":"page_offset property","text":"page_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_size","title":"page_size","text":"page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.per_cpu","title":"per_cpu","text":"per_cpu(addr: Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.virt_to_phys","title":"virt_to_phys","text":"virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.phys_to_virt","title":"phys_to_virt","text":"phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.phys_to_pfn","title":"phys_to_pfn","text":"phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.pfn_to_phys","title":"pfn_to_phys","text":"pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.pfn_to_page","title":"pfn_to_page","text":"pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_to_pfn","title":"page_to_pfn","text":"page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.paging_enabled","title":"paging_enabled staticmethod","text":"paging_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.virt_to_pfn","title":"virt_to_pfn","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.pfn_to_virt","title":"pfn_to_virt","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.phys_to_page","title":"phys_to_page","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_to_phys","title":"page_to_phys","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_to_physmap","title":"page_to_physmap","text":"page_to_physmap(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.virt_to_page","title":"virt_to_page","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_to_virt","title":"page_to_virt","text":"page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.BIT","title":"BIT","text":"BIT(shift: int)\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.has_debug_syms","title":"has_debug_syms","text":"has_debug_syms() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.requires_kconfig","title":"requires_kconfig","text":"requires_kconfig(\n default: D = None,\n) -> Callable[[Callable[P, T]], Callable[P, T | D]]\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.requires_debug_syms","title":"requires_debug_syms","text":"requires_debug_syms(\n default: D = None,\n) -> Callable[[Callable[P, T]], Callable[P, T | D]]\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.nproc","title":"nproc","text":"nproc() -> int\n
Returns the number of processing units available, similar to nproc(1)
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.npcplist","title":"npcplist","text":"npcplist() -> int\n
returns NR_PCP_LISTS (https://elixir.bootlin.com/linux/v6.13/source/include/linux/mmzone.h#L671)
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.get_first_kernel_ro","title":"get_first_kernel_ro","text":"get_first_kernel_ro() -> Page | None\n
Returns the first kernel mapping which contains the linux_banner
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.load_kconfig","title":"load_kconfig","text":"load_kconfig() -> Kconfig | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kconfig","title":"kconfig","text":"kconfig() -> Kconfig | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kcmdline","title":"kcmdline","text":"kcmdline() -> str\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kversion","title":"kversion","text":"kversion() -> str\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.krelease","title":"krelease","text":"krelease() -> tuple[int, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.is_kaslr_enabled","title":"is_kaslr_enabled","text":"is_kaslr_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kbase","title":"kbase","text":"kbase() -> int | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.get_idt_entries","title":"get_idt_entries","text":"get_idt_entries() -> list[IDTEntry]\n
Retrieves the IDT entries from memory.
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.arch_ops","title":"arch_ops","text":"arch_ops() -> ArchOps\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_size","title":"page_size","text":"page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.per_cpu","title":"per_cpu","text":"per_cpu(addr: Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.virt_to_phys","title":"virt_to_phys","text":"virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.phys_to_virt","title":"phys_to_virt","text":"phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.phys_to_pfn","title":"phys_to_pfn","text":"phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.pfn_to_phys","title":"pfn_to_phys","text":"pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.pfn_to_page","title":"pfn_to_page","text":"pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_to_pfn","title":"page_to_pfn","text":"page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.phys_to_page","title":"phys_to_page","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_to_phys","title":"page_to_phys","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_to_physmap","title":"page_to_physmap","text":"page_to_physmap(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.virt_to_page","title":"virt_to_page","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_to_virt","title":"page_to_virt","text":"page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.pfn_to_virt","title":"pfn_to_virt","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.virt_to_pfn","title":"virt_to_pfn","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.paging_enabled","title":"paging_enabled","text":"paging_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.num_numa_nodes","title":"num_numa_nodes","text":"num_numa_nodes() -> int\n
Returns the number of NUMA nodes that are online on the system
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/","title":"pwndbg.aglib.kernel.kallsyms","text":""},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms","title":"kallsyms","text":"Classes:
Functions:
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms","title":"Kallsyms","text":"Kallsyms()\n
- linux_banner >= 6.4
- ... <= 6.4
- kallsyms_offsets
- kallsyms_relative_base
- kallsyms_num_syms
- kallsyms_names
- kallsyms_markers
- kallsyms_token_table
- kallsyms_token_index
- kallsyms_offsets >= 6.4
- kallsyms_relative_base >= 6.4
Methods:
-
find_token_table \u2013 This function searches for the kallsyms_token_table structure in the kernel memory.
-
find_token_index \u2013 This function searches for the kallsyms_token_index structure in the kernel memory
-
find_markers \u2013 This function searches for the kallsyms_markers structure in the kernel memory
-
find_num_syms \u2013 This function searches for the kallsyms_num_syms variable in the kernel memory
-
find_offsets \u2013 This function searches for the kallsyms_offsets/kallsyms_addresses table in the kernel memory
-
find_relative_base \u2013 This function searches for the kallsyms_relative_base variable in the kernel memory.
-
find_names \u2013 -
get_kernel_addresses \u2013 -
parse_symbol_table \u2013 -
get_token_table \u2013 -
find_names_uncompressed \u2013 -
find_markers_uncompressed \u2013 This function searches for the kallsyms_markers structure in the kernel memory
Attributes:
-
kallsyms (dict[str, tuple[int, str]]) \u2013 -
kbase \u2013 -
r_base \u2013 -
kernel_ro_mem \u2013 -
kernel_version \u2013 -
is_offsets \u2013 -
rbase_offset \u2013 -
is_big_endian \u2013 -
token_table \u2013 -
is_uncompressed \u2013 -
markers \u2013 -
token_index \u2013 -
num_syms \u2013 -
offsets \u2013 -
names \u2013 -
kernel_addresses \u2013
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kallsyms","title":"kallsyms instance-attribute","text":"kallsyms: dict[str, tuple[int, str]] = {}\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kbase","title":"kbase instance-attribute","text":"kbase = kbase()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.r_base","title":"r_base instance-attribute","text":"r_base = vaddr\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kernel_ro_mem","title":"kernel_ro_mem instance-attribute","text":"kernel_ro_mem = read(vaddr, memsz)\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kernel_version","title":"kernel_version instance-attribute","text":"kernel_version = krelease()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.is_offsets","title":"is_offsets instance-attribute","text":"is_offsets = False\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.rbase_offset","title":"rbase_offset instance-attribute","text":"rbase_offset = 0\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.is_big_endian","title":"is_big_endian instance-attribute","text":"is_big_endian = None\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.token_table","title":"token_table instance-attribute","text":"token_table = find_token_table()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.is_uncompressed","title":"is_uncompressed instance-attribute","text":"is_uncompressed = False\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.markers","title":"markers instance-attribute","text":"markers = find_markers_uncompressed()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.token_index","title":"token_index instance-attribute","text":"token_index = find_token_index()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.num_syms","title":"num_syms instance-attribute","text":"num_syms = find_num_syms()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.offsets","title":"offsets instance-attribute","text":"offsets = find_offsets()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.names","title":"names instance-attribute","text":"names = find_names()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kernel_addresses","title":"kernel_addresses instance-attribute","text":"kernel_addresses = get_kernel_addresses()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_token_table","title":"find_token_table","text":"find_token_table() -> int\n
This function searches for the kallsyms_token_table structure in the kernel memory. The kallsyms_token_table contains 256 zero-terminated tokens from which symbol names are built. Example structure: 0xffffffff827b2f00: \"mm\" 0xffffffff827b2f03: \"tim\" 0xffffffff827b2f07: \"bu\" 0xffffffff827b2f0a: \"ode_\" 0xffffffff827b2f0f: \"robestub\" 0xffffffff827b2fdb: \"0\" 0xffffffff827b2fdd: \"1\" 0xffffffff827b2fdf: \"2\" 0xffffffff827b2fe1: \"3\" 0xffffffff827b2fe3: \"4\" 0xffffffff827b2fe5: \"5\" 0xffffffff827b2fe7: \"6\" 0xffffffff827b2fe9: \"7\" 0xffffffff827b2feb: \"8\" 0xffffffff827b2fed: \"9\""},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_token_index","title":"find_token_index","text":"
find_token_index() -> int | None\n
This function searches for the kallsyms_token_index structure in the kernel memory starting at kallsyms_token_table. The token index table provides offsets into the kallsyms_token_table for each 256 byte-valued sub-table. The kallsyms_token_index is typically located immediately after the kallsyms_token_table in the kernel's read-only data section. Example structure: 0xffffffff827b3288: 0x0000 0x0003 0x0007 0x000a 0x000f 0x0018 0x001f 0x0023 0xffffffff827b3298: 0x0027 0x0031 0x0035 0x0038 0x003b 0x0043 0x0047 0x004a 0xffffffff827b32a8: 0x004f 0x0053 0x0056 0x0059 0x005d 0x0061 0x0067 0x006b 0xffffffff827b32b8: 0x006e 0x0071 0x0076 0x007c 0x0080 0x0088 0x008b 0x008f 0xffffffff827b32c8: 0x0094 0x0098 0x009b 0x009f 0x00a3 0x00a8 0x00ab 0x00b0
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_markers","title":"find_markers","text":"find_markers() -> int | None\n
This function searches for the kallsyms_markers structure in the kernel memory starting at kallsyms_token_table and search backwards. The markers table contains offsets to the corresponding symbol name for each kernel symbol. The kallsyms_markers table is typically located immediately before the kallsyms_token_table in the kernel's read-only data section. Example structure: 0xffffffff827b2430: 0x00000000 0x00000b2a 0x00001762 0x000023f6 0xffffffff827b2440: 0x00002fe4 0x00003c9d 0x0000487c 0x000056fd 0xffffffff827b2450: 0x00006597 0x000073b9 0x000081be 0x00008f21 0xffffffff827b2460: 0x00009c94 0x0000a958 0x0000b632 0x0000c193 0xffffffff827b2470: 0x0000ce0b 0x0000db98 0x0000ea3e 0x0000f80a 0xffffffff827b2480: 0x000105be 0x000112d3 0x00011f8c 0x00012d75 0xffffffff827b2490: 0x0001384d 0x0001446e 0x00015138 0x00015d8c
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_num_syms","title":"find_num_syms","text":"find_num_syms()\n
This function searches for the kallsyms_num_syms variable in the kernel memory starting at kallsyms_markers. The kallsyms_num_syms holds the number of kernel symbols in the symbol table. The kallsyms_num_syms variable is typically located before the kallsyms_names table in the kernel's read-only data section. In newer kernel versions the kallsyms_num_syms is immediately behind the linux_banner and in older version its behind kallsyms_base_relative or kallsyms_addresses (it depends on CONFIG_KALLSYMS_BASE_RELATIVE y/n)
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_offsets","title":"find_offsets","text":"find_offsets()\n
This function searches for the kallsyms_offsets/kallsyms_addresses table in the kernel memory starting at kallsyms_token_index. The offsets/addresses table containts offsets / addresses of each symbol in the kernel. The kallsyms_addresses is typically located before the kallsyms_num_syms variable in the kernel's read-only data section. Example structure: 0xffffffff827b3488: 0x00000000 0x00000000 0x00001000 0x00002000 0xffffffff827b3498: 0x00006000 0x0000b000 0x0000c000 0x0000d000 0xffffffff827b34a8: 0x00015000 0x00015008 0x00015010 0x00015018 0xffffffff827b34b8: 0x00015020 0x00015022 0x00015030 0x00015050 0xffffffff827b34c8: 0x00015450 0x00015460 0x00015860 0x00015888 0xffffffff827b34d8: 0x00015890 0x00015898 0x000158a0 0x000159c0
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_relative_base","title":"find_relative_base","text":"find_relative_base()\n
This function searches for the kallsyms_relative_base variable in the kernel memory. The relative base is used to calculate the actual virtual addresses of symbols from their offsets in the kallsyms_offsets table. The kallsyms_relative_base variable is typically located after the kallsyms_offsets table in the kernel's read-only data section.
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_names","title":"find_names","text":"find_names()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.get_kernel_addresses","title":"get_kernel_addresses","text":"get_kernel_addresses()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.parse_symbol_table","title":"parse_symbol_table","text":"parse_symbol_table()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.get_token_table","title":"get_token_table","text":"get_token_table()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_names_uncompressed","title":"find_names_uncompressed","text":"find_names_uncompressed()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_markers_uncompressed","title":"find_markers_uncompressed","text":"find_markers_uncompressed()\n
This function searches for the kallsyms_markers structure in the kernel memory Original Source: https://github.com/marin-m/vmlinux-to-elf/blob/master/vmlinux_to_elf/kallsyms_finder.py
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.get","title":"get","text":"get() -> dict[str, tuple[int, str]]\n
"},{"location":"reference/pwndbg/aglib/kernel/macros/","title":"pwndbg.aglib.kernel.macros","text":""},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros","title":"macros","text":"Functions:
"},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros.container_of","title":"container_of","text":"container_of(ptr: int, typename: str, fieldname: str) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros.for_each_entry","title":"for_each_entry","text":"for_each_entry(head: Value, typename: str, field: str) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros.swab","title":"swab","text":"swab(x: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros.compound_head","title":"compound_head","text":"compound_head(page: Value) -> Value\n
returns the head page of compound pages
"},{"location":"reference/pwndbg/aglib/kernel/nftables/","title":"pwndbg.aglib.kernel.nftables","text":""},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables","title":"nftables","text":"Classes:
-
NftFields \u2013 -
Expr \u2013 -
Rule \u2013 -
ChainHook \u2013 -
Chain \u2013 -
Set \u2013 -
Object \u2013 -
FlowtableHook \u2013 -
Flowtable \u2013 -
Table \u2013 -
Nftables \u2013
Functions:
-
catch_error \u2013 -
get_init_net_namespace \u2013
Attributes:
-
NFPROTO_INET \u2013 -
NFPROTO_IPV4 \u2013 -
NFPROTO_ARP \u2013 -
NFPROTO_NETDEV \u2013 -
NFPROTO_BRIDGE \u2013 -
NFPROTO_IPV6 \u2013 -
nftables_table_family \u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_INET","title":"NFPROTO_INET module-attribute","text":"NFPROTO_INET = 1\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_IPV4","title":"NFPROTO_IPV4 module-attribute","text":"NFPROTO_IPV4 = 2\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_ARP","title":"NFPROTO_ARP module-attribute","text":"NFPROTO_ARP = 3\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_NETDEV","title":"NFPROTO_NETDEV module-attribute","text":"NFPROTO_NETDEV = 5\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_BRIDGE","title":"NFPROTO_BRIDGE module-attribute","text":"NFPROTO_BRIDGE = 7\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_IPV6","title":"NFPROTO_IPV6 module-attribute","text":"NFPROTO_IPV6 = 10\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.nftables_table_family","title":"nftables_table_family module-attribute","text":"nftables_table_family = {\n \"inet\": NFPROTO_INET,\n \"ip\": NFPROTO_IPV4,\n \"arp\": NFPROTO_ARP,\n \"netdev\": NFPROTO_NETDEV,\n \"bridge\": NFPROTO_BRIDGE,\n \"ip6\": NFPROTO_IPV6,\n}\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NftFields","title":"NftFields","text":" Bases: object
Methods:
-
__getattr__ \u2013 -
get_hook_list_dev_names \u2013 -
print_fields \u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NftFields.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NftFields.get_hook_list_dev_names","title":"get_hook_list_dev_names classmethod","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NftFields.print_fields","title":"print_fields","text":"print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr","title":"Expr","text":"Expr(addr: Value)\n
Methods:
-
print_expr_iptables \u2013 -
print_expr_nftables \u2013 -
print \u2013
Attributes:
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr.expr_name","title":"expr_name property","text":"expr_name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr.print_expr_iptables","title":"print_expr_iptables","text":"print_expr_iptables(expr_name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr.print_expr_nftables","title":"print_expr_nftables","text":"print_expr_nftables(expr_name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr.print","title":"print","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule","title":"Rule","text":"Rule(addr: Value, chain: 'Chain')\n
Bases: NftFields
Methods:
-
find \u2013 -
iter_exprs \u2013 -
print \u2013 -
__getattr__ \u2013 -
get_hook_list_dev_names \u2013 -
print_fields \u2013
Attributes:
-
handle (int) \u2013 -
userdata (bytearray) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.handle","title":"handle instance-attribute","text":"handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.userdata","title":"userdata property","text":"userdata: bytearray\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.find","title":"find classmethod","text":"find(\n table_name: str,\n table_family: int,\n chain_name: str,\n rule_id: int,\n nsid: int | None = None,\n) -> Iterator[\"Rule\"]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.iter_exprs","title":"iter_exprs","text":"iter_exprs() -> Iterator[Expr]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.print","title":"print","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.get_hook_list_dev_names","title":"get_hook_list_dev_names classmethod","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.print_fields","title":"print_fields","text":"print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook","title":"ChainHook","text":"ChainHook(parent: 'Chain')\n
Bases: NftFields
Methods:
-
is_netdev \u2013 -
get_netdevs \u2013 -
nested_print \u2013 -
__getattr__ \u2013 -
get_hook_list_dev_names \u2013 -
print_fields \u2013
Attributes:
-
hooknum (int) \u2013 -
priority (int) \u2013 -
dev (str) \u2013 -
devs (list[str]) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.hooknum","title":"hooknum instance-attribute","text":"hooknum: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.priority","title":"priority instance-attribute","text":"priority: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.dev","title":"dev property","text":"dev: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.devs","title":"devs property","text":"devs: list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.is_netdev","title":"is_netdev","text":"is_netdev() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.get_netdevs","title":"get_netdevs","text":"get_netdevs() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.nested_print","title":"nested_print","text":"nested_print(nested: int = 0)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.get_hook_list_dev_names","title":"get_hook_list_dev_names classmethod","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.print_fields","title":"print_fields","text":"print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain","title":"Chain","text":"Chain(addr: Value)\n
Bases: NftFields
Methods:
-
find \u2013 -
iter_rules \u2013 -
print \u2013 -
__getattr__ \u2013 -
get_hook_list_dev_names \u2013 -
print_fields \u2013
Attributes:
-
bound (int) \u2013 -
genmask (int) \u2013 -
handle (int) \u2013 -
use (int) \u2013 -
flags (int) \u2013 -
name (str) \u2013 -
hook (ChainHook) \u2013 -
userdata (bytearray) \u2013 -
policy (int) \u2013 -
type (str) \u2013 -
table ('Table') \u2013 -
basechain (Value | None) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.bound","title":"bound instance-attribute","text":"bound: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.genmask","title":"genmask instance-attribute","text":"genmask: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.handle","title":"handle instance-attribute","text":"handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.use","title":"use instance-attribute","text":"use: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.flags","title":"flags instance-attribute","text":"flags: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.hook","title":"hook instance-attribute","text":"hook: ChainHook = ChainHook(self)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.userdata","title":"userdata property","text":"userdata: bytearray\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.policy","title":"policy property","text":"policy: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.type","title":"type property","text":"type: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.table","title":"table property","text":"table: 'Table'\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.basechain","title":"basechain property","text":"basechain: Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.find","title":"find classmethod","text":"find(\n table_family: int | None = None,\n table_name: str | None = None,\n chain_name: str | None = None,\n nsid: int | None = None,\n) -> Iterator[\"Chain\"]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.iter_rules","title":"iter_rules","text":"iter_rules() -> Iterator[Rule]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.print","title":"print","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.get_hook_list_dev_names","title":"get_hook_list_dev_names classmethod","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.print_fields","title":"print_fields","text":"print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set","title":"Set","text":"Set(addr: Value)\n
Bases: NftFields
Methods:
-
iter_expr \u2013 -
iter_elems \u2013 -
print \u2013 -
__getattr__ \u2013 -
get_hook_list_dev_names \u2013 -
print_fields \u2013
Attributes:
-
use (int) \u2013 -
dead (int) \u2013 -
genmask (int) \u2013 -
field_count (int) \u2013 -
num_exprs (int) \u2013 -
name (str) \u2013 -
flags (int) \u2013 -
ktype (int) \u2013 -
klen (int) \u2013 -
dtype (int) \u2013 -
dlen (int) \u2013 -
policy (int) \u2013 -
timeout (int) \u2013 -
gc_int (int) \u2013 -
objtype (int) \u2013 -
handle (int) \u2013 -
nelems (int) \u2013 -
desc_size (int) \u2013 -
desc_concat (list[int]) \u2013 -
table ('Table') \u2013 -
userdata (bytearray) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.use","title":"use instance-attribute","text":"use: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.dead","title":"dead instance-attribute","text":"dead: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.genmask","title":"genmask instance-attribute","text":"genmask: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.field_count","title":"field_count instance-attribute","text":"field_count: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.num_exprs","title":"num_exprs instance-attribute","text":"num_exprs: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.flags","title":"flags instance-attribute","text":"flags: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.ktype","title":"ktype instance-attribute","text":"ktype: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.klen","title":"klen instance-attribute","text":"klen: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.dtype","title":"dtype instance-attribute","text":"dtype: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.dlen","title":"dlen instance-attribute","text":"dlen: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.policy","title":"policy instance-attribute","text":"policy: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.timeout","title":"timeout instance-attribute","text":"timeout: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.gc_int","title":"gc_int instance-attribute","text":"gc_int: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.objtype","title":"objtype instance-attribute","text":"objtype: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.handle","title":"handle instance-attribute","text":"handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.nelems","title":"nelems property","text":"nelems: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.desc_size","title":"desc_size property","text":"desc_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.desc_concat","title":"desc_concat property","text":"desc_concat: list[int]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.table","title":"table property","text":"table: 'Table'\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.userdata","title":"userdata property","text":"userdata: bytearray\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.iter_expr","title":"iter_expr","text":"iter_expr() -> Iterator[Expr]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.iter_elems","title":"iter_elems","text":"iter_elems() -> Iterator[None]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.print","title":"print","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.get_hook_list_dev_names","title":"get_hook_list_dev_names classmethod","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.print_fields","title":"print_fields","text":"print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object","title":"Object","text":"Object(addr: Value)\n
Bases: NftFields
Methods:
-
iter_data \u2013 -
print \u2013 -
__getattr__ \u2013 -
get_hook_list_dev_names \u2013 -
print_fields \u2013
Attributes:
-
genmask (int) \u2013 -
use (int) \u2013 -
handle (int) \u2013 -
type (int) \u2013 -
name (str) \u2013 -
table ('Table') \u2013 -
userdata (bytearray) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.genmask","title":"genmask instance-attribute","text":"genmask: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.use","title":"use instance-attribute","text":"use: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.handle","title":"handle instance-attribute","text":"handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.type","title":"type property","text":"type: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.name","title":"name property","text":"name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.table","title":"table property","text":"table: 'Table'\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.userdata","title":"userdata property","text":"userdata: bytearray\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.iter_data","title":"iter_data","text":"iter_data() -> Iterator[None]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.print","title":"print","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.get_hook_list_dev_names","title":"get_hook_list_dev_names classmethod","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.print_fields","title":"print_fields","text":"print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook","title":"FlowtableHook","text":"FlowtableHook(parent: 'Flowtable')\n
Bases: NftFields
Methods:
-
nested_print \u2013 -
__getattr__ \u2013 -
get_hook_list_dev_names \u2013 -
print_fields \u2013
Attributes:
-
hooknum (int) \u2013 -
priority (int) \u2013 -
devs (list[str]) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.hooknum","title":"hooknum property","text":"hooknum: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.priority","title":"priority property","text":"priority: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.devs","title":"devs property","text":"devs: list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.nested_print","title":"nested_print","text":"nested_print(nested: int = 0)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.get_hook_list_dev_names","title":"get_hook_list_dev_names classmethod","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.print_fields","title":"print_fields","text":"print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable","title":"Flowtable","text":"Flowtable(addr: Value)\n
Bases: NftFields
Methods:
-
print \u2013 -
__getattr__ \u2013 -
get_hook_list_dev_names \u2013 -
print_fields \u2013
Attributes:
-
genmask (int) \u2013 -
name (str) \u2013 -
use (int) \u2013 -
handle (int) \u2013 -
hook (FlowtableHook) \u2013 -
table ('Table') \u2013 -
flags (int) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.genmask","title":"genmask instance-attribute","text":"genmask: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.use","title":"use instance-attribute","text":"use: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.handle","title":"handle instance-attribute","text":"handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.hook","title":"hook instance-attribute","text":"hook: FlowtableHook = FlowtableHook(self)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.table","title":"table property","text":"table: 'Table'\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.flags","title":"flags property","text":"flags: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.print","title":"print","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.get_hook_list_dev_names","title":"get_hook_list_dev_names classmethod","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.print_fields","title":"print_fields","text":"print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table","title":"Table","text":"Table(addr: Value)\n
Bases: NftFields
Methods:
-
find \u2013 -
iter_chains \u2013 -
iter_sets \u2013 -
iter_flowtables \u2013 -
iter_objects \u2013 -
nested_print \u2013 -
print \u2013 -
__getattr__ \u2013 -
get_hook_list_dev_names \u2013 -
print_fields \u2013
Attributes:
-
family (int) \u2013 -
genmask (int) \u2013 -
name (str) \u2013 -
handle (int) \u2013 -
use (int) \u2013 -
flags (int) \u2013 -
nlpid (int) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.family","title":"family instance-attribute","text":"family: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.genmask","title":"genmask instance-attribute","text":"genmask: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.handle","title":"handle instance-attribute","text":"handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.use","title":"use instance-attribute","text":"use: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.flags","title":"flags instance-attribute","text":"flags: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.nlpid","title":"nlpid instance-attribute","text":"nlpid: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.find","title":"find classmethod","text":"find(\n table_name: str | None = None,\n table_family: int | None = None,\n nsid: int | None = None,\n) -> Iterator[\"Table\"]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_chains","title":"iter_chains","text":"iter_chains() -> Iterator[Chain]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_sets","title":"iter_sets","text":"iter_sets() -> Iterator[Set]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_flowtables","title":"iter_flowtables","text":"iter_flowtables() -> Iterator[Flowtable]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_objects","title":"iter_objects","text":"iter_objects() -> Iterator[Object]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.nested_print","title":"nested_print","text":"nested_print(nested: int = 0)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.print","title":"print","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.get_hook_list_dev_names","title":"get_hook_list_dev_names classmethod","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.print_fields","title":"print_fields","text":"print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Nftables","title":"Nftables","text":"Nftables(addr: Value)\n
Methods:
-
find \u2013 -
iter_tables \u2013 -
print \u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Nftables.find","title":"find classmethod","text":"find(nsid: int | None = None) -> 'Nftables' | None\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Nftables.iter_tables","title":"iter_tables","text":"iter_tables() -> Iterator[Table]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Nftables.print","title":"print","text":"print()\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.catch_error","title":"catch_error","text":"catch_error(func)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.get_init_net_namespace","title":"get_init_net_namespace","text":"get_init_net_namespace() -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/","title":"pwndbg.aglib.kernel.paging","text":""},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging","title":"paging","text":"Functions:
-
get_memory_map_raw \u2013 -
find_kbase \u2013 -
uses_5lvl_paging \u2013 -
physmap_base \u2013 -
kbase \u2013 -
pagewalk \u2013
Attributes:
-
ENTRYMASK \u2013 -
guess_physmap \u2013
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ENTRYMASK","title":"ENTRYMASK module-attribute","text":"ENTRYMASK = ~1 << 12 - 1 & 1 << 51 - 1\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.guess_physmap","title":"guess_physmap module-attribute","text":"guess_physmap = add_param(\n \"guess-physmap\",\n False,\n \"Should guess physmap base address when debug symbols are not present\",\n)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.get_memory_map_raw","title":"get_memory_map_raw","text":"get_memory_map_raw() -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.find_kbase","title":"find_kbase","text":"find_kbase(pages) -> int | None\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.uses_5lvl_paging","title":"uses_5lvl_paging","text":"uses_5lvl_paging() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.physmap_base","title":"physmap_base","text":"physmap_base() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.kbase","title":"kbase","text":"kbase()\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.pagewalk","title":"pagewalk","text":"pagewalk(target, entry=None) -> list[tuple[int | None, int | None]]\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/","title":"pwndbg.aglib.kernel.rbtree","text":""},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree","title":"rbtree","text":"Functions:
-
init \u2013 -
for_each_rb_entry \u2013 -
rb_first \u2013 -
rb_last \u2013 -
rb_parent \u2013 -
rb_empty_node \u2013 -
rb_next \u2013 -
rb_prev \u2013
Attributes:
-
rb_root_type (Type) \u2013 -
rb_node_type (Type) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_root_type","title":"rb_root_type module-attribute","text":"rb_root_type: Type = None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_node_type","title":"rb_node_type module-attribute","text":"rb_node_type: Type = None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.init","title":"init","text":"init()\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.for_each_rb_entry","title":"for_each_rb_entry","text":"for_each_rb_entry(\n root: Value, typename: str, fieldname: str\n) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_first","title":"rb_first","text":"rb_first(root: Value) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_last","title":"rb_last","text":"rb_last(root: Value) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_parent","title":"rb_parent","text":"rb_parent(node: Value) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_empty_node","title":"rb_empty_node","text":"rb_empty_node(node: Value) -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_next","title":"rb_next","text":"rb_next(node: Value) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_prev","title":"rb_prev","text":"rb_prev(node: Value) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/","title":"pwndbg.aglib.kernel.slab","text":""},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab","title":"slab","text":"Classes:
-
Freelist \u2013 -
SlabCache \u2013 -
CpuCache \u2013 -
NodeCache \u2013 -
Slab \u2013
Functions:
Attributes:
-
OO_SHIFT \u2013 -
OO_MASK \u2013
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.OO_SHIFT","title":"OO_SHIFT module-attribute","text":"OO_SHIFT = 16\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.OO_MASK","title":"OO_MASK module-attribute","text":"OO_MASK = 1 << OO_SHIFT - 1\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist","title":"Freelist","text":"Freelist(start_addr: int, offset: int, random: int = 0)\n
Methods:
-
__iter__ \u2013 -
__int__ \u2013 -
__len__ \u2013 -
find_next \u2013
Attributes:
-
start_addr \u2013 -
offset \u2013 -
random \u2013
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.start_addr","title":"start_addr instance-attribute","text":"start_addr = start_addr\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.offset","title":"offset instance-attribute","text":"offset = offset\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.random","title":"random instance-attribute","text":"random = random\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.__iter__","title":"__iter__","text":"__iter__() -> Generator[int, None, None]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.__int__","title":"__int__","text":"__int__() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.__len__","title":"__len__","text":"__len__() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.find_next","title":"find_next","text":"find_next(addr: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache","title":"SlabCache","text":"SlabCache(slab_cache: Value)\n
Attributes:
-
address (int) \u2013 -
name (str) \u2013 -
offset (int) \u2013 -
random (int) \u2013 -
size (int) \u2013 -
object_size (int) \u2013 -
align (int) \u2013 -
flags (list[str]) \u2013 -
cpu_cache (CpuCache) \u2013 returns cpu cache associated to current thread
-
cpu_caches (Generator[CpuCache, None, None]) \u2013 returns cpu caches for all cpus
-
node_caches (Generator[NodeCache, None, None]) \u2013 returns node caches for all NUMA nodes
-
cpu_partial (int) \u2013 -
cpu_partial_slabs (int) \u2013 -
min_partial (int) \u2013 -
inuse (int) \u2013 -
useroffset (int) \u2013 -
usersize (int) \u2013 -
oo_order \u2013 -
oo_objects \u2013
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.address","title":"address property","text":"address: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.name","title":"name property","text":"name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.offset","title":"offset property","text":"offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.random","title":"random property","text":"random: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.size","title":"size property","text":"size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.object_size","title":"object_size property","text":"object_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.align","title":"align property","text":"align: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.flags","title":"flags property","text":"flags: list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.cpu_cache","title":"cpu_cache property","text":"cpu_cache: CpuCache\n
returns cpu cache associated to current thread
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.cpu_caches","title":"cpu_caches property","text":"cpu_caches: Generator[CpuCache, None, None]\n
returns cpu caches for all cpus
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.node_caches","title":"node_caches property","text":"node_caches: Generator[NodeCache, None, None]\n
returns node caches for all NUMA nodes
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.cpu_partial","title":"cpu_partial property","text":"cpu_partial: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.cpu_partial_slabs","title":"cpu_partial_slabs property","text":"cpu_partial_slabs: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.min_partial","title":"min_partial property","text":"min_partial: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.inuse","title":"inuse property","text":"inuse: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.useroffset","title":"useroffset property","text":"useroffset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.usersize","title":"usersize property","text":"usersize: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.__oo_x","title":"__oo_x property","text":"__oo_x: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.oo_order","title":"oo_order property","text":"oo_order\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.oo_objects","title":"oo_objects property","text":"oo_objects\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache","title":"CpuCache","text":"CpuCache(cpu_cache: Value, slab_cache: SlabCache, cpu: int)\n
Attributes:
-
slab_cache \u2013 -
cpu \u2013 -
address (int) \u2013 -
freelist (Freelist) \u2013 -
active_slab (Slab | None) \u2013 -
partial_slabs (list[Slab]) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.slab_cache","title":"slab_cache instance-attribute","text":"slab_cache = slab_cache\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.cpu","title":"cpu instance-attribute","text":"cpu = cpu\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.address","title":"address property","text":"address: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.freelist","title":"freelist property","text":"freelist: Freelist\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.active_slab","title":"active_slab property","text":"active_slab: Slab | None\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.partial_slabs","title":"partial_slabs property","text":"partial_slabs: list[Slab]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache","title":"NodeCache","text":"NodeCache(node_cache: Value, slab_cache: SlabCache, node: int)\n
Attributes:
-
slab_cache \u2013 -
node \u2013 -
address (int) \u2013 -
partial_slabs (list[Slab]) \u2013 -
nr_partial (int) \u2013 -
min_partial (int) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.slab_cache","title":"slab_cache instance-attribute","text":"slab_cache = slab_cache\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.node","title":"node instance-attribute","text":"node = node\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.address","title":"address property","text":"address: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.partial_slabs","title":"partial_slabs property","text":"partial_slabs: list[Slab]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.nr_partial","title":"nr_partial property","text":"nr_partial: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.min_partial","title":"min_partial property","text":"min_partial: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab","title":"Slab","text":"Slab(\n slab: Value,\n cpu_cache: CpuCache | None,\n slab_cache: SlabCache,\n is_partial: bool = False,\n)\n
Attributes:
-
cpu_cache \u2013 -
slab_cache \u2013 -
is_partial \u2013 -
slab_address (int) \u2013 -
virt_address (int) \u2013 -
object_count (int) \u2013 -
objects (Generator[int, None, None]) \u2013 -
frozen (int) \u2013 -
inuse (int) \u2013 -
slabs (int) \u2013 -
pobjects (int) \u2013 -
freelist (Freelist) \u2013 -
freelists (list[Freelist]) \u2013 -
free_objects (set[int]) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.cpu_cache","title":"cpu_cache instance-attribute","text":"cpu_cache = cpu_cache\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.slab_cache","title":"slab_cache instance-attribute","text":"slab_cache = slab_cache\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.is_partial","title":"is_partial instance-attribute","text":"is_partial = is_partial\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.slab_address","title":"slab_address property","text":"slab_address: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.virt_address","title":"virt_address property","text":"virt_address: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.object_count","title":"object_count property","text":"object_count: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.objects","title":"objects property","text":"objects: Generator[int, None, None]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.frozen","title":"frozen property","text":"frozen: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.inuse","title":"inuse property","text":"inuse: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.slabs","title":"slabs property","text":"slabs: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.pobjects","title":"pobjects property","text":"pobjects: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.freelist","title":"freelist property","text":"freelist: Freelist\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.freelists","title":"freelists property","text":"freelists: list[Freelist]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.free_objects","title":"free_objects property","text":"free_objects: set[int]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.caches","title":"caches","text":"caches() -> Generator[SlabCache, None, None]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.get_cache","title":"get_cache","text":"get_cache(target_name: str) -> SlabCache | None\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.slab_struct_type","title":"slab_struct_type","text":"slab_struct_type() -> str\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.oo_order","title":"oo_order","text":"oo_order(x: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.oo_objects","title":"oo_objects","text":"oo_objects(x: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.get_flags_list","title":"get_flags_list","text":"get_flags_list(flags: int) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.find_containing_slab_cache","title":"find_containing_slab_cache","text":"find_containing_slab_cache(addr: int) -> SlabCache | None\n
Find the slab cache associated with the provided address.
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/","title":"pwndbg.aglib.kernel.vmmap","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap","title":"vmmap","text":"Classes:
-
KernelVmmap \u2013 -
QemuMachine \u2013
Functions:
Attributes:
-
monitor_info_mem_not_warned \u2013 -
kernel_vmmap_mode \u2013
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.monitor_info_mem_not_warned","title":"monitor_info_mem_not_warned module-attribute","text":"monitor_info_mem_not_warned = True\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_mode","title":"kernel_vmmap_mode module-attribute","text":"kernel_vmmap_mode = add_param(\n \"kernel-vmmap\",\n \"page-tables\",\n \"the method to get vmmap information when debugging via QEMU kernel\",\n help_docstring=\"Values explained:\\n\\n+ `page-tables` - read /proc/$qemu-pid/mem to parse kernel page tables to render vmmap\\n+ `monitor` - use QEMU's `monitor info mem` to render vmmap\\n+ `none` - disable vmmap rendering; useful if rendering is particularly slow\\n\\nNote that the page-tables method will require the QEMU kernel process to be on the same machine and within the same PID namespace. Running QEMU kernel and GDB in different Docker containers will not work. Consider running both containers with --pid=host (meaning they will see and so be able to interact with all processes on the machine).\\n\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"page-tables\", \"monitor\", \"none\"],\n)\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap","title":"KernelVmmap","text":"KernelVmmap(pages: tuple[Page, ...])\n
Methods:
-
get_name \u2013 -
adjust \u2013 -
handle_user_pages \u2013 -
handle_kernel_pages \u2013 -
handle_offsets \u2013
Attributes:
-
USERLAND \u2013 -
KERNELLAND \u2013 -
KERNELRO \u2013 -
KERNELBSS \u2013 -
KERNELDRIVER \u2013 -
ESPSTACK \u2013 -
pages \u2013 -
sections \u2013 -
kbase \u2013
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.USERLAND","title":"USERLAND class-attribute instance-attribute","text":"USERLAND = 'userland'\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.KERNELLAND","title":"KERNELLAND class-attribute instance-attribute","text":"KERNELLAND = 'kernel [.text]'\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.KERNELRO","title":"KERNELRO class-attribute instance-attribute","text":"KERNELRO = 'kernel [.rodata]'\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.KERNELBSS","title":"KERNELBSS class-attribute instance-attribute","text":"KERNELBSS = 'kernel [.bss]'\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.KERNELDRIVER","title":"KERNELDRIVER class-attribute instance-attribute","text":"KERNELDRIVER = 'kernel [.driver .bpf]'\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.ESPSTACK","title":"ESPSTACK class-attribute instance-attribute","text":"ESPSTACK = '%esp fixup'\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.pages","title":"pages instance-attribute","text":"pages = pages\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.sections","title":"sections instance-attribute","text":"sections = None\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.kbase","title":"kbase instance-attribute","text":"kbase = find_kbase(pages)\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.get_name","title":"get_name","text":"get_name(addr: int) -> str\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.adjust","title":"adjust","text":"adjust()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.handle_user_pages","title":"handle_user_pages","text":"handle_user_pages(user_idx)\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.handle_kernel_pages","title":"handle_kernel_pages","text":"handle_kernel_pages(kernel_idx)\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.handle_offsets","title":"handle_offsets","text":"handle_offsets()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine","title":"QemuMachine","text":"QemuMachine()\n
Bases: Machine
Methods:
-
__del__ \u2013 -
search_pids_for_file \u2013 -
get_qemu_pid \u2013 -
read_physical_memory \u2013 -
read_register \u2013
Attributes:
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.pid","title":"pid instance-attribute","text":"pid = get_qemu_pid()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.file","title":"file instance-attribute","text":"file = open(f'/proc/{pid}/mem', O_RDONLY)\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.__del__","title":"__del__","text":"__del__()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.search_pids_for_file","title":"search_pids_for_file staticmethod","text":"search_pids_for_file(pids: list[str], filename: str) -> str | None\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.get_qemu_pid","title":"get_qemu_pid staticmethod","text":"get_qemu_pid()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.read_physical_memory","title":"read_physical_memory","text":"read_physical_memory(physical_address: int, length: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.read_register","title":"read_register","text":"read_register(register_name: str) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_page_tables","title":"kernel_vmmap_via_page_tables","text":"kernel_vmmap_via_page_tables() -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem","title":"kernel_vmmap_via_monitor_info_mem","text":"kernel_vmmap_via_monitor_info_mem() -> tuple[Page, ...]\n
Returns Linux memory maps information by parsing monitor info mem output from QEMU kernel GDB stub. Works only on X86/X64/RISC-V as this is what QEMU supports.
Consider using the kernel_vmmap_via_page_tables method as it is probably more reliable/better.
See also: !685 (TODO: revisit with future QEMU versions)
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--example-output-from-the-command","title":"Example output from the command:","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--pwndbg-monitor-info-mem","title":"pwndbg> monitor info mem","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--ffff903580000000-ffff903580099000-0000000000099000-rw","title":"ffff903580000000-ffff903580099000 0000000000099000 -rw","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--ffff903580099000-ffff90358009b000-0000000000002000-r-","title":"ffff903580099000-ffff90358009b000 0000000000002000 -r-","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--ffff90358009b000-ffff903582200000-0000000002165000-rw","title":"ffff90358009b000-ffff903582200000 0000000002165000 -rw","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--ffff903582200000-ffff903582803000-0000000000603000-r-","title":"ffff903582200000-ffff903582803000 0000000000603000 -r-","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap","title":"kernel_vmmap","text":"kernel_vmmap(process_pages=True) -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/memory/","title":"pwndbg.aglib.memory","text":""},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory","title":"memory","text":"Functions:
-
read \u2013 read(addr, count, partial=False) -> bytearray
-
readtype \u2013 readtype(type, addr) -> int
-
write \u2013 write(addr, data)
-
peek \u2013 peek(address) -> bytearray
-
is_readable_address \u2013 is_readable_address(address) -> bool
-
poke \u2013 poke(address)
-
string \u2013 Reads a null-terminated string from memory.
-
byte \u2013 byte(addr) -> int
-
uchar \u2013 uchar(addr) -> int
-
ushort \u2013 ushort(addr) -> int
-
uint \u2013 uint(addr) -> int
-
read_pointer_width \u2013 Read one pointer-width integer at the specified address.
-
u8 \u2013 u8(addr) -> int
-
u16 \u2013 u16(addr) -> int
-
u32 \u2013 u32(addr) -> int
-
u64 \u2013 u64(addr) -> int
-
u \u2013 u(addr, size=None) -> int
-
s8 \u2013 s8(addr) -> int
-
s16 \u2013 s16(addr) -> int
-
s32 \u2013 s32(addr) -> int
-
s64 \u2013 s64(addr) -> int
-
cast_pointer \u2013 Create a Value containing given address and cast it to the pointer of specified type
-
get_typed_pointer \u2013 Look up a type by name if necessary and return a Value of addr cast to that type
-
get_typed_pointer_value \u2013 Read the pointer value of addr cast to type specified by type_name
-
find_upper_boundary \u2013 find_upper_boundary(addr, max_pages=1024) -> int
-
find_lower_boundary \u2013 find_lower_boundary(addr, max_pages=1024) -> int
-
update_min_addr \u2013 -
fetch_struct_as_dictionary \u2013 -
pack_struct_into_dictionary \u2013 -
convert_pwndbg_value_to_python_value \u2013 -
resolve_renamed_struct_field \u2013 -
is_pagefault_supported \u2013 This function should be called before stray memory dereferences to protect against the following situations:
Attributes:
-
GdbDict \u2013 -
MMAP_MIN_ADDR \u2013
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.GdbDict","title":"GdbDict module-attribute","text":"GdbDict = Dict[str, Union['GdbDict', int]]\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.MMAP_MIN_ADDR","title":"MMAP_MIN_ADDR module-attribute","text":"MMAP_MIN_ADDR = 32768\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.read","title":"read","text":"read(addr: int, count: int, partial: bool = False) -> bytearray\n
read(addr, count, partial=False) -> bytearray
Read memory from the program being debugged.
Parameters:
Returns:
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.readtype","title":"readtype","text":"readtype(type: Type, addr: int) -> int\n
readtype(type, addr) -> int
Reads an integer-type (e.g. uint64) and returns a Python native integer representation of the same.
Parameters:
Returns:
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.write","title":"write","text":"write(addr: int, data: str | bytes | bytearray) -> None\n
write(addr, data)
Writes data into the memory of the process being debugged.
Parameters:
-
addr (int) \u2013 Address to write
-
data (str | bytes | bytearray) \u2013 Data to write
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.peek","title":"peek","text":"peek(address: int) -> bytearray | None\n
peek(address) -> bytearray
Read one byte from the specified address.
Parameters:
-
address (int) \u2013 Address to read
Returns:
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.is_readable_address","title":"is_readable_address","text":"is_readable_address(address: int) -> bool\n
is_readable_address(address) -> bool
Check if the address can be read by GDB.
Parameters:
-
address (int) \u2013 Address to read
Returns:
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.poke","title":"poke","text":"poke(address: int) -> bool\n
poke(address)
Checks whether an address is writable.
Parameters:
-
address (int) \u2013 Address to check
Returns:
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.string","title":"string","text":"string(addr: int, max: int = 4096) -> bytearray\n
Reads a null-terminated string from memory.
Parameters:
Returns:
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.byte","title":"byte","text":"byte(addr: int) -> int\n
byte(addr) -> int
Read one byte at the specified address
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.uchar","title":"uchar","text":"uchar(addr: int) -> int\n
uchar(addr) -> int
Read one unsigned char at the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.ushort","title":"ushort","text":"ushort(addr: int) -> int\n
ushort(addr) -> int
Read one unisgned short at the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.uint","title":"uint","text":"uint(addr: int) -> int\n
uint(addr) -> int
Read one unsigned int at the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.read_pointer_width","title":"read_pointer_width","text":"read_pointer_width(addr: int) -> int\n
Read one pointer-width integer at the specified address.
Raises:
-
Error \u2013 if memory read fails.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u8","title":"u8","text":"u8(addr: int) -> int\n
u8(addr) -> int
Read one uint8_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u16","title":"u16","text":"u16(addr: int) -> int\n
u16(addr) -> int
Read one uint16_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u32","title":"u32","text":"u32(addr: int) -> int\n
u32(addr) -> int
Read one uint32_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u64","title":"u64","text":"u64(addr: int) -> int\n
u64(addr) -> int
Read one uint64_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u","title":"u","text":"u(addr: int, size: int | None = None) -> int\n
u(addr, size=None) -> int
Read one unsigned integer from the specified address, with the bit-width specified by size, which defaults to the pointer width.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s8","title":"s8","text":"s8(addr: int) -> int\n
s8(addr) -> int
Read one int8_t from the specified address
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s16","title":"s16","text":"s16(addr: int) -> int\n
s16(addr) -> int
Read one int16_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s32","title":"s32","text":"s32(addr: int) -> int\n
s32(addr) -> int
Read one int32_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s64","title":"s64","text":"s64(addr: int) -> int\n
s64(addr) -> int
Read one int64_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.cast_pointer","title":"cast_pointer","text":"cast_pointer(type: Type, addr: int | Value) -> Value\n
Create a Value containing given address and cast it to the pointer of specified type
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.get_typed_pointer","title":"get_typed_pointer","text":"get_typed_pointer(type: str | Type, addr: int | Value) -> Value\n
Look up a type by name if necessary and return a Value of addr cast to that type
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.get_typed_pointer_value","title":"get_typed_pointer_value","text":"get_typed_pointer_value(type_name: str | Type, addr: int | Value) -> Value\n
Read the pointer value of addr cast to type specified by type_name
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.find_upper_boundary","title":"find_upper_boundary","text":"find_upper_boundary(addr: int, max_pages: int = 1024) -> int\n
find_upper_boundary(addr, max_pages=1024) -> int
Brute-force search the upper boundary of a memory mapping, by reading the first byte of each page, until an unmapped page is found.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.find_lower_boundary","title":"find_lower_boundary","text":"find_lower_boundary(addr: int, max_pages: int = 1024) -> int\n
find_lower_boundary(addr, max_pages=1024) -> int
Brute-force search the lower boundary of a memory mapping, by reading the first byte of each page, until an unmapped page is found.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.update_min_addr","title":"update_min_addr","text":"update_min_addr() -> None\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.fetch_struct_as_dictionary","title":"fetch_struct_as_dictionary","text":"fetch_struct_as_dictionary(\n struct_name: str,\n struct_address: int | Value,\n include_only_fields: set[str] | None = None,\n exclude_fields: set[str] | None = None,\n) -> GdbDict\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.pack_struct_into_dictionary","title":"pack_struct_into_dictionary","text":"pack_struct_into_dictionary(\n fetched_struct: Value,\n include_only_fields: set[str] | None = None,\n exclude_fields: set[str] | None = None,\n) -> GdbDict\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.convert_pwndbg_value_to_python_value","title":"convert_pwndbg_value_to_python_value","text":"convert_pwndbg_value_to_python_value(dbg_value: Value) -> int | GdbDict\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.resolve_renamed_struct_field","title":"resolve_renamed_struct_field","text":"resolve_renamed_struct_field(\n struct_name: str, possible_field_names: set[str]\n) -> str\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.is_pagefault_supported","title":"is_pagefault_supported","text":"is_pagefault_supported() -> bool\n
This function should be called before stray memory dereferences to protect against the following situations:
- On embedded systems, it's not uncommon for MMIO regions to exist where memory reads might mutate the hardware/process state.
- On baremetal/embedded, paging doesn't always exist, so all memory is \"valid\" (and often initialized to zero) - this makes every value appear to be a pointer.
As such, we disable dereferencing by default for bare metal targets.
See more discussion here: !385
"},{"location":"reference/pwndbg/aglib/nearpc/","title":"pwndbg.aglib.nearpc","text":""},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc","title":"nearpc","text":"Functions:
Attributes:
-
c \u2013 -
nearpc_branch_marker \u2013 -
nearpc_branch_marker_contiguous \u2013 -
nearpc_lines \u2013 -
show_args \u2013 -
show_comments \u2013 -
show_opcode_bytes \u2013 -
opcode_separator_bytes \u2013
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.c","title":"c module-attribute","text":"c = ColorConfig(\n \"nearpc\",\n [\n ColorParamSpec(\"symbol\", \"normal\", \"color for nearpc command (symbol)\"),\n ColorParamSpec(\n \"address\", \"normal\", \"color for nearpc command (address)\"\n ),\n ColorParamSpec(\n \"prefix\", \"none\", \"color for nearpc command (prefix marker)\"\n ),\n ColorParamSpec(\n \"breakpoint\", \"red\", \"color for nearpc command (breakpoint marker)\"\n ),\n ColorParamSpec(\n \"syscall-name\",\n \"red\",\n \"color for nearpc command (resolved syscall name)\",\n ),\n ColorParamSpec(\n \"argument\", \"bold\", \"color for nearpc command (target argument)\"\n ),\n ColorParamSpec(\n \"integration-comments\",\n \"bold\",\n \"color for nearpc command (integration comments)\",\n ),\n ColorParamSpec(\n \"branch-marker\",\n \"normal\",\n \"color for nearpc command (branch marker line)\",\n ),\n ],\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.nearpc_branch_marker","title":"nearpc_branch_marker module-attribute","text":"nearpc_branch_marker = add_param(\n \"nearpc-branch-marker\", \" \u2193\", \"branch marker line for nearpc command\"\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.nearpc_branch_marker_contiguous","title":"nearpc_branch_marker_contiguous module-attribute","text":"nearpc_branch_marker_contiguous = add_param(\n \"nearpc-branch-marker-contiguous\",\n \" \",\n \"contiguous branch marker line for nearpc command\",\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.nearpc_lines","title":"nearpc_lines module-attribute","text":"nearpc_lines = add_param(\n \"nearpc-lines\",\n 10,\n \"number of additional lines to print for the nearpc command\",\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.show_args","title":"show_args module-attribute","text":"show_args = add_param(\n \"nearpc-show-args\", True, \"whether to show call arguments below instruction\"\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.show_comments","title":"show_comments module-attribute","text":"show_comments = add_param(\n \"nearpc-integration-comments\",\n True,\n \"whether to show comments from integration provider\",\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.show_opcode_bytes","title":"show_opcode_bytes module-attribute","text":"show_opcode_bytes = add_param(\n \"nearpc-num-opcode-bytes\",\n 0,\n \"number of opcode bytes to print for each instruction\",\n param_class=PARAM_ZUINTEGER,\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.opcode_separator_bytes","title":"opcode_separator_bytes module-attribute","text":"opcode_separator_bytes = add_param(\n \"nearpc-opcode-separator-bytes\",\n 1,\n \"number of spaces between opcode bytes\",\n param_class=PARAM_ZUINTEGER,\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.ljust_padding","title":"ljust_padding","text":"ljust_padding(lst)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.nearpc","title":"nearpc","text":"nearpc(\n pc: int = None,\n lines: int = None,\n emulate=False,\n repeat=False,\n use_cache=False,\n linear=False,\n) -> list[str]\n
Disassemble near a specified address.
The linear argument specifies if we should disassemble linearly in memory, or take jumps into account
"},{"location":"reference/pwndbg/aglib/next/","title":"pwndbg.aglib.next","text":""},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next","title":"next","text":"Commands for setting temporary breakpoints on the next instruction of some type (call, branch, etc.)
Functions:
-
next_int \u2013 If there is a syscall in the current basic black,
-
next_branch \u2013 Return the next branch instruction that the process will encounter with repeated usage of the \"nexti\" command.
-
next_matching_until_branch \u2013 Finds the next instruction that matches the arguments between the given
-
break_next_branch \u2013 If including_current == True, do not step in case we are currently on a branch
-
break_next_interrupt \u2013 Break at the next interrupt if there is one in the current basic block
-
break_next_call \u2013 -
break_next_ret \u2013 -
break_on_next_matching_instruction \u2013 Breaks on next instuction that matches the arguments.
-
break_on_program_code \u2013 Breaks on next instruction that belongs to process' objfile code
-
break_on_next \u2013
Attributes:
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.interrupts","title":"interrupts module-attribute","text":"interrupts = {CS_GRP_INT}\n
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.next_int","title":"next_int","text":"next_int(address=None, honor_current_branch=False)\n
If there is a syscall in the current basic black, return the instruction of the one closest to $PC.
If honor_current_branch is True, then if the address is already a branch, return None.
If no interrupt exists or a jump is in the way, return None.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.next_branch","title":"next_branch","text":"next_branch(address=None, including_current=False) -> PwndbgInstruction | None\n
Return the next branch instruction that the process will encounter with repeated usage of the \"nexti\" command.
If including_current == True, then if the instruction at the address is already a branch, return it.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.next_matching_until_branch","title":"next_matching_until_branch","text":"next_matching_until_branch(address=None, mnemonic=None, op_str=None)\n
Finds the next instruction that matches the arguments between the given address and the branch closest to it.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_branch","title":"break_next_branch async","text":"break_next_branch(\n ec: ExecutionController, address=None, including_current=False\n)\n
If including_current == True, do not step in case we are currently on a branch
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_interrupt","title":"break_next_interrupt async","text":"break_next_interrupt(\n ec: ExecutionController, address=None, honor_current_branch=False\n) -> PwndbgInstruction | None\n
Break at the next interrupt if there is one in the current basic block and no jumps are between the current instruction and the interrupt.
If no such interrupt exists or a jump is in the way, return None.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_call","title":"break_next_call async","text":"break_next_call(ec: ExecutionController, symbol_regex=None)\n
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_ret","title":"break_next_ret async","text":"break_next_ret(ec: ExecutionController, address=None)\n
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_on_next_matching_instruction","title":"break_on_next_matching_instruction async","text":"break_on_next_matching_instruction(\n ec: ExecutionController, mnemonic=None, op_str=None\n) -> bool\n
Breaks on next instuction that matches the arguments.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_on_program_code","title":"break_on_program_code async","text":"break_on_program_code(ec: ExecutionController) -> bool\n
Breaks on next instruction that belongs to process' objfile code
:return: True for success, False when process ended or when pc is not at the code or if a signal occurred
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_on_next","title":"break_on_next async","text":"break_on_next(ec: ExecutionController, address=None) -> None\n
"},{"location":"reference/pwndbg/aglib/onegadget/","title":"pwndbg.aglib.onegadget","text":""},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget","title":"onegadget","text":"Classes:
Functions:
-
colorize_reg \u2013 -
colorize_integer \u2013 -
colorize_psuedo_code \u2013 Colorize the pseudo code of onegadget
-
compute_file_hash \u2013 Compute the MD5 hash of the file, return the hash
-
run_onegadget \u2013 Run onegadget and return the output
-
parse_expression \u2013 Parse expression, return the result, colorized string and error message
-
check_stack_argv \u2013 Check argv that's on the stack, return the result and the message
-
check_non_stack_argv \u2013 Check argv that's not on the stack, return the result and the message
-
check_argv \u2013 Check argv, return the result and the message
-
check_envp \u2013 Check envp, return the result and the message
-
check_constraint \u2013 Parse constraint, return the result and the message
-
check_gadget \u2013 Check status of each gadget, return the gadget's status
-
find_gadgets \u2013 Find gadgets by parsing the output of onegadget, return there's any valid gadget
Attributes:
-
ADDRESS_WRITABLE_PATTERN \u2013 -
WRITABLE_COLON_PATTERN \u2013 -
EQUAL_NULL_PATTERN \u2013 -
VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN \u2013 -
VALID_ARGV_PATTERN \u2013 -
VALID_ENVP_PATTERN \u2013 -
IS_ALIGNED_PATTERN \u2013 -
IS_GOT_ADDRESS_PATTERN \u2013 -
CAST_PATTERN \u2013 -
XMM_SHIFT \u2013 -
CONSTRAINT_SEPARATOR \u2013 -
CAST_DEREF_MAPPING \u2013 -
CAST_MAPPING \u2013 -
ONEGADGET_COLOR \u2013 -
ONEGADGET_CACHEDIR \u2013 -
SAT \u2013 -
UNSAT \u2013 -
UNKNOWN \u2013
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.ADDRESS_WRITABLE_PATTERN","title":"ADDRESS_WRITABLE_PATTERN module-attribute","text":"ADDRESS_WRITABLE_PATTERN = compile('address(?:es)? (.*) (?:is|are) writable')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.WRITABLE_COLON_PATTERN","title":"WRITABLE_COLON_PATTERN module-attribute","text":"WRITABLE_COLON_PATTERN = compile('writable: (.*)')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.EQUAL_NULL_PATTERN","title":"EQUAL_NULL_PATTERN module-attribute","text":"EQUAL_NULL_PATTERN = compile('(.*) == NULL')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN","title":"VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN module-attribute","text":"VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN = compile('(.*) <= 0')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.VALID_ARGV_PATTERN","title":"VALID_ARGV_PATTERN module-attribute","text":"VALID_ARGV_PATTERN = compile('(.+) is a valid argv')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.VALID_ENVP_PATTERN","title":"VALID_ENVP_PATTERN module-attribute","text":"VALID_ENVP_PATTERN = compile('(.+) is a valid envp')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.IS_ALIGNED_PATTERN","title":"IS_ALIGNED_PATTERN module-attribute","text":"IS_ALIGNED_PATTERN = compile('(.+) & 0xf == (\\\\d+)')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.IS_GOT_ADDRESS_PATTERN","title":"IS_GOT_ADDRESS_PATTERN module-attribute","text":"IS_GOT_ADDRESS_PATTERN = compile('(.+) is the GOT address of libc')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CAST_PATTERN","title":"CAST_PATTERN module-attribute","text":"CAST_PATTERN = compile('^\\\\([s|u]\\\\d+\\\\)')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.XMM_SHIFT","title":"XMM_SHIFT module-attribute","text":"XMM_SHIFT = ' >> '\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CONSTRAINT_SEPARATOR","title":"CONSTRAINT_SEPARATOR module-attribute","text":"CONSTRAINT_SEPARATOR = ' || '\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CAST_DEREF_MAPPING","title":"CAST_DEREF_MAPPING module-attribute","text":"CAST_DEREF_MAPPING = {\n \"(u16)\": u16,\n \"(s16)\": s16,\n \"(u32)\": u32,\n \"(s32)\": s32,\n \"(u64)\": u64,\n \"(s64)\": s64,\n}\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CAST_MAPPING","title":"CAST_MAPPING module-attribute","text":"CAST_MAPPING = {\n \"(u16)\": lambda x: value,\n \"(s16)\": lambda x: value,\n \"(u32)\": lambda x: value,\n \"(s32)\": lambda x: value,\n \"(u64)\": lambda x: value,\n \"(s64)\": lambda x: value,\n}\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.ONEGADGET_COLOR","title":"ONEGADGET_COLOR module-attribute","text":"ONEGADGET_COLOR = {\n \"light_green\": lambda x: colorize(x, \"\\x1b[38;5;82m\"),\n \"light_purple\": lambda x: colorize(x, \"\\x1b[38;5;153m\"),\n}\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.ONEGADGET_CACHEDIR","title":"ONEGADGET_CACHEDIR module-attribute","text":"ONEGADGET_CACHEDIR = cachedir('onegadget')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.SAT","title":"SAT module-attribute","text":"SAT = SAT\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.UNSAT","title":"UNSAT module-attribute","text":"UNSAT = UNSAT\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.UNKNOWN","title":"UNKNOWN module-attribute","text":"UNKNOWN = UNKNOWN\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult","title":"CheckSatResult","text":" Bases: Enum
Methods:
-
__str__ \u2013 -
__and__ \u2013 -
__or__ \u2013
Attributes:
-
SAT \u2013 -
UNSAT \u2013 -
UNKNOWN \u2013
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.SAT","title":"SAT class-attribute instance-attribute","text":"SAT = 1\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.UNSAT","title":"UNSAT class-attribute instance-attribute","text":"UNSAT = 0\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.UNKNOWN","title":"UNKNOWN class-attribute instance-attribute","text":"UNKNOWN = -1\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.__and__","title":"__and__","text":"__and__(other: CheckSatResult) -> CheckSatResult\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.__or__","title":"__or__","text":"__or__(other: CheckSatResult) -> CheckSatResult\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda","title":"Lambda","text":"Lambda(obj: str | Lambda)\n
Modified from onegadget's Lambda class
https://github.com/david942j/one_gadget/blob/65ce1dade70bf89e7496346ccf452ce5b2d139b3/lib/one_gadget/emulators/lambda.rb#L13
Methods:
-
__add__ \u2013 -
__sub__ \u2013 -
__str__ \u2013 -
__repr__ \u2013 -
deref \u2013 -
deref_ \u2013 -
ref \u2013 -
evaluate \u2013 -
parse \u2013 -
mem_obj \u2013
Attributes:
-
immi \u2013 -
obj \u2013 -
deref_count \u2013 -
gdb_expr (str) \u2013 -
color_str (str) \u2013
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.immi","title":"immi instance-attribute","text":"immi = 0\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.obj","title":"obj instance-attribute","text":"obj = obj\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.deref_count","title":"deref_count instance-attribute","text":"deref_count = 0\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.gdb_expr","title":"gdb_expr property","text":"gdb_expr: str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.color_str","title":"color_str property","text":"color_str: str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__add__","title":"__add__","text":"__add__(other: int) -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__sub__","title":"__sub__","text":"__sub__(other: int) -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__repr__","title":"__repr__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.deref","title":"deref","text":"deref() -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.deref_","title":"deref_","text":"deref_() -> None\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.ref","title":"ref","text":"ref() -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.evaluate","title":"evaluate","text":"evaluate(context: dict[Any, Any]) -> int | Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.parse","title":"parse staticmethod","text":"parse(argument: str, predefined: dict[Any, Any] = {}) -> int | Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.mem_obj","title":"mem_obj staticmethod","text":"mem_obj(arg: str) -> tuple[str, int]\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.colorize_reg","title":"colorize_reg","text":"colorize_reg(x: object) -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.colorize_integer","title":"colorize_integer","text":"colorize_integer(x: object) -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.colorize_psuedo_code","title":"colorize_psuedo_code","text":"colorize_psuedo_code(code: str) -> str\n
Colorize the pseudo code of onegadget
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.compute_file_hash","title":"compute_file_hash","text":"compute_file_hash(filename: str) -> str\n
Compute the MD5 hash of the file, return the hash
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.run_onegadget","title":"run_onegadget","text":"run_onegadget() -> str\n
Run onegadget and return the output
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.parse_expression","title":"parse_expression","text":"parse_expression(expr: str) -> tuple[int | None, str, str | None]\n
Parse expression, return the result, colorized string and error message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_stack_argv","title":"check_stack_argv","text":"check_stack_argv(expr: str) -> tuple[CheckSatResult, str]\n
Check argv that's on the stack, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_non_stack_argv","title":"check_non_stack_argv","text":"check_non_stack_argv(expr: str) -> tuple[CheckSatResult, str]\n
Check argv that's not on the stack, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_argv","title":"check_argv","text":"check_argv(expr: str) -> tuple[CheckSatResult, str]\n
Check argv, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_envp","title":"check_envp","text":"check_envp(expr: str) -> tuple[bool, str]\n
Check envp, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_constraint","title":"check_constraint","text":"check_constraint(constraint: str) -> tuple[CheckSatResult, str]\n
Parse constraint, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_gadget","title":"check_gadget","text":"check_gadget(\n gadget: str,\n show_unsat: bool = False,\n no_unknown: bool = False,\n verbose: bool = False,\n) -> CheckSatResult\n
Check status of each gadget, return the gadget's status
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.find_gadgets","title":"find_gadgets","text":"find_gadgets(\n show_unsat: bool = False, no_unknown: bool = False, verbose: bool = False\n) -> dict[CheckSatResult, int]\n
Find gadgets by parsing the output of onegadget, return there's any valid gadget
"},{"location":"reference/pwndbg/aglib/proc/","title":"pwndbg.aglib.proc","text":""},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc","title":"proc","text":"Provides values which would be available from /proc which are not fulfilled by other modules and some process/gdb flow related information.
Classes:
Functions:
-
OnlyWhenRunning \u2013 -
OnlyWhenQemuKernel \u2013 -
OnlyWithArch \u2013
Attributes:
-
P \u2013 -
T \u2013 -
pid (int) \u2013 -
tid (int) \u2013 -
thread_id (int) \u2013 -
alive (bool) \u2013 -
stopped_with_signal (bool) \u2013 -
exe (str | None) \u2013 -
binary_base_addr (int) \u2013 -
binary_vmmap (tuple[Page, ...]) \u2013 -
tether \u2013
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.pid","title":"pid module-attribute","text":"pid: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.tid","title":"tid module-attribute","text":"tid: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.thread_id","title":"thread_id module-attribute","text":"thread_id: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.alive","title":"alive module-attribute","text":"alive: bool\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.stopped_with_signal","title":"stopped_with_signal module-attribute","text":"stopped_with_signal: bool\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.exe","title":"exe module-attribute","text":"exe: str | None\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.binary_base_addr","title":"binary_base_addr module-attribute","text":"binary_base_addr: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.binary_vmmap","title":"binary_vmmap module-attribute","text":"binary_vmmap: tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.tether","title":"tether module-attribute","text":"tether = modules[__name__]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module","title":"module","text":" Bases: ModuleType
Methods:
-
dump_elf_data_section \u2013 Dump .data section of current process's ELF file
-
dump_relocations_by_section_name \u2013 Dump relocations of a section by section name of current process's ELF file
-
get_section_address_by_name \u2013 Find section address of current process by section name
-
OnlyWhenRunning \u2013 -
OnlyWhenQemuKernel \u2013 -
OnlyWithArch \u2013 Decorates function to work only with the specified archictectures.
Attributes:
-
pid (int) \u2013 -
tid (int) \u2013 -
thread_id (int) \u2013 -
alive (bool) \u2013 Informs whether the process has a thread. However, note that it will
-
stopped_with_signal (bool) \u2013 Returns whether the program has stopped with a signal
-
exe (str | None) \u2013 Returns the executed file path.
-
binary_base_addr (int) \u2013 -
binary_vmmap (tuple[Page, ...]) \u2013
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.pid","title":"pid property","text":"pid: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.tid","title":"tid property","text":"tid: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.thread_id","title":"thread_id property","text":"thread_id: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.alive","title":"alive property","text":"alive: bool\n
Informs whether the process has a thread. However, note that it will still return True for a segfaulted thread. To detect that, consider using the stopped_with_signal method.
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.stopped_with_signal","title":"stopped_with_signal property","text":"stopped_with_signal: bool\n
Returns whether the program has stopped with a signal
Can be used to detect segfaults (but will also detect other signals)
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.exe","title":"exe property","text":"exe: str | None\n
Returns the executed file path.
On remote targets, this path may not exist locally.
If you need the locally referenced file use gdb.current_process().filename
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.binary_base_addr","title":"binary_base_addr property","text":"binary_base_addr: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.binary_vmmap","title":"binary_vmmap property","text":"binary_vmmap: tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.dump_elf_data_section","title":"dump_elf_data_section","text":"dump_elf_data_section() -> tuple[int, int, bytes] | None\n
Dump .data section of current process's ELF file
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.dump_relocations_by_section_name","title":"dump_relocations_by_section_name","text":"dump_relocations_by_section_name(\n section_name: str,\n) -> tuple[Relocation, ...] | None\n
Dump relocations of a section by section name of current process's ELF file
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.get_section_address_by_name","title":"get_section_address_by_name","text":"get_section_address_by_name(section_name: str) -> int\n
Find section address of current process by section name
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.OnlyWhenRunning","title":"OnlyWhenRunning","text":"OnlyWhenRunning(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.OnlyWhenQemuKernel","title":"OnlyWhenQemuKernel","text":"OnlyWhenQemuKernel(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.OnlyWithArch","title":"OnlyWithArch","text":"OnlyWithArch(\n arch_names: list[str],\n) -> Callable[[Callable[P, T]], Callable[P, T | None]]\n
Decorates function to work only with the specified archictectures.
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.OnlyWhenRunning","title":"OnlyWhenRunning","text":"OnlyWhenRunning(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.OnlyWhenQemuKernel","title":"OnlyWhenQemuKernel","text":"OnlyWhenQemuKernel(func: Callable[P, T]) -> Callable[P, T]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.OnlyWithArch","title":"OnlyWithArch","text":"OnlyWithArch(\n arch_names: list[str],\n) -> Callable[[Callable[..., T]], Callable[..., T | None]]\n
"},{"location":"reference/pwndbg/aglib/qemu/","title":"pwndbg.aglib.qemu","text":""},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu","title":"qemu","text":"Determine whether the target is being run under QEMU.
Functions:
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_qemu","title":"is_qemu","text":"is_qemu() -> bool\n
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_usermode","title":"is_usermode","text":"is_usermode() -> bool\n
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_qemu_usermode","title":"is_qemu_usermode","text":"is_qemu_usermode() -> bool\n
Returns True if the target remote is being run under QEMU usermode emulation.
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_qemu_kernel","title":"is_qemu_kernel","text":"is_qemu_kernel() -> bool\n
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_old_qemu_user","title":"is_old_qemu_user","text":"is_old_qemu_user() -> bool\n
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.exec_file_supported","title":"exec_file_supported","text":"exec_file_supported() -> bool\n
Returns True if the remote target understands the 'qXfer:exec-file:read' packet. A check for this feature is done in vmmap code, to warn against running legacy Qemu versions.
"},{"location":"reference/pwndbg/aglib/regs/","title":"pwndbg.aglib.regs","text":""},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs","title":"regs","text":"Reading register value from the inferior, and provides a standardized interface to registers like \"sp\" and \"pc\".
Classes:
Functions:
-
regs_in_frame \u2013 -
get_register \u2013 -
get_qemu_register \u2013 -
update_last \u2013
Attributes:
-
PTRACE_ARCH_PRCTL \u2013 -
ARCH_GET_FS \u2013 -
ARCH_GET_GS \u2013 -
gpr (tuple[str, ...]) \u2013 -
common (list[str]) \u2013 -
frame (str | None) \u2013 -
retaddr (tuple[str, ...]) \u2013 -
flags (dict[str, BitFlags]) \u2013 -
extra_flags (dict[str, BitFlags]) \u2013 -
stack (str) \u2013 -
retval (str | None) \u2013 -
all (list[str]) \u2013 -
changed (list[str]) \u2013 -
fsbase (int) \u2013 -
gsbase (int) \u2013 -
current (RegisterSet) \u2013 -
fix (Callable[[str], str]) \u2013 -
items (Callable[[], Generator[tuple[str, Any], None, None]]) \u2013 -
previous (dict[str, int]) \u2013 -
last (dict[str, int]) \u2013 -
pc (int | None) \u2013 -
tether \u2013
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.PTRACE_ARCH_PRCTL","title":"PTRACE_ARCH_PRCTL module-attribute","text":"PTRACE_ARCH_PRCTL = 30\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.ARCH_GET_FS","title":"ARCH_GET_FS module-attribute","text":"ARCH_GET_FS = 4099\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.ARCH_GET_GS","title":"ARCH_GET_GS module-attribute","text":"ARCH_GET_GS = 4100\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.gpr","title":"gpr module-attribute","text":"gpr: tuple[str, ...]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.common","title":"common module-attribute","text":"common: list[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.frame","title":"frame module-attribute","text":"frame: str | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.retaddr","title":"retaddr module-attribute","text":"retaddr: tuple[str, ...]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.flags","title":"flags module-attribute","text":"flags: dict[str, BitFlags]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.extra_flags","title":"extra_flags module-attribute","text":"extra_flags: dict[str, BitFlags]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.stack","title":"stack module-attribute","text":"stack: str\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.retval","title":"retval module-attribute","text":"retval: str | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.all","title":"all module-attribute","text":"all: list[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.changed","title":"changed module-attribute","text":"changed: list[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.fsbase","title":"fsbase module-attribute","text":"fsbase: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.gsbase","title":"gsbase module-attribute","text":"gsbase: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.current","title":"current module-attribute","text":"current: RegisterSet\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.fix","title":"fix module-attribute","text":"fix: Callable[[str], str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.items","title":"items module-attribute","text":"items: Callable[[], Generator[tuple[str, Any], None, None]]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.previous","title":"previous module-attribute","text":"previous: dict[str, int]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.last","title":"last module-attribute","text":"last: dict[str, int]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.pc","title":"pc module-attribute","text":"pc: int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.tether","title":"tether module-attribute","text":"tether = modules[__name__]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module","title":"module","text":" Bases: ModuleType
Methods:
-
read_reg \u2013 -
__getattr__ \u2013 -
__setattr__ \u2013 -
__getitem__ \u2013 -
__contains__ \u2013 -
__iter__ \u2013 -
fix \u2013 -
items \u2013 -
__repr__ \u2013
Attributes:
-
previous (dict[str, int]) \u2013 -
last (dict[str, int]) \u2013 -
current (RegisterSet) \u2013 -
gpr (tuple[str, ...]) \u2013 -
common (list[str]) \u2013 -
frame (str | None) \u2013 -
retaddr (tuple[str, ...]) \u2013 -
kernel (KernelRegisterSet) \u2013 -
flags (dict[str, BitFlags]) \u2013 -
extra_flags (dict[str, BitFlags]) \u2013 -
stack (str) \u2013 -
retval (str | None) \u2013 -
all (set[str]) \u2013 -
reg_sets \u2013 -
changed (list[str]) \u2013 -
idt (int) \u2013 -
idt_limit (int) \u2013 -
fsbase (int) \u2013 -
gsbase (int) \u2013
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.previous","title":"previous class-attribute instance-attribute","text":"previous: dict[str, int] = {}\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.last","title":"last class-attribute instance-attribute","text":"last: dict[str, int] = {}\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.current","title":"current property","text":"current: RegisterSet\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.gpr","title":"gpr property","text":"gpr: tuple[str, ...]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.common","title":"common property","text":"common: list[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.frame","title":"frame property","text":"frame: str | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.retaddr","title":"retaddr property","text":"retaddr: tuple[str, ...]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.kernel","title":"kernel property","text":"kernel: KernelRegisterSet\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.flags","title":"flags property","text":"flags: dict[str, BitFlags]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.extra_flags","title":"extra_flags property","text":"extra_flags: dict[str, BitFlags]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.stack","title":"stack property","text":"stack: str\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.retval","title":"retval property","text":"retval: str | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.all","title":"all property","text":"all: set[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.reg_sets","title":"reg_sets class-attribute instance-attribute","text":"reg_sets = reg_sets\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.changed","title":"changed property","text":"changed: list[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.idt","title":"idt property","text":"idt: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.idt_limit","title":"idt_limit property","text":"idt_limit: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.fsbase","title":"fsbase property","text":"fsbase: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.gsbase","title":"gsbase property","text":"gsbase: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.read_reg","title":"read_reg","text":"read_reg(reg: str, frame: Frame | None = None) -> int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__getattr__","title":"__getattr__","text":"__getattr__(attr: str) -> int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__setattr__","title":"__setattr__","text":"__setattr__(attr: str, val: Any) -> None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__getitem__","title":"__getitem__","text":"__getitem__(item: Any) -> int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__contains__","title":"__contains__","text":"__contains__(reg: str) -> bool\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__iter__","title":"__iter__","text":"__iter__() -> Iterator[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.fix","title":"fix","text":"fix(expression: str) -> str\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.items","title":"items","text":"items() -> Generator[tuple[str, Any], None, None]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__repr__","title":"__repr__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.regs_in_frame","title":"regs_in_frame","text":"regs_in_frame(frame: Frame) -> Registers\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.get_register","title":"get_register","text":"get_register(name: str, frame: Frame | None = None) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.get_qemu_register","title":"get_qemu_register","text":"get_qemu_register(name: str) -> int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.update_last","title":"update_last","text":"update_last() -> None\n
"},{"location":"reference/pwndbg/aglib/remote/","title":"pwndbg.aglib.remote","text":""},{"location":"reference/pwndbg/aglib/remote/#pwndbg.aglib.remote","title":"remote","text":"Information about whether the debuggee is local (under GDB) or remote (under GDBSERVER or QEMU stub).
Functions:
"},{"location":"reference/pwndbg/aglib/remote/#pwndbg.aglib.remote.is_remote","title":"is_remote","text":"is_remote() -> bool\n
"},{"location":"reference/pwndbg/aglib/saved_register_frames/","title":"pwndbg.aglib.saved_register_frames","text":""},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames","title":"saved_register_frames","text":"Classes:
Attributes:
-
ARM_CORTEX_M_EXCEPTION_STACK_FRAME_OFFSETS \u2013 -
ARM_CORTEX_M_EXCEPTION_STACK \u2013
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.ARM_CORTEX_M_EXCEPTION_STACK_FRAME_OFFSETS","title":"ARM_CORTEX_M_EXCEPTION_STACK_FRAME_OFFSETS module-attribute","text":"ARM_CORTEX_M_EXCEPTION_STACK_FRAME_OFFSETS = {\n \"r0\": 0,\n \"r1\": 4,\n \"r2\": 8,\n \"r3\": 12,\n \"r12\": 16,\n \"lr\": 20,\n \"pc\": 24,\n \"xpsr\": 28,\n}\n
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.ARM_CORTEX_M_EXCEPTION_STACK","title":"ARM_CORTEX_M_EXCEPTION_STACK module-attribute","text":"ARM_CORTEX_M_EXCEPTION_STACK = SavedRegisterFrame(\n ARM_CORTEX_M_EXCEPTION_STACK_FRAME_OFFSETS\n)\n
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.SavedRegisterFrame","title":"SavedRegisterFrame dataclass","text":"SavedRegisterFrame(register_offsets: dict[str, int])\n
A list of registers that have been saved to process memory for later restoration.
For example, on syscall entry, the process registers are saved to the kernel stack.
Methods:
-
read_saved_register \u2013
Attributes:
-
offsets (dict[str, int]) \u2013 -
frame_layout (list[tuple[int, str]]) \u2013
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.SavedRegisterFrame.offsets","title":"offsets instance-attribute","text":"offsets: dict[str, int] = register_offsets\n
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.SavedRegisterFrame.frame_layout","title":"frame_layout instance-attribute","text":"frame_layout: list[tuple[int, str]] = sorted((y, x) for (x, y) in items())\n
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.SavedRegisterFrame.read_saved_register","title":"read_saved_register","text":"read_saved_register(reg: str, sp: int = None) -> int | None\n
"},{"location":"reference/pwndbg/aglib/shellcode/","title":"pwndbg.aglib.shellcode","text":""},{"location":"reference/pwndbg/aglib/shellcode/#pwndbg.aglib.shellcode","title":"shellcode","text":"Shellcode
This module implements functionality that allows for the execution of a small amount of code in the context of the inferior.
Functions:
"},{"location":"reference/pwndbg/aglib/shellcode/#pwndbg.aglib.shellcode.exec_syscall","title":"exec_syscall async","text":"exec_syscall(\n ec: ExecutionController,\n syscall,\n arg0=None,\n arg1=None,\n arg2=None,\n arg3=None,\n arg4=None,\n arg5=None,\n)\n
Tries executing the given syscall in the context of the inferior.
"},{"location":"reference/pwndbg/aglib/shellcode/#pwndbg.aglib.shellcode.exec_shellcode","title":"exec_shellcode async","text":"exec_shellcode(ec: ExecutionController, blob)\n
Tries executing the given blob of machine code in the current context of the inferior, optionally restoring the values of the registers as they were before the shellcode ran, as a means to allow for execution of the inferior to continue uninterrupted. The value of the program counter is always restored.
Additionally, the caller may specify an object to be called before the context is restored, so that information stored in the registers after the shellcode finishes can be retrieved. The return value of that call will be returned by this function.
"},{"location":"reference/pwndbg/aglib/shellcode/#pwndbg.aglib.shellcode.exec_shellcode--safety","title":"Safety","text":"Seeing as this function injects code directly into the inferior and runs it, the caller must be careful to inject code that will (1) terminate and (2) not cause the inferior to misbehave. Otherwise, it is fairly easy to crash or currupt the memory in the inferior.
"},{"location":"reference/pwndbg/aglib/stack/","title":"pwndbg.aglib.stack","text":""},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack","title":"stack","text":"Helpers for finding address mappings which are used as a stack.
Generally not needed, except under qemu-user and for when binaries do things to remap the stack (e.g. pwnies' postit).
Functions:
-
find \u2013 Returns a pwndbg.lib.memory.Page object which corresponds to given address stack
-
find_upper_stack_boundary \u2013 -
get \u2013 For each running thread, return the known address range for its stack
-
current \u2013 Returns the bounds for the stack for the current thread.
-
is_executable \u2013 -
callstack \u2013 Return the address of the return address for the current frame.
Attributes:
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.auto_explore","title":"auto_explore module-attribute","text":"auto_explore = add_param(\n \"auto-explore-stack\",\n \"warn\",\n \"stack exploration; it may be really slow\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"warn\", \"yes\", \"no\"],\n)\n
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.find","title":"find","text":"find(address: int) -> Page | None\n
Returns a pwndbg.lib.memory.Page object which corresponds to given address stack or None if it does not exist
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.find_upper_stack_boundary","title":"find_upper_stack_boundary","text":"find_upper_stack_boundary(stack_ptr: int, max_pages: int = 1024) -> int\n
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.get","title":"get","text":"get() -> dict[int, Page]\n
For each running thread, return the known address range for its stack Returns a dict which should never be modified (since its cached)
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.current","title":"current","text":"current() -> Page | None\n
Returns the bounds for the stack for the current thread.
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.is_executable","title":"is_executable","text":"is_executable() -> bool\n
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.callstack","title":"callstack","text":"callstack() -> list[int]\n
Return the address of the return address for the current frame.
"},{"location":"reference/pwndbg/aglib/strings/","title":"pwndbg.aglib.strings","text":""},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings","title":"strings","text":"Functionality for resolving ASCII printable strings within the debuggee's address space.
Functions:
-
update_length \u2013 Unfortunately there's not a better way to get at this info.
-
get \u2013 Returns a printable C-string from address.
-
yield_in_page \u2013 Yields strings of length >= n found in a given vmmap page
Attributes:
"},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings.length","title":"length module-attribute","text":"length = 15\n
"},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings.update_length","title":"update_length","text":"update_length() -> None\n
Unfortunately there's not a better way to get at this info.
gdb.execute('show print elements', from_tty=False, to_string=True) 'Limit on string chars or array elements to print is 21.\\n'
"},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings.get","title":"get","text":"get(\n address: int, maxlen: int | None = None, maxread: int | None = None\n) -> str | None\n
Returns a printable C-string from address.
Returns None if string contains non-printable chars or if the maxlen length data does not end up with a null byte.
"},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings.yield_in_page","title":"yield_in_page","text":"yield_in_page(page: Page, n=4) -> Iterator[str]\n
Yields strings of length >= n found in a given vmmap page
"},{"location":"reference/pwndbg/aglib/symbol/","title":"pwndbg.aglib.symbol","text":""},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol","title":"symbol","text":"Looking up addresses for function names / symbols, and vice-versa.
Functions:
-
lookup_symbol_addr \u2013 -
lookup_symbol_value \u2013 -
lookup_symbol \u2013 Returns the address of the given symbol, cast-ed to the appropriate symbol type.
-
lookup_frame_symbol \u2013 Returns the address of the given symbol, cast-ed to the appropriate symbol type.
-
resolve_addr \u2013 Resolves an address to its corresponding symbol name, if available.
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.lookup_symbol_addr","title":"lookup_symbol_addr","text":"lookup_symbol_addr(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> int | None\n
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.lookup_symbol_value","title":"lookup_symbol_value","text":"lookup_symbol_value(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> int | None\n
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.lookup_symbol","title":"lookup_symbol","text":"lookup_symbol(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> Value | None\n
Returns the address of the given symbol, cast-ed to the appropriate symbol type.
This function searches for (SymbolLookupType.ANY): - Function names - Variable names - (gdb only) Typedef names (if you need please use aglib.typeinfo.load) - (gdb only) Enum values (if you need please use aglib.typeinfo.enum_member)
The lookup order is as follows (default): 1. Global scope within the current module 2. Global static scope within the current module 3. Global scope in other modules 4. Global static scope in other modules
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.lookup_frame_symbol","title":"lookup_frame_symbol","text":"lookup_frame_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\n
Returns the address of the given symbol, cast-ed to the appropriate symbol type.
This function searches for (SymbolLookupType.ANY): - Function names - Variable names - (gdb only, please don't use) Typedef names - (gdb only, please don't use) Enum values
The lookup order is as follows: 1. Local scope 2. Global scope within the current module 3. Global static scope within the current module 4. Global scope in other modules 5. Global static scope in other modules
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.resolve_addr","title":"resolve_addr","text":"resolve_addr(addr: int) -> str | None\n
Resolves an address to its corresponding symbol name, if available.
Note: - This function does not resolve TLS (Thread-Local Storage) addresses or addresses with local scope.
Resolution is performed in the following order: - Global scope symbols.
"},{"location":"reference/pwndbg/aglib/tls/","title":"pwndbg.aglib.tls","text":""},{"location":"reference/pwndbg/aglib/tls/#pwndbg.aglib.tls","title":"tls","text":"Getting Thread Local Storage (TLS) information.
Functions:
"},{"location":"reference/pwndbg/aglib/tls/#pwndbg.aglib.tls.__call_pthread_self","title":"__call_pthread_self","text":"__call_pthread_self() -> int\n
Retrieve the address of the struct pthread_t for the current thread by calling pthread_self(). This address can be used to locate the base address of the Thread Local Storage (TLS).
"},{"location":"reference/pwndbg/aglib/tls/#pwndbg.aglib.tls.find_address_with_pthread_self","title":"find_address_with_pthread_self","text":"find_address_with_pthread_self() -> int\n
Get the base address of the Thread Local Storage (TLS) for the current thread using the pthread_self() function. The returned address points to the struct tcbhead_t, which serves as the header for TLS and thread-specific metadata.
"},{"location":"reference/pwndbg/aglib/tls/#pwndbg.aglib.tls.find_address_with_register","title":"find_address_with_register","text":"find_address_with_register() -> int\n
Get the base address of the Thread Local Storage (TLS) for the current thread using a CPU register. The returned address points to the struct tcbhead_t, which is the entry point for TLS and thread-specific metadata.
"},{"location":"reference/pwndbg/aglib/typeinfo/","title":"pwndbg.aglib.typeinfo","text":""},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo","title":"typeinfo","text":"Common types.
Functions:
Attributes:
-
module \u2013 -
char (Type) \u2013 -
ulong (Type) \u2013 -
long (Type) \u2013 -
uchar (Type) \u2013 -
ushort (Type) \u2013 -
uint (Type) \u2013 -
void (Type) \u2013 -
uint8 (Type) \u2013 -
uint16 (Type) \u2013 -
uint32 (Type) \u2013 -
uint64 (Type) \u2013 -
unsigned (dict[int, Type]) \u2013 -
int8 (Type) \u2013 -
int16 (Type) \u2013 -
int32 (Type) \u2013 -
int64 (Type) \u2013 -
signed (dict[int, Type]) \u2013 -
pvoid (Type) \u2013 -
ppvoid (Type) \u2013 -
pchar (Type) \u2013 -
ptrsize (int) \u2013 -
ptrdiff (Type) \u2013 -
size_t (Type) \u2013 -
ssize_t (Type) \u2013
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.module","title":"module module-attribute","text":"module = modules[__name__]\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.char","title":"char module-attribute","text":"char: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ulong","title":"ulong module-attribute","text":"ulong: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.long","title":"long module-attribute","text":"long: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uchar","title":"uchar module-attribute","text":"uchar: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ushort","title":"ushort module-attribute","text":"ushort: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint","title":"uint module-attribute","text":"uint: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.void","title":"void module-attribute","text":"void: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint8","title":"uint8 module-attribute","text":"uint8: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint16","title":"uint16 module-attribute","text":"uint16: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint32","title":"uint32 module-attribute","text":"uint32: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint64","title":"uint64 module-attribute","text":"uint64: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.unsigned","title":"unsigned module-attribute","text":"unsigned: dict[int, Type]\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int8","title":"int8 module-attribute","text":"int8: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int16","title":"int16 module-attribute","text":"int16: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int32","title":"int32 module-attribute","text":"int32: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int64","title":"int64 module-attribute","text":"int64: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.signed","title":"signed module-attribute","text":"signed: dict[int, Type]\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.pvoid","title":"pvoid module-attribute","text":"pvoid: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ppvoid","title":"ppvoid module-attribute","text":"ppvoid: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.pchar","title":"pchar module-attribute","text":"pchar: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ptrsize","title":"ptrsize module-attribute","text":"ptrsize: int = 4\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ptrdiff","title":"ptrdiff module-attribute","text":"ptrdiff: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.size_t","title":"size_t module-attribute","text":"size_t: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ssize_t","title":"ssize_t module-attribute","text":"ssize_t: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.lookup_types","title":"lookup_types","text":"lookup_types(*types: str) -> Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.update","title":"update","text":"update() -> None\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.load","title":"load","text":"load(name: str) -> Type | None\n
Load a symbol; note that new symbols can be added with add-symbol-file functionality
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.get_type","title":"get_type","text":"get_type(size: int) -> Type\n
"},{"location":"reference/pwndbg/aglib/vmmap/","title":"pwndbg.aglib.vmmap","text":""},{"location":"reference/pwndbg/aglib/vmmap/#pwndbg.aglib.vmmap","title":"vmmap","text":"Functions:
-
get_memory_map \u2013 -
get \u2013 -
find \u2013
"},{"location":"reference/pwndbg/aglib/vmmap/#pwndbg.aglib.vmmap.get_memory_map","title":"get_memory_map","text":"get_memory_map() -> MemoryMap\n
"},{"location":"reference/pwndbg/aglib/vmmap/#pwndbg.aglib.vmmap.get","title":"get","text":"get() -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/vmmap/#pwndbg.aglib.vmmap.find","title":"find","text":"find(address: int | Value | None) -> Page | None\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/","title":"pwndbg.aglib.vmmap_custom","text":""},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom","title":"vmmap_custom","text":"Functions:
-
clear_warn_cache \u2013 -
get_custom_pages \u2013 Returns a tuple of Page objects representing the memory mappings of the
-
add_custom_page \u2013 -
clear_custom_page \u2013 -
explore \u2013 Given a potential address, check to see what permissions it has.
-
get_memory_flags \u2013 -
find_boundaries \u2013 Given a single address, find all contiguous pages
Attributes:
-
explored_pages (list[Page]) \u2013 -
custom_pages (list[Page]) \u2013 -
auto_explore \u2013
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.explored_pages","title":"explored_pages module-attribute","text":"explored_pages: list[Page] = []\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.custom_pages","title":"custom_pages module-attribute","text":"custom_pages: list[Page] = []\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.auto_explore","title":"auto_explore module-attribute","text":"auto_explore = add_param(\n \"auto-explore-pages\",\n \"warn\",\n \"whether to try to infer page permissions when memory maps are missing\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"yes\", \"warn\", \"no\"],\n help_docstring=\"\\nThis command can cause errors.\\n\",\n)\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.clear_warn_cache","title":"clear_warn_cache","text":"clear_warn_cache()\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.get_custom_pages","title":"get_custom_pages","text":"get_custom_pages() -> tuple[Page, ...]\n
Returns a tuple of Page objects representing the memory mappings of the target, sorted by virtual address ascending.
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.add_custom_page","title":"add_custom_page","text":"add_custom_page(page: Page) -> None\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.clear_custom_page","title":"clear_custom_page","text":"clear_custom_page() -> None\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.explore","title":"explore","text":"explore(address_maybe: int) -> Page | None\n
Given a potential address, check to see what permissions it has.
Returns:
-
Page | None \u2013 Page object
Note Adds the Page object to a persistent list of pages which are only reset when the process dies. This means pages which are added this way will not be removed when unmapped.
Also assumes the entire contiguous section has the same permission.
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.get_memory_flags","title":"get_memory_flags","text":"get_memory_flags(address_maybe: int) -> int | None\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.find_boundaries","title":"find_boundaries","text":"find_boundaries(addr: int, name: str = '', min: int = 0) -> Page\n
Given a single address, find all contiguous pages which are mapped.
"},{"location":"reference/pwndbg/arguments/","title":"pwndbg.arguments","text":""},{"location":"reference/pwndbg/arguments/#pwndbg.arguments","title":"arguments","text":"Function and syscall argument formatting.
Enumerates arguments which may be passed in a combination of registers and stack values.
Functions:
-
get \u2013 Returns an array containing the arguments to the current function,
-
argname \u2013 -
argument \u2013 Returns the nth argument, as if $pc were a 'call' or 'bl' type
-
arguments \u2013 Yields (arg_name, arg_value) tuples for arguments from a given ABI.
-
format_args \u2013
Attributes:
-
FILE_DESCRIPTOR_ARG_NAMES \u2013
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.FILE_DESCRIPTOR_ARG_NAMES","title":"FILE_DESCRIPTOR_ARG_NAMES module-attribute","text":"FILE_DESCRIPTOR_ARG_NAMES = {\n \"fd\",\n \"in_fd\",\n \"out_fd\",\n \"fdin\",\n \"fdout\",\n \"oldfd\",\n \"fildes\",\n \"newfd\",\n \"epfd\",\n \"dfd\",\n \"dirfd\",\n \"mountdirfd\",\n}\n
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.get","title":"get","text":"get(instruction: PwndbgInstruction) -> list[tuple[Argument, int]]\n
Returns an array containing the arguments to the current function, if $pc is a function call or syscall instruction.
Otherwise, returns None.
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.argname","title":"argname","text":"argname(n: int, abi: ABI) -> str\n
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.argument","title":"argument","text":"argument(n: int, abi: ABI | None = None) -> int\n
Returns the nth argument, as if $pc were a 'call' or 'bl' type instruction. Works only for ABIs that use registers for arguments.
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.arguments","title":"arguments","text":"arguments(abi: ABI | None = None)\n
Yields (arg_name, arg_value) tuples for arguments from a given ABI. Works only for ABIs that use registers for arguments.
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.format_args","title":"format_args","text":"format_args(instruction: PwndbgInstruction) -> list[str]\n
"},{"location":"reference/pwndbg/auxv/","title":"pwndbg.auxv","text":""},{"location":"reference/pwndbg/auxv/#pwndbg.auxv","title":"auxv","text":"Performs handling of the linux auxiliary vector.
https://www.man7.org/linux/man-pages/man3/getauxval.3.html https://lwn.net/Articles/519085/
Functions:
-
get \u2013 -
procfs_auxv \u2013 -
use_info_auxv \u2013 -
explore_stack_auxv \u2013 -
walk_stack2 \u2013
Attributes:
-
auto_explore \u2013 -
example_info_auxv_linux \u2013
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.auto_explore","title":"auto_explore module-attribute","text":"auto_explore = add_param(\n \"auto-explore-auxv\",\n \"warn\",\n \"stack exploration for AUXV information; it may be really slow\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"warn\", \"yes\", \"no\"],\n)\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.example_info_auxv_linux","title":"example_info_auxv_linux module-attribute","text":"example_info_auxv_linux = '\\n33 AT_SYSINFO_EHDR System-supplied DSO\\'s ELF header 0x7ffff7ffa000\\n16 AT_HWCAP Machine-dependent CPU capability hints 0xfabfbff\\n6 AT_PAGESZ System page size 4096\\n17 AT_CLKTCK Frequency of times() 100\\n3 AT_PHDR Program headers for program 0x400040\\n4 AT_PHENT Size of program header entry 56\\n5 AT_PHNUM Number of program headers 9\\n7 AT_BASE Base address of interpreter 0x7ffff7dda000\\n8 AT_FLAGS Flags 0x0\\n9 AT_ENTRY Entry point of program 0x42020b\\n11 AT_UID Real user ID 1000\\n12 AT_EUID Effective user ID 1000\\n13 AT_GID Real group ID 1000\\n14 AT_EGID Effective group ID 1000\\n23 AT_SECURE Boolean, was exec setuid-like? 0\\n25 AT_RANDOM Address of 16 random bytes 0x7fffffffdb39\\n31 AT_EXECFN File name of executable 0x7fffffffefee \"/bin/bash\"\\n15 AT_PLATFORM String identifying platform 0x7fffffffdb49 \"x86_64\"\\n0 AT_NULL End of vector 0x0\\n'\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.get","title":"get","text":"get() -> AUXV\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.procfs_auxv","title":"procfs_auxv","text":"procfs_auxv() -> AUXV | None\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.use_info_auxv","title":"use_info_auxv","text":"use_info_auxv() -> AUXV | None\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.explore_stack_auxv","title":"explore_stack_auxv","text":"explore_stack_auxv() -> AUXV | None\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.walk_stack2","title":"walk_stack2","text":"walk_stack2(offset: int = 0) -> AUXV\n
"},{"location":"reference/pwndbg/chain/","title":"pwndbg.chain","text":""},{"location":"reference/pwndbg/chain/#pwndbg.chain","title":"chain","text":"Dereference and format pointer chains.
Functions:
-
get \u2013 Recursively dereferences an address. For bare metal, it will stop when the address is not in any of vmmap pages to avoid redundant dereference.
-
format \u2013 Recursively dereferences an address into string representation, or convert the list representation
Attributes:
-
LIMIT \u2013 -
c \u2013 -
config_arrow_left \u2013 -
config_arrow_right \u2013 -
config_contiguous \u2013
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.LIMIT","title":"LIMIT module-attribute","text":"LIMIT = add_param(\n \"dereference-limit\", 5, \"max number of pointers to dereference in a chain\"\n)\n
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.c","title":"c module-attribute","text":"c = ColorConfig(\n \"chain\",\n [\n ColorParamSpec(\"arrow\", \"normal\", \"color of chain formatting (arrow)\"),\n ColorParamSpec(\n \"contiguous-marker\",\n \"normal\",\n \"color of chain formatting (contiguous marker)\",\n ),\n ],\n)\n
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.config_arrow_left","title":"config_arrow_left module-attribute","text":"config_arrow_left = add_param(\n \"chain-arrow-left\", \"\u25c2\u2014\", \"left arrow of chain formatting\"\n)\n
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.config_arrow_right","title":"config_arrow_right module-attribute","text":"config_arrow_right = add_param(\n \"chain-arrow-right\", \"\u2014\u25b8\", \"right arrow of chain formatting\"\n)\n
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.config_contiguous","title":"config_contiguous module-attribute","text":"config_contiguous = add_param(\n \"chain-contiguous-marker\", \"...\", \"contiguous marker of chain formatting\"\n)\n
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.get","title":"get","text":"get(\n address: int | None,\n limit: int = LIMIT,\n offset: int = 0,\n hard_stop: int | None = None,\n hard_end: int = 0,\n include_start: bool = True,\n safe_linking: bool = False,\n) -> list[int] | None\n
Recursively dereferences an address. For bare metal, it will stop when the address is not in any of vmmap pages to avoid redundant dereference.
Parameters:
-
address (int | None) \u2013 the first address to begin dereferencing
-
limit (int, default: LIMIT ) \u2013 number of valid pointers
-
offset (int, default: 0 ) \u2013 offset into the address to get the next pointer
-
hard_stop (int | None, default: None ) \u2013 address to stop at
-
hard_end (int, default: 0 ) \u2013 value to append when hard_stop is reached
-
include_start (bool, default: True ) \u2013 whether to include starting address or not
-
safe_linking (bool, default: False ) \u2013 whether this chain use safe-linking
Returns:
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.format","title":"format","text":"format(\n value: int | list[int] | None,\n limit: int = LIMIT,\n code: bool = True,\n offset: int = 0,\n hard_stop: int | None = None,\n hard_end: int = 0,\n safe_linking: bool = False,\n enhance_string_len: int | None = None,\n) -> str\n
Recursively dereferences an address into string representation, or convert the list representation of address dereferences into string representation.
Parameters:
-
value (int | list[int] | None) \u2013 Either the starting address to be sent to get, or the result of get (a list)
-
limit (int, default: LIMIT ) \u2013 Number of valid pointers
-
code (bool, default: True ) \u2013 Hint that indicates the value may be an instruction
-
offset (int, default: 0 ) \u2013 Offset into the address to get the next pointer
-
hard_stop (int | None, default: None ) \u2013 Value to stop on
-
hard_end (int, default: 0 ) \u2013 Value to append when hard_stop is reached: null, value of hard stop, a string.
-
safe_linking (bool, default: False ) \u2013 whether this chain use safe-linking
-
enhance_string_len (int | None, default: None ) \u2013 The length of string to display for enhancement of the last pointer
Returns: A string representing pointers of each address and reference Strings format: 0x0804a10 \u2014\u25b8 0x08061000 \u25c2\u2014 0x41414141
"},{"location":"reference/pwndbg/color/","title":"pwndbg.color","text":""},{"location":"reference/pwndbg/color/#pwndbg.color","title":"color","text":"Text colorizing and theme configuration logic.
Modules:
-
context \u2013 -
disasm \u2013 -
enhance \u2013 -
hexdump \u2013 -
memory \u2013 -
message \u2013 -
syntax_highlight \u2013 -
telescope \u2013 -
theme \u2013
Classes:
-
ColorParamSpec \u2013 -
ColorConfig \u2013
Functions:
-
normal \u2013 -
black \u2013 -
red \u2013 -
green \u2013 -
yellow \u2013 -
blue \u2013 -
purple \u2013 -
cyan \u2013 -
light_gray \u2013 -
foreground \u2013 -
gray \u2013 -
light_red \u2013 -
light_green \u2013 -
light_yellow \u2013 -
light_blue \u2013 -
light_purple \u2013 -
light_cyan \u2013 -
white \u2013 -
bold \u2013 -
underline \u2013 -
colorize \u2013 -
unstylize \u2013 -
generateColorFunctionInner \u2013 -
generateColorFunction \u2013 -
strip \u2013 -
terminateWith \u2013 -
ljust_colored \u2013 -
rjust_colored \u2013
Attributes:
-
NORMAL \u2013 -
BLACK \u2013 -
RED \u2013 -
GREEN \u2013 -
YELLOW \u2013 -
BLUE \u2013 -
PURPLE \u2013 -
CYAN \u2013 -
LIGHT_GREY \u2013 -
LIGHT_GRAY \u2013 -
FOREGROUND \u2013 -
GREY \u2013 -
GRAY \u2013 -
LIGHT_RED \u2013 -
LIGHT_GREEN \u2013 -
LIGHT_YELLOW \u2013 -
LIGHT_BLUE \u2013 -
LIGHT_PURPLE \u2013 -
LIGHT_CYAN \u2013 -
WHITE \u2013 -
BOLD \u2013 -
UNDERLINE \u2013 -
none \u2013 -
ansi_escape_8bit \u2013 -
disable_colors \u2013
"},{"location":"reference/pwndbg/color/#pwndbg.color.NORMAL","title":"NORMAL module-attribute","text":"NORMAL = '\\x1b[0m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.BLACK","title":"BLACK module-attribute","text":"BLACK = '\\x1b[30m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.RED","title":"RED module-attribute","text":"RED = '\\x1b[31m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.GREEN","title":"GREEN module-attribute","text":"GREEN = '\\x1b[32m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.YELLOW","title":"YELLOW module-attribute","text":"YELLOW = '\\x1b[33m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.BLUE","title":"BLUE module-attribute","text":"BLUE = '\\x1b[34m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.PURPLE","title":"PURPLE module-attribute","text":"PURPLE = '\\x1b[35m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.CYAN","title":"CYAN module-attribute","text":"CYAN = '\\x1b[36m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_GREY","title":"LIGHT_GREY module-attribute","text":"LIGHT_GREY = '\\x1b[37m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_GRAY","title":"LIGHT_GRAY module-attribute","text":"LIGHT_GRAY = '\\x1b[37m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.FOREGROUND","title":"FOREGROUND module-attribute","text":"FOREGROUND = '\\x1b[39m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.GREY","title":"GREY module-attribute","text":"GREY = '\\x1b[90m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.GRAY","title":"GRAY module-attribute","text":"GRAY = '\\x1b[90m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_RED","title":"LIGHT_RED module-attribute","text":"LIGHT_RED = '\\x1b[91m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_GREEN","title":"LIGHT_GREEN module-attribute","text":"LIGHT_GREEN = '\\x1b[92m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_YELLOW","title":"LIGHT_YELLOW module-attribute","text":"LIGHT_YELLOW = '\\x1b[93m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_BLUE","title":"LIGHT_BLUE module-attribute","text":"LIGHT_BLUE = '\\x1b[94m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_PURPLE","title":"LIGHT_PURPLE module-attribute","text":"LIGHT_PURPLE = '\\x1b[95m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_CYAN","title":"LIGHT_CYAN module-attribute","text":"LIGHT_CYAN = '\\x1b[96m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.WHITE","title":"WHITE module-attribute","text":"WHITE = '\\x1b[97m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.BOLD","title":"BOLD module-attribute","text":"BOLD = '\\x1b[1m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.UNDERLINE","title":"UNDERLINE module-attribute","text":"UNDERLINE = '\\x1b[4m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.none","title":"none module-attribute","text":"none = str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ansi_escape_8bit","title":"ansi_escape_8bit module-attribute","text":"ansi_escape_8bit = compile(\n \"(?:\\\\x1B[@-Z\\\\\\\\-_]|[\\\\x80-\\\\x9A\\\\x9C-\\\\x9F]|(?:\\\\x1B\\\\[|\\\\x9B)[0-?]*[ -/]*[@-~])\"\n)\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.disable_colors","title":"disable_colors module-attribute","text":"disable_colors = add_param(\n \"disable-colors\",\n bool(get(\"PWNDBG_DISABLE_COLORS\")),\n \"whether to color the output or not\",\n)\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorParamSpec","title":"ColorParamSpec","text":" Bases: NamedTuple
Attributes:
-
name (str) \u2013 -
default (str) \u2013 -
doc (str) \u2013
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorParamSpec.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorParamSpec.default","title":"default instance-attribute","text":"default: str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorParamSpec.doc","title":"doc instance-attribute","text":"doc: str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorConfig","title":"ColorConfig","text":"ColorConfig(namespace: str, params: list[ColorParamSpec])\n
Methods:
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorConfig.__getattr__","title":"__getattr__","text":"__getattr__(attr: str) -> Callable[[str], str]\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.normal","title":"normal","text":"normal(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.black","title":"black","text":"black(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.red","title":"red","text":"red(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.green","title":"green","text":"green(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.yellow","title":"yellow","text":"yellow(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.blue","title":"blue","text":"blue(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.purple","title":"purple","text":"purple(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.cyan","title":"cyan","text":"cyan(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_gray","title":"light_gray","text":"light_gray(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.foreground","title":"foreground","text":"foreground(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.gray","title":"gray","text":"gray(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_red","title":"light_red","text":"light_red(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_green","title":"light_green","text":"light_green(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_yellow","title":"light_yellow","text":"light_yellow(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_blue","title":"light_blue","text":"light_blue(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_purple","title":"light_purple","text":"light_purple(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_cyan","title":"light_cyan","text":"light_cyan(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.white","title":"white","text":"white(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.bold","title":"bold","text":"bold(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.underline","title":"underline","text":"underline(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.colorize","title":"colorize","text":"colorize(x: str, color: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.unstylize","title":"unstylize","text":"unstylize(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.generateColorFunctionInner","title":"generateColorFunctionInner","text":"generateColorFunctionInner(\n old: Callable[[object], str], new: Callable[[str], str]\n) -> Callable[[object], str]\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.generateColorFunction","title":"generateColorFunction","text":"generateColorFunction(\n config: str | Parameter,\n _globals: dict[str, Callable[[str], str]] = globals(),\n) -> Callable[[object], str]\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.strip","title":"strip","text":"strip(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.terminateWith","title":"terminateWith","text":"terminateWith(x: str, color: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ljust_colored","title":"ljust_colored","text":"ljust_colored(x: str, length: int, char: str = ' ') -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.rjust_colored","title":"rjust_colored","text":"rjust_colored(x: str, length: int, char: str = ' ')\n
"},{"location":"reference/pwndbg/color/context/","title":"pwndbg.color.context","text":""},{"location":"reference/pwndbg/color/context/#pwndbg.color.context","title":"context","text":"Functions:
-
prefix \u2013 -
highlight \u2013 -
register \u2013 -
register_changed \u2013 -
flag_bracket \u2013 -
flag_value \u2013 -
flag_set \u2013 -
flag_unset \u2013 -
flag_changed \u2013 -
banner \u2013 -
banner_title \u2013 -
comment \u2013 -
format_flags \u2013
Attributes:
-
config_prefix_color \u2013 -
config_highlight_color \u2013 -
config_register_color \u2013 -
config_flag_value_color \u2013 -
config_flag_bracket_color \u2013 -
config_flag_set_color \u2013 -
config_flag_unset_color \u2013 -
config_flag_changed_color \u2013 -
config_banner_color \u2013 -
config_banner_title \u2013 -
config_register_changed_color \u2013 -
config_register_changed_marker \u2013 -
config_comment \u2013
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_prefix_color","title":"config_prefix_color module-attribute","text":"config_prefix_color = add_color_param(\n \"code-prefix-color\",\n \"none\",\n \"color for 'context code' command (prefix marker)\",\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_highlight_color","title":"config_highlight_color module-attribute","text":"config_highlight_color = add_color_param(\n \"highlight-color\", \"green,bold\", \"color added to highlights like source/pc\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_register_color","title":"config_register_color module-attribute","text":"config_register_color = add_color_param(\n \"context-register-color\", \"bold\", \"color for registers label\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_value_color","title":"config_flag_value_color module-attribute","text":"config_flag_value_color = add_color_param(\n \"context-flag-value-color\",\n \"none\",\n \"color for flags register (register value)\",\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_bracket_color","title":"config_flag_bracket_color module-attribute","text":"config_flag_bracket_color = add_color_param(\n \"context-flag-bracket-color\", \"none\", \"color for flags register (bracket)\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_set_color","title":"config_flag_set_color module-attribute","text":"config_flag_set_color = add_color_param(\n \"context-flag-set-color\",\n \"green,bold\",\n \"color for flags register (flag set)\",\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_unset_color","title":"config_flag_unset_color module-attribute","text":"config_flag_unset_color = add_color_param(\n \"context-flag-unset-color\", \"red\", \"color for flags register (flag unset)\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_changed_color","title":"config_flag_changed_color module-attribute","text":"config_flag_changed_color = add_color_param(\n \"context-flag-changed-color\",\n \"underline\",\n \"color for flags register (flag changed)\",\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_banner_color","title":"config_banner_color module-attribute","text":"config_banner_color = add_color_param(\n \"banner-color\", \"blue\", \"color for banner line\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_banner_title","title":"config_banner_title module-attribute","text":"config_banner_title = add_color_param(\n \"banner-title-color\", \"none\", \"color for banner title\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_register_changed_color","title":"config_register_changed_color module-attribute","text":"config_register_changed_color = add_color_param(\n \"context-register-changed-color\",\n \"red\",\n \"color for registers label (change marker)\",\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_register_changed_marker","title":"config_register_changed_marker module-attribute","text":"config_register_changed_marker = add_param(\n \"context-register-changed-marker\", \"*\", \"change marker for registers label\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_comment","title":"config_comment module-attribute","text":"config_comment = add_color_param('comment-color', 'gray', 'color for comment')\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.prefix","title":"prefix","text":"prefix(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.highlight","title":"highlight","text":"highlight(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.register","title":"register","text":"register(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.register_changed","title":"register_changed","text":"register_changed(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_bracket","title":"flag_bracket","text":"flag_bracket(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_value","title":"flag_value","text":"flag_value(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_set","title":"flag_set","text":"flag_set(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_unset","title":"flag_unset","text":"flag_unset(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_changed","title":"flag_changed","text":"flag_changed(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.banner","title":"banner","text":"banner(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.banner_title","title":"banner_title","text":"banner_title(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.comment","title":"comment","text":"comment(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.format_flags","title":"format_flags","text":"format_flags(value: int | None, flags: BitFlags, last: int | None = None)\n
"},{"location":"reference/pwndbg/color/disasm/","title":"pwndbg.color.disasm","text":""},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm","title":"disasm","text":"Functions:
-
one_instruction \u2013 -
instructions_and_padding \u2013
Attributes:
-
c \u2013 -
MIN_SPACING \u2013 -
WHITESPACE_LIMIT \u2013
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.c","title":"c module-attribute","text":"c = ColorConfig(\n \"disasm\",\n [\n ColorParamSpec(\n \"branch\", \"bold\", \"color for disasm (branch/call instruction)\"\n )\n ],\n)\n
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.MIN_SPACING","title":"MIN_SPACING module-attribute","text":"MIN_SPACING = 5\n
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.WHITESPACE_LIMIT","title":"WHITESPACE_LIMIT module-attribute","text":"WHITESPACE_LIMIT = 20\n
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.one_instruction","title":"one_instruction","text":"one_instruction(ins: PwndbgInstruction) -> str\n
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.instructions_and_padding","title":"instructions_and_padding","text":"instructions_and_padding(instructions: list[PwndbgInstruction]) -> list[str]\n
"},{"location":"reference/pwndbg/color/enhance/","title":"pwndbg.color.enhance","text":""},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance","title":"enhance","text":"Functions:
-
integer \u2013 -
string \u2013 -
comment \u2013 -
unknown \u2013
Attributes:
-
config_integer_color \u2013 -
config_string_color \u2013 -
config_comment_color \u2013 -
config_unknown_color \u2013
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.config_integer_color","title":"config_integer_color module-attribute","text":"config_integer_color = add_color_param(\n \"enhance-integer-value-color\", \"none\", \"color of value enhance (integer)\"\n)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.config_string_color","title":"config_string_color module-attribute","text":"config_string_color = add_color_param(\n \"enhance-string-value-color\", \"none\", \"color of value enhance (string)\"\n)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.config_comment_color","title":"config_comment_color module-attribute","text":"config_comment_color = add_color_param(\n \"enhance-comment-color\", \"none\", \"color of value enhance (comment)\"\n)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.config_unknown_color","title":"config_unknown_color module-attribute","text":"config_unknown_color = add_color_param(\n \"enhance-unknown-color\", \"none\", \"color of value enhance (unknown value)\"\n)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.integer","title":"integer","text":"integer(x)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.string","title":"string","text":"string(x)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.comment","title":"comment","text":"comment(x)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.unknown","title":"unknown","text":"unknown(x)\n
"},{"location":"reference/pwndbg/color/hexdump/","title":"pwndbg.color.hexdump","text":""},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump","title":"hexdump","text":"Functions:
-
normal \u2013 -
printable \u2013 -
zero \u2013 -
special \u2013 -
offset \u2013 -
address \u2013 -
separator \u2013 -
highlight_group_lsb \u2013
Attributes:
-
config_normal \u2013 -
config_printable \u2013 -
config_zero \u2013 -
config_special \u2013 -
config_offset \u2013 -
config_address \u2013 -
config_separator \u2013 -
config_highlight_group_lsb \u2013
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_normal","title":"config_normal module-attribute","text":"config_normal = add_color_param(\n \"hexdump-normal-color\", \"none\", \"color for hexdump command (normal bytes)\"\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_printable","title":"config_printable module-attribute","text":"config_printable = add_color_param(\n \"hexdump-printable-color\",\n \"bold\",\n \"color for hexdump command (printable characters)\",\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_zero","title":"config_zero module-attribute","text":"config_zero = add_color_param(\n \"hexdump-zero-color\", \"red\", \"color for hexdump command (zero bytes)\"\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_special","title":"config_special module-attribute","text":"config_special = add_color_param(\n \"hexdump-special-color\",\n \"yellow\",\n \"color for hexdump command (special bytes)\",\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_offset","title":"config_offset module-attribute","text":"config_offset = add_color_param(\n \"hexdump-offset-color\", \"none\", \"color for hexdump command (offset label)\"\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_address","title":"config_address module-attribute","text":"config_address = add_color_param(\n \"hexdump-address-color\", \"none\", \"color for hexdump command (address label)\"\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_separator","title":"config_separator module-attribute","text":"config_separator = add_color_param(\n \"hexdump-separator-color\",\n \"none\",\n \"color for hexdump command (group separator)\",\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_highlight_group_lsb","title":"config_highlight_group_lsb module-attribute","text":"config_highlight_group_lsb = add_param(\n \"hexdump-highlight-group-lsb\",\n \"underline\",\n \"highlight LSB of each group\",\n help_docstring=\"Applies only if hexdump-use-big-endian actually changes byte order.\",\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.normal","title":"normal","text":"normal(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.printable","title":"printable","text":"printable(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.zero","title":"zero","text":"zero(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.special","title":"special","text":"special(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.offset","title":"offset","text":"offset(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.address","title":"address","text":"address(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.separator","title":"separator","text":"separator(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.highlight_group_lsb","title":"highlight_group_lsb","text":"highlight_group_lsb(x: str) -> str\n
"},{"location":"reference/pwndbg/color/memory/","title":"pwndbg.color.memory","text":""},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory","title":"memory","text":"Functions:
-
get_address_and_symbol \u2013 Convert and colorize address 0x7ffff7fcecd0 to string 0x7ffff7fcecd0 (_dl_fini)
-
get_address_or_symbol \u2013 Convert and colorize address to symbol if it can be resolved, else return colorized address
-
attempt_colorized_symbol \u2013 Convert address to colorized symbol (if symbol is there), else None
-
get \u2013 Returns a colorized string representing the provided address.
-
legend \u2013
Attributes:
-
ColorFunction \u2013 -
c \u2013
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.ColorFunction","title":"ColorFunction module-attribute","text":"ColorFunction = Callable[[str], str]\n
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.c","title":"c module-attribute","text":"c = ColorConfig(\n \"memory\",\n [\n ColorParamSpec(\"stack\", \"yellow\", \"color for stack memory\"),\n ColorParamSpec(\"heap\", \"blue\", \"color for heap memory\"),\n ColorParamSpec(\"code\", \"red\", \"color for executable memory\"),\n ColorParamSpec(\"data\", \"purple\", \"color for all other writable memory\"),\n ColorParamSpec(\"rodata\", \"normal\", \"color for all read only memory\"),\n ColorParamSpec(\"wx\", \"underline\", \"color added to all WX memory\"),\n ColorParamSpec(\n \"guard\", \"cyan\", \"color added to all guard pages (no perms)\"\n ),\n ],\n)\n
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.get_address_and_symbol","title":"get_address_and_symbol","text":"get_address_and_symbol(address: int) -> str\n
Convert and colorize address 0x7ffff7fcecd0 to string 0x7ffff7fcecd0 (_dl_fini) If no symbol exists for the address, return colorized address
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.get_address_or_symbol","title":"get_address_or_symbol","text":"get_address_or_symbol(address: int) -> str\n
Convert and colorize address to symbol if it can be resolved, else return colorized address
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.attempt_colorized_symbol","title":"attempt_colorized_symbol","text":"attempt_colorized_symbol(address: int) -> str | None\n
Convert address to colorized symbol (if symbol is there), else None
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.get","title":"get","text":"get(\n address: int | Value | Any,\n text: str | None = None,\n prefix: str | None = None,\n) -> str\n
Returns a colorized string representing the provided address.
Parameters:
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.legend","title":"legend","text":"legend()\n
"},{"location":"reference/pwndbg/color/message/","title":"pwndbg.color.message","text":""},{"location":"reference/pwndbg/color/message/#pwndbg.color.message","title":"message","text":"Functions:
-
on \u2013 -
off \u2013 -
notice \u2013 -
hint \u2013 -
success \u2013 -
debug \u2013 -
info \u2013 -
warn \u2013 -
error \u2013 -
system \u2013 -
exit \u2013 -
breakpoint \u2013 -
signal \u2013 -
prompt \u2013 -
alive_prompt \u2013 -
readline_escape \u2013
Attributes:
-
config_status_on_color \u2013 -
config_status_off_color \u2013 -
config_notice_color \u2013 -
config_hint_color \u2013 -
config_success_color \u2013 -
config_debug_color \u2013 -
config_info_color \u2013 -
config_warning_color \u2013 -
config_error_color \u2013 -
config_system_color \u2013 -
config_exit_color \u2013 -
config_breakpoint_color \u2013 -
config_signal_color \u2013 -
config_prompt_color \u2013 -
config_prompt_alive_color \u2013
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_status_on_color","title":"config_status_on_color module-attribute","text":"config_status_on_color = add_color_param(\n \"message-status-on-color\", \"green\", \"color of on status messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_status_off_color","title":"config_status_off_color module-attribute","text":"config_status_off_color = add_color_param(\n \"message-status-off-color\", \"red\", \"color of off status messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_notice_color","title":"config_notice_color module-attribute","text":"config_notice_color = add_color_param(\n \"message-notice-color\", \"purple\", \"color of notice messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_hint_color","title":"config_hint_color module-attribute","text":"config_hint_color = add_color_param(\n \"message-hint-color\", \"yellow\", \"color of hint and marker messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_success_color","title":"config_success_color module-attribute","text":"config_success_color = add_color_param(\n \"message-success-color\", \"green\", \"color of success messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_debug_color","title":"config_debug_color module-attribute","text":"config_debug_color = add_color_param(\n \"message-debug-color\", \"blue\", \"color of debug messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_info_color","title":"config_info_color module-attribute","text":"config_info_color = add_color_param(\n \"message-info-color\", \"white\", \"color of info messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_warning_color","title":"config_warning_color module-attribute","text":"config_warning_color = add_color_param(\n \"message-warning-color\", \"yellow\", \"color of warning messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_error_color","title":"config_error_color module-attribute","text":"config_error_color = add_color_param(\n \"message-error-color\", \"red\", \"color of error messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_system_color","title":"config_system_color module-attribute","text":"config_system_color = add_color_param(\n \"message-system-color\", \"light-red\", \"color of system messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_exit_color","title":"config_exit_color module-attribute","text":"config_exit_color = add_color_param(\n \"message-exit-color\", \"red\", \"color of exit messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_breakpoint_color","title":"config_breakpoint_color module-attribute","text":"config_breakpoint_color = add_color_param(\n \"message-breakpoint-color\", \"yellow\", \"color of breakpoint messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_signal_color","title":"config_signal_color module-attribute","text":"config_signal_color = add_color_param(\n \"message-signal-color\", \"bold,red\", \"color of signal messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_prompt_color","title":"config_prompt_color module-attribute","text":"config_prompt_color = add_color_param(\n \"prompt-color\", \"bold,red\", \"prompt color\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_prompt_alive_color","title":"config_prompt_alive_color module-attribute","text":"config_prompt_alive_color = add_color_param(\n \"prompt-alive-color\", \"bold,green\", \"prompt alive color\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.on","title":"on","text":"on(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.off","title":"off","text":"off(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.notice","title":"notice","text":"notice(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.hint","title":"hint","text":"hint(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.success","title":"success","text":"success(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.debug","title":"debug","text":"debug(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.info","title":"info","text":"info(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.warn","title":"warn","text":"warn(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.error","title":"error","text":"error(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.system","title":"system","text":"system(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.exit","title":"exit","text":"exit(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.breakpoint","title":"breakpoint","text":"breakpoint(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.signal","title":"signal","text":"signal(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.prompt","title":"prompt","text":"prompt(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.alive_prompt","title":"alive_prompt","text":"alive_prompt(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.readline_escape","title":"readline_escape","text":"readline_escape(func_message: Callable[[str], str], text: str) -> str\n
"},{"location":"reference/pwndbg/color/syntax_highlight/","title":"pwndbg.color.syntax_highlight","text":""},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight","title":"syntax_highlight","text":"Functions:
-
check_style \u2013 -
syntax_highlight \u2013
Attributes:
-
style \u2013 -
formatter \u2013 -
pwntools_lexer \u2013 -
lexer_cache (dict[str, Any]) \u2013
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.style","title":"style module-attribute","text":"style = add_param(\n \"syntax-highlight-style\",\n \"monokai\",\n \"source code / assembly syntax highlight stylename of pygments module\",\n)\n
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.formatter","title":"formatter module-attribute","text":"formatter = Terminal256Formatter(style=str(style))\n
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.pwntools_lexer","title":"pwntools_lexer module-attribute","text":"pwntools_lexer = PwntoolsLexer()\n
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.lexer_cache","title":"lexer_cache module-attribute","text":"lexer_cache: dict[str, Any] = {}\n
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.check_style","title":"check_style","text":"check_style() -> None\n
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.syntax_highlight","title":"syntax_highlight","text":"syntax_highlight(code: str, filename: str = '.asm') -> str\n
"},{"location":"reference/pwndbg/color/telescope/","title":"pwndbg.color.telescope","text":""},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope","title":"telescope","text":"Functions:
-
offset \u2013 -
register \u2013 -
separator \u2013 -
delimiter \u2013 -
repeating_marker \u2013
Attributes:
-
offset_color \u2013 -
register_color \u2013 -
offset_separator_color \u2013 -
offset_delimiter_color \u2013 -
repeating_marker_color \u2013
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.offset_color","title":"offset_color module-attribute","text":"offset_color = add_color_param(\n \"telescope-offset-color\",\n \"normal\",\n \"color of the telescope command (offset prefix)\",\n)\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.register_color","title":"register_color module-attribute","text":"register_color = add_color_param(\n \"telescope-register-color\",\n \"bold\",\n \"color of the telescope command (register)\",\n)\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.offset_separator_color","title":"offset_separator_color module-attribute","text":"offset_separator_color = add_color_param(\n \"telescope-offset-separator-color\",\n \"normal\",\n \"color of the telescope command (offset separator)\",\n)\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.offset_delimiter_color","title":"offset_delimiter_color module-attribute","text":"offset_delimiter_color = add_color_param(\n \"telescope-offset-delimiter-color\",\n \"normal\",\n \"color of the telescope command (offset delimiter)\",\n)\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.repeating_marker_color","title":"repeating_marker_color module-attribute","text":"repeating_marker_color = add_color_param(\n \"telescope-repeating-marker-color\",\n \"normal\",\n \"color of the telescope command (repeating values marker)\",\n)\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.offset","title":"offset","text":"offset(x: object) -> str\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.register","title":"register","text":"register(x: object) -> str\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.separator","title":"separator","text":"separator(x: object) -> str\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.delimiter","title":"delimiter","text":"delimiter(x: object) -> str\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.repeating_marker","title":"repeating_marker","text":"repeating_marker(x: object) -> str\n
"},{"location":"reference/pwndbg/color/theme/","title":"pwndbg.color.theme","text":""},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme","title":"theme","text":"Classes:
Functions:
-
add_param \u2013 -
add_color_param \u2013
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter","title":"ColorParameter","text":"ColorParameter(*args, **kwargs)\n
Bases: Parameter
Methods:
-
update_color_function \u2013 -
add_update_listener \u2013 -
revert_default \u2013 -
attr_name \u2013 Returns the attribute name associated with this config option,
-
__getattr__ \u2013 -
pretty_val \u2013 Convert a value this object could contain to its pretty string representation.
-
pretty \u2013 -
pretty_default \u2013 -
__int__ \u2013 -
__str__ \u2013 -
__bool__ \u2013 -
__eq__ \u2013 -
__lt__ \u2013 -
__add__ \u2013 -
__radd__ \u2013 -
__sub__ \u2013 -
__rsub__ \u2013 -
__mul__ \u2013 -
__rmul__ \u2013 -
__div__ \u2013 -
__floordiv__ \u2013 -
__pow__ \u2013 -
__mod__ \u2013 -
__len__ \u2013
Attributes:
-
color_function (Callable[[object], str]) \u2013 -
name \u2013 -
default \u2013 -
param_class \u2013 -
set_show_doc \u2013 -
help_docstring \u2013 -
enum_sequence \u2013 -
scope \u2013 -
update_listeners (list[Callable[[Any], None]]) \u2013 -
value (Any) \u2013 -
is_changed (bool) \u2013
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.color_function","title":"color_function instance-attribute","text":"color_function: Callable[[object], str]\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.name","title":"name instance-attribute","text":"name = name\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.default","title":"default instance-attribute","text":"default = default\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.param_class","title":"param_class instance-attribute","text":"param_class = param_class or PARAM_CLASSES[type(default)]\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.set_show_doc","title":"set_show_doc instance-attribute","text":"set_show_doc = set_show_doc\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.help_docstring","title":"help_docstring instance-attribute","text":"help_docstring = help_docstring\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.enum_sequence","title":"enum_sequence instance-attribute","text":"enum_sequence = enum_sequence\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.scope","title":"scope instance-attribute","text":"scope = scope\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.update_listeners","title":"update_listeners instance-attribute","text":"update_listeners: list[Callable[[Any], None]] = []\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.value","title":"value property writable","text":"value: Any\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.is_changed","title":"is_changed property","text":"is_changed: bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.update_color_function","title":"update_color_function","text":"update_color_function()\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.add_update_listener","title":"add_update_listener","text":"add_update_listener(listener: Callable[[Any], None]) -> None\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.revert_default","title":"revert_default","text":"revert_default() -> None\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.attr_name","title":"attr_name","text":"attr_name() -> str\n
Returns the attribute name associated with this config option, i.e. my-config has the attribute name my_config
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.pretty_val","title":"pretty_val","text":"pretty_val(val: Any) -> str\n
Convert a value this object could contain to its pretty string representation.
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.pretty","title":"pretty","text":"pretty() -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.pretty_default","title":"pretty_default","text":"pretty_default() -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__int__","title":"__int__","text":"__int__() -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__bool__","title":"__bool__","text":"__bool__() -> bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__eq__","title":"__eq__","text":"__eq__(other: object) -> bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__lt__","title":"__lt__","text":"__lt__(other: object) -> bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__add__","title":"__add__","text":"__add__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__radd__","title":"__radd__","text":"__radd__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__sub__","title":"__sub__","text":"__sub__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__rsub__","title":"__rsub__","text":"__rsub__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__mul__","title":"__mul__","text":"__mul__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__rmul__","title":"__rmul__","text":"__rmul__(other: int) -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__div__","title":"__div__","text":"__div__(other: float) -> float\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__floordiv__","title":"__floordiv__","text":"__floordiv__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__pow__","title":"__pow__","text":"__pow__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__mod__","title":"__mod__","text":"__mod__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__len__","title":"__len__","text":"__len__() -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.add_param","title":"add_param","text":"add_param(\n name: str,\n default: Any,\n set_show_doc: str,\n *,\n help_docstring: str = \"\",\n param_class: int | None = None,\n enum_sequence: Sequence[str] | None = None,\n) -> Parameter\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.add_color_param","title":"add_color_param","text":"add_color_param(name: str, default: Any, set_show_doc: str) -> ColorParameter\n
"},{"location":"reference/pwndbg/commands/","title":"pwndbg.commands","text":""},{"location":"reference/pwndbg/commands/#pwndbg.commands","title":"commands","text":"Pwndbg command implementations.
As well as various command-handling logic.
Modules:
-
ai \u2013 This command sends information on the current debugging context to OpenAI's
-
argv \u2013 -
aslr \u2013 -
asm \u2013 -
attachp \u2013 -
auxv \u2013 -
binder \u2013 -
binja \u2013 -
binja_functions \u2013 -
branch \u2013 -
buddydump \u2013 -
canary \u2013 -
checksec \u2013 -
comments \u2013 -
config \u2013 Dumps all pwndbg-specific configuration points.
-
context \u2013 -
cpsr \u2013 -
cyclic \u2013 -
cymbol \u2013 Add, load, show, edit, or delete symbols for custom structures.
-
dev \u2013 -
distance \u2013 -
dt \u2013 -
dumpargs \u2013 -
elf \u2013 -
flags \u2013 -
gdt \u2013 -
ghidra \u2013 -
godbg \u2013 -
got \u2013 -
got_tracking \u2013 -
hex2ptr \u2013 -
hexdump \u2013 -
hijack_fd \u2013 -
ida \u2013 -
ignore \u2013 Ignoring a breakpoint
-
integration \u2013 -
ipython_interactive \u2013 Command to start an interactive IPython prompt.
-
jemalloc \u2013 -
kbase \u2013 -
kchecksec \u2013 -
kcmdline \u2013 -
kconfig \u2013 -
killthreads \u2013 -
klookup \u2013 -
knft \u2013 -
kversion \u2013 -
leakfind \u2013 Find a chain of leaks given some starting address.
-
libcinfo \u2013 -
linkmap \u2013 -
memoize \u2013 -
misc \u2013 -
mmap \u2013 -
mprotect \u2013 -
msr \u2013 -
nearpc \u2013 -
next \u2013 Stepping until an event occurs
-
onegadget \u2013 -
p2p \u2013 -
paging \u2013 -
patch \u2013 -
peda \u2013 -
pie \u2013 -
plist \u2013 -
probeleak \u2013 -
procinfo \u2013 -
profiler \u2013 Utilities for profiling pwndbg.
-
ptmalloc2 \u2013 -
ptmalloc2_tracking \u2013 -
radare2 \u2013 -
reload \u2013 -
retaddr \u2013 -
rizin \u2013 -
rop \u2013 -
ropper \u2013 -
saved_register_frames \u2013 -
search \u2013 -
segments \u2013 -
sigreturn \u2013 -
slab \u2013 Commands for dealing with Linux kernel slab allocator. Currently, only SLUB is supported.
-
spray \u2013 -
start \u2013 Launches the target process after setting a breakpoint at a convenient
-
strings \u2013 -
telescope \u2013 Prints out pointer chains starting at some address in memory.
-
tips \u2013 -
tls \u2013 Command to print the information of the current Thread Local Storage (TLS).
-
valist \u2013 -
version \u2013 Implements version and bugreport commands.
-
vmmap \u2013 Command to print the virtual memory map a la /proc/self/maps.
-
windbg \u2013 Compatibility functionality for WinDbg users.
-
xinfo \u2013 -
xor \u2013
Classes:
-
CommandCategory \u2013 -
InvalidDebuggerError \u2013 Raised when a command is called in a debugger for which
-
CommandFormatter \u2013 The formatter_class that is passed to argparse for all
-
CommandObj \u2013 Represents a command that can be invoked from the
-
Command \u2013 Parametrized decorator for functions that serve as pwndbg commands.
Functions:
-
fix \u2013 Fix a single command-line argument coming from the CLI.
-
fix_reraise \u2013 -
fix_reraise_arg \u2013 fix_reraise wrapper for evaluating command arguments
-
fix_int \u2013 -
fix_int_reraise \u2013 -
fix_int_reraise_arg \u2013 fix_int_reraise wrapper for evaluating command arguments
-
func_name \u2013 -
OnlyWhenLocal \u2013 -
OnlyWithFile \u2013 -
OnlyWhenQemuKernel \u2013 -
OnlyWhenUserspace \u2013 -
OnlyWithKernelDebugSyms \u2013 -
OnlyWhenPagingEnabled \u2013 -
OnlyWhenRunning \u2013 -
OnlyWithTcache \u2013 -
OnlyWhenHeapIsInitialized \u2013 -
OnlyWithResolvedHeapSyms \u2013 -
sloppy_gdb_parse \u2013 This function should be used as argparse.ArgumentParser .add_argument method's type helper.
-
AddressExpr \u2013 Parses an address expression. Returns an int.
-
HexOrAddressExpr \u2013 Parses string as hexadecimal int or an address expression. Returns an int.
-
load_commands \u2013
Attributes:
-
log \u2013 -
T \u2013 -
P \u2013 -
commands (list[CommandObj]) \u2013 -
command_names (set[str]) \u2013 -
GDB_BUILTIN_COMMANDS \u2013 -
pwndbg_is_reloading \u2013
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.log","title":"log module-attribute","text":"log = getLogger(__name__)\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.commands","title":"commands module-attribute","text":"commands: list[CommandObj] = []\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.command_names","title":"command_names module-attribute","text":"command_names: set[str] = set()\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.GDB_BUILTIN_COMMANDS","title":"GDB_BUILTIN_COMMANDS module-attribute","text":"GDB_BUILTIN_COMMANDS = commands()\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.pwndbg_is_reloading","title":"pwndbg_is_reloading module-attribute","text":"pwndbg_is_reloading = False\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory","title":"CommandCategory","text":" Bases: str, Enum
Attributes:
-
START \u2013 -
NEXT \u2013 -
CONTEXT \u2013 -
PTMALLOC2 \u2013 -
JEMALLOC \u2013 -
BREAKPOINT \u2013 -
MEMORY \u2013 -
STACK \u2013 -
REGISTER \u2013 -
PROCESS \u2013 -
LINUX \u2013 -
DISASS \u2013 -
MISC \u2013 -
KERNEL \u2013 -
INTEGRATIONS \u2013 -
WINDBG \u2013 -
PWNDBG \u2013 -
SHELL \u2013 -
DEV \u2013
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.START","title":"START class-attribute instance-attribute","text":"START = 'Start'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.NEXT","title":"NEXT class-attribute instance-attribute","text":"NEXT = 'Step/Next/Continue'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.CONTEXT","title":"CONTEXT class-attribute instance-attribute","text":"CONTEXT = 'Context'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.PTMALLOC2","title":"PTMALLOC2 class-attribute instance-attribute","text":"PTMALLOC2 = 'GLibc ptmalloc2 Heap'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.JEMALLOC","title":"JEMALLOC class-attribute instance-attribute","text":"JEMALLOC = 'jemalloc Heap'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.BREAKPOINT","title":"BREAKPOINT class-attribute instance-attribute","text":"BREAKPOINT = 'Breakpoint'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.MEMORY","title":"MEMORY class-attribute instance-attribute","text":"MEMORY = 'Memory'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.STACK","title":"STACK class-attribute instance-attribute","text":"STACK = 'Stack'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.REGISTER","title":"REGISTER class-attribute instance-attribute","text":"REGISTER = 'Register'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.PROCESS","title":"PROCESS class-attribute instance-attribute","text":"PROCESS = 'Process'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.LINUX","title":"LINUX class-attribute instance-attribute","text":"LINUX = 'Linux/libc/ELF'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.DISASS","title":"DISASS class-attribute instance-attribute","text":"DISASS = 'Disassemble'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.MISC","title":"MISC class-attribute instance-attribute","text":"MISC = 'Misc'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.KERNEL","title":"KERNEL class-attribute instance-attribute","text":"KERNEL = 'Kernel'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.INTEGRATIONS","title":"INTEGRATIONS class-attribute instance-attribute","text":"INTEGRATIONS = 'Integrations'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.WINDBG","title":"WINDBG class-attribute instance-attribute","text":"WINDBG = 'WinDbg'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.PWNDBG","title":"PWNDBG class-attribute instance-attribute","text":"PWNDBG = 'Pwndbg'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.SHELL","title":"SHELL class-attribute instance-attribute","text":"SHELL = 'Shell'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.DEV","title":"DEV class-attribute instance-attribute","text":"DEV = 'Developer'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.InvalidDebuggerError","title":"InvalidDebuggerError","text":" Bases: Exception
Raised when a command is called in a debugger for which it is disallowed.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandFormatter","title":"CommandFormatter","text":" Bases: RawDescriptionHelpFormatter
The formatter_class that is passed to argparse for all commands.
Subclassing this isn't officially supported, but there isn't a good alternative.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj","title":"CommandObj","text":"CommandObj(\n function: Callable[..., str | None],\n parser: ArgumentParser,\n command_name: str | None,\n category: CommandCategory,\n aliases: list[str],\n examples: str,\n notes: str,\n)\n
Represents a command that can be invoked from the debugger.
Methods:
-
register_command \u2013 Register this object command with the underlying debugger
-
has_notes_string \u2013 -
has_examples_string \u2013 -
initialize_parser \u2013 -
invoke \u2013 Invoke the command with an argument string
-
check_repeated \u2013 Keep a record of all commands which come from the TTY.
-
__call__ \u2013
Attributes:
-
builtin_override_whitelist (set[str]) \u2013 -
history (dict[int, str]) \u2013 -
function \u2013 -
command_name \u2013 -
category \u2013 -
aliases \u2013 -
examples \u2013 -
notes \u2013 -
parser \u2013 -
repeat \u2013
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.builtin_override_whitelist","title":"builtin_override_whitelist class-attribute instance-attribute","text":"builtin_override_whitelist: set[str] = {\n \"up\",\n \"down\",\n \"search\",\n \"pwd\",\n \"start\",\n \"starti\",\n \"ignore\",\n}\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.history","title":"history class-attribute instance-attribute","text":"history: dict[int, str] = {}\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.function","title":"function instance-attribute","text":"function = function\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.command_name","title":"command_name instance-attribute","text":"command_name = command_name\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.category","title":"category instance-attribute","text":"category = category\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.aliases","title":"aliases instance-attribute","text":"aliases = aliases\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.examples","title":"examples instance-attribute","text":"examples = strip()\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.notes","title":"notes instance-attribute","text":"notes = strip()\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.parser","title":"parser instance-attribute","text":"parser = parser\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.repeat","title":"repeat instance-attribute","text":"repeat = False\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.register_command","title":"register_command","text":"register_command()\n
Register this object command with the underlying debugger and update pwndbg global state to know about this command.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.has_notes_string","title":"has_notes_string staticmethod","text":"has_notes_string(text: str) -> bool\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.has_examples_string","title":"has_examples_string staticmethod","text":"has_examples_string(text: str) -> bool\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.initialize_parser","title":"initialize_parser","text":"initialize_parser()\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.invoke","title":"invoke","text":"invoke(argument: str, from_tty: bool) -> None\n
Invoke the command with an argument string
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.check_repeated","title":"check_repeated","text":"check_repeated(argument: str, from_tty: bool) -> bool\n
Keep a record of all commands which come from the TTY.
Returns:
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.__call__","title":"__call__","text":"__call__(*args: Any, **kwargs: Any) -> str | None\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command","title":"Command","text":"Command(\n parser_or_desc: str | ArgumentParser,\n *,\n category: CommandCategory,\n command_name: str | None = None,\n aliases: list[str] = [],\n examples: str = \"\",\n notes: str = \"\",\n only_debuggers: set[DebuggerType] = None,\n exclude_debuggers: set[DebuggerType] = None,\n)\n
Parametrized decorator for functions that serve as pwndbg commands.
Always use this to decorate your commands.
Methods:
Attributes:
-
parser \u2013 -
category \u2013 -
command_name \u2013 -
aliases \u2013 -
examples \u2013 -
notes \u2013 -
only_debuggers \u2013 -
exclude_debuggers \u2013
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.parser","title":"parser instance-attribute","text":"parser = ArgumentParser(description=parser_or_desc)\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.category","title":"category instance-attribute","text":"category = category\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.command_name","title":"command_name instance-attribute","text":"command_name = command_name\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.aliases","title":"aliases instance-attribute","text":"aliases = aliases\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.examples","title":"examples instance-attribute","text":"examples = examples\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.notes","title":"notes instance-attribute","text":"notes = notes\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.only_debuggers","title":"only_debuggers instance-attribute","text":"only_debuggers = only_debuggers\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.exclude_debuggers","title":"exclude_debuggers instance-attribute","text":"exclude_debuggers = exclude_debuggers\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.__call__","title":"__call__","text":"__call__(function: Callable[..., Any]) -> CommandObj\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix","title":"fix","text":"fix(\n arg: str | Value,\n sloppy: bool = False,\n quiet: bool = True,\n reraise: bool = False,\n) -> str | Value | None\n
Fix a single command-line argument coming from the CLI.
Parameters:
-
arg (str | Value) \u2013 Original string representation (e.g. '0', '$rax', '$rax+44')
-
sloppy (bool, default: False ) \u2013 If arg cannot be evaluated, return arg. (default: False)
-
quiet (bool, default: True ) \u2013 If an error occurs, suppress it. (default: True)
-
reraise (bool, default: False ) \u2013 If an error occurs, raise the exception. (default: False)
Returns:
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_reraise","title":"fix_reraise","text":"fix_reraise(*a, **kw) -> str | Value | None\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_reraise_arg","title":"fix_reraise_arg","text":"fix_reraise_arg(arg) -> Value\n
fix_reraise wrapper for evaluating command arguments
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_int","title":"fix_int","text":"fix_int(*a, **kw) -> int\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_int_reraise","title":"fix_int_reraise","text":"fix_int_reraise(*a, **kw) -> int\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_int_reraise_arg","title":"fix_int_reraise_arg","text":"fix_int_reraise_arg(arg) -> int\n
fix_int_reraise wrapper for evaluating command arguments
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.func_name","title":"func_name","text":"func_name(function: Callable[P, T]) -> str\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenLocal","title":"OnlyWhenLocal","text":"OnlyWhenLocal(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithFile","title":"OnlyWithFile","text":"OnlyWithFile(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenQemuKernel","title":"OnlyWhenQemuKernel","text":"OnlyWhenQemuKernel(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenUserspace","title":"OnlyWhenUserspace","text":"OnlyWhenUserspace(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithKernelDebugSyms","title":"OnlyWithKernelDebugSyms","text":"OnlyWithKernelDebugSyms(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenPagingEnabled","title":"OnlyWhenPagingEnabled","text":"OnlyWhenPagingEnabled(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenRunning","title":"OnlyWhenRunning","text":"OnlyWhenRunning(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithTcache","title":"OnlyWithTcache","text":"OnlyWithTcache(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenHeapIsInitialized","title":"OnlyWhenHeapIsInitialized","text":"OnlyWhenHeapIsInitialized(\n function: Callable[P, T],\n) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithResolvedHeapSyms","title":"OnlyWithResolvedHeapSyms","text":"OnlyWithResolvedHeapSyms(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.sloppy_gdb_parse","title":"sloppy_gdb_parse","text":"sloppy_gdb_parse(s: str) -> int | str\n
This function should be used as argparse.ArgumentParser .add_argument method's type helper.
This makes the type being parsed as gdb value and if that parsing fails, a string is returned.
:param s: String. :return: Whatever gdb.parse_and_eval returns or string.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.AddressExpr","title":"AddressExpr","text":"AddressExpr(s: str) -> int\n
Parses an address expression. Returns an int.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.HexOrAddressExpr","title":"HexOrAddressExpr","text":"HexOrAddressExpr(s: str) -> int\n
Parses string as hexadecimal int or an address expression. Returns an int. (e.g. '1234' will return 0x1234)
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.load_commands","title":"load_commands","text":"load_commands() -> None\n
"},{"location":"reference/pwndbg/commands/ai/","title":"pwndbg.commands.ai","text":""},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai","title":"ai","text":"This command sends information on the current debugging context to OpenAI's GPT-3 large language model and asks it a question supplied by the user. It then displays GPT-3's response to that question to the user.
Functions:
-
set_dummy_mode \u2013 -
get_openai_api_key \u2013 -
get_anthropic_api_key \u2013 -
get_ollama_endpoint \u2013 -
build_prompt \u2013 -
flatten_prompt \u2013 -
build_context_prompt_body \u2013 -
build_command_prompt_body \u2013 -
query_openai_chat \u2013 -
query_openai_completions \u2013 -
query \u2013 -
query_anthropic \u2013 -
query_ollama \u2013 -
get_openai_models \u2013 -
ai \u2013
Attributes:
-
last_question (list[str]) \u2013 -
last_answer (list[str]) \u2013 -
last_pc \u2013 -
last_command \u2013 -
dummy \u2013 -
verbosity \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.last_question","title":"last_question module-attribute","text":"last_question: list[str] = []\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.last_answer","title":"last_answer module-attribute","text":"last_answer: list[str] = []\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.last_pc","title":"last_pc module-attribute","text":"last_pc = None\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.last_command","title":"last_command module-attribute","text":"last_command = None\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.dummy","title":"dummy module-attribute","text":"dummy = False\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.verbosity","title":"verbosity module-attribute","text":"verbosity = 0\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Ask GPT-3 a question about the current debugging context.\"\n)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.set_dummy_mode","title":"set_dummy_mode","text":"set_dummy_mode(d=True) -> None\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_openai_api_key","title":"get_openai_api_key","text":"get_openai_api_key()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_anthropic_api_key","title":"get_anthropic_api_key","text":"get_anthropic_api_key()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_ollama_endpoint","title":"get_ollama_endpoint","text":"get_ollama_endpoint()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.build_prompt","title":"build_prompt","text":"build_prompt(question, command=None)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.flatten_prompt","title":"flatten_prompt","text":"flatten_prompt(conversation)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.build_context_prompt_body","title":"build_context_prompt_body","text":"build_context_prompt_body()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.build_command_prompt_body","title":"build_command_prompt_body","text":"build_command_prompt_body(command)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_openai_chat","title":"query_openai_chat","text":"query_openai_chat(\n prompt, model=\"gpt-3.5-turbo\", max_tokens=100, temperature=0.0\n)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_openai_completions","title":"query_openai_completions","text":"query_openai_completions(\n prompt, model=\"text-davinci-003\", max_tokens=100, temperature=0.0\n)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query","title":"query","text":"query(prompt, model='text-davinci-003', max_tokens=100, temperature=0.0)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_anthropic","title":"query_anthropic","text":"query_anthropic(prompt, model='claude-v1', max_tokens=100, temperature=0.0)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_ollama","title":"query_ollama","text":"query_ollama(prompt, model='mistral', max_tokens=100, temperature=0.0)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_openai_models","title":"get_openai_models","text":"get_openai_models()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.ai","title":"ai","text":"ai(\n question,\n model,\n temperature,\n max_tokens,\n verbose,\n list_models=False,\n command=None,\n) -> None\n
"},{"location":"reference/pwndbg/commands/argv/","title":"pwndbg.commands.argv","text":""},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv","title":"argv","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Prints out the contents of the environment.\"\n)\n
"},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv.argc","title":"argc","text":"argc() -> None\n
"},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv.argv","title":"argv","text":"argv(i: int = None) -> None\n
"},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv.envp","title":"envp","text":"envp(name: str = None)\n
Prints out the contents of the environment.
"},{"location":"reference/pwndbg/commands/aslr/","title":"pwndbg.commands.aslr","text":""},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr","title":"aslr","text":"Functions:
Attributes:
-
options \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr.options","title":"options module-attribute","text":"options = {'on': 'off', 'off': 'on'}\n
"},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"\\nCheck the current ASLR status, or turn it on/off.\\n\\nDoes not take effect until the program is restarted.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr.check_aslr","title":"check_aslr","text":"check_aslr() -> tuple[bool | None, str]\n
Detects the ASLR status. Returns True, False or None.
None is returned when we can't detect ASLR.
"},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr.aslr","title":"aslr","text":"aslr(state=None) -> None\n
"},{"location":"reference/pwndbg/commands/asm/","title":"pwndbg.commands.asm","text":""},{"location":"reference/pwndbg/commands/asm/#pwndbg.commands.asm","title":"asm","text":"Functions:
Attributes:
-
parser \u2013 -
input_group \u2013
"},{"location":"reference/pwndbg/commands/asm/#pwndbg.commands.asm.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Assemble shellcode into bytes')\n
"},{"location":"reference/pwndbg/commands/asm/#pwndbg.commands.asm.input_group","title":"input_group module-attribute","text":"input_group = add_mutually_exclusive_group(required=True)\n
"},{"location":"reference/pwndbg/commands/asm/#pwndbg.commands.asm.asm","title":"asm","text":"asm(shellcode, format, arch, avoid, infile) -> None\n
"},{"location":"reference/pwndbg/commands/attachp/","title":"pwndbg.commands.attachp","text":""},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp","title":"attachp","text":"Functions:
-
find_pids \u2013 -
attachp \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description='Attaches to a given pid, process name, process found with partial argv match or to a device file.\\n\\nThis command wraps the original GDB `attach` command to add the ability\\nto debug a process with a given name or partial name match. In such cases,\\nthe process identifier is fetched via the `pidof <name>` command first. If no\\nmatches are found, then it uses the `ps -eo pid,args` command to search for\\npartial name matches.\\n\\nOriginal GDB attach command help:\\n Attach to a process or file outside of GDB.\\n This command attaches to another target, of the same type as your last\\n \"target\" command (\"info files\" will show your target stack).\\n The command may take as argument a process id or a device file.\\n For a process id, you must have permission to send the process a signal,\\n and it must have the same effective uid as the debugger.\\n When using \"attach\" with a process id, the debugger finds the\\n program running in the process, looking first in the current working\\n directory, or (if not found there) using the source file search path\\n (see the \"directory\" command). You can also use the \"file\" command\\n to specify the program, and to load its symbol table.'\n)\n
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.find_pids","title":"find_pids","text":"find_pids(target, user, exact, all)\n
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.attachp","title":"attachp","text":"attachp(target, no_truncate, retry, exact, all, user=None) -> None\n
"},{"location":"reference/pwndbg/commands/auxv/","title":"pwndbg.commands.auxv","text":""},{"location":"reference/pwndbg/commands/auxv/#pwndbg.commands.auxv","title":"auxv","text":"Functions:
-
auxv \u2013 -
auxv_explore \u2013
"},{"location":"reference/pwndbg/commands/auxv/#pwndbg.commands.auxv.auxv","title":"auxv","text":"auxv() -> None\n
"},{"location":"reference/pwndbg/commands/auxv/#pwndbg.commands.auxv.auxv_explore","title":"auxv_explore","text":"auxv_explore() -> None\n
"},{"location":"reference/pwndbg/commands/binder/","title":"pwndbg.commands.binder","text":""},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder","title":"binder","text":"Classes:
-
IndentContextManager \u2013 -
BinderVisitor \u2013
Functions:
-
for_each_transaction \u2013 -
for_each_hlist_entry \u2013 -
binder \u2013
Attributes:
-
log \u2013 -
addrc \u2013 -
fieldnamec \u2013 -
fieldvaluec \u2013 -
typenamec \u2013 -
node_types \u2013 -
entry_field_names \u2013 -
rb_node_field_names \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.log","title":"log module-attribute","text":"log = getLogger(__name__)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.addrc","title":"addrc module-attribute","text":"addrc = green\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.fieldnamec","title":"fieldnamec module-attribute","text":"fieldnamec = blue\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.fieldvaluec","title":"fieldvaluec module-attribute","text":"fieldvaluec = yellow\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.typenamec","title":"typenamec module-attribute","text":"typenamec = red\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.node_types","title":"node_types module-attribute","text":"node_types = {\n \"waiting_threads\": \"struct binder_thread\",\n \"todo\": \"struct binder_work\",\n \"refs\": \"struct binder_ref\",\n \"threads\": \"struct binder_thread\",\n \"nodes\": \"struct binder_node\",\n \"refs_by_node\": \"struct binder_ref\",\n}\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.entry_field_names","title":"entry_field_names module-attribute","text":"entry_field_names = {\n \"waiting_threads\": \"waiting_thread_node\",\n \"todo\": \"entry\",\n \"refs\": \"node_entry\",\n}\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.rb_node_field_names","title":"rb_node_field_names module-attribute","text":"rb_node_field_names = {\n \"threads\": \"rb_node\",\n \"nodes\": \"rb_node\",\n \"refs_by_node\": \"rb_node_node\",\n}\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Show Android Binder information')\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.IndentContextManager","title":"IndentContextManager","text":"IndentContextManager()\n
Methods:
-
__enter__ \u2013 -
__exit__ \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.IndentContextManager.indent","title":"indent instance-attribute","text":"indent = 0\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.IndentContextManager.__enter__","title":"__enter__","text":"__enter__()\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.IndentContextManager.__exit__","title":"__exit__","text":"__exit__(exc_type, exc_value, exc_tb)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor","title":"BinderVisitor","text":"BinderVisitor(procs_addr)\n
Methods:
-
format_rb_tree \u2013 -
format_list \u2013 -
visit \u2013 -
format_proc \u2013 -
format_thread \u2013 -
format_transaction \u2013 -
format_node \u2013 -
format_ref \u2013 -
format_work \u2013 -
print_object \u2013 -
format_spinlock \u2013
Attributes:
-
indent \u2013 -
addr \u2013
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.indent","title":"indent instance-attribute","text":"indent = IndentContextManager()\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.addr","title":"addr instance-attribute","text":"addr = get_typed_pointer_value('struct hlist_head', procs_addr)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_rb_tree","title":"format_rb_tree","text":"format_rb_tree(field: str, value: Value) -> tuple[str, int]\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_list","title":"format_list","text":"format_list(field: str, value: Value, typename: str) -> tuple[str, int]\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.visit","title":"visit","text":"visit()\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_proc","title":"format_proc","text":"format_proc(proc: Value, only_heading=False)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_thread","title":"format_thread","text":"format_thread(thread: Value, only_heading: bool = False) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_transaction","title":"format_transaction","text":"format_transaction(transaction: Value, only_heading: bool = False) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_node","title":"format_node","text":"format_node(node: Value) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_ref","title":"format_ref","text":"format_ref(ref: Value, only_heading: bool = False) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_work","title":"format_work","text":"format_work(work: Value) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.print_object","title":"print_object","text":"print_object(obj: Value)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_spinlock","title":"format_spinlock","text":"format_spinlock(lock: Value) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.for_each_transaction","title":"for_each_transaction","text":"for_each_transaction(addr: Value, field: str) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.for_each_hlist_entry","title":"for_each_hlist_entry","text":"for_each_hlist_entry(head: Value, typename, field) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.binder","title":"binder","text":"binder()\n
"},{"location":"reference/pwndbg/commands/binja/","title":"pwndbg.commands.binja","text":""},{"location":"reference/pwndbg/commands/binja/#pwndbg.commands.binja","title":"binja","text":"Functions:
"},{"location":"reference/pwndbg/commands/binja/#pwndbg.commands.binja.bn_sync","title":"bn_sync","text":"bn_sync(*args) -> None\n
Synchronize Binary Ninja's cursor with GDB
"},{"location":"reference/pwndbg/commands/binja_functions/","title":"pwndbg.commands.binja_functions","text":""},{"location":"reference/pwndbg/commands/binja_functions/#pwndbg.commands.binja_functions","title":"binja_functions","text":"Functions:
-
bn_sym \u2013 Lookup a symbol's address by name from Binary Ninja.
-
bn_var \u2013 Lookup a stack variable's address by name from Binary Ninja.
-
bn_eval \u2013 Parse and evaluate a Binary Ninja expression.
"},{"location":"reference/pwndbg/commands/binja_functions/#pwndbg.commands.binja_functions.bn_sym","title":"bn_sym","text":"bn_sym(name_val: Value) -> int | None\n
Lookup a symbol's address by name from Binary Ninja.
This function sees symbols like functions and global variables, but not stack local variables, use bn_var for that.
Example:
pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:31337\nSet which provider to use for integration features to 'binja'.\npwndbg> p main\nNo symbol \"main\" in current context.\npwndbg> p/x $bn_sym(\"main\")\n$2 = 0x555555555645\npwndbg> b *($bn_sym(\"main\"))\nBreakpoint 1 at 0x555555555645\n
"},{"location":"reference/pwndbg/commands/binja_functions/#pwndbg.commands.binja_functions.bn_var","title":"bn_var","text":"bn_var(name_val: Value) -> int | None\n
Lookup a stack variable's address by name from Binary Ninja.
This function doesn't see functions or global variables, use bn_sym for that.
Example:
pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:31337\nSet which provider to use for integration features to 'binja'.\npwndbg> p user_choice\nNo symbol \"user_choice\" in current context.\npwndbg> p/x $bn_var(\"user_choice\")\n$4 = 0x7fffffffe118\npwndbg> vmmap $4\n 0x7ffff7ffe000 0x7ffff7fff000 rw-p 1000 0 [anon_7ffff7ffe]\n\u25ba 0x7ffffffde000 0x7ffffffff000 rw-p 21000 0 [stack] +0x20118\npwndbg> p/x $bn_var(\"main\")\nTypeError: Could not convert Python object: None.\nError while executing Python code.\n
"},{"location":"reference/pwndbg/commands/binja_functions/#pwndbg.commands.binja_functions.bn_eval","title":"bn_eval","text":"bn_eval(expr: Value) -> int | None\n
Parse and evaluate a Binary Ninja expression.
Read more about binary ninja expressions here: https://api.binary.ninja/binaryninja.binaryview-module.html#binaryninja.binaryview.BinaryView.parse_expression
All registers in the current register set are available as magic variables (e.g. $rip). The $piebase magic variable is also included, with the computed executable base.
This function cannot see stack local variables.
Example:
pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:31337\nSet which provider to use for integration features to 'binja'.\npwndbg> p/x $bn_eval(\"10+20\")\n$6 = 0x30\npwndbg> p/x $bn_eval(\"main\")\n$7 = 0x1645\npwndbg> p/x $rebase($bn_eval(\"main\"))\n$8 = 0x555555555645\npwndbg> p some_global_var\nNo symbol \"some_global_var\" in current context.\npwndbg> p/x $rebase($bn_eval(\"some_global_var+$rax\"))\n$9 = 0x5555555586b8\npwndbg> p $rebase($bn_eval(\"some_global_var+$rax\")) == $bn_sym(\"some_global_var\") + $rax\n$10 = 1\npwndbg> p $bn_eval(\"$piebase+some_global_var+$rax\") == $bn_sym(\"some_global_var\") + $rax\n$11 = 1\n
"},{"location":"reference/pwndbg/commands/branch/","title":"pwndbg.commands.branch","text":""},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch","title":"branch","text":"Classes:
Functions:
-
break_if_taken \u2013 -
break_if_not_taken \u2013 -
install_breakpoint \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Breaks on a branch if it is not taken.')\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch","title":"BreakOnConditionalBranch","text":"BreakOnConditionalBranch(instruction: PwndbgInstruction, taken: bool)\n
Bases: Breakpoint
A breakpoint that only stops the inferior if a given branch is taken or not taken.
Methods:
-
should_stop \u2013 -
stop \u2013
Attributes:
-
instruction \u2013 -
taken \u2013
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch.instruction","title":"instruction instance-attribute","text":"instruction = instruction\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch.taken","title":"taken instance-attribute","text":"taken = taken\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch.should_stop","title":"should_stop","text":"should_stop()\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch.stop","title":"stop","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.break_if_taken","title":"break_if_taken","text":"break_if_taken(branch) -> None\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.break_if_not_taken","title":"break_if_not_taken","text":"break_if_not_taken(branch) -> None\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.install_breakpoint","title":"install_breakpoint","text":"install_breakpoint(branch, taken: bool) -> None\n
"},{"location":"reference/pwndbg/commands/buddydump/","title":"pwndbg.commands.buddydump","text":""},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump","title":"buddydump","text":"Classes:
-
ParsedBuddyArgs \u2013 -
CurrentBuddyParams \u2013
Functions:
-
cpu_limitcheck \u2013 -
static_str_arr \u2013 -
check_find \u2013 -
traverse_pglist \u2013 -
print_section \u2013 -
print_pglist \u2013 -
print_mtypes \u2013 -
print_pcp_set \u2013 -
print_free_area \u2013 -
buddydump \u2013
Attributes:
-
log \u2013 -
MAX_PG_FREE_LIST_STR_RESULT_CNT \u2013 -
MAX_PG_FREE_LIST_CNT \u2013 -
NONE_TUPLE \u2013 -
MIGRATE_PCPTYPES \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.log","title":"log module-attribute","text":"log = getLogger(__name__)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.MAX_PG_FREE_LIST_STR_RESULT_CNT","title":"MAX_PG_FREE_LIST_STR_RESULT_CNT module-attribute","text":"MAX_PG_FREE_LIST_STR_RESULT_CNT = 16\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.MAX_PG_FREE_LIST_CNT","title":"MAX_PG_FREE_LIST_CNT module-attribute","text":"MAX_PG_FREE_LIST_CNT = 4096\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.NONE_TUPLE","title":"NONE_TUPLE module-attribute","text":"NONE_TUPLE = (None, None)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.MIGRATE_PCPTYPES","title":"MIGRATE_PCPTYPES module-attribute","text":"MIGRATE_PCPTYPES = 3\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Displays metadata and freelists of the buddy allocator.\"\n)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs","title":"ParsedBuddyArgs dataclass","text":"ParsedBuddyArgs(\n zone: Value | None,\n order: int | None,\n mtype: str | None,\n cpu: int | None,\n find: int | None,\n)\n
Attributes:
-
zone (Value | None) \u2013 -
order (int | None) \u2013 -
mtype (str | None) \u2013 -
cpu (int | None) \u2013 -
find (int | None) \u2013
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs.zone","title":"zone instance-attribute","text":"zone: Value | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs.order","title":"order instance-attribute","text":"order: int | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs.mtype","title":"mtype instance-attribute","text":"mtype: str | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs.cpu","title":"cpu instance-attribute","text":"cpu: int | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs.find","title":"find instance-attribute","text":"find: int | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams","title":"CurrentBuddyParams dataclass","text":"CurrentBuddyParams(\n sections: list[tuple[str, str]],\n indent: IndentContextManager,\n order: int,\n mtype: str | None,\n freelists: Value | None,\n freelist: Value | None,\n nr_types: int | None,\n found: bool,\n)\n
Attributes:
-
sections (list[tuple[str, str]]) \u2013 -
indent (IndentContextManager) \u2013 -
order (int) \u2013 -
mtype (str | None) \u2013 -
freelists (Value | None) \u2013 -
freelist (Value | None) \u2013 -
nr_types (int | None) \u2013 -
found (bool) \u2013
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.sections","title":"sections instance-attribute","text":"sections: list[tuple[str, str]]\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.indent","title":"indent instance-attribute","text":"indent: IndentContextManager\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.order","title":"order instance-attribute","text":"order: int\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.mtype","title":"mtype instance-attribute","text":"mtype: str | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.freelists","title":"freelists instance-attribute","text":"freelists: Value | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.freelist","title":"freelist instance-attribute","text":"freelist: Value | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.nr_types","title":"nr_types instance-attribute","text":"nr_types: int | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.found","title":"found instance-attribute","text":"found: bool\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.cpu_limitcheck","title":"cpu_limitcheck","text":"cpu_limitcheck(cpu: str)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.static_str_arr","title":"static_str_arr","text":"static_str_arr(name: str) -> list[str]\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.check_find","title":"check_find","text":"check_find(\n counter: int,\n physmap_addr: int,\n pba: ParsedBuddyArgs,\n cbp: CurrentBuddyParams,\n)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.traverse_pglist","title":"traverse_pglist","text":"traverse_pglist(\n pba: ParsedBuddyArgs, cbp: CurrentBuddyParams\n) -> tuple[list[tuple[int, str]], int, list[str]]\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.print_section","title":"print_section","text":"print_section(section: tuple[str, str], indent: IndentContextManager)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.print_pglist","title":"print_pglist","text":"print_pglist(pba: ParsedBuddyArgs, cbp: CurrentBuddyParams)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.print_mtypes","title":"print_mtypes","text":"print_mtypes(pba: ParsedBuddyArgs, cbp: CurrentBuddyParams)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.print_pcp_set","title":"print_pcp_set","text":"print_pcp_set(pba: ParsedBuddyArgs, cbp: CurrentBuddyParams)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.print_free_area","title":"print_free_area","text":"print_free_area(pba: ParsedBuddyArgs, cbp: CurrentBuddyParams)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.buddydump","title":"buddydump","text":"buddydump(\n zone: str,\n pcp_only: bool,\n order: int,\n mtype: str,\n cpu: int,\n node: int,\n find: int,\n) -> None\n
"},{"location":"reference/pwndbg/commands/canary/","title":"pwndbg.commands.canary","text":""},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary","title":"canary","text":"Functions:
-
canary_value \u2013 Get the global canary value from AT_RANDOM with its last byte masked (as glibc does)
-
find_tls_canary_addr \u2013 Find the address of the canary in the Thread Local Storage (TLS).
-
canary \u2013 Display information about the stack canary, including its location in TLS and any copies found on the stack.
Attributes:
-
DEFAULT_NUM_CANARIES_TO_DISPLAY \u2013 -
TLS_CANARY_OFFSETS \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.DEFAULT_NUM_CANARIES_TO_DISPLAY","title":"DEFAULT_NUM_CANARIES_TO_DISPLAY module-attribute","text":"DEFAULT_NUM_CANARIES_TO_DISPLAY = 1\n
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.TLS_CANARY_OFFSETS","title":"TLS_CANARY_OFFSETS module-attribute","text":"TLS_CANARY_OFFSETS = {'x86-64': 40, 'i386': 20, 'aarch64': 40}\n
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Print out the current stack canary.')\n
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.canary_value","title":"canary_value","text":"canary_value() -> tuple[int | None, int | None]\n
Get the global canary value from AT_RANDOM with its last byte masked (as glibc does)
Returns:
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.find_tls_canary_addr","title":"find_tls_canary_addr","text":"find_tls_canary_addr() -> int | None\n
Find the address of the canary in the Thread Local Storage (TLS).
The canary is stored at a fixed offset from the TLS base, which varies by architecture. The TLS base can be accessed through architecture-specific registers: - x86_64: fs register - i386: gs register - aarch64: tpidr_el0 register
Returns:
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.canary","title":"canary","text":"canary(all) -> None\n
Display information about the stack canary, including its location in TLS and any copies found on the stack.
"},{"location":"reference/pwndbg/commands/checksec/","title":"pwndbg.commands.checksec","text":""},{"location":"reference/pwndbg/commands/checksec/#pwndbg.commands.checksec","title":"checksec","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/checksec/#pwndbg.commands.checksec.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Prints out the binary security settings using `checksec`.\"\n)\n
"},{"location":"reference/pwndbg/commands/checksec/#pwndbg.commands.checksec.checksec","title":"checksec","text":"checksec(file: str) -> None\n
"},{"location":"reference/pwndbg/commands/comments/","title":"pwndbg.commands.comments","text":""},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments","title":"comments","text":"Functions:
Attributes:
-
parser \u2013 -
file_lists (dict[str, dict[str, str]]) \u2013
"},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Put comments in assembly code.')\n
"},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments.file_lists","title":"file_lists module-attribute","text":"file_lists: dict[str, dict[str, str]] = {}\n
"},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments.comm","title":"comm","text":"comm(addr=None, comment=None) -> None\n
"},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments.init","title":"init","text":"init() -> None\n
"},{"location":"reference/pwndbg/commands/config/","title":"pwndbg.commands.config","text":""},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config","title":"config","text":"Dumps all pwndbg-specific configuration points.
Functions:
-
print_row \u2013 -
extend_value_with_default \u2013 -
get_config_parameters \u2013 -
display_config \u2013 -
config \u2013 -
theme \u2013 -
configfile \u2013 -
themefile \u2013 -
heap_config \u2013 -
configfile_print_scope \u2013
Attributes:
-
configfile_parser \u2013 -
themefile_parser \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.configfile_parser","title":"configfile_parser module-attribute","text":"configfile_parser = ArgumentParser(\n description=\"Generates a configuration file for the current Pwndbg options.\"\n)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.themefile_parser","title":"themefile_parser module-attribute","text":"themefile_parser = ArgumentParser(\n description=\"Generates a configuration file for the current Pwndbg theme options.\"\n)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Shows heap related configuration.')\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.print_row","title":"print_row","text":"print_row(\n name: str,\n value: str,\n default: str,\n set_show_doc: str,\n ljust_optname: int,\n ljust_doc: int,\n empty_space: int = 2,\n)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.extend_value_with_default","title":"extend_value_with_default","text":"extend_value_with_default(value, default)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.get_config_parameters","title":"get_config_parameters","text":"get_config_parameters(scope: Scope, filter_pattern: str)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.display_config","title":"display_config","text":"display_config(\n filter_pattern: str,\n scope: Scope,\n has_file_command: bool = True,\n show_hints: bool = True,\n) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.config","title":"config","text":"config(filter_pattern) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.theme","title":"theme","text":"theme(filter_pattern) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.configfile","title":"configfile","text":"configfile(show_all=False) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.themefile","title":"themefile","text":"themefile(show_all=False) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.heap_config","title":"heap_config","text":"heap_config(filter_pattern: str) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.configfile_print_scope","title":"configfile_print_scope","text":"configfile_print_scope(scope: Scope, show_all: bool = False) -> None\n
"},{"location":"reference/pwndbg/commands/context/","title":"pwndbg.commands.context","text":""},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context","title":"context","text":"Classes:
-
StdOutput \u2013 A context manager wrapper to give stdout
-
FileOutput \u2013 A context manager wrapper to reopen files on enter
-
CallOutput \u2013 A context manager which calls a function on write
-
RegisterContext \u2013
Functions:
-
clear_screen \u2013 Clear the screen by moving the cursor to top-left corner and
-
reserve_lines_maybe \u2013 Scroll the terminal up a few lines to reduce shaking
-
validate_context_sections \u2013 -
output \u2013 Creates a context manager corresponding to configured context output
-
contextoutput \u2013 -
resetcontextoutput \u2013 -
history_size_changed \u2013 -
serve_context_history \u2013 -
history_handle_unchanged_contents \u2013 -
contextprev \u2013 -
contextnext \u2013 -
contextsearch \u2013 -
contextwatch \u2013 -
contextunwatch \u2013 -
context_expressions \u2013 -
context_ghidra \u2013 Print out the source of the current function decompiled by ghidra.
-
context \u2013 Print out the current register, instruction, and stack context.
-
calculate_padding_to_align \u2013 Calculates the number of spaces to append to reach the next alignment.
-
compact_regs \u2013 -
context_regs \u2013 -
context_heap_tracker \u2013 -
regs \u2013 Print out all registers and enhance the information.
-
get_regs \u2013 -
try_emulate_if_bug_disable \u2013 -
context_disasm \u2013 -
get_highlight_source \u2013 -
get_filename_and_formatted_source \u2013 Returns formatted, lines limited and highlighted source as list
-
context_code \u2013 -
context_stack \u2013 -
context_backtrace \u2013 -
context_args \u2013 -
get_thread_status \u2013 -
context_threads \u2013 -
save_signal \u2013 -
context_last_signal \u2013
Attributes:
-
log \u2013 -
T \u2013 -
P \u2013 -
c \u2013 -
config_reserve_lines \u2013 -
config_clear_screen \u2013 -
config_output \u2013 -
config_context_sections \u2013 -
config_max_threads_display \u2013 -
outputs (dict[str, str]) \u2013 -
output_settings (DefaultDict[str, dict[str, Any]]) \u2013 -
banner_arg \u2013 -
context_history (DefaultDict[str, list[list[str]]]) \u2013 -
selected_history_index (int | None) \u2013 -
context_history_size \u2013 -
expressions \u2013 -
config_context_ghidra \u2013 -
parser \u2013 -
disasm_lines \u2013 -
source_disasm_lines \u2013 -
should_decompile \u2013 -
stack_lines \u2013 -
backtrace_lines \u2013 -
backtrace_frame_label \u2013 -
last_signal (list[str]) \u2013 -
thread_status_messages \u2013 -
context_sections \u2013
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.log","title":"log module-attribute","text":"log = getLogger(__name__)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.c","title":"c module-attribute","text":"c = ColorConfig(\n \"backtrace\",\n [\n ColorParamSpec(\n \"prefix\", \"none\", \"color for prefix of current backtrace label\"\n ),\n ColorParamSpec(\"address\", \"none\", \"color for backtrace (address)\"),\n ColorParamSpec(\"symbol\", \"none\", \"color for backtrace (symbol)\"),\n ColorParamSpec(\n \"frame-label\", \"none\", \"color for backtrace (frame label)\"\n ),\n ],\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_reserve_lines","title":"config_reserve_lines module-attribute","text":"config_reserve_lines = add_param(\n \"context-reserve-lines\",\n \"if-ctx-fits\",\n \"when to reserve lines after the prompt to reduce context shake\",\n help_docstring='\\nThe \"if-ctx-fits\" setting only reserves lines if the whole context would still fit vertically in the current terminal window.\\nIt doesn\\'t take into account line-wrapping due to insufficient terminal width.\\n',\n param_class=PARAM_ENUM,\n enum_sequence=[\"never\", \"if-ctx-fits\", \"always\"],\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_clear_screen","title":"config_clear_screen module-attribute","text":"config_clear_screen = add_param(\n \"context-clear-screen\",\n False,\n \"whether to clear the screen before printing the context\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_output","title":"config_output module-attribute","text":"config_output = add_param(\n \"context-output\",\n \"stdout\",\n 'where Pwndbg should output (\"stdout\" or file/tty)',\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_context_sections","title":"config_context_sections module-attribute","text":"config_context_sections = add_param(\n \"context-sections\",\n \"regs disasm code ghidra stack backtrace expressions threads heap_tracker\",\n \"which context sections are displayed (controls order)\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_max_threads_display","title":"config_max_threads_display module-attribute","text":"config_max_threads_display = add_param(\n \"context-max-threads\",\n 4,\n \"maximum number of threads displayed by the context command\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.outputs","title":"outputs module-attribute","text":"outputs: dict[str, str] = {}\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.output_settings","title":"output_settings module-attribute","text":"output_settings: DefaultDict[str, dict[str, Any]] = defaultdict(dict)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.banner_arg","title":"banner_arg module-attribute","text":"banner_arg = add_argument(\n \"banner\",\n type=str,\n nargs=\"?\",\n default=\"both\",\n help=\"Where a banner should be placed: both, top , bottom, none\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_history","title":"context_history module-attribute","text":"context_history: DefaultDict[str, list[list[str]]] = defaultdict(list)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.selected_history_index","title":"selected_history_index module-attribute","text":"selected_history_index: int | None = None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_history_size","title":"context_history_size module-attribute","text":"context_history_size = add_param(\n \"context-history-size\", 50, \"number of context history entries to store\"\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.expressions","title":"expressions module-attribute","text":"expressions = []\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_context_ghidra","title":"config_context_ghidra module-attribute","text":"config_context_ghidra = add_param(\n \"context-ghidra\",\n \"never\",\n \"when to try to decompile the current function with ghidra\",\n help_docstring=\"Doing this is slow and requires radare2/r2pipe or rizin/rzpipe.\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"always\", \"never\", \"if-no-source\"],\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Print out all registers and enhance the information.\"\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.disasm_lines","title":"disasm_lines module-attribute","text":"disasm_lines = add_param(\n \"context-disasm-lines\",\n 10,\n \"number of additional lines to print in the disasm context\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.source_disasm_lines","title":"source_disasm_lines module-attribute","text":"source_disasm_lines = add_param(\n \"context-code-lines\",\n 10,\n \"number of source code lines to print by the context command\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.should_decompile","title":"should_decompile module-attribute","text":"should_decompile = add_param(\n \"context-integration-decompile\",\n True,\n \"whether context should fall back to decompilation with no source code\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.stack_lines","title":"stack_lines module-attribute","text":"stack_lines = add_param(\n \"context-stack-lines\", 8, \"number of lines to print in the stack context\"\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.backtrace_lines","title":"backtrace_lines module-attribute","text":"backtrace_lines = add_param(\n \"context-backtrace-lines\",\n 8,\n \"number of lines to print in the backtrace context\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.backtrace_frame_label","title":"backtrace_frame_label module-attribute","text":"backtrace_frame_label = add_param(\n \"backtrace-frame-label\", \"\", \"frame number label for backtrace\"\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.last_signal","title":"last_signal module-attribute","text":"last_signal: list[str] = []\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.thread_status_messages","title":"thread_status_messages module-attribute","text":"thread_status_messages = {\n \"running\": light_green(\"running\"),\n \"stopped\": yellow(\"stopped\"),\n \"exited\": gray(\"exited \"),\n}\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_sections","title":"context_sections module-attribute","text":"context_sections = {\n \"a\": context_args,\n \"r\": context_regs,\n \"d\": context_disasm,\n \"s\": context_stack,\n \"b\": context_backtrace,\n \"c\": context_code,\n}\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput","title":"StdOutput","text":"A context manager wrapper to give stdout
Methods:
-
__enter__ \u2013 -
__exit__ \u2013 -
__hash__ \u2013 -
__eq__ \u2013
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput.__enter__","title":"__enter__","text":"__enter__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput.__exit__","title":"__exit__","text":"__exit__(*args, **kwargs) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput.__hash__","title":"__hash__","text":"__hash__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput.__eq__","title":"__eq__","text":"__eq__(other) -> bool\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput","title":"FileOutput","text":"FileOutput(*args)\n
A context manager wrapper to reopen files on enter
Methods:
-
__enter__ \u2013 -
__exit__ \u2013 -
__hash__ \u2013 -
__eq__ \u2013
Attributes:
-
args \u2013 -
handle \u2013
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.args","title":"args instance-attribute","text":"args = args\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.handle","title":"handle instance-attribute","text":"handle = None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__enter__","title":"__enter__","text":"__enter__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__exit__","title":"__exit__","text":"__exit__(*args, **kwargs) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__hash__","title":"__hash__","text":"__hash__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__eq__","title":"__eq__","text":"__eq__(other)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput","title":"CallOutput","text":"CallOutput(func)\n
A context manager which calls a function on write
Methods:
-
__enter__ \u2013 -
__exit__ \u2013 -
__hash__ \u2013 -
__eq__ \u2013 -
write \u2013 -
writelines \u2013 -
flush \u2013 -
isatty \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.func","title":"func instance-attribute","text":"func = func\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__enter__","title":"__enter__","text":"__enter__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__exit__","title":"__exit__","text":"__exit__(*args, **kwargs) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__hash__","title":"__hash__","text":"__hash__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__eq__","title":"__eq__","text":"__eq__(other)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.write","title":"write","text":"write(data) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.writelines","title":"writelines","text":"writelines(lines_iterable) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.flush","title":"flush","text":"flush()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.isatty","title":"isatty","text":"isatty()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext","title":"RegisterContext","text":"RegisterContext()\n
Methods:
-
get_prefix \u2013 -
get_register_value \u2013 -
flag_register_context \u2013 -
segment_registers_context \u2013 -
addressing_register_context \u2013 -
register_context_default \u2013
Attributes:
-
changed (list[str]) \u2013
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.changed","title":"changed instance-attribute","text":"changed: list[str] = changed\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.get_prefix","title":"get_prefix","text":"get_prefix(reg)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.get_register_value","title":"get_register_value","text":"get_register_value(reg)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.flag_register_context","title":"flag_register_context","text":"flag_register_context(reg, bit_flags)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.segment_registers_context","title":"segment_registers_context","text":"segment_registers_context(regs)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.addressing_register_context","title":"addressing_register_context","text":"addressing_register_context(reg, is_virtual)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.register_context_default","title":"register_context_default","text":"register_context_default(reg)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.clear_screen","title":"clear_screen","text":"clear_screen(out=stdout) -> None\n
Clear the screen by moving the cursor to top-left corner and clearing the content. Different terminals may act differently
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.reserve_lines_maybe","title":"reserve_lines_maybe","text":"reserve_lines_maybe(cmd_lines: int) -> None\n
Scroll the terminal up a few lines to reduce shaking when repeatedly printing the context.
Only do this if the context would still fit on the screen.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.validate_context_sections","title":"validate_context_sections","text":"validate_context_sections() -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.output","title":"output","text":"output(section: str)\n
Creates a context manager corresponding to configured context output
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextoutput","title":"contextoutput","text":"contextoutput(section, path, clearing, banner='both', width: int = None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.resetcontextoutput","title":"resetcontextoutput","text":"resetcontextoutput(section)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.history_size_changed","title":"history_size_changed","text":"history_size_changed() -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.serve_context_history","title":"serve_context_history","text":"serve_context_history(\n function: Callable[P, list[str]],\n) -> Callable[P, list[str]]\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.history_handle_unchanged_contents","title":"history_handle_unchanged_contents","text":"history_handle_unchanged_contents() -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextprev","title":"contextprev","text":"contextprev(count) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextnext","title":"contextnext","text":"contextnext(count) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextsearch","title":"contextsearch","text":"contextsearch(needle, section) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextwatch","title":"contextwatch","text":"contextwatch(expression, cmd) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextunwatch","title":"contextunwatch","text":"contextunwatch(num) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_expressions","title":"context_expressions","text":"context_expressions(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_ghidra","title":"context_ghidra","text":"context_ghidra(target=stdout, with_banner=True, width=None)\n
Print out the source of the current function decompiled by ghidra.
The context-ghidra config parameter is used to configure whether to always, never or only show the context if no source is available.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context","title":"context","text":"context(subcontext=None, enabled=None) -> None\n
Print out the current register, instruction, and stack context.
Accepts subcommands 'reg', 'disasm', 'code', 'stack', 'backtrace', 'ghidra', 'args', 'threads', 'heap_tracker', 'expressions', and/or 'last_signal'.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.calculate_padding_to_align","title":"calculate_padding_to_align","text":"calculate_padding_to_align(length, align)\n
Calculates the number of spaces to append to reach the next alignment. The next alignment point is given by \"x * align >= length\".
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.compact_regs","title":"compact_regs","text":"compact_regs(regs, width=None, target=stdout)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_regs","title":"context_regs","text":"context_regs(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_heap_tracker","title":"context_heap_tracker","text":"context_heap_tracker(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.regs","title":"regs","text":"regs(regs=[]) -> None\n
Print out all registers and enhance the information.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_regs","title":"get_regs","text":"get_regs(regs: list[str] = None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.try_emulate_if_bug_disable","title":"try_emulate_if_bug_disable","text":"try_emulate_if_bug_disable(handler: Callable[[], T]) -> T\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_disasm","title":"context_disasm","text":"context_disasm(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_highlight_source","title":"get_highlight_source","text":"get_highlight_source(filename: str) -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_filename_and_formatted_source","title":"get_filename_and_formatted_source","text":"get_filename_and_formatted_source()\n
Returns formatted, lines limited and highlighted source as list or if it isn't there - an empty list
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_code","title":"context_code","text":"context_code(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_stack","title":"context_stack","text":"context_stack(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_backtrace","title":"context_backtrace","text":"context_backtrace(with_banner=True, target=stdout, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_args","title":"context_args","text":"context_args(with_banner=True, target=stdout, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_thread_status","title":"get_thread_status","text":"get_thread_status(thread)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_threads","title":"context_threads","text":"context_threads(with_banner=True, target=stdout, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.save_signal","title":"save_signal","text":"save_signal(signal) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_last_signal","title":"context_last_signal","text":"context_last_signal(with_banner=True, target=stdout, width=None)\n
"},{"location":"reference/pwndbg/commands/cpsr/","title":"pwndbg.commands.cpsr","text":""},{"location":"reference/pwndbg/commands/cpsr/#pwndbg.commands.cpsr","title":"cpsr","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/cpsr/#pwndbg.commands.cpsr.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Print out ARM CPSR or xPSR register.')\n
"},{"location":"reference/pwndbg/commands/cpsr/#pwndbg.commands.cpsr.cpsr","title":"cpsr","text":"cpsr(cpsr_value=None) -> None\n
"},{"location":"reference/pwndbg/commands/cyclic/","title":"pwndbg.commands.cyclic","text":""},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic","title":"cyclic","text":"Functions:
Attributes:
-
parser \u2013 -
group \u2013
"},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Cyclic pattern creator/finder.')\n
"},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic.group","title":"group module-attribute","text":"group = add_mutually_exclusive_group(required=False)\n
"},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic.cyclic_cmd","title":"cyclic_cmd","text":"cyclic_cmd(\n alphabet, length: int | None, lookup, count=100, filename=\"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/","title":"pwndbg.commands.cymbol","text":""},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol","title":"cymbol","text":"Add, load, show, edit, or delete symbols for custom structures.
For the generation of the symbols g++/gcc is being used under the hood.
In case of remote debugging a binary which is not native to your architecture it is advised to configure the 'gcc-config-path' config parameter to your own cross-platform gnu gcc compiled toolchain for your target architecture.
You are advised to configure the 'cymbol-editor' config parameter to the path of your favorite text editor. Otherwise cymbol exapnds $EDITOR and $VISUAL environment variables to find the path to the default text editor.
Functions:
-
unload_loaded_symbol \u2013 -
OnlyWhenStructFileExists \u2013 -
generate_debug_symbols \u2013 -
add_custom_structure \u2013 -
add_structure_from_header \u2013 -
edit_custom_structure \u2013 -
remove_custom_structure \u2013 -
load_custom_structure \u2013 -
show_custom_structure \u2013 -
cymbol \u2013
Attributes:
-
P \u2013 -
T \u2013 -
gcc_compiler_path \u2013 -
cymbol_editor \u2013 -
loaded_symbols (dict[str, str]) \u2013 -
pwndbg_cachedir \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.gcc_compiler_path","title":"gcc_compiler_path module-attribute","text":"gcc_compiler_path = add_param(\n \"gcc-compiler-path\",\n \"\",\n \"path to the gcc/g++ toolchain for generating imported symbols\",\n param_class=PARAM_OPTIONAL_FILENAME,\n)\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.cymbol_editor","title":"cymbol_editor module-attribute","text":"cymbol_editor = add_param(\n \"cymbol-editor\",\n \"\",\n \"path to the editor for editing custom structures\",\n param_class=PARAM_OPTIONAL_FILENAME,\n)\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.loaded_symbols","title":"loaded_symbols module-attribute","text":"loaded_symbols: dict[str, str] = {}\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.pwndbg_cachedir","title":"pwndbg_cachedir module-attribute","text":"pwndbg_cachedir = cachedir('custom-symbols')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Add, show, load, edit, or delete custom structures in plain C.\"\n)\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.unload_loaded_symbol","title":"unload_loaded_symbol","text":"unload_loaded_symbol(custom_structure_name: str) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.OnlyWhenStructFileExists","title":"OnlyWhenStructFileExists","text":"OnlyWhenStructFileExists(\n func: _OnlyWhenStructFileExists,\n) -> _OnlyWhenStructFileExists\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.generate_debug_symbols","title":"generate_debug_symbols","text":"generate_debug_symbols(\n custom_structure_path: str,\n pwndbg_debug_symbols_output_file: str | None = None,\n) -> str | None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.add_custom_structure","title":"add_custom_structure","text":"add_custom_structure(custom_structure_name: str) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.add_structure_from_header","title":"add_structure_from_header","text":"add_structure_from_header(\n header_file: str, custom_structure_name: str = None\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.edit_custom_structure","title":"edit_custom_structure","text":"edit_custom_structure(\n custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.remove_custom_structure","title":"remove_custom_structure","text":"remove_custom_structure(\n custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.load_custom_structure","title":"load_custom_structure","text":"load_custom_structure(\n custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.show_custom_structure","title":"show_custom_structure","text":"show_custom_structure(\n custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.cymbol","title":"cymbol","text":"cymbol(\n add: str, file: str, remove: str, edit: str, load: str, show: str\n) -> None\n
"},{"location":"reference/pwndbg/commands/dev/","title":"pwndbg.commands.dev","text":""},{"location":"reference/pwndbg/commands/dev/#pwndbg.commands.dev","title":"dev","text":"Functions:
-
dev_dump_instruction \u2013 -
log_level \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/dev/#pwndbg.commands.dev.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Set the log level.')\n
"},{"location":"reference/pwndbg/commands/dev/#pwndbg.commands.dev.dev_dump_instruction","title":"dev_dump_instruction","text":"dev_dump_instruction(\n address=None, force_emulate=False, no_emulate=False\n) -> None\n
"},{"location":"reference/pwndbg/commands/dev/#pwndbg.commands.dev.log_level","title":"log_level","text":"log_level(level: str) -> None\n
"},{"location":"reference/pwndbg/commands/distance/","title":"pwndbg.commands.distance","text":""},{"location":"reference/pwndbg/commands/distance/#pwndbg.commands.distance","title":"distance","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/distance/#pwndbg.commands.distance.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Print the distance between the two arguments, or print the offset to the address's page base.\"\n)\n
"},{"location":"reference/pwndbg/commands/distance/#pwndbg.commands.distance.distance","title":"distance","text":"distance(a, b) -> None\n
Print the distance between the two arguments
"},{"location":"reference/pwndbg/commands/dt/","title":"pwndbg.commands.dt","text":""},{"location":"reference/pwndbg/commands/dt/#pwndbg.commands.dt","title":"dt","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/dt/#pwndbg.commands.dt.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"\\nDump out information on a type (e.g. ucontext_t).\\n\\nOptionally overlay that information at an address.\"\n)\n
"},{"location":"reference/pwndbg/commands/dt/#pwndbg.commands.dt.dt","title":"dt","text":"dt(typename: str, address: int | None = None) -> None\n
Dump out information on a type (e.g. ucontext_t).
Optionally overlay that information at an address.
"},{"location":"reference/pwndbg/commands/dumpargs/","title":"pwndbg.commands.dumpargs","text":""},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs","title":"dumpargs","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Prints determined arguments for call/syscall instruction.\"\n)\n
"},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs.dumpargs","title":"dumpargs","text":"dumpargs(force: bool = False) -> None\n
"},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs.call_args","title":"call_args","text":"call_args() -> list[str]\n
Returns list of resolved call argument strings for display. Attempts to resolve the target and determine the number of arguments.
Return empty list if PC is not on a call or syscall instruction.
"},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs.all_args","title":"all_args","text":"all_args() -> list[str]\n
Returns list of all argument strings for display.
"},{"location":"reference/pwndbg/commands/elf/","title":"pwndbg.commands.elf","text":""},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf","title":"elf","text":"Functions:
-
elfsections \u2013 -
gotplt \u2013 -
plt \u2013 -
get_section_bounds \u2013 -
print_symbols_in_section \u2013 -
get_symbols_in_region \u2013
Attributes:
-
parser \u2013 -
PLT_SECTION_NAMES \u2013
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Prints the section mappings contained in the ELF header.\\nIf binary not start or use --no-rebase, the section permission based on section flags.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.PLT_SECTION_NAMES","title":"PLT_SECTION_NAMES module-attribute","text":"PLT_SECTION_NAMES = ('.plt', '.plt.sec', '.plt.got', '.plt.bnd')\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.elfsections","title":"elfsections","text":"elfsections(no_rebase: bool) -> None\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.gotplt","title":"gotplt","text":"gotplt() -> None\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.plt","title":"plt","text":"plt() -> None\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.get_section_bounds","title":"get_section_bounds","text":"get_section_bounds(section_name: str)\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.print_symbols_in_section","title":"print_symbols_in_section","text":"print_symbols_in_section(section_name, filter_text='') -> None\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.get_symbols_in_region","title":"get_symbols_in_region","text":"get_symbols_in_region(\n start: int, end: int, filter_text=\"\"\n) -> list[tuple[str, int]]\n
"},{"location":"reference/pwndbg/commands/flags/","title":"pwndbg.commands.flags","text":""},{"location":"reference/pwndbg/commands/flags/#pwndbg.commands.flags","title":"flags","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/flags/#pwndbg.commands.flags.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Modify the flags register.')\n
"},{"location":"reference/pwndbg/commands/flags/#pwndbg.commands.flags.setflag","title":"setflag","text":"setflag(flag: str, value: int) -> None\n
"},{"location":"reference/pwndbg/commands/gdt/","title":"pwndbg.commands.gdt","text":""},{"location":"reference/pwndbg/commands/gdt/#pwndbg.commands.gdt","title":"gdt","text":"Functions:
-
gdt \u2013 -
decode_gdt_entry \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/gdt/#pwndbg.commands.gdt.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Decode X86-64 GDT entries at address\\n\\nSee also:\\n\\n* https://wiki.osdev.org/Global_Descriptor_Table\\n* https://wiki.osdev.org/GDT_Tutorial\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/gdt/#pwndbg.commands.gdt.gdt","title":"gdt","text":"gdt(address, count) -> None\n
"},{"location":"reference/pwndbg/commands/gdt/#pwndbg.commands.gdt.decode_gdt_entry","title":"decode_gdt_entry","text":"decode_gdt_entry(value)\n
"},{"location":"reference/pwndbg/commands/ghidra/","title":"pwndbg.commands.ghidra","text":""},{"location":"reference/pwndbg/commands/ghidra/#pwndbg.commands.ghidra","title":"ghidra","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/ghidra/#pwndbg.commands.ghidra.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Decompile a given function using Ghidra.')\n
"},{"location":"reference/pwndbg/commands/ghidra/#pwndbg.commands.ghidra.ghidra","title":"ghidra","text":"ghidra(func) -> None\n
"},{"location":"reference/pwndbg/commands/godbg/","title":"pwndbg.commands.godbg","text":""},{"location":"reference/pwndbg/commands/godbg/#pwndbg.commands.godbg","title":"godbg","text":"Functions:
-
go_dump \u2013 -
go_type \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/godbg/#pwndbg.commands.godbg.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Dumps a Go runtime reflection type at a specified address.\"\n)\n
"},{"location":"reference/pwndbg/commands/godbg/#pwndbg.commands.godbg.go_dump","title":"go_dump","text":"go_dump(\n ty: str,\n address: int,\n hex: bool,\n decimals: int | None,\n debug: bool,\n pretty: bool,\n) -> None\n
"},{"location":"reference/pwndbg/commands/godbg/#pwndbg.commands.godbg.go_type","title":"go_type","text":"go_type(address: int) -> None\n
"},{"location":"reference/pwndbg/commands/got/","title":"pwndbg.commands.got","text":""},{"location":"reference/pwndbg/commands/got/#pwndbg.commands.got","title":"got","text":"Functions:
Attributes:
-
parser \u2013 -
group \u2013
"},{"location":"reference/pwndbg/commands/got/#pwndbg.commands.got.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Show the state of the Global Offset Table.\"\n)\n
"},{"location":"reference/pwndbg/commands/got/#pwndbg.commands.got.group","title":"group module-attribute","text":"group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/got/#pwndbg.commands.got.got","title":"got","text":"got(\n path_filter: str, all_: bool, accept_readonly: bool, symbol_filter: str\n) -> None\n
"},{"location":"reference/pwndbg/commands/got_tracking/","title":"pwndbg.commands.got_tracking","text":""},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking","title":"got_tracking","text":"Functions:
-
columns \u2013 Print data formatted into distinct columns.
-
track_got \u2013 -
got_report \u2013 Prints out a report of the current status of the GOT tracker.
-
got_tracking_status \u2013 Prints out information about a single GOT tracking entry.
Attributes:
-
parser \u2013 -
subparsers \u2013 -
enable \u2013 -
disable \u2013 -
report \u2013 -
status \u2013
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Controls GOT tracking')\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.subparsers","title":"subparsers module-attribute","text":"subparsers = add_subparsers(\n required=True,\n description=\"Used to disable and query information about the tracker\",\n)\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.enable","title":"enable module-attribute","text":"enable = add_parser('enable', help='Enable GOT parsing')\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.disable","title":"disable module-attribute","text":"disable = add_parser('disable', help='Disable GOT tracking')\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.report","title":"report module-attribute","text":"report = add_parser('info', help='Give an overview of the GOT tracker')\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.status","title":"status module-attribute","text":"status = add_parser(\n \"query\",\n help=\"Queries detailed tracking information about a single entry in the GOT\",\n)\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.columns","title":"columns","text":"columns(rows, colors=None) -> None\n
Print data formatted into distinct columns.
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.track_got","title":"track_got","text":"track_got(mode=None, soname=None, writable=False, fnname=None, address=None)\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.got_report","title":"got_report","text":"got_report(soname='.*', writable=False, fnname='.*') -> None\n
Prints out a report of the current status of the GOT tracker.
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.got_tracking_status","title":"got_tracking_status","text":"got_tracking_status(address) -> None\n
Prints out information about a single GOT tracking entry.
"},{"location":"reference/pwndbg/commands/hex2ptr/","title":"pwndbg.commands.hex2ptr","text":""},{"location":"reference/pwndbg/commands/hex2ptr/#pwndbg.commands.hex2ptr","title":"hex2ptr","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/hex2ptr/#pwndbg.commands.hex2ptr.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Converts a space-separated hex string to a little-endian address.\"\n)\n
"},{"location":"reference/pwndbg/commands/hex2ptr/#pwndbg.commands.hex2ptr.hex2ptr","title":"hex2ptr","text":"hex2ptr(hex_string) -> None\n
"},{"location":"reference/pwndbg/commands/hexdump/","title":"pwndbg.commands.hexdump","text":""},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump","title":"hexdump","text":"Functions:
-
address_or_module_name \u2013 -
hexdump \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Hexdumps data at the specified address or module name.\"\n)\n
"},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump.address_or_module_name","title":"address_or_module_name","text":"address_or_module_name(s) -> int\n
"},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump.hexdump","title":"hexdump","text":"hexdump(address, count=hexdump_bytes) -> None\n
"},{"location":"reference/pwndbg/commands/hijack_fd/","title":"pwndbg.commands.hijack_fd","text":""},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd","title":"hijack_fd","text":"Classes:
-
ShellcodeRegs \u2013 -
ParsedSocket \u2013
Functions:
-
get_shellcode_regs \u2013 -
stack_size_alignment \u2013 -
asm_replace_file \u2013 -
asm_replace_socket \u2013 -
exec_shellcode_with_stack \u2013 -
parse_socket \u2013 -
parse_file_or_socket \u2013 -
hijack_fd \u2013
Attributes:
-
parser \u2013 -
PARSED_FILE_ARG \u2013
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Replace a file descriptor of a debugged process.\\n\\nThe new file descriptor can point to:\\n\\n- a file\\n- a pipe\\n- a socket\\n- a device, etc.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.PARSED_FILE_ARG","title":"PARSED_FILE_ARG module-attribute","text":"PARSED_FILE_ARG = Tuple[Optional[ParsedSocket], Optional[str]]\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ShellcodeRegs","title":"ShellcodeRegs","text":" Bases: NamedTuple
Attributes:
-
newfd (str) \u2013 -
syscall_ret (str) \u2013 -
stack (str) \u2013
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ShellcodeRegs.newfd","title":"newfd instance-attribute","text":"newfd: str\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ShellcodeRegs.syscall_ret","title":"syscall_ret instance-attribute","text":"syscall_ret: str\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ShellcodeRegs.stack","title":"stack instance-attribute","text":"stack: str\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket","title":"ParsedSocket","text":" Bases: NamedTuple
Attributes:
-
protocol (Literal['tcp', 'udp']) \u2013 -
ip_version (Literal['ipv4', 'ipv6']) \u2013 -
address (str) \u2013 -
port (int) \u2013
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket.protocol","title":"protocol instance-attribute","text":"protocol: Literal['tcp', 'udp']\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket.ip_version","title":"ip_version instance-attribute","text":"ip_version: Literal['ipv4', 'ipv6']\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket.address","title":"address instance-attribute","text":"address: str\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket.port","title":"port instance-attribute","text":"port: int\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.get_shellcode_regs","title":"get_shellcode_regs","text":"get_shellcode_regs() -> ShellcodeRegs\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.stack_size_alignment","title":"stack_size_alignment","text":"stack_size_alignment(s: int) -> int\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.asm_replace_file","title":"asm_replace_file","text":"asm_replace_file(replace_fd: int, filename: str) -> tuple[int, str]\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.asm_replace_socket","title":"asm_replace_socket","text":"asm_replace_socket(\n replace_fd: int, socket_data: ParsedSocket\n) -> tuple[int, str]\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.exec_shellcode_with_stack","title":"exec_shellcode_with_stack async","text":"exec_shellcode_with_stack(ec: ExecutionController, blob, stack_size: int)\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.parse_socket","title":"parse_socket","text":"parse_socket(url: str) -> ParsedSocket\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.parse_file_or_socket","title":"parse_file_or_socket","text":"parse_file_or_socket(s: str) -> PARSED_FILE_ARG\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.hijack_fd","title":"hijack_fd","text":"hijack_fd(fdnum: int, newfile: PARSED_FILE_ARG) -> None\n
"},{"location":"reference/pwndbg/commands/ida/","title":"pwndbg.commands.ida","text":""},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida","title":"ida","text":"Functions:
-
j \u2013 Synchronize IDA's cursor with GDB
-
up \u2013 Select and print stack frame that called this one.
-
down \u2013 Select and print stack frame called by this one.
-
save_ida \u2013 Save the IDA database
-
ida \u2013 Lookup a symbol's address by name from IDA.
Attributes:
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Select and print stack frame called by this one.\"\n)\n
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.j","title":"j","text":"j(*args) -> None\n
Synchronize IDA's cursor with GDB
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.up","title":"up","text":"up(n=1) -> None\n
Select and print stack frame that called this one.
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.down","title":"down","text":"down(n=1) -> None\n
Select and print stack frame called by this one.
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.save_ida","title":"save_ida","text":"save_ida() -> None\n
Save the IDA database
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.ida","title":"ida","text":"ida(name: Value) -> int\n
Lookup a symbol's address by name from IDA. Evaluate ida.LocByName() on the supplied value.
This functions doesn't see stack local variables.
Example:
pwndbg> set integration-provider ida\nPwndbg successfully connected to Ida Pro xmlrpc: http://127.0.0.1:31337\nSet which provider to use for integration features to 'ida'.\npwndbg> p main\nNo symbol \"main\" in current context.\npwndbg> p/x $ida(\"main\")\n$1 = 0x555555555645\npwndbg> b *$ida(\"main\")\nBreakpoint 2 at 0x555555555645\n
"},{"location":"reference/pwndbg/commands/ignore/","title":"pwndbg.commands.ignore","text":""},{"location":"reference/pwndbg/commands/ignore/#pwndbg.commands.ignore","title":"ignore","text":"Ignoring a breakpoint
Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/ignore/#pwndbg.commands.ignore.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Set ignore-count of breakpoint number N to COUNT.\\n\\nWhile the ignore count is positive, execution will not stop on the breakpoint.\\n\\nBy default, if `N' is ommitted, the last breakpoint (i.e. greatest breakpoint number) will be used.\"\n)\n
"},{"location":"reference/pwndbg/commands/ignore/#pwndbg.commands.ignore.ignore","title":"ignore","text":"ignore(bpnum, count) -> None\n
"},{"location":"reference/pwndbg/commands/integration/","title":"pwndbg.commands.integration","text":""},{"location":"reference/pwndbg/commands/integration/#pwndbg.commands.integration","title":"integration","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/integration/#pwndbg.commands.integration.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Use the current integration to decompile code near an address.\"\n)\n
"},{"location":"reference/pwndbg/commands/integration/#pwndbg.commands.integration.decomp","title":"decomp","text":"decomp(addr: int | None, lines: int | None) -> None\n
"},{"location":"reference/pwndbg/commands/ipython_interactive/","title":"pwndbg.commands.ipython_interactive","text":""},{"location":"reference/pwndbg/commands/ipython_interactive/#pwndbg.commands.ipython_interactive","title":"ipython_interactive","text":"Command to start an interactive IPython prompt.
Functions:
"},{"location":"reference/pwndbg/commands/ipython_interactive/#pwndbg.commands.ipython_interactive.switch_to_ipython_env","title":"switch_to_ipython_env","text":"switch_to_ipython_env()\n
We need to change stdout/stderr to the default ones, otherwise we can't use tab or autocomplete
"},{"location":"reference/pwndbg/commands/ipython_interactive/#pwndbg.commands.ipython_interactive.ipi","title":"ipi","text":"ipi() -> None\n
"},{"location":"reference/pwndbg/commands/jemalloc/","title":"pwndbg.commands.jemalloc","text":""},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc","title":"jemalloc","text":"Functions:
-
jemalloc_find_extent \u2013 -
jemalloc_extent_info \u2013 -
jemalloc_heap \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Prints all extents information')\n
"},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc.jemalloc_find_extent","title":"jemalloc_find_extent","text":"jemalloc_find_extent(addr) -> None\n
"},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc.jemalloc_extent_info","title":"jemalloc_extent_info","text":"jemalloc_extent_info(addr, verbose=False, header=True) -> bool\n
"},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc.jemalloc_heap","title":"jemalloc_heap","text":"jemalloc_heap() -> None\n
"},{"location":"reference/pwndbg/commands/kbase/","title":"pwndbg.commands.kbase","text":""},{"location":"reference/pwndbg/commands/kbase/#pwndbg.commands.kbase","title":"kbase","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/kbase/#pwndbg.commands.kbase.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Finds the kernel virtual base address.')\n
"},{"location":"reference/pwndbg/commands/kbase/#pwndbg.commands.kbase.kbase","title":"kbase","text":"kbase(rebase=False) -> None\n
"},{"location":"reference/pwndbg/commands/kchecksec/","title":"pwndbg.commands.kchecksec","text":""},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec","title":"kchecksec","text":"Classes:
Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Checks for kernel hardening configuration options.\"\n)\n
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.Option","title":"Option","text":" Bases: NamedTuple
Attributes:
-
name (str) \u2013 -
desired (bool) \u2013 -
cmdline_option (str) \u2013
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.Option.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.Option.desired","title":"desired class-attribute instance-attribute","text":"desired: bool = True\n
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.Option.cmdline_option","title":"cmdline_option class-attribute instance-attribute","text":"cmdline_option: str = None\n
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.kchecksec","title":"kchecksec","text":"kchecksec() -> None\n
"},{"location":"reference/pwndbg/commands/kcmdline/","title":"pwndbg.commands.kcmdline","text":""},{"location":"reference/pwndbg/commands/kcmdline/#pwndbg.commands.kcmdline","title":"kcmdline","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/kcmdline/#pwndbg.commands.kcmdline.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Return the kernel commandline (/proc/cmdline).\"\n)\n
"},{"location":"reference/pwndbg/commands/kcmdline/#pwndbg.commands.kcmdline.kcmdline","title":"kcmdline","text":"kcmdline() -> None\n
"},{"location":"reference/pwndbg/commands/kconfig/","title":"pwndbg.commands.kconfig","text":""},{"location":"reference/pwndbg/commands/kconfig/#pwndbg.commands.kconfig","title":"kconfig","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/kconfig/#pwndbg.commands.kconfig.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Outputs the kernel config (requires CONFIG_IKCONFIG).\"\n)\n
"},{"location":"reference/pwndbg/commands/kconfig/#pwndbg.commands.kconfig.kconfig","title":"kconfig","text":"kconfig(config_name=None) -> None\n
"},{"location":"reference/pwndbg/commands/killthreads/","title":"pwndbg.commands.killthreads","text":""},{"location":"reference/pwndbg/commands/killthreads/#pwndbg.commands.killthreads","title":"killthreads","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/killthreads/#pwndbg.commands.killthreads.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Kill all or given threads.\\n\\nSwitches to given threads and calls pthread_exit(0) on them.\\nThis is performed with scheduler-locking to prevent other threads from operating at the same time.\\n\\nKilling all other threads may be useful to use GDB checkpoints, e.g., to test given input & restart the execution to the point of interest (checkpoint).\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/killthreads/#pwndbg.commands.killthreads.killthreads","title":"killthreads","text":"killthreads(thread_ids: list[int] | None = None, all: bool = False) -> None\n
"},{"location":"reference/pwndbg/commands/klookup/","title":"pwndbg.commands.klookup","text":""},{"location":"reference/pwndbg/commands/klookup/#pwndbg.commands.klookup","title":"klookup","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/klookup/#pwndbg.commands.klookup.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Lookup kernel symbols')\n
"},{"location":"reference/pwndbg/commands/klookup/#pwndbg.commands.klookup.klookup","title":"klookup","text":"klookup(symbol: str) -> None\n
"},{"location":"reference/pwndbg/commands/knft/","title":"pwndbg.commands.knft","text":""},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft","title":"knft","text":"Functions:
-
parse_nft_family \u2013 -
knft_dump \u2013 -
knft_list_tables \u2013 -
knft_list_chains \u2013 -
knft_list_rules \u2013 -
knft_list_exprs \u2013 -
knft_list_sets \u2013 -
knft_list_objects \u2013 -
knft_list_flowtables \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Dump netfilter flowtables from a specific table\"\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.parse_nft_family","title":"parse_nft_family","text":"parse_nft_family(s: str) -> int\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_dump","title":"knft_dump","text":"knft_dump(nsid: int | None = None)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_tables","title":"knft_list_tables","text":"knft_list_tables(nsid: int | None = None)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_chains","title":"knft_list_chains","text":"knft_list_chains(\n table_family: int | None = None,\n table_name: str | None = None,\n nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_rules","title":"knft_list_rules","text":"knft_list_rules(\n table_family: int | None = None,\n table_name: str | None = None,\n chain_name: str | None = None,\n nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_exprs","title":"knft_list_exprs","text":"knft_list_exprs(\n table_family: int | None = None,\n table_name: str | None = None,\n chain_name: str | None = None,\n rule_id: int | None = None,\n nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_sets","title":"knft_list_sets","text":"knft_list_sets(\n table_family: int | None = None,\n table_name: str | None = None,\n nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_objects","title":"knft_list_objects","text":"knft_list_objects(\n table_family: int | None = None,\n table_name: str | None = None,\n nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_flowtables","title":"knft_list_flowtables","text":"knft_list_flowtables(\n table_family: int | None = None,\n table_name: str | None = None,\n nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/kversion/","title":"pwndbg.commands.kversion","text":""},{"location":"reference/pwndbg/commands/kversion/#pwndbg.commands.kversion","title":"kversion","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/kversion/#pwndbg.commands.kversion.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Outputs the kernel version (/proc/version).\"\n)\n
"},{"location":"reference/pwndbg/commands/kversion/#pwndbg.commands.kversion.kversion","title":"kversion","text":"kversion() -> None\n
"},{"location":"reference/pwndbg/commands/leakfind/","title":"pwndbg.commands.leakfind","text":""},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind","title":"leakfind","text":"Find a chain of leaks given some starting address.
Functions:
-
get_rec_addr_string \u2013 -
dbg_print_map \u2013 -
leakfind \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"\\nAttempt to find a leak chain given a starting address.\\n\\nScans memory near the given address, looks for pointers, and continues that process to attempt to find leaks.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind.get_rec_addr_string","title":"get_rec_addr_string","text":"get_rec_addr_string(addr, visited_map)\n
"},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind.dbg_print_map","title":"dbg_print_map","text":"dbg_print_map(maps) -> None\n
"},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind.leakfind","title":"leakfind","text":"leakfind(\n address=None,\n page_name=None,\n max_offset: int = 64,\n max_depth: int = 4,\n step: int = 1,\n negative_offset: int = 0,\n)\n
"},{"location":"reference/pwndbg/commands/libcinfo/","title":"pwndbg.commands.libcinfo","text":""},{"location":"reference/pwndbg/commands/libcinfo/#pwndbg.commands.libcinfo","title":"libcinfo","text":"Functions:
"},{"location":"reference/pwndbg/commands/libcinfo/#pwndbg.commands.libcinfo.libcinfo","title":"libcinfo","text":"libcinfo()\n
"},{"location":"reference/pwndbg/commands/linkmap/","title":"pwndbg.commands.linkmap","text":""},{"location":"reference/pwndbg/commands/linkmap/#pwndbg.commands.linkmap","title":"linkmap","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/linkmap/#pwndbg.commands.linkmap.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Show the state of the Link Map')\n
"},{"location":"reference/pwndbg/commands/linkmap/#pwndbg.commands.linkmap.linkmap","title":"linkmap","text":"linkmap() -> None\n
"},{"location":"reference/pwndbg/commands/memoize/","title":"pwndbg.commands.memoize","text":""},{"location":"reference/pwndbg/commands/memoize/#pwndbg.commands.memoize","title":"memoize","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/memoize/#pwndbg.commands.memoize.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"\\nToggles memoization (caching).\\n\\nUseful for diagnosing caching-related bugs. Decreases performance.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/memoize/#pwndbg.commands.memoize.memoize","title":"memoize","text":"memoize() -> None\n
"},{"location":"reference/pwndbg/commands/misc/","title":"pwndbg.commands.misc","text":""},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc","title":"misc","text":"Functions:
-
errno_ \u2013 -
pwndbg_ \u2013 -
list_and_filter_commands \u2013
Attributes:
-
parser \u2013 -
cat_group \u2013
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description=\"Prints out a list of all Pwndbg commands.\")\n
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.cat_group","title":"cat_group module-attribute","text":"cat_group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.errno_","title":"errno_","text":"errno_(err) -> None\n
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.pwndbg_","title":"pwndbg_","text":"pwndbg_(filter_pattern, category_, list_categories) -> None\n
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.list_and_filter_commands","title":"list_and_filter_commands","text":"list_and_filter_commands(filter_str)\n
"},{"location":"reference/pwndbg/commands/mmap/","title":"pwndbg.commands.mmap","text":""},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap","title":"mmap","text":"Functions:
-
prot_str_to_val \u2013 Heuristic to convert PROT_EXEC|PROT_WRITE to integer value.
-
flag_str_to_val \u2013 Heuristic to convert MAP_SHARED|MAP_FIXED to integer value.
-
parse_str_or_int \u2013 Try parsing a string with one of the parsers above or by converting it to
-
mmap \u2013
Attributes:
-
parser \u2013 -
prot_dict \u2013 -
flag_dict \u2013
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"\\nCalls the mmap syscall and prints its resulting address.\\n\\nNote that the mmap syscall may fail for various reasons\\n(see `man mmap`) and, in case of failure, its return value\\nwill not be a valid pointer.\\n\\nPROT values: NONE (0), READ (1), WRITE (2), EXEC (4)\\n\\nMAP values: SHARED (1), PRIVATE (2), SHARED_VALIDATE (3), FIXED (0x10),\\n ANONYMOUS (0x20)\\n\\nFlags and protection values can be either a string containing the names of the\\nflags or permissions or a single number corresponding to the bitwise OR of the\\nprotection and flag numbers.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.prot_dict","title":"prot_dict module-attribute","text":"prot_dict = {'PROT_NONE': 0, 'PROT_READ': 1, 'PROT_WRITE': 2, 'PROT_EXEC': 4}\n
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.flag_dict","title":"flag_dict module-attribute","text":"flag_dict = {\n \"MAP_SHARED\": 1,\n \"MAP_PRIVATE\": 2,\n \"MAP_SHARED_VALIDATE\": 3,\n \"MAP_FIXED\": 16,\n \"MAP_ANONYMOUS\": 32,\n}\n
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.prot_str_to_val","title":"prot_str_to_val","text":"prot_str_to_val(protstr)\n
Heuristic to convert PROT_EXEC|PROT_WRITE to integer value.
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.flag_str_to_val","title":"flag_str_to_val","text":"flag_str_to_val(flagstr)\n
Heuristic to convert MAP_SHARED|MAP_FIXED to integer value.
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.parse_str_or_int","title":"parse_str_or_int","text":"parse_str_or_int(val: str | int, parser)\n
Try parsing a string with one of the parsers above or by converting it to an int, or passes the value through if it is already an integer.
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.mmap","title":"mmap","text":"mmap(\n addr, length, prot=7, flags=34, fd=-1, offset=0, quiet=False, force=False\n) -> None\n
"},{"location":"reference/pwndbg/commands/mprotect/","title":"pwndbg.commands.mprotect","text":""},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect","title":"mprotect","text":"Functions:
Attributes:
-
parser \u2013 -
SYS_MPROTECT \u2013 -
prot_dict \u2013
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"\\nCalls the mprotect syscall and prints its result value.\\n\\nNote that the mprotect syscall may fail for various reasons\\n(see `man mprotect`) and a non-zero error return value\\ncan be decoded with the `errno <value>` command.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.SYS_MPROTECT","title":"SYS_MPROTECT module-attribute","text":"SYS_MPROTECT = 125\n
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.prot_dict","title":"prot_dict module-attribute","text":"prot_dict = {'PROT_NONE': 0, 'PROT_READ': 1, 'PROT_WRITE': 2, 'PROT_EXEC': 4}\n
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.prot_str_to_val","title":"prot_str_to_val","text":"prot_str_to_val(protstr: str) -> int\n
Converts a protection string to an integer. Formats include: - A positive integer, like 3 - A combination of r, w, and x, like rw - A combination of PROT_READ, PROT_WRITE, and PROT_EXEC, like PROT_READ|PROT_WRITE
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.prot_val_to_str","title":"prot_val_to_str","text":"prot_val_to_str(protval: int) -> str\n
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.mprotect","title":"mprotect","text":"mprotect(addr, length, prot) -> None\n
"},{"location":"reference/pwndbg/commands/msr/","title":"pwndbg.commands.msr","text":""},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr","title":"msr","text":"Functions:
-
parse_msr \u2013 -
parse_range \u2013 -
x86_msr_read \u2013 -
x86_msr_write \u2013 -
msr_read \u2013 -
msr_write \u2013 -
msr_list \u2013 -
msr \u2013
Attributes:
-
X86_MSRS \u2013 -
COMMON_MSRS \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.X86_MSRS","title":"X86_MSRS module-attribute","text":"X86_MSRS = {\n \"MSR_EFER\": 3221225600,\n \"MSR_STAR\": 3221225601,\n \"MSR_LSTAR\": 3221225602,\n \"MSR_CSTAR\": 3221225603,\n \"MSR_SYSCALL_MASK\": 3221225604,\n \"MSR_FS_BASE\": 3221225728,\n \"MSR_GS_BASE\": 3221225729,\n \"MSR_KERNEL_GS_BASE\": 3221225730,\n \"MSR_TSC_AUX\": 3221225731,\n}\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.COMMON_MSRS","title":"COMMON_MSRS module-attribute","text":"COMMON_MSRS = {'i386': X86_MSRS, 'x86-64': X86_MSRS}\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"\\nRead or write to Model Specific Register (MSR)\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.parse_msr","title":"parse_msr","text":"parse_msr(msr: str, arch: str) -> int | None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.parse_range","title":"parse_range","text":"parse_range(msr_range: str, arch: str) -> tuple[int, int] | None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.x86_msr_read","title":"x86_msr_read","text":"x86_msr_read(msr: int) -> None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.x86_msr_write","title":"x86_msr_write","text":"x86_msr_write(msr: int, write_value: int) -> None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.msr_read","title":"msr_read","text":"msr_read(msr: int) -> None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.msr_write","title":"msr_write","text":"msr_write(msr: int, write_value: int) -> None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.msr_list","title":"msr_list","text":"msr_list(arch: str)\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.msr","title":"msr","text":"msr(\n msr: str | None = None,\n write: int | None = None,\n list_msr=False,\n msr_range: str | None = None,\n) -> None\n
"},{"location":"reference/pwndbg/commands/nearpc/","title":"pwndbg.commands.nearpc","text":""},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc","title":"nearpc","text":"Functions:
-
nearpc \u2013 Disassemble near a specified address.
-
emulate \u2013 Like nearpc, but will emulate instructions from the current $PC forward.
Attributes:
"},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Like nearpc, but will emulate instructions from the current $PC forward.\"\n)\n
"},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc.nearpc","title":"nearpc","text":"nearpc(\n pc=None, lines=None, emulate=False, use_cache=False, linear=True\n) -> None\n
Disassemble near a specified address.
"},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc.emulate","title":"emulate","text":"emulate(pc=None, lines=None, emulate_=True) -> None\n
Like nearpc, but will emulate instructions from the current $PC forward.
"},{"location":"reference/pwndbg/commands/next/","title":"pwndbg.commands.next","text":""},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next","title":"next","text":"Stepping until an event occurs
Functions:
-
nextjmp \u2013 Breaks at the next jump instruction
-
nextcall \u2013 Breaks at the next call instruction
-
nextret \u2013 Breaks at next return-like instruction
-
stepret \u2013 Breaks at next return-like instruction by 'stepping' to it
-
nextproginstr \u2013 -
stepover \u2013 Sets a breakpoint on the instruction after this one
-
nextsyscall \u2013 Breaks at the next syscall not taking branches.
-
stepsyscall \u2013 Breaks at the next syscall by taking branches.
-
stepuntilasm \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Breaks on the next matching instruction.')\n
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextjmp","title":"nextjmp","text":"nextjmp() -> None\n
Breaks at the next jump instruction
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextcall","title":"nextcall","text":"nextcall(symbol_regex=None) -> None\n
Breaks at the next call instruction
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextret","title":"nextret","text":"nextret() -> None\n
Breaks at next return-like instruction
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepret","title":"stepret","text":"stepret() -> None\n
Breaks at next return-like instruction by 'stepping' to it
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextproginstr","title":"nextproginstr","text":"nextproginstr() -> None\n
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepover","title":"stepover","text":"stepover(addr=None) -> None\n
Sets a breakpoint on the instruction after this one
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextsyscall","title":"nextsyscall","text":"nextsyscall() -> None\n
Breaks at the next syscall not taking branches.
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepsyscall","title":"stepsyscall","text":"stepsyscall() -> None\n
Breaks at the next syscall by taking branches.
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepuntilasm","title":"stepuntilasm","text":"stepuntilasm(mnemonic, op_str) -> None\n
"},{"location":"reference/pwndbg/commands/onegadget/","title":"pwndbg.commands.onegadget","text":""},{"location":"reference/pwndbg/commands/onegadget/#pwndbg.commands.onegadget","title":"onegadget","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/onegadget/#pwndbg.commands.onegadget.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"\\nFind gadgets which single-handedly give code execution.\\n\\nUses the onegadget tool by david942j.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/onegadget/#pwndbg.commands.onegadget.onegadget","title":"onegadget","text":"onegadget(\n show_unsat: bool = False, no_unknown: bool = False, verbose: bool = False\n) -> None\n
"},{"location":"reference/pwndbg/commands/p2p/","title":"pwndbg.commands.p2p","text":""},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p","title":"p2p","text":"Classes:
Functions:
-
get_addrrange_any_named \u2013 -
address_range_explicit \u2013 -
address_range \u2013 -
maybe_points_to_ranges \u2013 -
p2p_walk \u2013 -
p2p \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.ts","title":"ts module-attribute","text":"ts = telescope\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Pointer to pointer chain search. Searches given mapping for all pointers that point to specified mapping.\\n\\nAny chain length greater than 0 is valid. If only one mapping is given it just looks for any pointers in that mapping.\"\n)\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.AddrRange","title":"AddrRange","text":"AddrRange(begin: int, end: int)\n
Methods:
Attributes:
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.AddrRange.begin","title":"begin instance-attribute","text":"begin = begin\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.AddrRange.end","title":"end instance-attribute","text":"end = end\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.AddrRange.__repr__","title":"__repr__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.get_addrrange_any_named","title":"get_addrrange_any_named","text":"get_addrrange_any_named() -> list[AddrRange]\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.address_range_explicit","title":"address_range_explicit","text":"address_range_explicit(section: str) -> AddrRange\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.address_range","title":"address_range","text":"address_range(section: str) -> list[AddrRange] | tuple[int, int] | None\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.maybe_points_to_ranges","title":"maybe_points_to_ranges","text":"maybe_points_to_ranges(ptr: int, rs: list[AddrRange])\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.p2p_walk","title":"p2p_walk","text":"p2p_walk(\n addr: int, ranges: list[list[AddrRange]], current_level: int\n) -> int | None\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.p2p","title":"p2p","text":"p2p(mapping_names: list[list[AddrRange]] | None = None) -> None\n
"},{"location":"reference/pwndbg/commands/paging/","title":"pwndbg.commands.paging","text":""},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging","title":"paging","text":"Functions:
-
print_pagetable_entry \u2013 -
pg_indices \u2013 -
pagewalk \u2013 -
p2v \u2013 -
v2p \u2013
Attributes:
-
parser \u2013 -
pageflags \u2013 -
p2v_parser \u2013 -
v2p_parser \u2013
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Performs pagewalk.')\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.pageflags","title":"pageflags module-attribute","text":"pageflags = BitFlags([('NX', 63), ('PS', 7), ('A', 5), ('W', 1), ('P', 0)])\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.p2v_parser","title":"p2v_parser module-attribute","text":"p2v_parser = ArgumentParser(\n description=\"Translate physical address to its corresponding virtual address.\"\n)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.v2p_parser","title":"v2p_parser module-attribute","text":"v2p_parser = ArgumentParser(\n description=\"Translate virtual address to its corresponding physical address.\"\n)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.print_pagetable_entry","title":"print_pagetable_entry","text":"print_pagetable_entry(name: str, paddr: int | None, vaddr: int)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.pg_indices","title":"pg_indices","text":"pg_indices(vaddr, nr_level)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.pagewalk","title":"pagewalk","text":"pagewalk(vaddr, entry=None)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.p2v","title":"p2v","text":"p2v(paddr)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.v2p","title":"v2p","text":"v2p(vaddr)\n
"},{"location":"reference/pwndbg/commands/patch/","title":"pwndbg.commands.patch","text":""},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch","title":"patch","text":"Functions:
-
patch \u2013 -
patch_revert \u2013 -
patch_list \u2013
Attributes:
-
patches (dict[int, tuple[bytearray, bytearray]]) \u2013 -
parser \u2013 -
parser2 \u2013 -
parser3 \u2013
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.patches","title":"patches module-attribute","text":"patches: dict[int, tuple[bytearray, bytearray]] = {}\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Patches given instruction with given code or bytes.\"\n)\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.parser2","title":"parser2 module-attribute","text":"parser2 = ArgumentParser(description='Revert patch at given address.')\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.parser3","title":"parser3 module-attribute","text":"parser3 = ArgumentParser(description='List all patches.')\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.patch","title":"patch","text":"patch(address: int, ins: str, quiet: bool) -> None\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.patch_revert","title":"patch_revert","text":"patch_revert(address: int) -> None\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.patch_list","title":"patch_list","text":"patch_list() -> None\n
"},{"location":"reference/pwndbg/commands/peda/","title":"pwndbg.commands.peda","text":""},{"location":"reference/pwndbg/commands/peda/#pwndbg.commands.peda","title":"peda","text":"Functions:
-
getfile \u2013 -
xuntil \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/peda/#pwndbg.commands.peda.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Continue execution until an address or expression.\"\n)\n
"},{"location":"reference/pwndbg/commands/peda/#pwndbg.commands.peda.getfile","title":"getfile","text":"getfile() -> None\n
"},{"location":"reference/pwndbg/commands/peda/#pwndbg.commands.peda.xuntil","title":"xuntil","text":"xuntil(target) -> None\n
"},{"location":"reference/pwndbg/commands/pie/","title":"pwndbg.commands.pie","text":""},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie","title":"pie","text":"Functions:
-
translate_addr \u2013 -
piebase \u2013 -
breakrva \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Calculate VA of RVA from PIE base.')\n
"},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie.translate_addr","title":"translate_addr","text":"translate_addr(offset, module)\n
"},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie.piebase","title":"piebase","text":"piebase(offset=None, module=None) -> None\n
"},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie.breakrva","title":"breakrva","text":"breakrva(offset=0, module=None) -> None\n
"},{"location":"reference/pwndbg/commands/plist/","title":"pwndbg.commands.plist","text":""},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist","title":"plist","text":"Functions:
-
plist \u2013 -
bit_offset_of_field \u2013 -
get_byte_offset \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Dumps the elements of a linked list.\\n\\nThis command traverses the linked list beginning at a given element, dumping its\\ncontents and the contents of all the elements that come after it in the list.\\nTraversal is configurable and can handle multiple types of linked lists, but will\\nalways stop when a cycle is detected.\\n\\nThe path to the first element can be any GDB expression that evaluates to either\\nthe first element directly, or a to pointer to it. The next element is the name\\nof the field containing the next pointer, in either the structure itself or in\\nthe structure given by --inner.\\n\\nAn address value may be given with --sentinel that signals the end of the list.\\nBy default, the value used is NULL (0).\\n\\nIf only one field inside each node is desired, it can be printed exclusively by\\nspecifying its name with --field.\\n\\nThis command supports traversing three types of linked lists, classified by how\\nthe next pointer can be found in the structure and what type it is:\\n 1 - Next pointer is field of structure, type is the same as structure.\\n 2 - Next pointer is field of inner nested structure, pointed to type is the\\n same as outer structure.\\n 3 - Next pointer is field of inner nested structure, pointed to type is the\\n same as inner structure.\\nTypes 2 and 3 require --inner to be specified.\\n\\nExample 1:\\n\\n```\\nstruct node {\\n int value;\\n struct node *next;\\n};\\nstruct node node_c = { 2, NULL };\\nstruct node node_b = { 1, &node_c };\\nstruct node node_a = { 0, &node_b };\\n```\\n\\npwndbg> plist node_a next\\n0x4000011050 <node_a>: {\\n value = 0,\\n next = 0x4000011040 <node_b>\\n}\\n0x4000011040 <node_b>: {\\n value = 1,\\n next = 0x4000011010 <node_c>\\n}\\n0x4000011010 <node_c>: {\\n value = 2,\\n next = 0x0\\n}\\n\\nExample 2:\\n\\n```\\nstruct node_inner_a {\\n struct node_inner_a *next;\\n};\\nstruct inner_a_node {\\n int value;\\n struct node_inner_a inner;\\n};\\nstruct inner_a_node inner_a_node_c = { 2, { NULL } };\\nstruct inner_a_node inner_a_node_b = { 1, { &inner_a_node_c.inner } };\\nstruct inner_a_node inner_a_node_a = { 0, { &inner_a_node_b.inner } };\\n```\\n\\npwndbg> plist inner_a_node_a -i inner next\\n0x4000011070 <inner_a_node_a>: {\\n value = 0,\\n inner = {\\n next = 0x4000011068 <inner_a_node_b+8>\\n }\\n}\\n0x4000011060 <inner_a_node_b>: {\\n value = 1,\\n inner = {\\n next = 0x4000011028 <inner_a_node_c+8>\\n }\\n}\\n0x4000011020 <inner_a_node_c>: {\\n value = 2,\\n inner = {\\n next = 0x0\\n }\\n}\\n\\nExample 3:\\n\\n```\\nstruct inner_b_node;\\nstruct node_inner_b {\\n struct inner_b_node *next;\\n};\\nstruct inner_b_node {\\n int value;\\n struct node_inner_b inner;\\n};\\nstruct inner_b_node inner_b_node_c = { 2, { NULL } };\\nstruct inner_b_node inner_b_node_b = { 1, { &inner_b_node_c } };\\nstruct inner_b_node inner_b_node_a = { 0, { &inner_b_node_b } };\\n```\\n\\npwndbg> plist inner_b_node_a -i inner next\\n0x4000011090 <inner_b_node_a>: {\\n value = 0,\\n inner = {\\n next = 0x4000011080 <inner_b_node_b>\\n }\\n}\\n0x4000011080 <inner_b_node_b>: {\\n value = 1,\\n inner = {\\n next = 0x4000011030 <inner_b_node_c>\\n }\\n}\\n0x4000011030 <inner_b_node_c>: {\\n value = 2,\\n inner = {\\n next = 0x0\\n }\\n}\\n\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist.plist","title":"plist","text":"plist(\n path: str,\n next: str,\n sentinel: int,\n inner_name: str | None,\n field_name: str | None,\n offset: int,\n count: int | None = None,\n) -> None\n
"},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist.bit_offset_of_field","title":"bit_offset_of_field","text":"bit_offset_of_field(struct, field_name, inner_name=None)\n
"},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist.get_byte_offset","title":"get_byte_offset","text":"get_byte_offset(bit_offset)\n
"},{"location":"reference/pwndbg/commands/probeleak/","title":"pwndbg.commands.probeleak","text":""},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak","title":"probeleak","text":"Functions:
-
find_module \u2013 -
satisfied_flags \u2013 -
flags_str2int \u2013 -
probeleak \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Pointer scan for possible offset leaks.')\n
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.find_module","title":"find_module","text":"find_module(addr, max_distance)\n
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.satisfied_flags","title":"satisfied_flags","text":"satisfied_flags(require_flags, flags)\n
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.flags_str2int","title":"flags_str2int","text":"flags_str2int(flags_s)\n
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.probeleak","title":"probeleak","text":"probeleak(\n address=None,\n count=64,\n max_distance=0,\n point_to=None,\n max_ptrs=0,\n flags=None,\n) -> None\n
"},{"location":"reference/pwndbg/commands/procinfo/","title":"pwndbg.commands.procinfo","text":""},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo","title":"procinfo","text":"Classes:
Functions:
-
tcp \u2013 It will first list all listening TCP sockets, and next list all established
-
tcp6 \u2013 -
unix \u2013 -
netlink \u2013 -
pid \u2013 -
procinfo \u2013 Display information about the running process.
Attributes:
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.capabilities","title":"capabilities module-attribute","text":"capabilities = {\n 0: \"CAP_CHOWN\",\n 1: \"CAP_DAC_OVERRIDE\",\n 2: \"CAP_DAC_READ_SEARCH\",\n 3: \"CAP_FOWNER\",\n 4: \"CAP_FSETID\",\n 5: \"CAP_KILL\",\n 6: \"CAP_SETGID\",\n 7: \"CAP_SETUID\",\n 8: \"CAP_SETPCAP\",\n 9: \"CAP_LINUX_IMMUTABLE\",\n 10: \"CAP_NET_BIND_SERVICE\",\n 11: \"CAP_NET_BROADCAST\",\n 12: \"CAP_NET_ADMIN\",\n 13: \"CAP_NET_RAW\",\n 14: \"CAP_IPC_LOCK\",\n 15: \"CAP_IPC_OWNER\",\n 16: \"CAP_SYS_MODULE\",\n 17: \"CAP_SYS_RAWIO\",\n 18: \"CAP_SYS_CHROOT\",\n 19: \"CAP_SYS_PTRACE\",\n 20: \"CAP_SYS_PACCT\",\n 21: \"CAP_SYS_ADMIN\",\n 22: \"CAP_SYS_BOOT\",\n 23: \"CAP_SYS_NICE\",\n 24: \"CAP_SYS_RESOURCE\",\n 25: \"CAP_SYS_TIME\",\n 26: \"CAP_SYS_TTY_CONFIG\",\n 27: \"CAP_MKNOD\",\n 28: \"CAP_LEASE\",\n 29: \"CAP_AUDIT_WRITE\",\n 30: \"CAP_AUDIT_CONTROL\",\n 31: \"CAP_SETFCAP\",\n 32: \"CAP_MAC_OVERRIDE\",\n 33: \"CAP_MAC_ADMIN\",\n 34: \"CAP_SYSLOG\",\n 35: \"CAP_WAKE_ALARM\",\n 36: \"CAP_BLOCK_SUSPEND\",\n}\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process","title":"Process","text":"Process(pid=None, tid=None)\n
Attributes:
-
pid \u2013 -
tid \u2013 -
selinux (str) \u2013 -
cmdline \u2013 -
cwd (str) \u2013 -
status \u2013 -
open_files \u2013 -
connections \u2013
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.pid","title":"pid instance-attribute","text":"pid = pid\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.tid","title":"tid instance-attribute","text":"tid = tid\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.selinux","title":"selinux property","text":"selinux: str\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.cmdline","title":"cmdline property","text":"cmdline\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.cwd","title":"cwd property","text":"cwd: str\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.status","title":"status property","text":"status\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.open_files","title":"open_files property","text":"open_files\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.connections","title":"connections property","text":"connections\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.tcp","title":"tcp","text":"tcp(tid: int)\n
It will first list all listening TCP sockets, and next list all established TCP connections. A typical entry of /proc/net/tcp would look like this (split up into 3 parts because of the length of the line):
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.tcp6","title":"tcp6","text":"tcp6(tid: int)\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.unix","title":"unix","text":"unix(tid: int)\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.netlink","title":"netlink","text":"netlink(tid: int)\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.pid","title":"pid","text":"pid() -> None\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.procinfo","title":"procinfo","text":"procinfo() -> None\n
Display information about the running process.
"},{"location":"reference/pwndbg/commands/profiler/","title":"pwndbg.commands.profiler","text":""},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler","title":"profiler","text":"Utilities for profiling pwndbg.
Functions:
Attributes:
-
parser \u2013 -
subparsers \u2013 -
parser_start \u2013 -
parser_stop \u2013
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"\\nUtilities for profiling Pwndbg.\\n\\nCheck out the `./profiling` folder for other useful utilities.\\nUse `./profiling/print_stats.py` to generate a report from a `.pstats` file.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.subparsers","title":"subparsers module-attribute","text":"subparsers = add_subparsers(dest='command')\n
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.parser_start","title":"parser_start module-attribute","text":"parser_start = add_parser('start', prog='profiler start')\n
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.parser_stop","title":"parser_stop module-attribute","text":"parser_stop = add_parser('stop', prog='profiler stop')\n
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.profiler","title":"profiler","text":"profiler(command, file='pwndbg.pstats') -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/","title":"pwndbg.commands.ptmalloc2","text":""},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2","title":"ptmalloc2","text":"Functions:
-
read_chunk \u2013 Read a chunk's metadata.
-
format_bin \u2013 -
print_no_arena_found_error \u2013 -
print_no_tcache_bins_found_error \u2013 -
heap \u2013 Iteratively print chunks on a heap, default to the current thread's
-
hi \u2013 -
arena \u2013 Print the contents of an arena, default to the current thread's arena.
-
arenas \u2013 Lists this process's arenas.
-
tcache \u2013 Print a thread's tcache contents, default to the current thread's
-
mp \u2013 Print the mp_ struct's contents.
-
top_chunk \u2013 Print relevant information about an arena's top chunk, default to the
-
malloc_chunk \u2013 Print a malloc_chunk struct's contents.
-
bins \u2013 Print the contents of all an arena's bins and a thread's tcache,
-
fastbins \u2013 Print the contents of an arena's fastbins, default to the current
-
unsortedbin \u2013 Print the contents of an arena's unsortedbin, default to the current
-
smallbins \u2013 Print the contents of an arena's smallbins, default to the current
-
largebins \u2013 Print the contents of an arena's largebins, default to the current
-
tcachebins \u2013 Print the contents of a tcache, default to the current thread's tcache.
-
find_fake_fast \u2013 Find candidate fake fast chunks overlapping the specified address.
-
vis_heap_chunks \u2013 Visualize chunks on a heap, default to the current arena's active heap.
-
bin_ascii \u2013 -
bin_labels_mapping \u2013 Returns all potential bin labels for all potential addresses
-
try_free \u2013 -
try_unlink \u2013
Attributes:
-
parser \u2013 -
group \u2013 -
VALID_CHARS \u2013 -
try_free_parser \u2013
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Visualize chunks on a heap.\\n\\nDefault to the current arena's active heap.\"\n)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.group","title":"group module-attribute","text":"group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.VALID_CHARS","title":"VALID_CHARS module-attribute","text":"VALID_CHARS = list(map(ord, set(printable) - set('\\t\\r\\n\\x0c\\x0b')))\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.try_free_parser","title":"try_free_parser module-attribute","text":"try_free_parser = ArgumentParser(\n description=\"Check what would happen if free was called with given address.\"\n)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.read_chunk","title":"read_chunk","text":"read_chunk(addr: int) -> dict[str, int]\n
Read a chunk's metadata.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.format_bin","title":"format_bin","text":"format_bin(\n bins: Bins, verbose: bool = False, offset: int | None = None\n) -> list[str]\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.print_no_arena_found_error","title":"print_no_arena_found_error","text":"print_no_arena_found_error(tid=None) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.print_no_tcache_bins_found_error","title":"print_no_tcache_bins_found_error","text":"print_no_tcache_bins_found_error(tid: int | None = None) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.heap","title":"heap","text":"heap(\n addr: int | None = None, verbose: bool = False, simple: bool = False\n) -> None\n
Iteratively print chunks on a heap, default to the current thread's active heap.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.hi","title":"hi","text":"hi(\n addr: int, verbose: bool = False, simple: bool = False, fake: bool = False\n) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.arena","title":"arena","text":"arena(addr: int | None = None) -> None\n
Print the contents of an arena, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.arenas","title":"arenas","text":"arenas() -> None\n
Lists this process's arenas.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.tcache","title":"tcache","text":"tcache(addr: int | None = None) -> None\n
Print a thread's tcache contents, default to the current thread's tcache.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.mp","title":"mp","text":"mp() -> None\n
Print the mp_ struct's contents.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.top_chunk","title":"top_chunk","text":"top_chunk(addr: int | None = None) -> None\n
Print relevant information about an arena's top chunk, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.malloc_chunk","title":"malloc_chunk","text":"malloc_chunk(\n addr: int,\n fake: bool = False,\n verbose: bool = False,\n simple: bool = False,\n next: int = 0,\n dump: bool = False,\n) -> None\n
Print a malloc_chunk struct's contents.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.bins","title":"bins","text":"bins(addr: int | None = None, tcache_addr: int | None = None) -> None\n
Print the contents of all an arena's bins and a thread's tcache, default to the current thread's arena and tcache.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.fastbins","title":"fastbins","text":"fastbins(addr: int | None = None, verbose: bool = False) -> None\n
Print the contents of an arena's fastbins, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.unsortedbin","title":"unsortedbin","text":"unsortedbin(addr: int | None = None, verbose: bool = False) -> None\n
Print the contents of an arena's unsortedbin, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.smallbins","title":"smallbins","text":"smallbins(addr: int | None = None, verbose: bool = False) -> None\n
Print the contents of an arena's smallbins, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.largebins","title":"largebins","text":"largebins(addr: int | None = None, verbose: bool = False) -> None\n
Print the contents of an arena's largebins, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.tcachebins","title":"tcachebins","text":"tcachebins(addr: int | None = None, verbose: bool = False) -> None\n
Print the contents of a tcache, default to the current thread's tcache.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.find_fake_fast","title":"find_fake_fast","text":"find_fake_fast(\n target_address: int,\n max_candidate_size: int | None = None,\n align: bool = False,\n glibc_fastbin_bug: bool = False,\n partial_overwrite: bool = False,\n) -> None\n
Find candidate fake fast chunks overlapping the specified address.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.vis_heap_chunks","title":"vis_heap_chunks","text":"vis_heap_chunks(\n addr: int | None = None,\n count: int | None = None,\n beyond_top: bool = False,\n no_truncate: bool = False,\n all_chunks: bool = False,\n) -> None\n
Visualize chunks on a heap, default to the current arena's active heap.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.bin_ascii","title":"bin_ascii","text":"bin_ascii(bs)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.bin_labels_mapping","title":"bin_labels_mapping","text":"bin_labels_mapping(collections)\n
Returns all potential bin labels for all potential addresses We precompute all of them because doing this on demand was too slow and inefficient See #1675 for more details
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.try_free","title":"try_free","text":"try_free(addr: str | int) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.try_unlink","title":"try_unlink","text":"try_unlink(addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/","title":"pwndbg.commands.ptmalloc2_tracking","text":""},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking","title":"ptmalloc2_tracking","text":"Functions:
Attributes:
-
parser \u2013 -
subparsers \u2013 -
enable \u2013 -
disable \u2013 -
toggle_break \u2013
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Manages the heap tracker.\\n\\nThe heap tracker is a module that tracks usage of the GLibc heap and looks for\\nuser errors such as double frees and use after frees.\\n\\nCurrently, the following errors can be detected:\\n - Use After Free\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.subparsers","title":"subparsers module-attribute","text":"subparsers = add_subparsers(\n required=True,\n description=\"Used to enable, disable and query information about the tracker\",\n)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.enable","title":"enable module-attribute","text":"enable = add_parser('enable', help='Enable heap tracking')\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.disable","title":"disable module-attribute","text":"disable = add_parser('disable', help='Disable heap tracking')\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.toggle_break","title":"toggle_break module-attribute","text":"toggle_break = add_parser(\n \"toggle-break\",\n help=\"Toggles whether possible UAF conditions will pause execution\",\n)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.track_heap","title":"track_heap","text":"track_heap(mode=None, use_hardware_breakpoints=False)\n
"},{"location":"reference/pwndbg/commands/radare2/","title":"pwndbg.commands.radare2","text":""},{"location":"reference/pwndbg/commands/radare2/#pwndbg.commands.radare2","title":"radare2","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/radare2/#pwndbg.commands.radare2.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Execute stateful radare2 commands through r2pipe.\"\n)\n
"},{"location":"reference/pwndbg/commands/radare2/#pwndbg.commands.radare2.r2","title":"r2","text":"r2(arguments, no_seek=False, no_rebase=False) -> None\n
"},{"location":"reference/pwndbg/commands/radare2/#pwndbg.commands.radare2.r2pipe","title":"r2pipe","text":"r2pipe(arguments) -> None\n
"},{"location":"reference/pwndbg/commands/reload/","title":"pwndbg.commands.reload","text":""},{"location":"reference/pwndbg/commands/reload/#pwndbg.commands.reload","title":"reload","text":"Functions:
"},{"location":"reference/pwndbg/commands/reload/#pwndbg.commands.reload.rreload","title":"rreload","text":"rreload(module, _exclude_mods=None) -> None\n
Recursively reload modules. Impl based on https://stackoverflow.com/a/66661311/1508881
"},{"location":"reference/pwndbg/commands/reload/#pwndbg.commands.reload.reload","title":"reload","text":"reload(*a) -> None\n
"},{"location":"reference/pwndbg/commands/reload/#pwndbg.commands.reload.reinit_pwndbg","title":"reinit_pwndbg","text":"reinit_pwndbg() -> None\n
Makes pwndbg reinitialize all state.
"},{"location":"reference/pwndbg/commands/retaddr/","title":"pwndbg.commands.retaddr","text":""},{"location":"reference/pwndbg/commands/retaddr/#pwndbg.commands.retaddr","title":"retaddr","text":"Functions:
-
retaddr \u2013 -
stack_explore \u2013
"},{"location":"reference/pwndbg/commands/retaddr/#pwndbg.commands.retaddr.retaddr","title":"retaddr","text":"retaddr() -> None\n
"},{"location":"reference/pwndbg/commands/retaddr/#pwndbg.commands.retaddr.stack_explore","title":"stack_explore","text":"stack_explore() -> None\n
"},{"location":"reference/pwndbg/commands/rizin/","title":"pwndbg.commands.rizin","text":""},{"location":"reference/pwndbg/commands/rizin/#pwndbg.commands.rizin","title":"rizin","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/rizin/#pwndbg.commands.rizin.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Execute stateful rizin commands through rzpipe.\"\n)\n
"},{"location":"reference/pwndbg/commands/rizin/#pwndbg.commands.rizin.rz","title":"rz","text":"rz(arguments, no_seek=False, no_rebase=False) -> None\n
"},{"location":"reference/pwndbg/commands/rizin/#pwndbg.commands.rizin.rzpipe","title":"rzpipe","text":"rzpipe(arguments) -> None\n
"},{"location":"reference/pwndbg/commands/rop/","title":"pwndbg.commands.rop","text":""},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop","title":"rop","text":"Classes:
Functions:
-
split_range_to_chunks \u2013 -
parse_size \u2013 -
iterate_over_pages \u2013 -
rop \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Dump ROP gadgets with Jon Salwan's ROPgadget tool.\"\n)\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary","title":"RawMemoryBinary","text":"RawMemoryBinary(options, start_addr: int)\n
Bases: object
Methods:
-
getBinary \u2013 -
getFileName \u2013 -
getRawBinary \u2013 -
getEntryPoint \u2013 -
getExecSections \u2013 -
getDataSections \u2013 -
getArch \u2013 -
getArchMode \u2013 -
getEndian \u2013 -
getFormat \u2013
Attributes:
-
start_addr \u2013 -
cs \u2013
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.start_addr","title":"start_addr instance-attribute","text":"start_addr = start_addr\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.__fileName","title":"__fileName instance-attribute","text":"__fileName = binary\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.cs","title":"cs instance-attribute","text":"cs = get_disassembler(get_capstone_constants(pc))\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.__rawBinary","title":"__rawBinary instance-attribute","text":"__rawBinary = read()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getBinary","title":"getBinary","text":"getBinary()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getFileName","title":"getFileName","text":"getFileName()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getRawBinary","title":"getRawBinary","text":"getRawBinary()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getEntryPoint","title":"getEntryPoint","text":"getEntryPoint()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getExecSections","title":"getExecSections","text":"getExecSections()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getDataSections","title":"getDataSections","text":"getDataSections()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getArch","title":"getArch","text":"getArch()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getArchMode","title":"getArchMode","text":"getArchMode()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getEndian","title":"getEndian","text":"getEndian()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getFormat","title":"getFormat","text":"getFormat()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.split_range_to_chunks","title":"split_range_to_chunks","text":"split_range_to_chunks(\n range_start: int, range_end: int, chunk_size: int = 10 * 1024 * 1024\n) -> Iterator[tuple[int, int, int, int]]\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.parse_size","title":"parse_size","text":"parse_size(size_str: str) -> int\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.iterate_over_pages","title":"iterate_over_pages","text":"iterate_over_pages(mem_limit: int) -> Iterator[tuple[str, Page | None]]\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.rop","title":"rop","text":"rop(grep: str | None, memlimit: str, argument: list[str]) -> None\n
"},{"location":"reference/pwndbg/commands/ropper/","title":"pwndbg.commands.ropper","text":""},{"location":"reference/pwndbg/commands/ropper/#pwndbg.commands.ropper","title":"ropper","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/ropper/#pwndbg.commands.ropper.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='ROP gadget search with ropper.')\n
"},{"location":"reference/pwndbg/commands/ropper/#pwndbg.commands.ropper.ropper","title":"ropper","text":"ropper(argument) -> None\n
"},{"location":"reference/pwndbg/commands/saved_register_frames/","title":"pwndbg.commands.saved_register_frames","text":""},{"location":"reference/pwndbg/commands/saved_register_frames/#pwndbg.commands.saved_register_frames","title":"saved_register_frames","text":"Functions:
-
print_saved_register_frame \u2013 -
dump_register_frame \u2013
Attributes:
-
VALID_FRAME_TYPES \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/saved_register_frames/#pwndbg.commands.saved_register_frames.VALID_FRAME_TYPES","title":"VALID_FRAME_TYPES module-attribute","text":"VALID_FRAME_TYPES = {\n \"armcm-exception\": ARM_CORTEX_M_EXCEPTION_STACK,\n \"armcm-exception2\": ARM_CORTEX_M_EXCEPTION_STACK,\n}\n
"},{"location":"reference/pwndbg/commands/saved_register_frames/#pwndbg.commands.saved_register_frames.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Display the registers saved to memory for a certain frame type\"\n)\n
"},{"location":"reference/pwndbg/commands/saved_register_frames/#pwndbg.commands.saved_register_frames.print_saved_register_frame","title":"print_saved_register_frame","text":"print_saved_register_frame(\n context: SavedRegisterFrame, address: int = None, print_address=False\n)\n
"},{"location":"reference/pwndbg/commands/saved_register_frames/#pwndbg.commands.saved_register_frames.dump_register_frame","title":"dump_register_frame","text":"dump_register_frame(\n frame_type: str, address: int = None, print_address=False\n) -> None\n
"},{"location":"reference/pwndbg/commands/search/","title":"pwndbg.commands.search","text":""},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search","title":"search","text":"Functions:
Attributes:
-
saved (set[int]) \u2013 -
auto_save \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.saved","title":"saved module-attribute","text":"saved: set[int] = set()\n
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.auto_save","title":"auto_save module-attribute","text":"auto_save = add_param(\n \"auto-save-search\", False, 'automatically pass --save to \"search\" command'\n)\n
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Search memory for byte sequences, strings, pointers, and integer values.\\n\\nBy default search results are cached. If you want to cache all results, but only print a subset, use --trunc-out. If you want to cache only a subset of results, and print the results immediately, use --limit. The latter is specially useful if you're searching a huge section of memory.\\n\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.print_search_hit","title":"print_search_hit","text":"print_search_hit(address: int) -> None\n
Prints out a single search hit.
Parameters:
-
address (int) \u2013 Address to print
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.search","title":"search","text":"search(\n type,\n arch,\n asmbp,\n hex,\n executable,\n writable,\n step,\n limit,\n aligned,\n value,\n mapping_name,\n save,\n next,\n trunc_out,\n) -> None\n
"},{"location":"reference/pwndbg/commands/segments/","title":"pwndbg.commands.segments","text":""},{"location":"reference/pwndbg/commands/segments/#pwndbg.commands.segments","title":"segments","text":"Functions:
"},{"location":"reference/pwndbg/commands/segments/#pwndbg.commands.segments.fsbase","title":"fsbase","text":"fsbase() -> None\n
Prints out the FS base address. See also $fsbase.
"},{"location":"reference/pwndbg/commands/segments/#pwndbg.commands.segments.gsbase","title":"gsbase","text":"gsbase() -> None\n
Prints out the GS base address. See also $gsbase.
"},{"location":"reference/pwndbg/commands/sigreturn/","title":"pwndbg.commands.sigreturn","text":""},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn","title":"sigreturn","text":"Functions:
-
sigreturn \u2013 -
print_value \u2013
Attributes:
-
SIGRETURN_FRAME_LAYOUTS (dict[str, list[tuple[int, str]]]) \u2013 -
SIGRETURN_CORE_REGISTER (dict[str, set[str]]) \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.SIGRETURN_FRAME_LAYOUTS","title":"SIGRETURN_FRAME_LAYOUTS module-attribute","text":"SIGRETURN_FRAME_LAYOUTS: dict[str, list[tuple[int, str]]] = {\n \"x86-64\": sorted([(-8, \"&pretcode\")] + list(items())),\n \"i386\": sorted(items()),\n \"aarch64\": sorted(items()),\n \"arm\": sorted(items()),\n}\n
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.SIGRETURN_CORE_REGISTER","title":"SIGRETURN_CORE_REGISTER module-attribute","text":"SIGRETURN_CORE_REGISTER: dict[str, set[str]] = {\n \"x86-64\": {*gpr, frame, stack, pc},\n \"i386\": {*gpr, frame, stack, pc},\n \"aarch64\": {*gpr, \"sp\", \"pc\"},\n \"arm\": {*gpr, \"fp\", \"ip\", \"sp\", \"lr\", \"pc\"},\n}\n
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Display the SigreturnFrame at the specific address\"\n)\n
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.sigreturn","title":"sigreturn","text":"sigreturn(address: int = None, display_all=False, print_address=False) -> None\n
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.print_value","title":"print_value","text":"print_value(string: str, address: int, print_address) -> None\n
"},{"location":"reference/pwndbg/commands/slab/","title":"pwndbg.commands.slab","text":""},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab","title":"slab","text":"Commands for dealing with Linux kernel slab allocator. Currently, only SLUB is supported.
Some of the code here was inspired from NeatMonster/slabdbg Some of the code here was inspired from osandov/drgn
Functions:
Attributes:
-
parser \u2013 -
subparsers \u2013 -
parser_list \u2013 -
parser_info \u2013 -
parser_contains \u2013
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Prints information about the linux kernel's slab allocator SLUB.\"\n)\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.subparsers","title":"subparsers module-attribute","text":"subparsers = add_subparsers(dest='command')\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.parser_list","title":"parser_list module-attribute","text":"parser_list = add_parser('list', prog='slab list')\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.parser_info","title":"parser_info module-attribute","text":"parser_info = add_parser('info', prog='slab info')\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.parser_contains","title":"parser_contains module-attribute","text":"parser_contains = add_parser('contains', prog='slab contains')\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab","title":"slab","text":"slab(\n command,\n filter_=None,\n names=None,\n verbose=False,\n addresses=None,\n cpu=None,\n node=None,\n partial_only=False,\n active_only=False,\n) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.print_slab","title":"print_slab","text":"print_slab(\n slab: Slab, indent, verbose: bool, freelist: Freelist = None\n) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.print_cpu_cache","title":"print_cpu_cache","text":"print_cpu_cache(\n cpu_cache: CpuCache, verbose: bool, active: bool, partial: bool, indent\n) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.print_node_cache","title":"print_node_cache","text":"print_node_cache(node_cache: NodeCache, verbose: bool, indent) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab_info","title":"slab_info","text":"slab_info(\n name: str, verbose: bool, cpu: int, node: int, active: bool, partial: bool\n) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab_list","title":"slab_list","text":"slab_list(filter_) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab_contains","title":"slab_contains","text":"slab_contains(address: str) -> None\n
prints the slab_cache associated with the provided address
"},{"location":"reference/pwndbg/commands/spray/","title":"pwndbg.commands.spray","text":""},{"location":"reference/pwndbg/commands/spray/#pwndbg.commands.spray","title":"spray","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/spray/#pwndbg.commands.spray.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Spray memory with cyclic() generated values\"\n)\n
"},{"location":"reference/pwndbg/commands/spray/#pwndbg.commands.spray.spray","title":"spray","text":"spray(addr, length, value, only_funcptrs) -> None\n
"},{"location":"reference/pwndbg/commands/start/","title":"pwndbg.commands.start","text":""},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start","title":"start","text":"Launches the target process after setting a breakpoint at a convenient entry point.
Functions:
-
breakpoint_at_entry \u2013 -
start \u2013 -
entry \u2013 -
sstart \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description='\\nStart the debugged program stopping at its entrypoint address.\\n\\nNote that the entrypoint may not be the first instruction executed\\nby the program. If you want to stop on the first executed instruction,\\nuse the GDB\\'s `starti` command.\\n\\nArgs may include \"*\", or \"[...]\"; they are expanded using the\\nshell that will start the program (specified by the \"$SHELL\" environment\\nvariable). Input and output redirection with \">\", \"<\", or \">>\"\\nare also allowed.\\n\\nWith no arguments, uses arguments last specified (with \"run\" or\\n\"set args\"). To cancel previous arguments and run with no arguments,\\nuse \"set args\" without arguments.\\n\\nTo start the inferior without using a shell, use \"set startup-with-shell off\".\\n'\n)\n
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.breakpoint_at_entry","title":"breakpoint_at_entry","text":"breakpoint_at_entry()\n
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.start","title":"start","text":"start(args=None) -> None\n
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.entry","title":"entry","text":"entry(args=None) -> None\n
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.sstart","title":"sstart","text":"sstart() -> None\n
"},{"location":"reference/pwndbg/commands/strings/","title":"pwndbg.commands.strings","text":""},{"location":"reference/pwndbg/commands/strings/#pwndbg.commands.strings","title":"strings","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/strings/#pwndbg.commands.strings.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Extracts and displays ASCII strings from readable memory pages of the debugged process.\"\n)\n
"},{"location":"reference/pwndbg/commands/strings/#pwndbg.commands.strings.strings","title":"strings","text":"strings(n: int = 4, page_names: list[str] = [], save_as: str = None)\n
"},{"location":"reference/pwndbg/commands/telescope/","title":"pwndbg.commands.telescope","text":""},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope","title":"telescope","text":"Prints out pointer chains starting at some address in memory.
Generally used to print out the stack or register values.
Functions:
Attributes:
-
telescope_lines \u2013 -
skip_repeating_values \u2013 -
skip_repeating_values_minimum \u2013 -
print_framepointer_offset \u2013 -
print_retaddr_in_frame \u2013 -
dont_skip_registers \u2013 -
offset_separator \u2013 -
offset_delimiter \u2013 -
repeating_marker \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.telescope_lines","title":"telescope_lines module-attribute","text":"telescope_lines = add_param(\n \"telescope-lines\", 8, \"number of lines to printed by the telescope command\"\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.skip_repeating_values","title":"skip_repeating_values module-attribute","text":"skip_repeating_values = add_param(\n \"telescope-skip-repeating-val\",\n True,\n \"whether to skip repeating values of the telescope command\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.skip_repeating_values_minimum","title":"skip_repeating_values_minimum module-attribute","text":"skip_repeating_values_minimum = add_param(\n \"telescope-skip-repeating-val-min\",\n 3,\n \"minimum amount of repeated values before skipping lines\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.print_framepointer_offset","title":"print_framepointer_offset module-attribute","text":"print_framepointer_offset = add_param(\n \"telescope-framepointer-offset\",\n True,\n \"print offset to framepointer for each address, if sufficiently small\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.print_retaddr_in_frame","title":"print_retaddr_in_frame module-attribute","text":"print_retaddr_in_frame = add_param(\n \"telescope-frame-print-retaddr\",\n True,\n \"print one pointer past the stack frame\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.dont_skip_registers","title":"dont_skip_registers module-attribute","text":"dont_skip_registers = add_param(\n \"telescope-dont-skip-registers\",\n True,\n \"don't skip a repeated line if a registers points to it\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.offset_separator","title":"offset_separator module-attribute","text":"offset_separator = add_param(\n \"telescope-offset-separator\",\n \"\u2502\",\n \"offset separator of the telescope command\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.offset_delimiter","title":"offset_delimiter module-attribute","text":"offset_delimiter = add_param(\n \"telescope-offset-delimiter\",\n \":\",\n \"offset delimiter of the telescope command\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.repeating_marker","title":"repeating_marker module-attribute","text":"repeating_marker = add_param(\n \"telescope-repeating-marker\",\n \"... \u2193\",\n \"repeating values marker of the telescope command\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Dereferences on stack data, printing the entire stack frame with specified count and offset .\"\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.telescope","title":"telescope","text":"telescope(\n address=None,\n count=telescope_lines,\n to_string=False,\n reverse=False,\n frame=False,\n inverse=False,\n)\n
Recursively dereferences pointers starting at the specified address ($sp by default)
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.regs_or_frame_offset","title":"regs_or_frame_offset","text":"regs_or_frame_offset(\n addr: int, bp: int | None, regs: dict[int, str], longest_regs: int\n) -> str\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.stack","title":"stack","text":"stack(count, offset, frame, inverse) -> None\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.stackf","title":"stackf","text":"stackf(count, offset) -> None\n
"},{"location":"reference/pwndbg/commands/tips/","title":"pwndbg.commands.tips","text":""},{"location":"reference/pwndbg/commands/tips/#pwndbg.commands.tips","title":"tips","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/tips/#pwndbg.commands.tips.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Shows tips.')\n
"},{"location":"reference/pwndbg/commands/tips/#pwndbg.commands.tips.tips","title":"tips","text":"tips(all: bool) -> None\n
"},{"location":"reference/pwndbg/commands/tls/","title":"pwndbg.commands.tls","text":""},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls","title":"tls","text":"Command to print the information of the current Thread Local Storage (TLS).
Functions:
-
tls \u2013 -
threads \u2013
Attributes:
-
parser \u2013 -
group \u2013
"},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"List all threads belonging to the selected inferior.\"\n)\n
"},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls.group","title":"group module-attribute","text":"group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls.tls","title":"tls","text":"tls(pthread_self=False, all: bool = False) -> None\n
"},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls.threads","title":"threads","text":"threads(num_threads, respect_config) -> None\n
"},{"location":"reference/pwndbg/commands/valist/","title":"pwndbg.commands.valist","text":""},{"location":"reference/pwndbg/commands/valist/#pwndbg.commands.valist","title":"valist","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/valist/#pwndbg.commands.valist.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Dumps the arguments of a va_list.')\n
"},{"location":"reference/pwndbg/commands/valist/#pwndbg.commands.valist.valist","title":"valist","text":"valist(addr: int, count: int) -> None\n
"},{"location":"reference/pwndbg/commands/version/","title":"pwndbg.commands.version","text":""},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version","title":"version","text":"Implements version and bugreport commands.
Functions:
Attributes:
-
bugreport_parser \u2013 -
bugreport_group \u2013
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.bugreport_parser","title":"bugreport_parser module-attribute","text":"bugreport_parser = ArgumentParser(description='Generate a bug report.')\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.bugreport_group","title":"bugreport_group module-attribute","text":"bugreport_group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.os_info","title":"os_info","text":"os_info()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.module_version","title":"module_version","text":"module_version(module)\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.debugger_version","title":"debugger_version","text":"debugger_version()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.all_versions","title":"all_versions","text":"all_versions()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_target_arch","title":"get_target_arch","text":"get_target_arch()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_terminal_size","title":"get_terminal_size","text":"get_terminal_size()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.version_impl","title":"version_impl","text":"version_impl() -> None\n
Implementation of the version command.
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.version","title":"version","text":"version() -> None\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.bugreport","title":"bugreport","text":"bugreport(run_browser=False, use_gh=False)\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_debugger_configuration","title":"get_debugger_configuration","text":"get_debugger_configuration()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_debugger_session_history","title":"get_debugger_session_history","text":"get_debugger_session_history()\n
"},{"location":"reference/pwndbg/commands/vmmap/","title":"pwndbg.commands.vmmap","text":""},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap","title":"vmmap","text":"Command to print the virtual memory map a la /proc/self/maps.
Functions:
-
pages_filter \u2013 -
print_vmmap_table_header \u2013 Prints the table header for the vmmap command.
-
print_vmmap_gaps_table_header \u2013 Prints the table header for the vmmap --gaps command.
-
calculate_total_memory \u2013 -
gap_text \u2013 -
print_map \u2013 -
print_adjacent_map \u2013 -
print_guard \u2013 -
print_gap \u2013 -
print_vmmap_gaps \u2013 Indicates the size of adjacent memory regions and unmapped gaps between them in process memory
-
vmmap \u2013 -
vmmap_add \u2013 -
vmmap_explore \u2013 -
vmmap_clear \u2013 -
vmmap_load \u2013
Attributes:
-
integer_types \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.integer_types","title":"integer_types module-attribute","text":"integer_types = (int, Value)\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Load virtual memory map pages from ELF file.\"\n)\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.pages_filter","title":"pages_filter","text":"pages_filter(gdbval_or_str)\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_vmmap_table_header","title":"print_vmmap_table_header","text":"print_vmmap_table_header() -> None\n
Prints the table header for the vmmap command.
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_vmmap_gaps_table_header","title":"print_vmmap_gaps_table_header","text":"print_vmmap_gaps_table_header() -> None\n
Prints the table header for the vmmap --gaps command.
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.calculate_total_memory","title":"calculate_total_memory","text":"calculate_total_memory(pages: tuple[Page, ...]) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.gap_text","title":"gap_text","text":"gap_text(page: Page) -> str\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_map","title":"print_map","text":"print_map(page: Page) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_adjacent_map","title":"print_adjacent_map","text":"print_adjacent_map(map_start: Page, map_end: Page) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_guard","title":"print_guard","text":"print_guard(page: Page) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_gap","title":"print_gap","text":"print_gap(current: Page, last_map: Page)\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_vmmap_gaps","title":"print_vmmap_gaps","text":"print_vmmap_gaps(pages: tuple[Page, ...]) -> None\n
Indicates the size of adjacent memory regions and unmapped gaps between them in process memory
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap","title":"vmmap","text":"vmmap(\n gdbval_or_str=None,\n writable=False,\n executable=False,\n lines_after=1,\n lines_before=1,\n context=None,\n gaps=False,\n) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_add","title":"vmmap_add","text":"vmmap_add(start: int, size: int, flags: str, offset: int) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_explore","title":"vmmap_explore","text":"vmmap_explore(address: int) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_clear","title":"vmmap_clear","text":"vmmap_clear() -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_load","title":"vmmap_load","text":"vmmap_load(filename) -> None\n
"},{"location":"reference/pwndbg/commands/windbg/","title":"pwndbg.commands.windbg","text":""},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg","title":"windbg","text":"Compatibility functionality for WinDbg users.
Functions:
-
enhex \u2013 -
db \u2013 Starting at the specified address, dump N bytes
-
dw \u2013 Starting at the specified address, dump N words
-
dd \u2013 Starting at the specified address, dump N dwords
-
dq \u2013 Starting at the specified address, dump N qwords
-
dc \u2013 -
dX \u2013 Traditionally, windbg will display 16 bytes of data per line.
-
eb \u2013 Write hex bytes at the specified address.
-
ew \u2013 Write hex words at the specified address.
-
ed \u2013 Write hex dwords at the specified address.
-
eq \u2013 Write hex qwords at the specified address.
-
ez \u2013 Write a character at the specified address.
-
eza \u2013 Write a string at the specified address.
-
eX \u2013 This relies on windbg's default hex encoding being enforced
-
dds \u2013 Dump pointers and symbols at the specified address.
-
da \u2013 -
ds \u2013 -
bl \u2013 List breakpoints
-
bd \u2013 Disable the breakpoint with the specified index.
-
be \u2013 Enable the breakpoint with the specified index.
-
bc \u2013 Clear the breakpoint with the specified index.
-
bp \u2013 -
k \u2013 Print a backtrace (alias 'bt')
-
go \u2013 WinDbg compatibility alias for 'continue' command.
-
ln \u2013 List the symbols nearest to the provided value.
-
peb \u2013 -
pc \u2013 WinDbg compatibility alias for 'nextcall' command.
Attributes:
-
da_parser \u2013 -
ds_parser \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.da_parser","title":"da_parser module-attribute","text":"da_parser = ArgumentParser(\n description=\"Dump a string at the specified address.\"\n)\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ds_parser","title":"ds_parser module-attribute","text":"ds_parser = ArgumentParser(\n description=\"Dump a string at the specified address.\"\n)\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"List the symbols nearest to the provided value.\"\n)\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.enhex","title":"enhex","text":"enhex(size, value)\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.db","title":"db","text":"db(address, count=64)\n
Starting at the specified address, dump N bytes (default 64).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dw","title":"dw","text":"dw(address, count=32)\n
Starting at the specified address, dump N words (default 32).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dd","title":"dd","text":"dd(address, count=16)\n
Starting at the specified address, dump N dwords (default 16).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dq","title":"dq","text":"dq(address, count=8)\n
Starting at the specified address, dump N qwords (default 8).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dc","title":"dc","text":"dc(address, count=8)\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dX","title":"dX","text":"dX(size, address, count, to_string=False, repeat=False)\n
Traditionally, windbg will display 16 bytes of data per line.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eb","title":"eb","text":"eb(address, data)\n
Write hex bytes at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ew","title":"ew","text":"ew(address, data)\n
Write hex words at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ed","title":"ed","text":"ed(address, data)\n
Write hex dwords at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eq","title":"eq","text":"eq(address, data)\n
Write hex qwords at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ez","title":"ez","text":"ez(address, data)\n
Write a character at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eza","title":"eza","text":"eza(address, data)\n
Write a string at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eX","title":"eX","text":"eX(size, address, data, hex=True) -> None\n
This relies on windbg's default hex encoding being enforced
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dds","title":"dds","text":"dds(addr)\n
Dump pointers and symbols at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.da","title":"da","text":"da(address, max) -> None\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ds","title":"ds","text":"ds(address, max) -> None\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bl","title":"bl","text":"bl() -> None\n
List breakpoints
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bd","title":"bd","text":"bd(which='*') -> None\n
Disable the breakpoint with the specified index.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.be","title":"be","text":"be(which='*') -> None\n
Enable the breakpoint with the specified index.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bc","title":"bc","text":"bc(which='*') -> None\n
Clear the breakpoint with the specified index.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bp","title":"bp","text":"bp(where) -> None\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.k","title":"k","text":"k() -> None\n
Print a backtrace (alias 'bt')
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.go","title":"go","text":"go() -> None\n
WinDbg compatibility alias for 'continue' command.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ln","title":"ln","text":"ln(value: int = None) -> None\n
List the symbols nearest to the provided value.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.peb","title":"peb","text":"peb() -> None\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.pc","title":"pc","text":"pc()\n
WinDbg compatibility alias for 'nextcall' command.
"},{"location":"reference/pwndbg/commands/xinfo/","title":"pwndbg.commands.xinfo","text":""},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo","title":"xinfo","text":"Functions:
-
print_line \u2013 -
xinfo_stack \u2013 -
xinfo_mmap_file \u2013 -
xinfo_default \u2013 -
xinfo \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Shows offsets of the specified address from various useful locations.\"\n)\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.print_line","title":"print_line","text":"print_line(name, addr, first, second, op, width=20) -> None\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo_stack","title":"xinfo_stack","text":"xinfo_stack(page: Page, addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo_mmap_file","title":"xinfo_mmap_file","text":"xinfo_mmap_file(page: Page, addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo_default","title":"xinfo_default","text":"xinfo_default(page: Page, addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo","title":"xinfo","text":"xinfo(address=None) -> None\n
"},{"location":"reference/pwndbg/commands/xor/","title":"pwndbg.commands.xor","text":""},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor","title":"xor","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Memfrobs a region of memory (xor with '*').\"\n)\n
"},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor.xor_memory","title":"xor_memory","text":"xor_memory(address, key, count)\n
Helper function for xorring memory in gdb
"},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor.xor","title":"xor","text":"xor(address, key, count) -> None\n
"},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor.memfrob","title":"memfrob","text":"memfrob(address, count)\n
"},{"location":"reference/pwndbg/dbg/","title":"pwndbg.dbg","text":""},{"location":"reference/pwndbg/dbg/#pwndbg.dbg","title":"dbg","text":"The abstracted debugger interface.
Modules:
Classes:
-
Error \u2013 -
DisassembledInstruction \u2013 -
DebuggerType \u2013 -
StopPoint \u2013 The handle to either an insalled breakpoint or watchpoint.
-
BreakpointLocation \u2013 This is the location specification for a breakpoint.
-
WatchpointLocation \u2013 This is the location specification for a watchpoint.
-
Registers \u2013 A handle to the register values in a frame.
-
SymbolLookupType \u2013 Enum representing types of symbol lookups for filtering symbol searches.
-
Frame \u2013 -
Thread \u2013 -
MemoryMap \u2013 A wrapper around a sequence of memory ranges
-
ExecutionController \u2013 -
Process \u2013 -
TypeCode \u2013 Broad categories of types.
-
TypeField \u2013 The fields in a structured type.
-
Type \u2013 Class representing a type in the context of an inferior process.
-
Value \u2013 Class representing a value in the context of an inferior process.
-
CommandHandle \u2013 An opaque handle to an installed command.
-
EventType \u2013 Events that can be listened for and reacted to in a debugger.
-
Debugger \u2013 The base class representing a debugger.
Functions:
Attributes:
-
dbg (Debugger) \u2013 -
T \u2013
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.dbg","title":"dbg module-attribute","text":"dbg: Debugger = None\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Error","title":"Error","text":" Bases: Exception
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DisassembledInstruction","title":"DisassembledInstruction","text":" Bases: TypedDict
Attributes:
-
addr (int) \u2013 -
asm (str) \u2013 -
length (int) \u2013
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DisassembledInstruction.addr","title":"addr instance-attribute","text":"addr: int\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DisassembledInstruction.asm","title":"asm instance-attribute","text":"asm: str\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DisassembledInstruction.length","title":"length instance-attribute","text":"length: int\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DebuggerType","title":"DebuggerType","text":" Bases: Enum
Attributes:
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DebuggerType.GDB","title":"GDB class-attribute instance-attribute","text":"GDB = 1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DebuggerType.LLDB","title":"LLDB class-attribute instance-attribute","text":"LLDB = 2\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint","title":"StopPoint","text":"The handle to either an insalled breakpoint or watchpoint.
May be used in a with statement, in which case the stop point is automatically removed at the end of the statement. This allows for easy implementation of temporary breakpoints.
Methods:
-
remove \u2013 Removes the breakpoint associated with this handle.
-
set_enabled \u2013 Enables or disables this breakpoint.
-
__enter__ \u2013 -
__exit__ \u2013 Automatic breakpoint removal.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint.remove","title":"remove","text":"remove() -> None\n
Removes the breakpoint associated with this handle.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint.set_enabled","title":"set_enabled","text":"set_enabled(enabled: bool) -> None\n
Enables or disables this breakpoint.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint.__enter__","title":"__enter__","text":"__enter__() -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint.__exit__","title":"__exit__","text":"__exit__(exc_type, exc_value, traceback) -> None\n
Automatic breakpoint removal.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.BreakpointLocation","title":"BreakpointLocation","text":"BreakpointLocation(address: int)\n
This is the location specification for a breakpoint.
Methods:
Attributes:
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.BreakpointLocation.address","title":"address instance-attribute","text":"address: int = address\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.BreakpointLocation.__eq__","title":"__eq__","text":"__eq__(other: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation","title":"WatchpointLocation","text":"WatchpointLocation(\n address: int, size: int, watch_read: bool, watch_write: bool\n)\n
This is the location specification for a watchpoint.
Attributes:
-
address (int) \u2013 -
size (int) \u2013 -
watch_read (bool) \u2013 -
watch_write (bool) \u2013
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation.address","title":"address instance-attribute","text":"address: int = address\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation.size","title":"size instance-attribute","text":"size: int = size\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation.watch_read","title":"watch_read instance-attribute","text":"watch_read: bool = watch_read\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation.watch_write","title":"watch_write instance-attribute","text":"watch_write: bool = watch_write\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Registers","title":"Registers","text":"A handle to the register values in a frame.
Methods:
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Registers.by_name","title":"by_name","text":"by_name(name: str) -> Value | None\n
Gets the value of a register if it exists, None otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.SymbolLookupType","title":"SymbolLookupType","text":" Bases: Enum
Enum representing types of symbol lookups for filtering symbol searches.
Attributes: - ANY: Represents searching for any symbol type (default). - FUNCTION: Represents searching specifically for function symbols. - VARIABLE: Represents searching specifically for variable symbols.
Attributes:
-
ANY \u2013 -
FUNCTION \u2013 -
VARIABLE \u2013
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.SymbolLookupType.ANY","title":"ANY class-attribute instance-attribute","text":"ANY = 1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.SymbolLookupType.FUNCTION","title":"FUNCTION class-attribute instance-attribute","text":"FUNCTION = 2\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.SymbolLookupType.VARIABLE","title":"VARIABLE class-attribute instance-attribute","text":"VARIABLE = 3\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame","title":"Frame","text":"Methods:
-
lookup_symbol \u2013 Looks up and returns the address of a symbol in current frame by its name.
-
evaluate_expression \u2013 Evaluate the given expression in the context of this frame, and
-
regs \u2013 Access the values of the registers in this frame.
-
reg_write \u2013 Sets the value of the register with the given name to the given value.
-
pc \u2013 The value of the program counter for this frame.
-
sp \u2013 The value of the stack pointer for this frame.
-
parent \u2013 The parent frame of this frame, if it exists.
-
child \u2013 The child frame of this frame, if it exists.
-
sal \u2013 The filename of the source code file associated with this frame, and the
-
__eq__ \u2013 Whether this frame is the same as the given frame. Two frames are the
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.lookup_symbol","title":"lookup_symbol","text":"lookup_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\n
Looks up and returns the address of a symbol in current frame by its name.
Parameters: - name (str): The name of the symbol to look up. - type (SymbolLookupType, optional): The type of symbol to search for. Defaults to SymbolLookupType.ANY.
Returns: - pwndbg.dbg_mod.Value | None: The value of the symbol if found, or None if not found.
Raises: - pwndbg.dbg_mod.Error: If symbol name contains invalid characters
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.evaluate_expression","title":"evaluate_expression","text":"evaluate_expression(expression: str, lock_scheduler: bool = False) -> Value\n
Evaluate the given expression in the context of this frame, and return a Value.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.evaluate_expression--lock_scheduler","title":"lock_scheduler","text":"Additionally, callers of this function might specify that they want to enable scheduler locking during the evaluation of this expression. This is a GDB-only option, and is intended for cases in which the result would be incorrect without it enabled, when running in GDB. Other debuggers should ignore this parameter.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.regs","title":"regs","text":"regs() -> Registers\n
Access the values of the registers in this frame.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.reg_write","title":"reg_write","text":"reg_write(name: str, val: int) -> bool\n
Sets the value of the register with the given name to the given value. Returns true if the register exists, false othewise. Throws an exception if the register exists but cannot be written to.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.pc","title":"pc","text":"pc() -> int\n
The value of the program counter for this frame.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.sp","title":"sp","text":"sp() -> int\n
The value of the stack pointer for this frame.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.parent","title":"parent","text":"parent() -> Frame | None\n
The parent frame of this frame, if it exists.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.child","title":"child","text":"child() -> Frame | None\n
The child frame of this frame, if it exists.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.sal","title":"sal","text":"sal() -> tuple[str, int] | None\n
The filename of the source code file associated with this frame, and the line number associated with it, if available.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.__eq__","title":"__eq__","text":"__eq__(rhs: object) -> bool\n
Whether this frame is the same as the given frame. Two frames are the same if they point to the same stack frame and have the same execution context.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Thread","title":"Thread","text":"Methods:
-
bottom_frame \u2013 Frame at the bottom of the call stack for this thread.
-
ptid \u2013 The PTID of this thread, if available.
-
index \u2013 The unique index of this thread from the perspective of the debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Thread.bottom_frame","title":"bottom_frame","text":"bottom_frame() -> Iterator[Frame]\n
Frame at the bottom of the call stack for this thread.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Thread.ptid","title":"ptid","text":"ptid() -> int | None\n
The PTID of this thread, if available.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Thread.index","title":"index","text":"index() -> int\n
The unique index of this thread from the perspective of the debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap","title":"MemoryMap","text":"MemoryMap(pages: Sequence[Page])\n
A wrapper around a sequence of memory ranges
Methods:
Attributes:
-
pages (tuple[Page, ...]) \u2013
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap.pages","title":"pages instance-attribute","text":"pages: tuple[Page, ...] = tuple(pages)\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap.is_qemu","title":"is_qemu","text":"is_qemu() -> bool\n
Returns whether this memory map was generated from a QEMU target.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap.ranges","title":"ranges","text":"ranges() -> Sequence[Page]\n
Returns all ranges in this memory map.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap.lookup_page","title":"lookup_page","text":"lookup_page(address: int) -> Page | None\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.ExecutionController","title":"ExecutionController","text":"Methods:
-
single_step \u2013 Steps to the next instruction.
-
cont \u2013 Continues execution until the given breakpoint or whatchpoint is hit.
-
cont_selected_thread \u2013 Continues execution on single thread until the given breakpoint or whatchpoint is hit.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.ExecutionController.single_step","title":"single_step","text":"single_step() -> Awaitable[None]\n
Steps to the next instruction.
Throws CancelledError if a breakpoint or watchpoint is hit, the program exits, or if any other unexpected event that diverts execution happens while fulfulling the step.
FIXME GDB: On GDB stepi will execute other threads. On LLDB not. Please use set scheduler-locking step
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.ExecutionController.cont","title":"cont","text":"cont(until: StopPoint) -> Awaitable[None]\n
Continues execution until the given breakpoint or whatchpoint is hit. Continues execution on all threads.
Throws CancelledError if a breakpoint or watchpoint is hit that is not the one given in until, the program exits, or if any other unexpected event happens.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.ExecutionController.cont_selected_thread","title":"cont_selected_thread","text":"cont_selected_thread(until: StopPoint) -> Awaitable[None]\n
Continues execution on single thread until the given breakpoint or whatchpoint is hit. Continues execution on selected thread.
Throws CancelledError if a breakpoint or watchpoint is hit that is not the one given in until, the program exits, or if any other unexpected event happens.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process","title":"Process","text":"Methods:
-
threads \u2013 Returns a list containing the threads in this process.
-
pid \u2013 Returns the process ID of this process if it is alive.
-
alive \u2013 Returns whether this process is alive.
-
stopped_with_signal \u2013 Returns whether this process was stopped by a signal.
-
evaluate_expression \u2013 Evaluate the given expression in the context of the current process, and
-
vmmap \u2013 Returns the virtual memory map of this process.
-
read_memory \u2013 Reads the requested number of bytes from the address given in the memory
-
write_memory \u2013 Writes as many bytes from the given data buffer as possible into the
-
find_in_memory \u2013 Searches for a bit pattern in the memory space of the process. The bit
-
is_remote \u2013 Returns whether this process is a remote process connected to using the
-
send_remote \u2013 Sends the given packet to the GDB remote debugging protocol server.
-
send_monitor \u2013 Sends the given monitor command to the GDB remote debugging protocol
-
download_remote_file \u2013 Downloads the given file from the remote host and saves it to the local
-
create_value \u2013 Create a new value in the context of this process, with the given value
-
symbol_name_at_address \u2013 Returns the name of the symbol at the given address in the program, if
-
lookup_symbol \u2013 Looks up and returns the address of a symbol by its name.
-
types_with_name \u2013 Returns a list of all types in this process that match the given name.
-
arch \u2013 The default architecture of this process.
-
break_at \u2013 Install a breakpoint or watchpoint at the given location.
-
is_linux \u2013 Returns whether the current ABI is GNU/Linux.
-
disasm \u2013 Returns the disassembled instruction at the given address in the address
-
module_section_locations \u2013 Return a list of (address, size, section_name, module_name) tuples for
-
main_module_name \u2013 Returns the name of the main module.
-
main_module_entry \u2013 Returns the entry point of the main module.
-
is_dynamically_linked \u2013 Returns whether this process makes use of dynamically linked libraries.
-
dispatch_execution_controller \u2013 Queues up the given execution controller-based coroutine for execution,
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.threads","title":"threads","text":"threads() -> list[Thread]\n
Returns a list containing the threads in this process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.pid","title":"pid","text":"pid() -> int | None\n
Returns the process ID of this process if it is alive.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.alive","title":"alive","text":"alive() -> bool\n
Returns whether this process is alive.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.stopped_with_signal","title":"stopped_with_signal","text":"stopped_with_signal() -> bool\n
Returns whether this process was stopped by a signal.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.evaluate_expression","title":"evaluate_expression","text":"evaluate_expression(expression: str) -> Value\n
Evaluate the given expression in the context of the current process, and return a Value.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.vmmap","title":"vmmap","text":"vmmap() -> MemoryMap\n
Returns the virtual memory map of this process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.read_memory","title":"read_memory","text":"read_memory(address: int, size: int, partial: bool = False) -> bytearray\n
Reads the requested number of bytes from the address given in the memory space of this process. Will read as many bytes as possible starting at that location, and returns how many were read.
Throws an exception if reading fails and partial is False.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.write_memory","title":"write_memory","text":"write_memory(address: int, data: bytearray, partial: bool = False) -> int\n
Writes as many bytes from the given data buffer as possible into the given address in the memory space of this process.
Throws an exception if writing fails and partial is False.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.find_in_memory","title":"find_in_memory","text":"find_in_memory(\n pattern: bytearray,\n start: int,\n size: int,\n align: int,\n max_matches: int = -1,\n step: int = -1,\n) -> Generator[int, None, None]\n
Searches for a bit pattern in the memory space of the process. The bit pattern can be searched for in a given memory range, and with a given alignment. The maximum number of matches that will be generated is given by max_matches. A value of max_matches of -1 will generate all matches.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_remote","title":"is_remote","text":"is_remote() -> bool\n
Returns whether this process is a remote process connected to using the GDB remote debugging protocol.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.send_remote","title":"send_remote","text":"send_remote(packet: str) -> bytes\n
Sends the given packet to the GDB remote debugging protocol server. Should only be called if is_remote() is true.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.send_monitor","title":"send_monitor","text":"send_monitor(cmd: str) -> str\n
Sends the given monitor command to the GDB remote debugging protocol server. Should only be called if is_remote() is true.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.download_remote_file","title":"download_remote_file","text":"download_remote_file(remote_path: str, local_path: str) -> None\n
Downloads the given file from the remote host and saves it to the local given path. Should only be called if is_remote() is true.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.create_value","title":"create_value","text":"create_value(value: int, type: Type | None = None) -> Value\n
Create a new value in the context of this process, with the given value and, optionally, type. If no type is provided, one will be chosen automatically.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.symbol_name_at_address","title":"symbol_name_at_address","text":"symbol_name_at_address(address: int) -> str | None\n
Returns the name of the symbol at the given address in the program, if one exists.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.lookup_symbol","title":"lookup_symbol","text":"lookup_symbol(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> Value | None\n
Looks up and returns the address of a symbol by its name.
Parameters: - name (str): The name of the symbol to look up. - prefer_static (bool, optional): If True, prioritize symbols in the static block, if supported by the debugger. Defaults to False. - type (SymbolLookupType, optional): The type of symbol to search for. Defaults to SymbolLookupType.ANY. - objfile_endswith (str | None, optional): If specified, limits the search to the first object file whose name ends with the provided string.
Returns: - pwndbg.dbg_mod.Value | None: The value of the symbol if found, or None if not found.
Raises: - pwndbg.dbg_mod.Error: If no object file matching the objfile_endswith pattern is found.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.types_with_name","title":"types_with_name","text":"types_with_name(name: str) -> Sequence[Type]\n
Returns a list of all types in this process that match the given name.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.arch","title":"arch","text":"arch() -> ArchDefinition\n
The default architecture of this process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.break_at","title":"break_at","text":"break_at(\n location: BreakpointLocation | WatchpointLocation,\n stop_handler: Callable[[StopPoint], bool] | None = None,\n internal: bool = False,\n) -> StopPoint\n
Install a breakpoint or watchpoint at the given location.
The type of the location determines whether the newly created object is a watchpoint or a breakpoint. BreakpointLocation locations yield breakpoints, while WatchpointLocation locations yield watchpoints.
Aditionally, one may specify a stop handler function, to be run when the breakpoint or whatchpoint is hit, and that determines whether execution should stop. With a return value of True being interpreted as a signal to stop, and a return value of False being interpreted as a signal to continue execution. The extent of the actions that may be taken during the stop handler is determined by the debugger.
Marking a breakpoint or watchpoint as internal hints to the implementation that the created breakpoint or watchpoint should not be directly nameable by the user, and that it should not print any messages upon being triggered. Implementations should try to honor this hint, but they are not required to in case honoring it is either not possible or comes at a significant impact to performance.
This function returns a handle to the newly created breakpoint or watchpoint.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_linux","title":"is_linux","text":"is_linux() -> bool\n
Returns whether the current ABI is GNU/Linux.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.disasm","title":"disasm","text":"disasm(address: int) -> DisassembledInstruction | None\n
Returns the disassembled instruction at the given address in the address space of the running process, or None if there's no valid instruction at that address.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.module_section_locations","title":"module_section_locations","text":"module_section_locations() -> list[tuple[int, int, str, str]]\n
Return a list of (address, size, section_name, module_name) tuples for the loaded sections in every module of this process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.main_module_name","title":"main_module_name","text":"main_module_name() -> str | None\n
Returns the name of the main module.
On remote targets, this may be prefixed with \"target:\" string.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.main_module_entry","title":"main_module_entry","text":"main_module_entry() -> int | None\n
Returns the entry point of the main module.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_dynamically_linked","title":"is_dynamically_linked","text":"is_dynamically_linked() -> bool\n
Returns whether this process makes use of dynamically linked libraries.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_dynamically_linked--dynamically-linked","title":"\"dynamically linked\"","text":"What exactly it means to be \"dynamically linked\" here is a little ill-defined. Ideally, this function should return true if the process uses the default dynamic linker for the system, as that would better reflect whether the process uses dynamic linking.
Currently, though, Pwndbg expects it to behave the same as a check for the string \"No shared libraries loaded at this time.\" in the output of the info dll GDB command, which checks for the presence of other modules in the address space of the process, rather than whether or not the dynamic linker is used.
We should probably sort this out in the future.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.dispatch_execution_controller","title":"dispatch_execution_controller","text":"dispatch_execution_controller(\n procedure: Callable[[ExecutionController], Coroutine[Any, Any, None]],\n)\n
Queues up the given execution controller-based coroutine for execution, sometime between the calling of this function and the
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode","title":"TypeCode","text":" Bases: Enum
Broad categories of types.
Attributes:
-
INVALID \u2013 -
POINTER \u2013 -
ARRAY \u2013 -
STRUCT \u2013 -
TYPEDEF \u2013 -
UNION \u2013 -
INT \u2013 -
ENUM \u2013 -
FUNC \u2013 -
BOOL \u2013
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.INVALID","title":"INVALID class-attribute instance-attribute","text":"INVALID = -1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.POINTER","title":"POINTER class-attribute instance-attribute","text":"POINTER = 1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.ARRAY","title":"ARRAY class-attribute instance-attribute","text":"ARRAY = 2\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.STRUCT","title":"STRUCT class-attribute instance-attribute","text":"STRUCT = 3\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.TYPEDEF","title":"TYPEDEF class-attribute instance-attribute","text":"TYPEDEF = 4\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.UNION","title":"UNION class-attribute instance-attribute","text":"UNION = 5\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.INT","title":"INT class-attribute instance-attribute","text":"INT = 6\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.ENUM","title":"ENUM class-attribute instance-attribute","text":"ENUM = 7\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.FUNC","title":"FUNC class-attribute instance-attribute","text":"FUNC = 8\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.BOOL","title":"BOOL class-attribute instance-attribute","text":"BOOL = 9\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField","title":"TypeField","text":"TypeField(\n bitpos: int,\n name: str | None,\n type: Type,\n parent_type,\n enumval: int | None = None,\n artificial: bool = False,\n is_base_class: bool = False,\n bitsize: int = 0,\n)\n
The fields in a structured type.
Currently this is just a mirror of gdb.Field.
Attributes:
-
bitpos \u2013 -
name \u2013 -
type \u2013 -
parent_type \u2013 -
enumval \u2013 -
artificial \u2013 -
is_base_class \u2013 -
bitsize \u2013
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.bitpos","title":"bitpos instance-attribute","text":"bitpos = bitpos\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.name","title":"name instance-attribute","text":"name = name\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.type","title":"type instance-attribute","text":"type = type\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.parent_type","title":"parent_type instance-attribute","text":"parent_type = parent_type\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.enumval","title":"enumval instance-attribute","text":"enumval = enumval\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.artificial","title":"artificial instance-attribute","text":"artificial = artificial\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.is_base_class","title":"is_base_class instance-attribute","text":"is_base_class = is_base_class\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.bitsize","title":"bitsize instance-attribute","text":"bitsize = bitsize\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type","title":"Type","text":"Class representing a type in the context of an inferior process.
Methods:
-
func_arguments \u2013 Returns a list of function arguments type.
-
fields \u2013 List of all fields in this type, if it is a structured type.
-
has_field \u2013 Whether this type has a field with the given name.
-
array \u2013 Return a type that corresponds to an array whose elements have this type.
-
pointer \u2013 Return a pointer type that has this type as its pointee.
-
strip_typedefs \u2013 Return a type that corresponds to the base type after a typedef chain,
-
target \u2013 Return the target of this reference type, if this is a reference type.
-
keys \u2013 Returns a list containing all the field names of this type.
-
enum_member \u2013 Retrieve the integer value of an enum member.
-
offsetof \u2013 Calculate the byte offset of a field within a struct or union.
-
__eq__ \u2013 Returns True if types are the same
Attributes:
-
name_identifier (str | None) \u2013 Returns the identifier of this type, eg:
-
name_to_human_readable (str) \u2013 Returns the human friendly name of this type, eg:
-
array_len (int) \u2013 Get array length of this type.
-
sizeof (int) \u2013 The size of this type, in bytes.
-
alignof (int) \u2013 The alignment of this type, in bytes.
-
code (TypeCode) \u2013 What category of type this object belongs to.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.name_identifier","title":"name_identifier property","text":"name_identifier: str | None\n
Returns the identifier of this type, eg: - someStructName - someEnumName - someTypedefName
Returns None if the type is anonymous or does not have a name, such as: - Anonymous structs - Anonymous Typedefs - Basic types like char[], void, etc.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.name_to_human_readable","title":"name_to_human_readable property","text":"name_to_human_readable: str\n
Returns the human friendly name of this type, eg: - char [16] - int - char * - void * - fooStructName - barEnumName - barTypedefName
This function is not standardized, may return different names in gdb/lldb, eg: gdb: char [16] or char [50] or struct {...} lldb: char[16] or char[] or (anonymous struct)
You should not use this function. Only for human eyes.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.array_len","title":"array_len property","text":"array_len: int\n
Get array length of this type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.sizeof","title":"sizeof property","text":"sizeof: int\n
The size of this type, in bytes.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.alignof","title":"alignof property","text":"alignof: int\n
The alignment of this type, in bytes.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.code","title":"code property","text":"code: TypeCode\n
What category of type this object belongs to.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.func_arguments","title":"func_arguments","text":"func_arguments() -> list[Type] | None\n
Returns a list of function arguments type.
Returns:
Raises:
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.fields","title":"fields","text":"fields() -> list[TypeField]\n
List of all fields in this type, if it is a structured type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.has_field","title":"has_field","text":"has_field(name: str) -> bool\n
Whether this type has a field with the given name.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.array","title":"array","text":"array(count: int) -> Type\n
Return a type that corresponds to an array whose elements have this type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.pointer","title":"pointer","text":"pointer() -> Type\n
Return a pointer type that has this type as its pointee.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.strip_typedefs","title":"strip_typedefs","text":"strip_typedefs() -> Type\n
Return a type that corresponds to the base type after a typedef chain, if this is a typedef. Returns the type itself otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.target","title":"target","text":"target() -> Type\n
Return the target of this reference type, if this is a reference type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.keys","title":"keys","text":"keys() -> list[str]\n
Returns a list containing all the field names of this type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.enum_member","title":"enum_member","text":"enum_member(field_name: str) -> int | None\n
Retrieve the integer value of an enum member.
It returns: - integer value, when found field - returns None, If the field does not exist
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.offsetof","title":"offsetof","text":"offsetof(field_name: str) -> int | None\n
Calculate the byte offset of a field within a struct or union.
This method recursively traverses nested structures and unions, and it computes the byte-aligned offset for the specified field.
It returns: - offset in bytes if found - None if the field doesn't exist or if an unsupported alignment/bit-field is encountered
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.__eq__","title":"__eq__","text":"__eq__(rhs: object) -> bool\n
Returns True if types are the same
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value","title":"Value","text":"Class representing a value in the context of an inferior process.
Methods:
-
dereference \u2013 If this is a poitner value, dereferences the pointer and returns a new
-
string \u2013 If this value is a string, then this method converts it to a Python string.
-
value_to_human_readable \u2013 Converts a Value to a human-readable string representation.\n
-
fetch_lazy \u2013 Fetches the value if it is lazy, does nothing otherwise.
-
__int__ \u2013 Converts this value to an integer, if possible.
-
cast \u2013 Returns a new value with the same value as this object, but of the
-
__add__ \u2013 Adds an integer to this value, if that makes sense. Throws an exception
-
__sub__ \u2013 Subtract an integer from this value, if that makes sense. Throws an
-
__getitem__ \u2013 Gets the value with the given name that belongs to this value. For
Attributes:
-
address (Value | None) \u2013 The address of this value, in memory, if addressable, otherwise None.
-
is_optimized_out (bool) \u2013 Whether this value is present in debugging information, but has been
-
type (Type) \u2013 The type associated with this value.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.address","title":"address property","text":"address: Value | None\n
The address of this value, in memory, if addressable, otherwise None.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.is_optimized_out","title":"is_optimized_out property","text":"is_optimized_out: bool\n
Whether this value is present in debugging information, but has been optimized out of the actual program.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.type","title":"type property","text":"type: Type\n
The type associated with this value.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.dereference","title":"dereference","text":"dereference() -> Value\n
If this is a poitner value, dereferences the pointer and returns a new instance of Value, containing the value pointed to by this pointer.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.string","title":"string","text":"string() -> str\n
If this value is a string, then this method converts it to a Python string.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.value_to_human_readable","title":"value_to_human_readable","text":"value_to_human_readable() -> str\n
Converts a Value to a human-readable string representation.\n\n The format is similar to what is produced by the `str()` function for gdb.Value,\n displaying nested fields and pointers in a user-friendly way.\n\n **Usage Notes:**\n - This function is intended solely for displaying results to the user.\n - The output format may differ between debugger implementations (e.g., GDB vs LLDB),\n as each debugger may format values differently. For instance:\n - GDB might produce: '{\n
value = 0, inner = { next = 0x555555558098 } }' - LLDB might produce: '(inner_a_node) *$PWNDBG_CREATED_VALUE_0 = { value = 0 inner = { next = 0x0000555555558098 } }' - As such, this function should not be relied upon for parsing or programmatic use."},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.fetch_lazy","title":"fetch_lazy","text":"
fetch_lazy() -> None\n
Fetches the value if it is lazy, does nothing otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__int__","title":"__int__","text":"__int__() -> int\n
Converts this value to an integer, if possible.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.cast","title":"cast","text":"cast(type: Type | Any) -> Value\n
Returns a new value with the same value as this object, but of the given type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__add__","title":"__add__","text":"__add__(rhs: int) -> Value\n
Adds an integer to this value, if that makes sense. Throws an exception otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__sub__","title":"__sub__","text":"__sub__(rhs: int) -> Value\n
Subtract an integer from this value, if that makes sense. Throws an exception otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__getitem__","title":"__getitem__","text":"__getitem__(idx: int | str) -> Value\n
Gets the value with the given name that belongs to this value. For structure types, this is the field with the given name. For array types, this is the field at the given index. For pointer types, this is the value of *(ptr+idx).
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.CommandHandle","title":"CommandHandle","text":"An opaque handle to an installed command.
Methods:
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.CommandHandle.remove","title":"remove","text":"remove() -> None\n
Removes this command from the command palette of the debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType","title":"EventType","text":" Bases: Enum
Events that can be listened for and reacted to in a debugger.
The events types listed here are defined as follows START: This event is fired some time between the creation of or attachment to the process to be debugged, and the start of its execution.STOP: This event is fired after execution of the process has been suspended, but before control is returned to the user for interactive debugging.EXIT: This event is fired after the process being debugged has been detached from or has finished executing.MEMORY_CHANGED: This event is fired when the user interactively makes changes to the memory of the process being debugged.REGISTER_CHANGED: Like MEMORY_CHANGED, but for registers.CONTINUE: This event is fired after the user has requested for process execution to continue after it had been previously suspended.NEW_MODULE: This event is fired when a new application module has been encountered by the debugger. This usually happens when a new application module is loaded into the memory space of the process being debugged. In GDB terminology, these are called objfiles.
Attributes:
-
SUSPEND_ALL \u2013 -
START \u2013 -
STOP \u2013 -
EXIT \u2013 -
MEMORY_CHANGED \u2013 -
REGISTER_CHANGED \u2013 -
CONTINUE \u2013 -
NEW_MODULE \u2013
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.SUSPEND_ALL","title":"SUSPEND_ALL class-attribute instance-attribute","text":"SUSPEND_ALL = -1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.START","title":"START class-attribute instance-attribute","text":"START = 0\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.STOP","title":"STOP class-attribute instance-attribute","text":"STOP = 1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.EXIT","title":"EXIT class-attribute instance-attribute","text":"EXIT = 2\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.MEMORY_CHANGED","title":"MEMORY_CHANGED class-attribute instance-attribute","text":"MEMORY_CHANGED = 3\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.REGISTER_CHANGED","title":"REGISTER_CHANGED class-attribute instance-attribute","text":"REGISTER_CHANGED = 4\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.CONTINUE","title":"CONTINUE class-attribute instance-attribute","text":"CONTINUE = 5\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.NEW_MODULE","title":"NEW_MODULE class-attribute instance-attribute","text":"NEW_MODULE = 6\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger","title":"Debugger","text":"The base class representing a debugger.
Methods:
-
setup \u2013 Perform debugger-specific initialization.
-
history \u2013 The command history of the interactive session in this debugger.
-
lex_args \u2013 Lexes the given command line into a list of arguments, according to the
-
selected_inferior \u2013 The inferior process currently being focused on in this interactive session.
-
selected_thread \u2013 The thread currently being focused on in this interactive session.
-
selected_frame \u2013 The stack frame currently being focused on in this interactive session.
-
commands \u2013 List the commands available in this session.
-
add_command \u2013 Adds a command with the given name to the debugger, that invokes the
-
has_event_type \u2013 Whether the given event type is supported by this debugger. Indicates
-
event_handler \u2013 Sets up the given function to be called when an event of the given type
-
ctx_suspend_events \u2013 Context manager for temporarily suspending and resuming the delivery of events
-
suspend_events \u2013 Suspend delivery of all events of the given type until it is resumed
-
resume_events \u2013 Resume the delivery of all events of the given type, if previously
-
set_sysroot \u2013 Sets the system root for this debugger.
-
x86_disassembly_flavor \u2013 The flavor of disassembly to use for x86 targets.
-
supports_breakpoint_creation_during_stop_handler \u2013 Whether breakpoint or watchpoint creation through break_at is
-
breakpoint_locations \u2013 Returns a list of all breakpoint locations that are currently
-
name \u2013 The type of the current debugger.
-
is_gdblib_available \u2013 Whether gdblib is available under this debugger.
-
string_limit \u2013 The maximum size of a string.
-
addrsz \u2013 Format the given address value.
-
get_cmd_window_size \u2013 The size of the command window, in characters, if available.
-
set_python_diagnostics \u2013 Enables or disables Python diagnostic messages for this debugger.
Attributes:
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.pre_ctx_lines","title":"pre_ctx_lines property","text":"pre_ctx_lines: int\n
Our prediction on how many lines of text will be printed as a preamble (right after the prompt, and before the context) the next time the context is printed.
This includes any lines the underlying debugger generates.
The user never sees these lines when context-clear-screen is enabled.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.setup","title":"setup","text":"setup(*args: Any) -> None\n
Perform debugger-specific initialization.
This method should be run immediately after pwndbg.dbg is set to an instance of this class, and, as such, is allowed to run code that depends on it being set.
Because we can't really know what a given debugger object will need as part of its setup process, we allow for as many arguments as desired to be passed in, and leave it up to the implementations to decide what they need. This shouldn't be a problem, seeing as, unlike other methods in this class, this should only be called as part of the debugger-specific bringup code.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.history","title":"history","text":"history(last: int = 10) -> list[tuple[int, str]]\n
The command history of the interactive session in this debugger.
This function returns the last last items in the command history, as an oldest-to-youngest-sorted list of tuples, where the first element in each tuple is the index of the command in the history, and the second element is a string giving the command itself.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.lex_args","title":"lex_args","text":"lex_args(command_line: str) -> list[str]\n
Lexes the given command line into a list of arguments, according to the conventions of the debugger being used and of the interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.selected_inferior","title":"selected_inferior","text":"selected_inferior() -> Process | None\n
The inferior process currently being focused on in this interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.selected_thread","title":"selected_thread","text":"selected_thread() -> Thread | None\n
The thread currently being focused on in this interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.selected_frame","title":"selected_frame","text":"selected_frame() -> Frame | None\n
The stack frame currently being focused on in this interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.commands","title":"commands","text":"commands() -> list[str]\n
List the commands available in this session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.add_command","title":"add_command","text":"add_command(\n name: str, handler: Callable[[Debugger, str, bool], None], doc: str | None\n) -> CommandHandle\n
Adds a command with the given name to the debugger, that invokes the given function every time it is called.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.has_event_type","title":"has_event_type","text":"has_event_type(ty: EventType) -> bool\n
Whether the given event type is supported by this debugger. Indicates that a user either can or cannot register an event handler of this type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.event_handler","title":"event_handler","text":"event_handler(\n ty: EventType,\n) -> Callable[[Callable[..., T]], Callable[..., T]]\n
Sets up the given function to be called when an event of the given type gets fired. Returns a callable that corresponds to the wrapped function. This function my be used as a decorator.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.ctx_suspend_events","title":"ctx_suspend_events","text":"ctx_suspend_events(ty: EventType) -> Iterator[None]\n
Context manager for temporarily suspending and resuming the delivery of events of a given type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.suspend_events","title":"suspend_events","text":"suspend_events(ty: EventType) -> None\n
Suspend delivery of all events of the given type until it is resumed through a call to resume_events.
Events triggered during a suspension will be ignored, and will not be delived, even after delivery is resumed.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.resume_events","title":"resume_events","text":"resume_events(ty: EventType) -> None\n
Resume the delivery of all events of the given type, if previously suspeded through a call to suspend_events. Does nothing if the delivery has not been previously suspeded.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.set_sysroot","title":"set_sysroot","text":"set_sysroot(sysroot: str) -> bool\n
Sets the system root for this debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.x86_disassembly_flavor","title":"x86_disassembly_flavor","text":"x86_disassembly_flavor() -> Literal['att', 'intel']\n
The flavor of disassembly to use for x86 targets.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.supports_breakpoint_creation_during_stop_handler","title":"supports_breakpoint_creation_during_stop_handler","text":"supports_breakpoint_creation_during_stop_handler() -> bool\n
Whether breakpoint or watchpoint creation through break_at is supported during breakpoint stop handlers.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.breakpoint_locations","title":"breakpoint_locations","text":"breakpoint_locations() -> list[BreakpointLocation]\n
Returns a list of all breakpoint locations that are currently installed and enabled in the focused process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.name","title":"name","text":"name() -> DebuggerType\n
The type of the current debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.is_gdblib_available","title":"is_gdblib_available","text":"is_gdblib_available() -> bool\n
Whether gdblib is available under this debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.string_limit","title":"string_limit","text":"string_limit() -> int\n
The maximum size of a string.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.addrsz","title":"addrsz","text":"addrsz(address: Any) -> str\n
Format the given address value.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.get_cmd_window_size","title":"get_cmd_window_size","text":"get_cmd_window_size() -> tuple[int, int]\n
The size of the command window, in characters, if available.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.set_python_diagnostics","title":"set_python_diagnostics","text":"set_python_diagnostics(enabled: bool) -> None\n
Enables or disables Python diagnostic messages for this debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.selection","title":"selection","text":"selection(\n target: T, get_current: Callable[[], T], select: Callable[[T], None]\n)\n
Debuggers have global state. Many of our queries require that we select a given object globally before we make them. When doing that, we must always be careful to return selection to its previous state before exiting. This class automatically manages the selection of a single object type.
Upon entrace to the with block, the element given by target will be compared to the object returned by calling get_current. If they compare different, the value previously returned by get_current is saved, and the element given by target will be selected by passing it as an argument to select, and, after execution leaves the with block, the previously saved element will be selected in the same fashion as the first element.
If the elements don't compare different, this is a no-op.
"},{"location":"reference/pwndbg/dbg/gdb/","title":"pwndbg.dbg.gdb","text":""},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb","title":"gdb","text":"Modules:
Classes:
-
GDBRegisters \u2013 -
GDBFrame \u2013 -
GDBThread \u2013 -
GDBMemoryMap \u2013 -
BreakpointAdapter \u2013 -
GDBStopPoint \u2013 -
GDBProcess \u2013 -
GDBExecutionController \u2013 -
GDBCommand \u2013 -
GDBCommandHandle \u2013 -
GDBType \u2013 -
GDBValue \u2013 -
GDB \u2013
Functions:
Attributes:
-
T \u2013 -
gdb_architecture_name_fixup_list \u2013 -
gdb_mips_to_arch_attribute_map \u2013 -
BPWP_DEFERRED_DELETE (Set[GDBStopPoint]) \u2013 -
BPWP_DEFERRED_ENABLE (Set[GDBStopPoint]) \u2013 -
BPWP_DEFERRED_DISABLE (Set[GDBStopPoint]) \u2013 -
EXECUTION_CONTROLLER \u2013
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.gdb_architecture_name_fixup_list","title":"gdb_architecture_name_fixup_list module-attribute","text":"gdb_architecture_name_fixup_list = (\n \"x86-64\",\n \"i386\",\n \"i8086\",\n \"aarch64\",\n \"mips\",\n \"rs6000\",\n \"powerpc\",\n \"sparc\",\n \"arm\",\n \"iwmmxt\",\n \"iwmmxt2\",\n \"xscale\",\n \"riscv:rv32\",\n \"riscv:rv64\",\n \"riscv\",\n \"loongarch64\",\n \"s390:64-bit\",\n)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.gdb_mips_to_arch_attribute_map","title":"gdb_mips_to_arch_attribute_map module-attribute","text":"gdb_mips_to_arch_attribute_map = {\n \"mips5\": MIPS_ISA_5,\n \"micromips\": MIPS_ISA_MICRO,\n \"isa32\": MIPS_ISA_32,\n \"isa32r2\": MIPS_ISA_32R2,\n \"isa32r3\": MIPS_ISA_32R3,\n \"isa32r5\": MIPS_ISA_32R5,\n \"isa32r6\": MIPS_ISA_32R6,\n \"isa64\": MIPS_ISA_64,\n \"isa64r2\": MIPS_ISA_64R2,\n \"isa64r3\": MIPS_ISA_64R3,\n \"isa64r5\": MIPS_ISA_64R5,\n \"isa64r6\": MIPS_ISA_64R6,\n}\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BPWP_DEFERRED_DELETE","title":"BPWP_DEFERRED_DELETE module-attribute","text":"BPWP_DEFERRED_DELETE: Set[GDBStopPoint] = set()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BPWP_DEFERRED_ENABLE","title":"BPWP_DEFERRED_ENABLE module-attribute","text":"BPWP_DEFERRED_ENABLE: Set[GDBStopPoint] = set()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BPWP_DEFERRED_DISABLE","title":"BPWP_DEFERRED_DISABLE module-attribute","text":"BPWP_DEFERRED_DISABLE: Set[GDBStopPoint] = set()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.EXECUTION_CONTROLLER","title":"EXECUTION_CONTROLLER module-attribute","text":"EXECUTION_CONTROLLER = GDBExecutionController()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBRegisters","title":"GDBRegisters","text":"GDBRegisters(frame: GDBFrame)\n
Bases: Registers
Methods:
Attributes:
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBRegisters.frame","title":"frame instance-attribute","text":"frame = frame\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBRegisters.by_name","title":"by_name","text":"by_name(name: str) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame","title":"GDBFrame","text":"GDBFrame(inner: Frame)\n
Bases: Frame
Methods:
-
lookup_symbol \u2013 -
evaluate_expression \u2013 -
regs \u2013 -
reg_write \u2013 -
pc \u2013 -
sp \u2013 -
parent \u2013 -
child \u2013 -
sal \u2013 -
__eq__ \u2013
Attributes:
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.inner","title":"inner instance-attribute","text":"inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.lookup_symbol","title":"lookup_symbol","text":"lookup_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.evaluate_expression","title":"evaluate_expression","text":"evaluate_expression(expression: str, lock_scheduler: bool = False) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.regs","title":"regs","text":"regs() -> Registers\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.reg_write","title":"reg_write","text":"reg_write(name: str, val: int) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.pc","title":"pc","text":"pc() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.sp","title":"sp","text":"sp() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.parent","title":"parent","text":"parent() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.child","title":"child","text":"child() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.sal","title":"sal","text":"sal() -> tuple[str, int] | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.__eq__","title":"__eq__","text":"__eq__(rhs: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread","title":"GDBThread","text":"GDBThread(inner: InferiorThread)\n
Bases: Thread
Methods:
-
bottom_frame \u2013 -
ptid \u2013 -
index \u2013
Attributes:
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread.inner","title":"inner instance-attribute","text":"inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread.bottom_frame","title":"bottom_frame","text":"bottom_frame() -> Iterator[Frame]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread.ptid","title":"ptid","text":"ptid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread.index","title":"index","text":"index() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap","title":"GDBMemoryMap","text":"GDBMemoryMap(qemu: bool, pages: Sequence[Page])\n
Bases: MemoryMap
Methods:
Attributes:
-
qemu \u2013 -
pages (tuple[Page, ...]) \u2013
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.qemu","title":"qemu instance-attribute","text":"qemu = qemu\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.pages","title":"pages instance-attribute","text":"pages: tuple[Page, ...] = tuple(pages)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.is_qemu","title":"is_qemu","text":"is_qemu() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.ranges","title":"ranges","text":"ranges() -> Sequence[Page]\n
Returns all ranges in this memory map.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.lookup_page","title":"lookup_page","text":"lookup_page(address: int) -> Page | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BreakpointAdapter","title":"BreakpointAdapter","text":" Bases: Breakpoint
Methods:
Attributes:
-
stop_handler (Callable[[], bool]) \u2013
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BreakpointAdapter.stop_handler","title":"stop_handler instance-attribute","text":"stop_handler: Callable[[], bool]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BreakpointAdapter.stop","title":"stop","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint","title":"GDBStopPoint","text":"GDBStopPoint(inner: Breakpoint, proc: GDBProcess)\n
Bases: StopPoint
Methods:
Attributes:
-
inner (Breakpoint) \u2013 -
proc (GDBProcess) \u2013 -
inner_stop (Callable[[], bool] | None) \u2013
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.inner","title":"inner instance-attribute","text":"inner: Breakpoint = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.proc","title":"proc instance-attribute","text":"proc: GDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.inner_stop","title":"inner_stop instance-attribute","text":"inner_stop: Callable[[], bool] | None = None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.set_enabled","title":"set_enabled","text":"set_enabled(enabled: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.remove","title":"remove","text":"remove() -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.__enter__","title":"__enter__","text":"__enter__() -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.__exit__","title":"__exit__","text":"__exit__(exc_type, exc_value, traceback) -> None\n
Automatic breakpoint removal.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess","title":"GDBProcess","text":"GDBProcess(inner: Inferior)\n
Bases: Process
Methods:
-
threads \u2013 -
pid \u2013 -
alive \u2013 -
stopped_with_signal \u2013 -
evaluate_expression \u2013 -
vmmap \u2013 -
read_memory \u2013 -
write_memory \u2013 -
find_in_memory \u2013 -
is_remote \u2013 -
send_remote \u2013 -
send_monitor \u2013 -
download_remote_file \u2013 -
create_value \u2013 -
symbol_name_at_address \u2013 -
lookup_symbol \u2013 -
types_with_name \u2013 -
arch \u2013 -
break_at \u2013 -
is_linux \u2013 -
disasm \u2013 -
module_section_locations \u2013 -
main_module_name \u2013 -
main_module_entry \u2013 -
is_dynamically_linked \u2013 -
dispatch_execution_controller \u2013
Attributes:
-
inner \u2013 -
in_bpwp_stop_handler (bool) \u2013
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.inner","title":"inner instance-attribute","text":"inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.in_bpwp_stop_handler","title":"in_bpwp_stop_handler instance-attribute","text":"in_bpwp_stop_handler: bool = False\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.threads","title":"threads","text":"threads() -> list[Thread]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.pid","title":"pid","text":"pid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.alive","title":"alive","text":"alive() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.stopped_with_signal","title":"stopped_with_signal","text":"stopped_with_signal() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.evaluate_expression","title":"evaluate_expression","text":"evaluate_expression(expression: str) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.vmmap","title":"vmmap","text":"vmmap() -> MemoryMap\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.read_memory","title":"read_memory","text":"read_memory(address: int, size: int, partial: bool = False) -> bytearray\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.write_memory","title":"write_memory","text":"write_memory(address: int, data: bytearray, partial: bool = False) -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.find_in_memory","title":"find_in_memory","text":"find_in_memory(\n pattern: bytearray,\n start: int,\n size: int,\n align: int,\n max_matches: int = -1,\n step: int = -1,\n) -> Generator[int, None, None]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.is_remote","title":"is_remote","text":"is_remote() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.send_remote","title":"send_remote","text":"send_remote(packet: str) -> bytes\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.send_monitor","title":"send_monitor","text":"send_monitor(cmd: str) -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.download_remote_file","title":"download_remote_file","text":"download_remote_file(remote_path: str, local_path: str) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.create_value","title":"create_value","text":"create_value(value: int, type: Type | None = None) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.symbol_name_at_address","title":"symbol_name_at_address","text":"symbol_name_at_address(address: int) -> str | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.lookup_symbol","title":"lookup_symbol","text":"lookup_symbol(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.types_with_name","title":"types_with_name","text":"types_with_name(name: str) -> Sequence[Type]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.arch","title":"arch","text":"arch() -> ArchDefinition\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.break_at","title":"break_at","text":"break_at(\n location: BreakpointLocation | WatchpointLocation,\n stop_handler: Callable[[StopPoint], bool] | None = None,\n internal: bool = False,\n) -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.is_linux","title":"is_linux","text":"is_linux() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.disasm","title":"disasm","text":"disasm(address: int) -> DisassembledInstruction | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.module_section_locations","title":"module_section_locations","text":"module_section_locations() -> list[tuple[int, int, str, str]]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.main_module_name","title":"main_module_name","text":"main_module_name() -> str | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.main_module_entry","title":"main_module_entry","text":"main_module_entry() -> int | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.is_dynamically_linked","title":"is_dynamically_linked","text":"is_dynamically_linked() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.dispatch_execution_controller","title":"dispatch_execution_controller","text":"dispatch_execution_controller(\n procedure: Callable[[ExecutionController], Coroutine[Any, Any, None]],\n)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBExecutionController","title":"GDBExecutionController","text":" Bases: ExecutionController
Methods:
-
single_step \u2013 -
cont \u2013 -
cont_selected_thread \u2013
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBExecutionController.single_step","title":"single_step async","text":"single_step()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBExecutionController.cont","title":"cont async","text":"cont(until: StopPoint)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBExecutionController.cont_selected_thread","title":"cont_selected_thread async","text":"cont_selected_thread(until: StopPoint)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand","title":"GDBCommand","text":"GDBCommand(\n debugger: GDB,\n name: str,\n handler: Callable[[Debugger, str, bool], None],\n doc: str | None,\n)\n
Bases: Command
Methods:
Attributes:
-
debugger \u2013 -
handler \u2013 -
__doc__ \u2013
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand.debugger","title":"debugger instance-attribute","text":"debugger = debugger\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand.handler","title":"handler instance-attribute","text":"handler = handler\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand.__doc__","title":"__doc__ instance-attribute","text":"__doc__ = doc\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand.invoke","title":"invoke","text":"invoke(args: str, from_tty: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommandHandle","title":"GDBCommandHandle","text":"GDBCommandHandle(command: Command)\n
Bases: CommandHandle
Methods:
Attributes:
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommandHandle.command","title":"command instance-attribute","text":"command = command\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommandHandle.remove","title":"remove","text":"remove() -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType","title":"GDBType","text":"GDBType(inner: Type)\n
Bases: Type
Methods:
Attributes:
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.CODE_MAPPING","title":"CODE_MAPPING class-attribute instance-attribute","text":"CODE_MAPPING = {\n TYPE_CODE_BOOL: BOOL,\n TYPE_CODE_INT: INT,\n TYPE_CODE_UNION: UNION,\n TYPE_CODE_STRUCT: STRUCT,\n TYPE_CODE_ENUM: ENUM,\n TYPE_CODE_TYPEDEF: TYPEDEF,\n TYPE_CODE_PTR: POINTER,\n TYPE_CODE_ARRAY: ARRAY,\n TYPE_CODE_FUNC: FUNC,\n TYPE_CODE_METHOD: FUNC,\n}\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.inner","title":"inner instance-attribute","text":"inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.name_identifier","title":"name_identifier property","text":"name_identifier: str | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.name_to_human_readable","title":"name_to_human_readable property","text":"name_to_human_readable: str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.sizeof","title":"sizeof property","text":"sizeof: int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.alignof","title":"alignof property","text":"alignof: int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.code","title":"code property","text":"code: TypeCode\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.array_len","title":"array_len property","text":"array_len: int\n
Get array length of this type.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.__eq__","title":"__eq__","text":"__eq__(rhs: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.func_arguments","title":"func_arguments","text":"func_arguments() -> list[Type] | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.fields","title":"fields","text":"fields() -> list[TypeField]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.has_field","title":"has_field","text":"has_field(name: str) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.array","title":"array","text":"array(count: int) -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.pointer","title":"pointer","text":"pointer() -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.strip_typedefs","title":"strip_typedefs","text":"strip_typedefs() -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.target","title":"target","text":"target() -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.keys","title":"keys","text":"keys() -> list[str]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.offsetof","title":"offsetof","text":"offsetof(field_name: str) -> int | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.enum_member","title":"enum_member","text":"enum_member(field_name: str) -> int | None\n
Retrieve the integer value of an enum member.
It returns: - integer value, when found field - returns None, If the field does not exist
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue","title":"GDBValue","text":"GDBValue(inner: Value)\n
Bases: Value
Methods:
-
dereference \u2013 -
string \u2013 -
value_to_human_readable \u2013 -
fetch_lazy \u2013 -
__int__ \u2013 -
cast \u2013 -
__add__ \u2013 -
__sub__ \u2013 -
__getitem__ \u2013
Attributes:
-
inner \u2013 -
address (Value | None) \u2013 -
is_optimized_out (bool) \u2013 -
type (Type) \u2013
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.inner","title":"inner instance-attribute","text":"inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.address","title":"address property","text":"address: Value | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.is_optimized_out","title":"is_optimized_out property","text":"is_optimized_out: bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.type","title":"type property","text":"type: Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.dereference","title":"dereference","text":"dereference() -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.string","title":"string","text":"string() -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.value_to_human_readable","title":"value_to_human_readable","text":"value_to_human_readable() -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.fetch_lazy","title":"fetch_lazy","text":"fetch_lazy() -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__int__","title":"__int__","text":"__int__() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.cast","title":"cast","text":"cast(type: Type | Any) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__add__","title":"__add__","text":"__add__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__sub__","title":"__sub__","text":"__sub__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__getitem__","title":"__getitem__","text":"__getitem__(key: str | int) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB","title":"GDB","text":" Bases: Debugger
Methods:
Attributes:
-
pre_ctx_lines (int) \u2013
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.pre_ctx_lines","title":"pre_ctx_lines property","text":"pre_ctx_lines: int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.setup","title":"setup","text":"setup()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.add_command","title":"add_command","text":"add_command(\n name: str, handler: Callable[[Debugger, str, bool], None], doc: str | None\n) -> CommandHandle\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.history","title":"history","text":"history(last: int = 10) -> list[tuple[int, str]]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.lex_args","title":"lex_args","text":"lex_args(command_line: str) -> list[str]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.selected_thread","title":"selected_thread","text":"selected_thread() -> Thread | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.selected_frame","title":"selected_frame","text":"selected_frame() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.commands","title":"commands","text":"commands()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.selected_inferior","title":"selected_inferior","text":"selected_inferior() -> Process | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.is_gdblib_available","title":"is_gdblib_available","text":"is_gdblib_available()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.has_event_type","title":"has_event_type","text":"has_event_type(ty: EventType) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.event_handler","title":"event_handler","text":"event_handler(\n ty: EventType,\n) -> Callable[[Callable[..., T]], Callable[..., T]]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.suspend_events","title":"suspend_events","text":"suspend_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.resume_events","title":"resume_events","text":"resume_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.set_sysroot","title":"set_sysroot","text":"set_sysroot(sysroot: str) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.supports_breakpoint_creation_during_stop_handler","title":"supports_breakpoint_creation_during_stop_handler","text":"supports_breakpoint_creation_during_stop_handler() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.breakpoint_locations","title":"breakpoint_locations","text":"breakpoint_locations() -> list[BreakpointLocation]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.name","title":"name","text":"name() -> DebuggerType\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.x86_disassembly_flavor","title":"x86_disassembly_flavor","text":"x86_disassembly_flavor() -> Literal['att', 'intel']\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.string_limit","title":"string_limit","text":"string_limit() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.addrsz","title":"addrsz","text":"addrsz(address: Any) -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.get_cmd_window_size","title":"get_cmd_window_size","text":"get_cmd_window_size() -> tuple[int | None, int | None]\n
Get the size of the command window.
GDB keeps these parameters up to date with the actual window size of the command output. This is the full terminal size in CLI mode or the size of the cmd window in TUI mode.
When the window size is set to be unlimited (0), the parameter is None.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.set_python_diagnostics","title":"set_python_diagnostics","text":"set_python_diagnostics(enabled: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.ctx_suspend_events","title":"ctx_suspend_events","text":"ctx_suspend_events(ty: EventType) -> Iterator[None]\n
Context manager for temporarily suspending and resuming the delivery of events of a given type.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.parse_and_eval","title":"parse_and_eval","text":"parse_and_eval(expression: str, global_context: bool) -> Value\n
Same as gdb.parse_and_eval, but only uses global_context if it is supported by the current version of GDB.
global_context was introduced in GDB 14.
"},{"location":"reference/pwndbg/dbg/gdb/debug_sym/","title":"pwndbg.dbg.gdb.debug_sym","text":""},{"location":"reference/pwndbg/dbg/gdb/debug_sym/#pwndbg.dbg.gdb.debug_sym","title":"debug_sym","text":""},{"location":"reference/pwndbg/dbg/gdb/symbol/","title":"pwndbg.dbg.gdb.symbol","text":""},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol","title":"symbol","text":"Looking up addresses for function names / symbols, and vice-versa.
Classes:
Functions:
-
resolve_addr \u2013 Retrieve the name for the symbol located at address
-
lookup_symbol \u2013 Get the address for symbol
-
lookup_frame_symbol \u2013 Get the address for local symbol from frame, in most time you don't need it
Attributes:
-
skipped_exceptions \u2013 -
DOMAIN_MAPPING \u2013 -
order_prefs \u2013
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.skipped_exceptions","title":"skipped_exceptions module-attribute","text":"skipped_exceptions = ('No frame selected', 'Cannot find thread-local')\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.DOMAIN_MAPPING","title":"DOMAIN_MAPPING module-attribute","text":"DOMAIN_MAPPING = {\n ANY: SYMBOL_VAR_DOMAIN,\n VARIABLE: SYMBOL_VAR_DOMAIN,\n FUNCTION: SYMBOL_FUNCTION_DOMAIN,\n}\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.order_prefs","title":"order_prefs module-attribute","text":"order_prefs = {\n True: (\n _global_static_symbol_to_address,\n _global_exported_symbol_to_address,\n ),\n False: (\n _global_exported_symbol_to_address,\n _global_static_symbol_to_address,\n ),\n}\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain","title":"Domain","text":" Bases: Enum
Methods:
Attributes:
-
ANY \u2013 -
VARIABLE \u2013 -
FUNCTION \u2013
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain.ANY","title":"ANY class-attribute instance-attribute","text":"ANY = 1\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain.VARIABLE","title":"VARIABLE class-attribute instance-attribute","text":"VARIABLE = 2\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain.FUNCTION","title":"FUNCTION class-attribute instance-attribute","text":"FUNCTION = 3\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain.validate","title":"validate","text":"validate(sym: Symbol) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.resolve_addr","title":"resolve_addr","text":"resolve_addr(address: int) -> str\n
Retrieve the name for the symbol located at address Empty string if no symbol
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.lookup_symbol","title":"lookup_symbol","text":"lookup_symbol(\n name: str,\n *,\n prefer_static: bool = False,\n domain: Domain = ANY,\n objfile_endswith: str | None = None,\n) -> Value | None\n
Get the address for symbol
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.lookup_frame_symbol","title":"lookup_frame_symbol","text":"lookup_frame_symbol(name: str, *, domain: Domain = ANY) -> Value | None\n
Get the address for local symbol from frame, in most time you don't need it
"},{"location":"reference/pwndbg/dbg/lldb/","title":"pwndbg.dbg.lldb","text":""},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb","title":"lldb","text":"Modules:
Classes:
-
LLDBRegisters \u2013 -
LLDBFrame \u2013 -
LLDBThread \u2013 -
LLDBType \u2013 -
LLDBValue \u2013 -
LLDBMemoryMap \u2013 -
LLDBStopPoint \u2013 -
OneShotAwaitable \u2013 Used as part of the logic for the execution controller. This is an Awaitable
-
YieldContinue \u2013 Continues execution of the process until the breakpoint or watchpoint given
-
YieldSingleStep \u2013 Moves execution of the process being debugged forward by one instruction.
-
LLDBExecutionController \u2013 -
LLDBProcess \u2013 -
LLDBCommand \u2013 -
LLDB \u2013
Functions:
Attributes:
-
T \u2013 -
LLDB_VERSION (tuple[int, int]) \u2013 -
EXECUTION_CONTROLLER \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB_VERSION","title":"LLDB_VERSION module-attribute","text":"LLDB_VERSION: tuple[int, int] = None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.EXECUTION_CONTROLLER","title":"EXECUTION_CONTROLLER module-attribute","text":"EXECUTION_CONTROLLER = LLDBExecutionController()\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBRegisters","title":"LLDBRegisters","text":"LLDBRegisters(groups: SBValueList, proc: LLDBProcess)\n
Bases: Registers
Methods:
Attributes:
-
groups (SBValueList) \u2013 -
proc (LLDBProcess) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBRegisters.groups","title":"groups instance-attribute","text":"groups: SBValueList = groups\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBRegisters.proc","title":"proc instance-attribute","text":"proc: LLDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBRegisters.by_name","title":"by_name","text":"by_name(name: str) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame","title":"LLDBFrame","text":"LLDBFrame(inner: SBFrame, proc: LLDBProcess)\n
Bases: Frame
Methods:
-
lookup_symbol \u2013 -
evaluate_expression \u2013 -
regs \u2013 -
reg_write \u2013 -
pc \u2013 -
sp \u2013 -
parent \u2013 -
child \u2013 -
sal \u2013 -
__eq__ \u2013
Attributes:
-
inner (SBFrame) \u2013 -
proc (LLDBProcess) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.inner","title":"inner instance-attribute","text":"inner: SBFrame = inner\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.proc","title":"proc instance-attribute","text":"proc: LLDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.lookup_symbol","title":"lookup_symbol","text":"lookup_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.evaluate_expression","title":"evaluate_expression","text":"evaluate_expression(expression: str, lock_scheduler: bool = False) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.regs","title":"regs","text":"regs() -> Registers\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.reg_write","title":"reg_write","text":"reg_write(name: str, val: int) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.pc","title":"pc","text":"pc() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.sp","title":"sp","text":"sp() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.parent","title":"parent","text":"parent() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.child","title":"child","text":"child() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.sal","title":"sal","text":"sal() -> tuple[str, int] | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.__eq__","title":"__eq__","text":"__eq__(rhs: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread","title":"LLDBThread","text":"LLDBThread(inner: SBThread, proc: LLDBProcess)\n
Bases: Thread
Methods:
-
bottom_frame \u2013 -
ptid \u2013 -
index \u2013
Attributes:
-
inner (SBThread) \u2013 -
proc (LLDBProcess) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.inner","title":"inner instance-attribute","text":"inner: SBThread = inner\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.proc","title":"proc instance-attribute","text":"proc: LLDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.bottom_frame","title":"bottom_frame","text":"bottom_frame() -> Iterator[Frame]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.ptid","title":"ptid","text":"ptid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.index","title":"index","text":"index() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType","title":"LLDBType","text":"LLDBType(inner: SBType)\n
Bases: Type
Methods:
-
__eq__ \u2013 -
func_arguments \u2013 -
fields \u2013 -
array \u2013 -
pointer \u2013 -
strip_typedefs \u2013 -
target \u2013 -
has_field \u2013 Whether this type has a field with the given name.
-
keys \u2013 Returns a list containing all the field names of this type.
-
enum_member \u2013 Retrieve the integer value of an enum member.
-
offsetof \u2013 Calculate the byte offset of a field within a struct or union.
Attributes:
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.inner","title":"inner instance-attribute","text":"inner: SBType = inner\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.name_identifier","title":"name_identifier property","text":"name_identifier: str | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.name_to_human_readable","title":"name_to_human_readable property","text":"name_to_human_readable: str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.sizeof","title":"sizeof property","text":"sizeof: int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.alignof","title":"alignof property","text":"alignof: int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.code","title":"code property","text":"code: TypeCode\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.array_len","title":"array_len property","text":"array_len: int\n
Get array length of this type.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.__eq__","title":"__eq__","text":"__eq__(rhs: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.func_arguments","title":"func_arguments","text":"func_arguments() -> list[Type] | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.fields","title":"fields","text":"fields() -> list[TypeField]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.array","title":"array","text":"array(count: int) -> Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.pointer","title":"pointer","text":"pointer() -> Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.strip_typedefs","title":"strip_typedefs","text":"strip_typedefs() -> Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.target","title":"target","text":"target() -> Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.has_field","title":"has_field","text":"has_field(name: str) -> bool\n
Whether this type has a field with the given name.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.keys","title":"keys","text":"keys() -> list[str]\n
Returns a list containing all the field names of this type.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.enum_member","title":"enum_member","text":"enum_member(field_name: str) -> int | None\n
Retrieve the integer value of an enum member.
It returns: - integer value, when found field - returns None, If the field does not exist
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.offsetof","title":"offsetof","text":"offsetof(field_name: str) -> int | None\n
Calculate the byte offset of a field within a struct or union.
This method recursively traverses nested structures and unions, and it computes the byte-aligned offset for the specified field.
It returns: - offset in bytes if found - None if the field doesn't exist or if an unsupported alignment/bit-field is encountered
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue","title":"LLDBValue","text":"LLDBValue(inner: SBValue, proc: LLDBProcess)\n
Bases: Value
Methods:
-
dereference \u2013 -
string \u2013 -
value_to_human_readable \u2013 -
fetch_lazy \u2013 -
__int__ \u2013 -
cast \u2013 -
__add__ \u2013 -
__sub__ \u2013 -
__getitem__ \u2013
Attributes:
-
proc \u2013 -
inner \u2013 -
address (Value | None) \u2013 -
is_optimized_out (bool) \u2013 -
type (Type) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.proc","title":"proc instance-attribute","text":"proc = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.inner","title":"inner instance-attribute","text":"inner = inner\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.address","title":"address property","text":"address: Value | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.is_optimized_out","title":"is_optimized_out property","text":"is_optimized_out: bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.type","title":"type property","text":"type: Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.dereference","title":"dereference","text":"dereference() -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.string","title":"string","text":"string() -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.value_to_human_readable","title":"value_to_human_readable","text":"value_to_human_readable() -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.fetch_lazy","title":"fetch_lazy","text":"fetch_lazy() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__int__","title":"__int__","text":"__int__() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.cast","title":"cast","text":"cast(type: Type | Any) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__add__","title":"__add__","text":"__add__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__sub__","title":"__sub__","text":"__sub__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__getitem__","title":"__getitem__","text":"__getitem__(key: str | int) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap","title":"LLDBMemoryMap","text":"LLDBMemoryMap(pages: list[Page])\n
Bases: MemoryMap
Methods:
Attributes:
-
pages (tuple[Page, ...]) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap.pages","title":"pages instance-attribute","text":"pages: tuple[Page, ...] = tuple(pages)\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap.is_qemu","title":"is_qemu","text":"is_qemu() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap.ranges","title":"ranges","text":"ranges() -> Sequence[Page]\n
Returns all ranges in this memory map.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap.lookup_page","title":"lookup_page","text":"lookup_page(address: int) -> Page | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint","title":"LLDBStopPoint","text":"LLDBStopPoint(\n inner: SBBreakpoint | SBWatchpoint,\n proc: LLDBProcess,\n stop_handler_name: str | None,\n)\n
Bases: StopPoint
Methods:
Attributes:
-
inner (SBBreakpoint | SBWatchpoint) \u2013 -
proc (LLDBProcess) \u2013 -
stop_handler_name (str | None) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.inner","title":"inner instance-attribute","text":"inner: SBBreakpoint | SBWatchpoint = inner\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.proc","title":"proc instance-attribute","text":"proc: LLDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.stop_handler_name","title":"stop_handler_name instance-attribute","text":"stop_handler_name: str | None = stop_handler_name\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.remove","title":"remove","text":"remove() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.set_enabled","title":"set_enabled","text":"set_enabled(enabled: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.__enter__","title":"__enter__","text":"__enter__() -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.__exit__","title":"__exit__","text":"__exit__(exc_type, exc_value, traceback) -> None\n
Automatic breakpoint removal.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.OneShotAwaitable","title":"OneShotAwaitable","text":"OneShotAwaitable(value: Any)\n
Used as part of the logic for the execution controller. This is an Awaitable object that yields the value passed to its constructor exactly once.
Methods:
Attributes:
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.OneShotAwaitable.value","title":"value instance-attribute","text":"value = value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.OneShotAwaitable.__await__","title":"__await__","text":"__await__() -> Generator[Any, Any, Any]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.YieldContinue","title":"YieldContinue","text":"YieldContinue(target: LLDBStopPoint, selected_thread: bool = False)\n
Continues execution of the process until the breakpoint or watchpoint given in the constructor is hit or the operation is cancelled.
This class is part of the execution controller system, so it is intented to be yielded by the async function with access to an execution controller, and caught and hanlded by the event loop in the LLDB Pwndbg CLI.
Attributes:
-
target (LLDBStopPoint) \u2013 -
selected_thread (bool) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.YieldContinue.target","title":"target instance-attribute","text":"target: LLDBStopPoint = target\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.YieldContinue.selected_thread","title":"selected_thread instance-attribute","text":"selected_thread: bool = selected_thread\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.YieldSingleStep","title":"YieldSingleStep","text":"Moves execution of the process being debugged forward by one instruction.
This class is part of the execution controller system, so it is intented to be yielded by the async function with access to an execution controller, and caught and hanlded by the event loop in the LLDB Pwndbg CLI.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBExecutionController","title":"LLDBExecutionController","text":" Bases: ExecutionController
Methods:
-
single_step \u2013 -
cont \u2013 -
cont_selected_thread \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBExecutionController.single_step","title":"single_step","text":"single_step() -> Awaitable[None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBExecutionController.cont","title":"cont","text":"cont(target: StopPoint) -> Awaitable[None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBExecutionController.cont_selected_thread","title":"cont_selected_thread","text":"cont_selected_thread(target: StopPoint) -> Awaitable[None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess","title":"LLDBProcess","text":"LLDBProcess(\n dbg: LLDB, process: SBProcess, target: SBTarget, is_gdb_remote: bool\n)\n
Bases: Process
Methods:
Attributes:
-
dbg \u2013 -
process \u2013 -
target \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.dbg","title":"dbg instance-attribute","text":"dbg = dbg\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.process","title":"process instance-attribute","text":"process = process\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.target","title":"target instance-attribute","text":"target = target\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.threads","title":"threads","text":"threads() -> list[Thread]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.pid","title":"pid","text":"pid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.alive","title":"alive","text":"alive() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.stopped_with_signal","title":"stopped_with_signal","text":"stopped_with_signal() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.evaluate_expression","title":"evaluate_expression","text":"evaluate_expression(expression: str) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.get_known_pages","title":"get_known_pages","text":"get_known_pages() -> list[Page]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.vmmap","title":"vmmap","text":"vmmap() -> MemoryMap\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.find_largest_range_len","title":"find_largest_range_len","text":"find_largest_range_len(\n min_search: int, max_search: int, test: Callable[[int], bool]\n) -> int\n
Finds the largest memory range given a minimum and a maximum value for the size of the rage. This is a binary search, so it should do on the order of log2(max_search - min_search) attempts before it arrives at an answer.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.read_memory","title":"read_memory","text":"read_memory(address: int, size: int, partial: bool = False) -> bytearray\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.write_memory","title":"write_memory","text":"write_memory(address: int, data: bytearray, partial: bool = False) -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.find_in_memory","title":"find_in_memory","text":"find_in_memory(\n pattern: bytearray,\n start: int,\n size: int,\n align: int,\n max_matches: int = -1,\n step: int = -1,\n) -> Generator[int, None, None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.is_remote","title":"is_remote","text":"is_remote() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.send_remote","title":"send_remote","text":"send_remote(packet: str) -> bytes\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.send_monitor","title":"send_monitor","text":"send_monitor(cmd: str) -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.download_remote_file","title":"download_remote_file","text":"download_remote_file(remote_path: str, local_path: str) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.create_value","title":"create_value","text":"create_value(value: int, type: Type | None = None) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.symbol_name_at_address","title":"symbol_name_at_address","text":"symbol_name_at_address(address: int) -> str | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.lookup_symbol","title":"lookup_symbol","text":"lookup_symbol(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.types_with_name","title":"types_with_name","text":"types_with_name(name: str) -> Sequence[Type]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.arch","title":"arch","text":"arch() -> ArchDefinition\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.break_at","title":"break_at","text":"break_at(\n location: BreakpointLocation | WatchpointLocation,\n stop_handler: Callable[[StopPoint], bool] | None = None,\n internal: bool = False,\n) -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.disasm","title":"disasm","text":"disasm(address: int) -> DisassembledInstruction | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.is_linux","title":"is_linux","text":"is_linux() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.module_section_locations","title":"module_section_locations","text":"module_section_locations() -> list[tuple[int, int, str, str]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.main_module_name","title":"main_module_name","text":"main_module_name() -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.main_module_entry","title":"main_module_entry","text":"main_module_entry() -> int | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.is_dynamically_linked","title":"is_dynamically_linked","text":"is_dynamically_linked() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.dispatch_execution_controller","title":"dispatch_execution_controller","text":"dispatch_execution_controller(\n procedure: Callable[[ExecutionController], Coroutine[Any, Any, None]],\n)\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBCommand","title":"LLDBCommand","text":"LLDBCommand(handler_name: str, command_name: str)\n
Bases: CommandHandle
Methods:
Attributes:
-
handler_name \u2013 -
command_name \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBCommand.handler_name","title":"handler_name instance-attribute","text":"handler_name = handler_name\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBCommand.command_name","title":"command_name instance-attribute","text":"command_name = command_name\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBCommand.remove","title":"remove","text":"remove() -> None\n
Removes this command from the command palette of the debugger.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB","title":"LLDB","text":" Bases: Debugger
Methods:
Attributes:
-
exec_states (list[SBExecutionState]) \u2013 -
event_handlers (dict[EventType, list[Callable[..., T]]]) \u2013 -
suspended_events (dict[EventType, bool]) \u2013 -
prompt_hook (Callable[[], None]) \u2013 -
controllers (list[tuple[LLDBProcess, Coroutine[Any, Any, None]]]) \u2013 -
pre_ctx_lines (int) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.exec_states","title":"exec_states instance-attribute","text":"exec_states: list[SBExecutionState]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.event_handlers","title":"event_handlers instance-attribute","text":"event_handlers: dict[EventType, list[Callable[..., T]]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.suspended_events","title":"suspended_events instance-attribute","text":"suspended_events: dict[EventType, bool]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.prompt_hook","title":"prompt_hook instance-attribute","text":"prompt_hook: Callable[[], None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.controllers","title":"controllers instance-attribute","text":"controllers: list[tuple[LLDBProcess, Coroutine[Any, Any, None]]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.pre_ctx_lines","title":"pre_ctx_lines property","text":"pre_ctx_lines: int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.setup","title":"setup","text":"setup(*args, **kwargs)\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.add_command","title":"add_command","text":"add_command(\n command_name: str,\n handler: Callable[[Debugger, str, bool], None],\n doc: str | None,\n) -> CommandHandle\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.history","title":"history","text":"history(last: int = 10) -> list[tuple[int, str]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.commands","title":"commands","text":"commands() -> list[str]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.lex_args","title":"lex_args","text":"lex_args(command_line: str) -> list[str]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.selected_inferior","title":"selected_inferior","text":"selected_inferior() -> Process | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.selected_thread","title":"selected_thread","text":"selected_thread() -> Thread | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.selected_frame","title":"selected_frame","text":"selected_frame() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.has_event_type","title":"has_event_type","text":"has_event_type(ty: EventType) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.event_handler","title":"event_handler","text":"event_handler(\n ty: EventType,\n) -> Callable[[Callable[..., T]], Callable[..., T]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.suspend_events","title":"suspend_events","text":"suspend_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.resume_events","title":"resume_events","text":"resume_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.set_sysroot","title":"set_sysroot","text":"set_sysroot(sysroot: str) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.supports_breakpoint_creation_during_stop_handler","title":"supports_breakpoint_creation_during_stop_handler","text":"supports_breakpoint_creation_during_stop_handler() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.breakpoint_locations","title":"breakpoint_locations","text":"breakpoint_locations() -> list[BreakpointLocation]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.name","title":"name","text":"name() -> DebuggerType\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.x86_disassembly_flavor","title":"x86_disassembly_flavor","text":"x86_disassembly_flavor() -> Literal['att', 'intel']\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.string_limit","title":"string_limit","text":"string_limit() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.get_cmd_window_size","title":"get_cmd_window_size","text":"get_cmd_window_size() -> tuple[int, int]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.is_gdblib_available","title":"is_gdblib_available","text":"is_gdblib_available()\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.addrsz","title":"addrsz","text":"addrsz(address: Any) -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.set_python_diagnostics","title":"set_python_diagnostics","text":"set_python_diagnostics(enabled: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.ctx_suspend_events","title":"ctx_suspend_events","text":"ctx_suspend_events(ty: EventType) -> Iterator[None]\n
Context manager for temporarily suspending and resuming the delivery of events of a given type.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.rename_register","title":"rename_register","text":"rename_register(name: str, proc: LLDBProcess) -> str\n
Some register names differ between Pwndbg/GDB and LLDB. This function takes in a register name in the Pwndbg/GDB convention and returns the equivalent LLDB name for the register.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.map_type_code","title":"map_type_code","text":"map_type_code(type: SBType) -> TypeCode\n
Determines the type code of a given LLDB SBType.
"},{"location":"reference/pwndbg/dbg/lldb/hooks/","title":"pwndbg.dbg.lldb.hooks","text":""},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks","title":"hooks","text":"Code that sets up hooks for LLDB events.
Functions:
-
update_typeinfo \u2013 -
reset_config \u2013 -
on_start \u2013 -
on_stop \u2013 -
on_exit \u2013 -
renew_show_context \u2013 -
prompt_hook \u2013
Attributes:
-
should_show_context \u2013 -
dbg (LLDB) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.should_show_context","title":"should_show_context module-attribute","text":"should_show_context = False\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.dbg","title":"dbg module-attribute","text":"dbg: LLDB = dbg\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.update_typeinfo","title":"update_typeinfo","text":"update_typeinfo() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.reset_config","title":"reset_config","text":"reset_config() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.on_start","title":"on_start","text":"on_start() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.on_stop","title":"on_stop","text":"on_stop() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.on_exit","title":"on_exit","text":"on_exit() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.renew_show_context","title":"renew_show_context","text":"renew_show_context()\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.prompt_hook","title":"prompt_hook","text":"prompt_hook()\n
"},{"location":"reference/pwndbg/dbg/lldb/pset/","title":"pwndbg.dbg.lldb.pset","text":""},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset","title":"pset","text":"Classes:
Functions:
"},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset.InvalidParse","title":"InvalidParse","text":" Bases: Exception
"},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset.pget","title":"pget","text":"pget(name: str) -> Parameter | None\n
Retrieves a parameter with a given name.
"},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset.pset","title":"pset","text":"pset(name: str, value: str) -> bool\n
Parses and sets a Pwndbg configuration value.
"},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset.parse_value","title":"parse_value","text":"parse_value(param: Parameter, expression: str) -> Any\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/","title":"pwndbg.dbg.lldb.repl","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl","title":"repl","text":"The Pwndbg REPL that is the interface to all debugging on LLDB.
Pwndbg has an event system that allows it to react to events in the process being debugged, such as when new executable modules get added to the its address space, when the value of memory and registers change, and pretty much all possible changes to its execution state. We'd like to have the event system work the same way under LLDB as it does under GDB.
Fortunately for us, the events types that are native to LLDB map really well to the event types in GDB and Pwndbg. Very, very unfortunately for us, however, that's basically where our luck ends.
LLDB, as of version 18, only provides two ways to capture events: registering directly with the broadcaster, or registering globally. The former is not available to us in the standard LLDB REPL, as we don't get access to the process object until after it's been launched1. Likewise for the latter, as the interactive debugger will register to receive the global process state change events before everyone else, and LLDB doesn't allow for multiple listeners for the same event bits in the same event class2.
This leaves us with handling process management ourselves as the only option we really have to implement event dispatch in Pwndbg. Easy, right? We can just hijack the commands that deal with target and process creation, and leave everything else untouched. Unfortunately for us, again, shadowing builtin commands is simply not allowed3.
So, really, all that's left for us is either implement our own REPL, or get rid of the event system.
Modules:
-
io \u2013 For our REPL, we need to drive our own I/O with the process being debugged. This
-
proc \u2013 -
readline \u2013 Readline interface for the Pwndbg LLDB REPL.
Classes:
-
EventRelay \u2013 The event system that is sensible for the REPL process driver to use isn't
-
YieldExecDirect \u2013 Execute the given command directly, on behalf of the user.
-
YieldInteractive \u2013 Prompt the user for the next command.
-
PwndbgController \u2013 Class providing interfaces for a client to control the behavior of Pwndbg
Functions:
-
lex_args \u2013 Splits the arguments, respecting quotation marks.
-
show_greeting \u2013 Show the Pwndbg greeting, the same way the GDB version of Pwndbg would. This
-
print_error \u2013 Print an error message in the style of the LLDB CLI.
-
print_warn \u2013 Print a warning message in the style of the LLDB CLI.
-
run \u2013 Runs the Pwndbg CLI through the given asynchronous controller.
-
exec_repl_command \u2013 Parses and runs the given command, returning whether the event loop should continue.
-
parse \u2013 Parses a list of string arguments into an object containing the parsed
-
run_ipython_shell \u2013 -
target_create \u2013 Creates a new target, registers it with the Pwndbg LLDB implementation, and
-
process_launch \u2013 Launches a process with the given arguments.
-
process_attach \u2013 Attaches to a process with the given arguments.
-
attach \u2013 Attaches to a process with the given name or pid based on regex match.
-
process_connect \u2013 Connects to the given remote process.
-
gdb_remote \u2013 Like process_connect, but more lenient with the remote URL format.
-
continue_process \u2013 Continues the execution of a process.
Attributes:
-
show_tip \u2013 -
LLDB_EXCLUSIVE \u2013 -
target_create_ap \u2013 -
target_create_unsupported \u2013 -
process_launch_ap \u2013 -
process_launch_unsupported \u2013 -
process_attach_ap \u2013 -
process_attach_unsupported \u2013 -
process_connect_ap \u2013 -
gdb_remote_ap \u2013 -
continue_ap \u2013 -
continue_unsupported \u2013
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.show_tip","title":"show_tip module-attribute","text":"show_tip = add_param(\n \"show-tips\", True, \"whether to display the tip of the day on startup\"\n)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.LLDB_EXCLUSIVE","title":"LLDB_EXCLUSIVE module-attribute","text":"LLDB_EXCLUSIVE = [\n (\"script\", lambda cmd: startswith(\"sc\") and startswith(cmd)),\n (\"expression\", lambda cmd: startswith(\"e\") and startswith(cmd)),\n]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.target_create_ap","title":"target_create_ap module-attribute","text":"target_create_ap = ArgumentParser(add_help=False)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.target_create_unsupported","title":"target_create_unsupported module-attribute","text":"target_create_unsupported = [\n \"build\",\n \"core\",\n \"no-dependents\",\n \"remote-file\",\n \"symfile\",\n \"version\",\n]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_launch_ap","title":"process_launch_ap module-attribute","text":"process_launch_ap = ArgumentParser(add_help=False)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_launch_unsupported","title":"process_launch_unsupported module-attribute","text":"process_launch_unsupported = [\n \"disable-aslr\",\n \"script-class\",\n \"environment\",\n \"plugin\",\n \"shell-expand-args\",\n \"arch\",\n \"shell\",\n \"stderr\",\n \"stdin\",\n \"structured-data-key\",\n \"no-stdio\",\n \"stdout\",\n \"tty\",\n \"structured-data-value\",\n \"working-dir\",\n]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_attach_ap","title":"process_attach_ap module-attribute","text":"process_attach_ap = ArgumentParser(add_help=False)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_attach_unsupported","title":"process_attach_unsupported module-attribute","text":"process_attach_unsupported = [\n \"python-class\",\n \"plugin\",\n \"structured-data-key\",\n \"structured-data-value\",\n]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_connect_ap","title":"process_connect_ap module-attribute","text":"process_connect_ap = ArgumentParser(add_help=False)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.gdb_remote_ap","title":"gdb_remote_ap module-attribute","text":"gdb_remote_ap = ArgumentParser(add_help=False)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.continue_ap","title":"continue_ap module-attribute","text":"continue_ap = ArgumentParser(add_help=False)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.continue_unsupported","title":"continue_unsupported module-attribute","text":"continue_unsupported = ['ignore-count']\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay","title":"EventRelay","text":"EventRelay(dbg: LLDB)\n
Bases: EventHandler
The event system that is sensible for the REPL process driver to use isn't an exact match with the one used by the rest of Pwndbg. They're close, but there's a bit of work we have to do to properly convey certain events.
Methods:
-
created \u2013 -
suspended \u2013 -
resumed \u2013 -
exited \u2013 -
modules_loaded \u2013
Attributes:
-
dbg \u2013 -
ignore_resumed \u2013
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.dbg","title":"dbg instance-attribute","text":"dbg = dbg\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.ignore_resumed","title":"ignore_resumed instance-attribute","text":"ignore_resumed = 0\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.created","title":"created","text":"created()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.suspended","title":"suspended","text":"suspended(event: SBEvent)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.resumed","title":"resumed","text":"resumed()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.exited","title":"exited","text":"exited()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.modules_loaded","title":"modules_loaded","text":"modules_loaded()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.YieldExecDirect","title":"YieldExecDirect","text":"YieldExecDirect(command: str, capture: bool, prompt_silent: bool)\n
Execute the given command directly, on behalf of the user.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.YieldInteractive","title":"YieldInteractive","text":"Prompt the user for the next command.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController","title":"PwndbgController","text":"Class providing interfaces for a client to control the behavior of Pwndbg asynchronously.
Methods:
-
interactive \u2013 Runs a single interactive round, in which the user is prompted for a
-
execute \u2013 Runs the given command, and displays its output to the user.
-
execute_and_capture \u2013 Runs the given command, and captures its output as a byte string.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.interactive","title":"interactive","text":"interactive() -> Awaitable[None]\n
Runs a single interactive round, in which the user is prompted for a command from standard input and readline, and whatever command they type in is executed.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute","title":"execute","text":"execute(command: str) -> Awaitable[None]\n
Runs the given command, and displays its output to the user.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute--interactivity","title":"Interactivity","text":"Some commands - such as lldb and ipi - start interactive prompts when they are run, and issuing them through this command will not change that behavior.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute_and_capture","title":"execute_and_capture","text":"execute_and_capture(command: str) -> Awaitable[bytes]\n
Runs the given command, and captures its output as a byte string.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute_and_capture--interactivity","title":"Interactivity","text":"Same caveats apply as in execute.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute_and_capture--reliabily-of-capture","title":"Reliabily of Capture","text":"Some Pwndbg commands currently do not have their outputs captured, even when run through this command. It is expected that this will be improved in the future, but, as as general rule, clients should not rely on the output of the command being available.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.lex_args","title":"lex_args","text":"lex_args(args: str) -> list[str]\n
Splits the arguments, respecting quotation marks.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.show_greeting","title":"show_greeting","text":"show_greeting() -> None\n
Show the Pwndbg greeting, the same way the GDB version of Pwndbg would. This one is considerably simpler than the GDB version, however, as we control the lifetime of the program, we know exactly when the greeting needs to be shown, so we don't bother with any of the lifetime checks.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.print_error","title":"print_error","text":"print_error(msg: str, *args)\n
Print an error message in the style of the LLDB CLI.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.print_warn","title":"print_warn","text":"print_warn(msg: str, *args)\n
Print a warning message in the style of the LLDB CLI.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.run","title":"run","text":"run(\n controller: Callable[[PwndbgController], Coroutine[Any, Any, None]],\n debug: bool = False,\n) -> None\n
Runs the Pwndbg CLI through the given asynchronous controller.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.exec_repl_command","title":"exec_repl_command","text":"exec_repl_command(\n line: str,\n lldb_out_target: BinaryIO,\n dbg: LLDB,\n driver: ProcessDriver,\n relay: EventRelay,\n) -> bool\n
Parses and runs the given command, returning whether the event loop should continue.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.parse","title":"parse","text":"parse(\n args: list[str], parser: ArgumentParser, unsupported: list[str]\n) -> Any | None\n
Parses a list of string arguments into an object containing the parsed data.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.run_ipython_shell","title":"run_ipython_shell","text":"run_ipython_shell()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.target_create","title":"target_create","text":"target_create(args: list[str], dbg: LLDB) -> None\n
Creates a new target, registers it with the Pwndbg LLDB implementation, and sets up listeners for it.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_launch","title":"process_launch","text":"process_launch(\n driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\n
Launches a process with the given arguments.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_attach","title":"process_attach","text":"process_attach(\n driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\n
Attaches to a process with the given arguments.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.attach","title":"attach","text":"attach(\n driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\n
Attaches to a process with the given name or pid based on regex match. Used for _regexp-attach <pid|name> (alias for attach <pid|name>) Note: for some reason, attach does not really take a regex for process name.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_connect","title":"process_connect","text":"process_connect(\n driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\n
Connects to the given remote process.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.gdb_remote","title":"gdb_remote","text":"gdb_remote(\n driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\n
Like process_connect, but more lenient with the remote URL format.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.continue_process","title":"continue_process","text":"continue_process(driver: ProcessDriver, args: list[str], dbg: LLDB) -> None\n
Continues the execution of a process.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/","title":"pwndbg.dbg.lldb.repl.io","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io","title":"io","text":"For our REPL, we need to drive our own I/O with the process being debugged. This module contains all the strategies we have for doing that.
Classes:
-
OpportunisticTerminalControl \u2013 Handles optional terminal control for a given file descriptor. Crucially,
-
IODriver \u2013 -
IODriverPlainText \u2013 Plaintext-based I/O driver. It simply copies input from our standard input
-
IODriverPseudoTerminal \u2013 pty-based I/O driver. Forwards input from standard input and has support for
Functions:
Attributes:
-
TERM_CONTROL_AVAILABLE \u2013 -
SELECT_AVAILABLE \u2013 -
PTY_AVAILABLE \u2013 -
TC_LFLAG \u2013 -
LIVE_PSEUDO_TERMINAL_OBJECTS \u2013
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.TERM_CONTROL_AVAILABLE","title":"TERM_CONTROL_AVAILABLE module-attribute","text":"TERM_CONTROL_AVAILABLE = True\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.SELECT_AVAILABLE","title":"SELECT_AVAILABLE module-attribute","text":"SELECT_AVAILABLE = True\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.PTY_AVAILABLE","title":"PTY_AVAILABLE module-attribute","text":"PTY_AVAILABLE = True\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.TC_LFLAG","title":"TC_LFLAG module-attribute","text":"TC_LFLAG = 3\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.LIVE_PSEUDO_TERMINAL_OBJECTS","title":"LIVE_PSEUDO_TERMINAL_OBJECTS module-attribute","text":"LIVE_PSEUDO_TERMINAL_OBJECTS = False\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl","title":"OpportunisticTerminalControl","text":"OpportunisticTerminalControl(fd: int = -1)\n
Handles optional terminal control for a given file descriptor. Crucially, all the functions in this class should work regardless of whether terminal control is actually supported on not, but should do nothing in case it is not supported.
'/dev/tty', and use that.
Methods:
-
get_line_buffering \u2013 Gets the current state of line buffering for this terminal.
-
set_line_buffering \u2013 Enables or disables line buffering for this terminal.
-
get_echo \u2013 Gets the current state of echoing for this terminal.
-
set_echo \u2013 Enables or disables echoing for this terminal.
Attributes:
-
fd (int) \u2013 -
supported (bool) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.fd","title":"fd instance-attribute","text":"fd: int = fd\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.supported","title":"supported instance-attribute","text":"supported: bool = True\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.get_line_buffering","title":"get_line_buffering","text":"get_line_buffering() -> bool\n
Gets the current state of line buffering for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.set_line_buffering","title":"set_line_buffering","text":"set_line_buffering(enabled: bool) -> None\n
Enables or disables line buffering for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.get_echo","title":"get_echo","text":"get_echo() -> bool\n
Gets the current state of echoing for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.set_echo","title":"set_echo","text":"set_echo(enabled: bool) -> None\n
Enables or disables echoing for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver","title":"IODriver","text":"Methods:
-
stdio \u2013 The names for the stdin, stdout and stderr files, respectively. These
-
start \u2013 Starts the handling of I/O by this driver on the given process.
-
stop \u2013 Stops the handling of I/O by this driver.
-
on_output_event \u2013 Hints that there might be data in either the standard output or the
-
on_process_start \u2013 Allow the I/O driver an opportunity to change aspects of the process
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.stdio","title":"stdio","text":"stdio() -> tuple[str | None, str | None, str | None]\n
The names for the stdin, stdout and stderr files, respectively. These will get passed as arguments to SBTarget.Launch
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.start","title":"start","text":"start(process: Process) -> None\n
Starts the handling of I/O by this driver on the given process.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.stop","title":"stop","text":"stop() -> None\n
Stops the handling of I/O by this driver.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.on_output_event","title":"on_output_event","text":"on_output_event() -> None\n
Hints that there might be data in either the standard output or the standard error streams. This should be called when an eBroadcastBitSTDOUT or eBroadcastBitSTDERR is encountered by the event loop.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.on_process_start","title":"on_process_start","text":"on_process_start(proc: SBProcess) -> None\n
Allow the I/O driver an opportunity to change aspects of the process after it has been launched, but before it has started executing, if it so wishes.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText","title":"IODriverPlainText","text":"IODriverPlainText()\n
Bases: IODriver
Plaintext-based I/O driver. It simply copies input from our standard input to the standard input of a given process, and copies output from the standard output of a given process to out standard output.
Methods:
-
stdio \u2013 -
on_output_event \u2013 -
on_process_start \u2013 -
start \u2013 -
stop \u2013
Attributes:
-
in_thr (Thread) \u2013 -
out_thr (Thread) \u2013 -
likely_output (BoundedSemaphore) \u2013 -
process (SBProcess) \u2013 -
stop_requested (Event) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.in_thr","title":"in_thr instance-attribute","text":"in_thr: Thread\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.out_thr","title":"out_thr instance-attribute","text":"out_thr: Thread\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.likely_output","title":"likely_output instance-attribute","text":"likely_output: BoundedSemaphore = BoundedSemaphore(1)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.process","title":"process instance-attribute","text":"process: SBProcess = None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.stop_requested","title":"stop_requested instance-attribute","text":"stop_requested: Event = Event()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.stdio","title":"stdio","text":"stdio() -> tuple[str | None, str | None, str | None]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.on_output_event","title":"on_output_event","text":"on_output_event() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.on_process_start","title":"on_process_start","text":"on_process_start(proc: SBProcess) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.start","title":"start","text":"start(process: Process) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.stop","title":"stop","text":"stop() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal","title":"IODriverPseudoTerminal","text":"IODriverPseudoTerminal(manager: int, worker: str)\n
Bases: IODriver
pty-based I/O driver. Forwards input from standard input and has support for terminal width and height, and for terminal-based file operations on the program being debugged.
Methods:
-
stdio \u2013 -
start \u2013 -
stop \u2013 -
on_output_event \u2013 -
on_process_start \u2013
Attributes:
-
io_thread (Thread) \u2013 -
has_terminal_control (bool) \u2013 -
manager (int) \u2013 -
worker (str) \u2013 -
termcontrol (OpportunisticTerminalControl) \u2013 -
stop_requested (Event) \u2013 -
input_buffer (bytes) \u2013 -
process (SBProcess) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.io_thread","title":"io_thread instance-attribute","text":"io_thread: Thread\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.has_terminal_control","title":"has_terminal_control instance-attribute","text":"has_terminal_control: bool\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.manager","title":"manager instance-attribute","text":"manager: int = manager\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.worker","title":"worker instance-attribute","text":"worker: str = worker\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.termcontrol","title":"termcontrol instance-attribute","text":"termcontrol: OpportunisticTerminalControl = OpportunisticTerminalControl()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.stop_requested","title":"stop_requested instance-attribute","text":"stop_requested: Event = Event()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.input_buffer","title":"input_buffer instance-attribute","text":"input_buffer: bytes = b''\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.process","title":"process instance-attribute","text":"process: SBProcess = None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.stdio","title":"stdio","text":"stdio() -> tuple[str | None, str | None, str | None]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.start","title":"start","text":"start(process: Process) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.stop","title":"stop","text":"stop() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.on_output_event","title":"on_output_event","text":"on_output_event() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.on_process_start","title":"on_process_start","text":"on_process_start(proc: SBProcess) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.get_io_driver","title":"get_io_driver","text":"get_io_driver() -> IODriver\n
Instances a new IODriver using the best strategy available in the current system. Meaning a PTY on Unix and plain text on Windows.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.make_pty","title":"make_pty","text":"make_pty() -> tuple[str, int] | None\n
We need to make a pseudo-terminal ourselves if we want the process to handle naturally for the user. Returns a tuple with the path of the worker device and the file descriptor of the manager device if successful.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/","title":"pwndbg.dbg.lldb.repl.proc","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc","title":"proc","text":"Classes:
-
EventHandler \u2013 The event types that make sense for us to track in the process driver aren't
-
ProcessDriver \u2013 Drives the execution of a process, responding to its events and handling its
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler","title":"EventHandler","text":"The event types that make sense for us to track in the process driver aren't the same as the ones in the rest of Pwndbg, so we just expose the native events in process driver, and let the rest of the REPL deal with any complexities that might arise from the translation.
This is mostly intended to keep the complexity of generating the START and NEW_THREAD events correctly out of the process driver.
Methods:
-
created \u2013 This function is called when a process is created or attached to.
-
suspended \u2013 This function is called when the execution of a process is suspended.
-
resumed \u2013 This function is called when the execution of a process is resumed.
-
exited \u2013 This function is called when a process terminates or is detached from.
-
modules_loaded \u2013 This function is called when a new modules have been loaded.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.created","title":"created","text":"created()\n
This function is called when a process is created or attached to.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.suspended","title":"suspended","text":"suspended(cause: SBEvent)\n
This function is called when the execution of a process is suspended.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.resumed","title":"resumed","text":"resumed()\n
This function is called when the execution of a process is resumed.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.exited","title":"exited","text":"exited()\n
This function is called when a process terminates or is detached from.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.modules_loaded","title":"modules_loaded","text":"modules_loaded()\n
This function is called when a new modules have been loaded.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver","title":"ProcessDriver","text":"ProcessDriver(event_handler: EventHandler, debug=False)\n
Drives the execution of a process, responding to its events and handling its I/O, and exposes a simple synchronous interface to the REPL interface.
Methods:
-
has_process \u2013 Whether there's an active process in this driver.
-
has_connection \u2013 Whether this driver's connected to a target. All drivers that have an
-
cancel \u2013 Request that a currently ongoing operation be cancelled.
-
interrupt \u2013 Interrupts the currently running process.
-
cont \u2013 Continues execution of the process this object is driving, and returns
-
run_lldb_command \u2013 Runs the given LLDB command and ataches I/O if necessary.
-
run_coroutine \u2013 Runs the given coroutine and allows it to control the execution of the
-
launch \u2013 Launches the process and handles startup events. Always stops on first
-
attach \u2013 Attach to a process and handles startup events. Always stops on first
-
connect \u2013 Connects to a remote proces with the given URL using the plugin with the
Attributes:
-
io (IODriver) \u2013 -
process (SBProcess) \u2013 -
listener (SBListener) \u2013 -
debug (bool) \u2013 -
eh (EventHandler) \u2013 -
cancellation_requested (bool) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.io","title":"io instance-attribute","text":"io: IODriver = None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.process","title":"process instance-attribute","text":"process: SBProcess = None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.listener","title":"listener instance-attribute","text":"listener: SBListener = None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.debug","title":"debug instance-attribute","text":"debug: bool = debug\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.eh","title":"eh instance-attribute","text":"eh: EventHandler = event_handler\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.cancellation_requested","title":"cancellation_requested instance-attribute","text":"cancellation_requested: bool = False\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.has_process","title":"has_process","text":"has_process() -> bool\n
Whether there's an active process in this driver.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.has_connection","title":"has_connection","text":"has_connection() -> bool\n
Whether this driver's connected to a target. All drivers that have an active process also must necessarily be connected.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.cancel","title":"cancel","text":"cancel() -> None\n
Request that a currently ongoing operation be cancelled.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.interrupt","title":"interrupt","text":"interrupt() -> None\n
Interrupts the currently running process.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.cont","title":"cont","text":"cont() -> None\n
Continues execution of the process this object is driving, and returns whenever the process stops.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.run_lldb_command","title":"run_lldb_command","text":"run_lldb_command(command: str, target: BinaryIO) -> None\n
Runs the given LLDB command and ataches I/O if necessary.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.run_coroutine","title":"run_coroutine","text":"run_coroutine(coroutine: Coroutine[Any, Any, None]) -> bool\n
Runs the given coroutine and allows it to control the execution of the process in this driver. Returns True if the coroutine ran to completion, and False if it was cancelled.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.launch","title":"launch","text":"launch(\n target: SBTarget,\n io: IODriver,\n env: list[str],\n args: list[str],\n working_dir: str,\n) -> SBError\n
Launches the process and handles startup events. Always stops on first opportunity, and returns immediately after the process has stopped.
Fires the created() event.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.attach","title":"attach","text":"attach(target: SBTarget, io: IODriver, info: SBAttachInfo) -> SBError\n
Attach to a process and handles startup events. Always stops on first opportunity, and returns immediately after the process has stopped.
Fires the created() event.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.connect","title":"connect","text":"connect(target: SBTarget, io: IODriver, url: str, plugin: str) -> SBError\n
Connects to a remote proces with the given URL using the plugin with the given name. This might cause the process to launch in some implementations, or it might require a call to launch(), in implementations that require a further call to SBProcess::RemoteLaunch().
Fires the created() event if a process is automatically attached to or launched when a connection succeeds.
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/","title":"pwndbg.dbg.lldb.repl.readline","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline","title":"readline","text":"Readline interface for the Pwndbg LLDB REPL.
Mostly concerns itself with argument completion.
Functions:
-
complete \u2013 Runs the tab autocompletion function for readline based on the values
-
display_completions \u2013 Display the completions found by complete in the style of LLDB.
-
wrap_with_history \u2013 -
ctx_with_history \u2013 -
enable_readline \u2013 Enables the readline functionality.
-
disable_readline \u2013 Disables the readline functionality.
Attributes:
-
P \u2013 -
T \u2013 -
PROMPT \u2013 -
HISTORY_FILE \u2013 -
complete_values \u2013 -
complete_descrs \u2013
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.PROMPT","title":"PROMPT module-attribute","text":"PROMPT = readline_escape(prompt, 'pwndbg-lldb> ')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.HISTORY_FILE","title":"HISTORY_FILE module-attribute","text":"HISTORY_FILE = expanduser('~/.pwndbg_history')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.complete_values","title":"complete_values module-attribute","text":"complete_values = SBStringList()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.complete_descrs","title":"complete_descrs module-attribute","text":"complete_descrs = SBStringList()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.complete","title":"complete","text":"complete(dbg: LLDB, text: str, state: int) -> str | None\n
Runs the tab autocompletion function for readline based on the values returned by SBCommandInterpreter.HandleCompletion.
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.display_completions","title":"display_completions","text":"display_completions(substitutions, matches, longest_match_len)\n
Display the completions found by complete in the style of LLDB.
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.wrap_with_history","title":"wrap_with_history","text":"wrap_with_history(function: Callable[P, T]) -> Callable[P, T]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.ctx_with_history","title":"ctx_with_history","text":"ctx_with_history()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.enable_readline","title":"enable_readline","text":"enable_readline(dbg: LLDB)\n
Enables the readline functionality.
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.disable_readline","title":"disable_readline","text":"disable_readline()\n
Disables the readline functionality.
"},{"location":"reference/pwndbg/dbg/lldb/util/","title":"pwndbg.dbg.lldb.util","text":""},{"location":"reference/pwndbg/dbg/lldb/util/#pwndbg.dbg.lldb.util","title":"util","text":"Functions:
"},{"location":"reference/pwndbg/dbg/lldb/util/#pwndbg.dbg.lldb.util.system_decode","title":"system_decode","text":"system_decode(b: bytes) -> str\n
LLDB requires Python strings in many places where it makes sense to accept bytes values. This is mostly an artifact of how Swig maps C char* to str in Python, but since Swig will refuse bytes objects, we have to figure out a way to pass this data as a regular string object, even if that's nonsensical in Python terms.
This function tries its best to resolve that by decoding it with the same decoder the filesystem uses, and, failing that, ASCII.
"},{"location":"reference/pwndbg/decorators/","title":"pwndbg.decorators","text":""},{"location":"reference/pwndbg/decorators/#pwndbg.decorators","title":"decorators","text":"Project-wide function decorators.
Functions:
Attributes:
-
first_prompt \u2013 -
P \u2013 -
T \u2013 -
K \u2013
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.first_prompt","title":"first_prompt module-attribute","text":"first_prompt = False\n
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.K","title":"K module-attribute","text":"K = TypeVar('K')\n
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.only_after_first_prompt","title":"only_after_first_prompt","text":"only_after_first_prompt(\n value_before: T | None = None,\n) -> Callable[[Callable[P, T]], Callable[P, T | None]]\n
Decorator to prevent a function from running before the first prompt was displayed. The 'value_before' parameter can be used to specify the value that is returned if the function is called before the first prompt was displayed.
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.suppress_errors","title":"suppress_errors","text":"suppress_errors(\n fallback: K = None, should_warn: bool = True\n) -> Callable[[Callable[P, T]], Callable[P, T | K]]\n
Decorator to make a function return a fallback value when it would otherwise error. The 'fallback' parameter can be used to specify the fallback value. If the 'should_warn' parameter is set, a warning will be printed whenever an error is suppressed.
"},{"location":"reference/pwndbg/emu/","title":"pwndbg.emu","text":""},{"location":"reference/pwndbg/emu/#pwndbg.emu","title":"emu","text":"Emulation assistance from Unicorn.
Modules:
"},{"location":"reference/pwndbg/emu/emulator/","title":"pwndbg.emu.emulator","text":""},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator","title":"emulator","text":"Emulation assistance from Unicorn.
Classes:
-
InstructionExecutedResult \u2013 -
Emulator \u2013
Functions:
Attributes:
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.arch_to_UC","title":"arch_to_UC module-attribute","text":"arch_to_UC = {\n \"i386\": UC_ARCH_X86,\n \"x86-64\": UC_ARCH_X86,\n \"mips\": UC_ARCH_MIPS,\n \"sparc\": UC_ARCH_SPARC,\n \"arm\": UC_ARCH_ARM,\n \"armcm\": UC_ARCH_ARM,\n \"aarch64\": UC_ARCH_ARM64,\n \"rv32\": UC_ARCH_RISCV,\n \"rv64\": UC_ARCH_RISCV,\n \"s390x\": UC_ARCH_S390X,\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.arch_to_UC_consts","title":"arch_to_UC_consts module-attribute","text":"arch_to_UC_consts = {\n \"i386\": parse_consts(x86_const),\n \"x86-64\": parse_consts(x86_const),\n \"mips\": parse_consts(mips_const),\n \"sparc\": parse_consts(sparc_const),\n \"arm\": parse_consts(arm_const),\n \"armcm\": parse_consts(arm_const),\n \"aarch64\": parse_consts(arm64_const),\n \"rv32\": parse_consts(riscv_const),\n \"rv64\": parse_consts(riscv_const),\n \"s390x\": parse_consts(s390x_const),\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.arch_to_reg_const_map","title":"arch_to_reg_const_map module-attribute","text":"arch_to_reg_const_map = {\n \"i386\": create_reg_to_const_map(arch_to_UC_consts[\"i386\"]),\n \"x86-64\": create_reg_to_const_map(\n arch_to_UC_consts[\"x86-64\"],\n {\"FSBASE\": UC_X86_REG_FS_BASE, \"GSBASE\": UC_X86_REG_GS_BASE},\n ),\n \"mips\": create_reg_to_const_map(arch_to_UC_consts[\"mips\"]),\n \"sparc\": create_reg_to_const_map(arch_to_UC_consts[\"sparc\"]),\n \"arm\": create_reg_to_const_map(arch_to_UC_consts[\"arm\"]),\n \"armcm\": create_reg_to_const_map(arch_to_UC_consts[\"armcm\"]),\n \"aarch64\": create_reg_to_const_map(\n arch_to_UC_consts[\"aarch64\"], {\"CPSR\": UC_ARM64_REG_NZCV}\n ),\n \"rv32\": create_reg_to_const_map(arch_to_UC_consts[\"rv32\"]),\n \"rv64\": create_reg_to_const_map(arch_to_UC_consts[\"rv64\"]),\n \"s390x\": create_reg_to_const_map(arch_to_UC_consts[\"s390x\"]),\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.enable_virtual_tlb","title":"enable_virtual_tlb module-attribute","text":"enable_virtual_tlb = {'s390x': True}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.DEBUG","title":"DEBUG module-attribute","text":"DEBUG = NO_DEBUG\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.arch_to_SYSCALL","title":"arch_to_SYSCALL module-attribute","text":"arch_to_SYSCALL = {\n UC_ARCH_X86: [\n X86_INS_SYSCALL,\n X86_INS_SYSENTER,\n X86_INS_SYSEXIT,\n X86_INS_SYSRET,\n X86_INS_IRET,\n X86_INS_IRETD,\n X86_INS_IRETQ,\n X86_INS_INT,\n X86_INS_INT1,\n X86_INS_INT3,\n ],\n UC_ARCH_MIPS: [MIPS_INS_SYSCALL],\n UC_ARCH_SPARC: [SPARC_INS_T],\n UC_ARCH_ARM: [ARM_INS_SVC],\n UC_ARCH_ARM64: [AARCH64_INS_SVC],\n UC_ARCH_PPC: [PPC_INS_SC],\n UC_ARCH_RISCV: [RISCV_INS_ECALL],\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.ARM_BANNED_INSTRUCTIONS","title":"ARM_BANNED_INSTRUCTIONS module-attribute","text":"ARM_BANNED_INSTRUCTIONS = {\n ARM_INS_MRC,\n ARM_INS_MRRC,\n ARM_INS_MRC2,\n ARM_INS_MRRC2,\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.BANNED_INSTRUCTIONS","title":"BANNED_INSTRUCTIONS module-attribute","text":"BANNED_INSTRUCTIONS = {\n \"mips\": {MIPS_INS_RDHWR},\n \"arm\": ARM_BANNED_INSTRUCTIONS,\n \"armcm\": ARM_BANNED_INSTRUCTIONS,\n \"aarch64\": {AARCH64_INS_MRS},\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.blacklisted_regs","title":"blacklisted_regs module-attribute","text":"blacklisted_regs = ['ip', 'cs', 'ds', 'es', 'fs', 'gs', 'ss']\n
e = pwndbg.emu.emulator.Emulator() e.until_jump()
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.InstructionExecutedResult","title":"InstructionExecutedResult","text":" Bases: NamedTuple
Attributes:
-
address (int) \u2013 -
size (int) \u2013
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.InstructionExecutedResult.address","title":"address instance-attribute","text":"address: int\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.InstructionExecutedResult.size","title":"size instance-attribute","text":"size: int\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator","title":"Emulator","text":"Emulator()\n
Methods:
-
read_register \u2013 -
read_memory \u2013 -
telescope \u2013 -
format_telescope \u2013 -
format_telescope_list \u2013 -
telescope_enhance \u2013 -
memory_read_string \u2013 -
__getattr__ \u2013 -
update_pc \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
-
get_uc_mode \u2013 Retrieve the mode used by Unicorn for the current architecture.
-
map_page \u2013 -
hook_mem_invalid \u2013 -
hook_intr \u2013 We never want to emulate through an interrupt. Just stop.
-
get_reg_enum \u2013 Returns the Unicorn Emulator enum code for the named register.
-
hook_add \u2013 -
hook_del \u2013 -
emu_start \u2013 -
emu_stop \u2013 -
emulate_with_hook \u2013 -
mem_read \u2013 -
until_jump \u2013 Emulates instructions starting at the specified address until the
-
until_jump_hook_code \u2013 -
until_call \u2013 -
until_syscall \u2013 Emulates instructions starting at the specified address until the program
-
until_syscall_hook_code \u2013 -
single_step \u2013 Steps one instruction.
-
single_step_iter \u2013 -
single_step_hook_code \u2013 -
dumpregs \u2013 -
trace_hook \u2013 -
__repr__ \u2013
Attributes:
-
arch \u2013 -
const_regs \u2013 -
uc_mode \u2013 -
uc \u2013 -
regs (RegisterSet) \u2013 -
valid \u2013 -
last_pc \u2013 -
last_single_step_result \u2013 -
last_step_succeeded (bool) \u2013
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.arch","title":"arch instance-attribute","text":"arch = name\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.const_regs","title":"const_regs instance-attribute","text":"const_regs = arch_to_reg_const_map[arch]\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.uc_mode","title":"uc_mode instance-attribute","text":"uc_mode = get_uc_mode()\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.uc","title":"uc instance-attribute","text":"uc = Uc(arch_to_UC[arch], uc_mode)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.regs","title":"regs instance-attribute","text":"regs: RegisterSet = current\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.valid","title":"valid instance-attribute","text":"valid = True\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.last_pc","title":"last_pc instance-attribute","text":"last_pc = None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.last_single_step_result","title":"last_single_step_result instance-attribute","text":"last_single_step_result = InstructionExecutedResult(None, None)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.last_step_succeeded","title":"last_step_succeeded property","text":"last_step_succeeded: bool\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.read_register","title":"read_register","text":"read_register(name: str)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.read_memory","title":"read_memory","text":"read_memory(address: int, size: int) -> bytes | None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.telescope","title":"telescope","text":"telescope(address: int, limit: int, read_size: int = None) -> list[int]\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.format_telescope","title":"format_telescope","text":"format_telescope(address: int, limit: int) -> str\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.format_telescope_list","title":"format_telescope_list","text":"format_telescope_list(\n chain: list[int], limit: int, enhance_string_len: int = None\n) -> str\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.telescope_enhance","title":"telescope_enhance","text":"telescope_enhance(\n value: int, code: bool = True, enhance_string_len: int = None\n)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.memory_read_string","title":"memory_read_string","text":"memory_read_string(\n address: int, max_string_len=None, max_read=None\n) -> str | None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.update_pc","title":"update_pc","text":"update_pc(pc=None) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> int\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
This reads from the emulator itself, meaning this can be read to determine a state transitions between non-Thumb and Thumb mode
Return None if the Thumb bit is not relevent to the current architecture
Mimics the read_thumb_bit function defined in aglib/arch.py
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.get_uc_mode","title":"get_uc_mode","text":"get_uc_mode()\n
Retrieve the mode used by Unicorn for the current architecture.
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.map_page","title":"map_page","text":"map_page(page) -> bool\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_mem_invalid","title":"hook_mem_invalid","text":"hook_mem_invalid(uc, access, address, size: int, value, user_data) -> bool\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_intr","title":"hook_intr","text":"hook_intr(uc, intno, user_data) -> None\n
We never want to emulate through an interrupt. Just stop.
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.get_reg_enum","title":"get_reg_enum","text":"get_reg_enum(reg: str) -> int | None\n
Returns the Unicorn Emulator enum code for the named register.
Also supports general registers like 'sp' and 'pc'.
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_add","title":"hook_add","text":"hook_add(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_del","title":"hook_del","text":"hook_del(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.emu_start","title":"emu_start","text":"emu_start(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.emu_stop","title":"emu_stop","text":"emu_stop(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.emulate_with_hook","title":"emulate_with_hook","text":"emulate_with_hook(hook, count=512) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.mem_read","title":"mem_read","text":"mem_read(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_jump","title":"until_jump","text":"until_jump(pc: int = None)\n
Emulates instructions starting at the specified address until the program counter is set to an address which does not linearly follow the previously-emulated instruction.
Parameters:
Return Returns a tuple containing the address of the jump instruction, and its target in the format (address, target).
If emulation is forced to stop (e.g., because of a syscall or invalid memory access) then address is the instruction which could not be emulated through, and target will be None.
Notes This routine does not consider 'call $+5'
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_jump_hook_code","title":"until_jump_hook_code","text":"until_jump_hook_code(_uc, address, instruction_size: int, _user_data) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_call","title":"until_call","text":"until_call(pc=None)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_syscall","title":"until_syscall","text":"until_syscall(pc=None)\n
Emulates instructions starting at the specified address until the program counter points at a syscall instruction (int 0x80, svc, etc.).
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_syscall_hook_code","title":"until_syscall_hook_code","text":"until_syscall_hook_code(uc, address, size: int, user_data) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.single_step","title":"single_step","text":"single_step(pc=None, check_instruction=False) -> tuple[int, int]\n
Steps one instruction.
Yields:
-
int \u2013 Each iteration, yields a tuple of (address_just_executed, instruction_size).
-
int \u2013 Returns (None, None) upon failure to execute the instruction
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.single_step_iter","title":"single_step_iter","text":"single_step_iter(pc=None)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.single_step_hook_code","title":"single_step_hook_code","text":"single_step_hook_code(\n _uc, address: int, instruction_size: int, _user_data\n) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.dumpregs","title":"dumpregs","text":"dumpregs() -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.trace_hook","title":"trace_hook","text":"trace_hook(_uc, address, instruction_size: int, _user_data) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.__repr__","title":"__repr__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.parse_consts","title":"parse_consts","text":"parse_consts(u_consts) -> dict[str, int]\n
Unicorn \"consts\" is a python module consisting of a variable definition for each known entity. We repack it here as a dict for performance.
Maps \"UC_*\" -> integer value of the constant
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.create_reg_to_const_map","title":"create_reg_to_const_map","text":"create_reg_to_const_map(\n base_consts: dict[str, int], additional_mapping: dict[str, int] = None\n) -> dict[str, int]\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.debug","title":"debug","text":"debug(debug_type, fmt, args=()) -> None\n
"},{"location":"reference/pwndbg/enhance/","title":"pwndbg.enhance","text":""},{"location":"reference/pwndbg/enhance/#pwndbg.enhance","title":"enhance","text":"Attempt to describe the data at a memory address as best as possible.
Only when the data is not a pointer.
Currently prints out code, integers, or strings, in a best-effort manner dependent on page permissions, the contents of the data, and any supplemental information sources (e.g. active IDA Pro connection).
Functions:
"},{"location":"reference/pwndbg/enhance/#pwndbg.enhance.format_small_int","title":"format_small_int","text":"format_small_int(value: int) -> str\n
"},{"location":"reference/pwndbg/enhance/#pwndbg.enhance.format_small_int_pair","title":"format_small_int_pair","text":"format_small_int_pair(first: int, second: int) -> tuple[str, str]\n
"},{"location":"reference/pwndbg/enhance/#pwndbg.enhance.int_str","title":"int_str","text":"int_str(value: int) -> str\n
"},{"location":"reference/pwndbg/enhance/#pwndbg.enhance.enhance","title":"enhance","text":"enhance(\n value: int,\n code: bool = True,\n safe_linking: bool = False,\n attempt_dereference=True,\n enhance_string_len: int = None,\n) -> str\n
Given the last pointer in a chain, attempt to characterize
Note that 'the last pointer in a chain' may not at all actually be a pointer.
Additionally, optimizations are made based on various sources of data for 'value'. For example, if it is set to RWX, we try to get information on whether it resides on the stack, or in a RW section that happens to be RWX, to determine which order to print the fields.
Parameters:
-
value (int) \u2013 Value to enhance
-
code (bool, default: True ) \u2013 Hint that indicates the value may be an instruction
-
safe_linking (bool, default: False ) \u2013 Whether this chain use safe-linking
-
enhance_string_len (int, default: None ) \u2013 The length of string to display for enhancement of the last pointer
"},{"location":"reference/pwndbg/exception/","title":"pwndbg.exception","text":""},{"location":"reference/pwndbg/exception/#pwndbg.exception","title":"exception","text":"Common exception handling.
Functions:
-
print_exception \u2013 -
inform_report_issue \u2013 Informs user that he can report an issue.
-
inform_verbose_and_debug \u2013 -
handle \u2013 Displays an exception to the user, optionally displaying a full traceback
-
set_trace \u2013 Enable sane debugging in Pwndbg by switching to the \"real\" stdio.
-
update \u2013
Attributes:
-
verbose \u2013 -
debug \u2013
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.verbose","title":"verbose module-attribute","text":"verbose = add_param(\n \"exception-verbose\",\n False,\n \"print a full stacktrace for exceptions raised in Pwndbg commands\",\n)\n
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.debug","title":"debug module-attribute","text":"debug = add_param(\n \"exception-debugger\",\n False,\n \"whether to debug exceptions raised in Pwndbg commands\",\n)\n
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.print_exception","title":"print_exception","text":"print_exception(exception_msg) -> None\n
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.inform_report_issue","title":"inform_report_issue","text":"inform_report_issue(exception_msg) -> None\n
Informs user that he can report an issue. The use of caching makes it reporting only once for a given exception message.
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.inform_verbose_and_debug","title":"inform_verbose_and_debug","text":"inform_verbose_and_debug() -> None\n
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.handle","title":"handle","text":"handle(name='Error')\n
Displays an exception to the user, optionally displaying a full traceback and spawning an interactive post-moretem debugger.
Notes set exception-verbose on enables stack traces.set exception-debugger on enables the post-mortem debugger.
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.set_trace","title":"set_trace","text":"set_trace() -> None\n
Enable sane debugging in Pwndbg by switching to the \"real\" stdio.
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.update","title":"update","text":"update() -> None\n
"},{"location":"reference/pwndbg/gdblib/","title":"pwndbg.gdblib","text":""},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib","title":"gdblib","text":"Library for handling GDB logic. Being removed in favour of aglib.
Modules:
-
bpoint \u2013 -
config \u2013 Dynamic configuration system for pwndbg, using GDB's built-in Parameter
-
events \u2013 Enables callbacks into functions to be automatically invoked
-
functions \u2013 Put all functions defined for gdb in here.
-
got \u2013 Global Offset Table Tracker
-
hooks \u2013 -
info \u2013 Runs a few useful commands which are available under \"info\".
-
prompt \u2013 -
ptmalloc2_tracking \u2013 Heap Tracking
-
scheduler \u2013 -
shellcode \u2013 Shellcode
-
symbol \u2013 Looking up addresses for function names / symbols, and
-
tui \u2013 -
vmmap \u2013 Routines to enumerate mapped memory, and attempt to associate
Functions:
Attributes:
-
regs \u2013 -
__all__ \u2013 -
gdb_version \u2013 -
msg \u2013
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.regs","title":"regs module-attribute","text":"regs = None\n
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.__all__","title":"__all__ module-attribute","text":"__all__ = ()\n
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.gdb_version","title":"gdb_version module-attribute","text":"gdb_version = tuple(map(int, groups()))\n
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.msg","title":"msg module-attribute","text":"msg = 'Unsupported GDB version, pwndbg only support GDB12+'\n
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.load_gdblib","title":"load_gdblib","text":"load_gdblib() -> None\n
Import all gdblib modules that need to run code on import
"},{"location":"reference/pwndbg/gdblib/bpoint/","title":"pwndbg.gdblib.bpoint","text":""},{"location":"reference/pwndbg/gdblib/bpoint/#pwndbg.gdblib.bpoint","title":"bpoint","text":"Classes:
"},{"location":"reference/pwndbg/gdblib/bpoint/#pwndbg.gdblib.bpoint.Breakpoint","title":"Breakpoint","text":" Bases: Breakpoint
Breakpoint class, similar to gdb.Breakpoint, but clears the caches associated with the stop event before determining whether it should stop the inferior or not.
Unlike gdb.Breakpoint, users of this class should override should_stop(), instead of stop(), as the latter is used to do cache invalidation.
Methods:
"},{"location":"reference/pwndbg/gdblib/bpoint/#pwndbg.gdblib.bpoint.Breakpoint.stop","title":"stop","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/bpoint/#pwndbg.gdblib.bpoint.Breakpoint.should_stop","title":"should_stop","text":"should_stop() -> bool\n
This function is called whenever this breakpoint is hit in the code and its return value determines whether the inferior will be stopped.
"},{"location":"reference/pwndbg/gdblib/config/","title":"pwndbg.gdblib.config","text":""},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config","title":"config","text":"Dynamic configuration system for pwndbg, using GDB's built-in Parameter mechanism.
To create a new pwndbg configuration point, call pwndbg.config.add_param.
Parameters should be declared in the module in which they are primarily used, or in this module for general-purpose parameters.
All pwndbg Parameter types are accessible via property access on this module, for example:
>>> pwndbg.config.add_param('example-value', 7, 'an example')\n>>> int(pwndbg.config.example_value)\n7\n
Classes:
Functions:
Attributes:
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.CLASS_MAPPING","title":"CLASS_MAPPING module-attribute","text":"CLASS_MAPPING = {\n PARAM_BOOLEAN: PARAM_BOOLEAN,\n PARAM_AUTO_BOOLEAN: PARAM_AUTO_BOOLEAN,\n PARAM_INTEGER: PARAM_INTEGER,\n PARAM_ZINTEGER: PARAM_ZINTEGER,\n PARAM_UINTEGER: PARAM_UINTEGER,\n PARAM_ZUINTEGER: PARAM_ZUINTEGER,\n PARAM_ZUINTEGER_UNLIMITED: PARAM_ZUINTEGER_UNLIMITED,\n PARAM_STRING: PARAM_STRING,\n PARAM_ENUM: PARAM_ENUM,\n PARAM_OPTIONAL_FILENAME: PARAM_OPTIONAL_FILENAME,\n}\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter","title":"Parameter","text":"Parameter(param: Parameter)\n
Bases: Parameter
Methods:
-
init_super \u2013 Initializes the super class for GDB >= 9
-
on_change \u2013 Called when the value of the pwndbg.lib.config.Parameter changes
-
get_set_string \u2013 Handles the GDB set <param>
-
get_show_string \u2013 Handles the GDB show <param>
Attributes:
-
set_doc \u2013 -
show_doc \u2013 -
__doc__ \u2013 -
param \u2013 -
value \u2013 -
native_value \u2013 -
native_default \u2013
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.set_doc","title":"set_doc instance-attribute","text":"set_doc = 'Set ' + set_show_doc + '.'\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.show_doc","title":"show_doc instance-attribute","text":"show_doc = 'Show ' + set_show_doc + '.'\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.__doc__","title":"__doc__ instance-attribute","text":"__doc__ = help_docstring or None\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.param","title":"param instance-attribute","text":"param = param\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.value","title":"value instance-attribute","text":"value = value\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.native_value","title":"native_value property","text":"native_value\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.native_default","title":"native_default property","text":"native_default\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.init_super","title":"init_super","text":"init_super(param: Parameter) -> None\n
Initializes the super class for GDB >= 9
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.on_change","title":"on_change","text":"on_change(value: Any) -> None\n
Called when the value of the pwndbg.lib.config.Parameter changes Transfer the value to the GDB parameter to keep them in sync.
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.get_set_string","title":"get_set_string","text":"get_set_string() -> str\n
Handles the GDB set <param>
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.get_show_string","title":"get_show_string","text":"get_show_string(svalue: str) -> str\n
Handles the GDB show <param>
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.init_params","title":"init_params","text":"init_params() -> None\n
"},{"location":"reference/pwndbg/gdblib/events/","title":"pwndbg.gdblib.events","text":""},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events","title":"events","text":"Enables callbacks into functions to be automatically invoked when various events occur to the debuggee (e.g. STOP on SIGINT) by using a decorator.
Classes:
Functions:
Attributes:
-
DISABLED \u2013 -
DISABLED_DEADLOCK \u2013 -
ENABLED \u2013 -
debug \u2013 -
gdb_workaround_stop_event \u2013 -
P \u2013 -
T \u2013 -
queued_events (Deque[Callable[..., Any]]) \u2013 -
executing_event \u2013 -
registered (dict[Any, dict[HandlerPriority, list[Callable[..., Any]]]]) \u2013 -
connected \u2013 -
paused \u2013
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.DISABLED","title":"DISABLED module-attribute","text":"DISABLED = 'disabled'\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.DISABLED_DEADLOCK","title":"DISABLED_DEADLOCK module-attribute","text":"DISABLED_DEADLOCK = 'disabled-deadlock'\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.ENABLED","title":"ENABLED module-attribute","text":"ENABLED = 'enabled'\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.debug","title":"debug module-attribute","text":"debug = add_param(\n \"debug-events\", False, \"display internal event debugging info\"\n)\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.gdb_workaround_stop_event","title":"gdb_workaround_stop_event module-attribute","text":"gdb_workaround_stop_event = add_param('gdb-workaround-stop-event', DISABLED, \"asynchronous stop events to improve 'commands' functionality\", help_docstring=f'\nNote that this may cause unexpected behavior with Pwndbg or gdb.execute.\n\nValues explained:\n\n+ `{DISABLED}` - Disable the workaround (default).\n+ `{DISABLED_DEADLOCK}` - Disable only deadlock detection; deadlocks may still occur.\n+ `{ENABLED}` - Enable asynchronous stop events; gdb.execute may behave unexpectedly (asynchronously).\n ', param_class=PARAM_ENUM, enum_sequence=[DISABLED, DISABLED_DEADLOCK, ENABLED])\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.queued_events","title":"queued_events module-attribute","text":"queued_events: Deque[Callable[..., Any]] = deque()\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.executing_event","title":"executing_event module-attribute","text":"executing_event = False\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.registered","title":"registered module-attribute","text":"registered: dict[Any, dict[HandlerPriority, list[Callable[..., Any]]]] = {\n exited: {},\n cont: {},\n new_objfile: {},\n stop: {},\n start: {},\n new_thread: {},\n before_prompt: {},\n memory_changed: {},\n register_changed: {},\n}\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.connected","title":"connected module-attribute","text":"connected = {}\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.paused","title":"paused module-attribute","text":"paused = defaultdict(bool)\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent","title":"StartEvent","text":"StartEvent()\n
Methods:
-
connect \u2013 -
disconnect \u2013 -
on_new_objfile \u2013 -
on_exited \u2013 -
on_stop \u2013
Attributes:
-
registered (list[Callable[..., Any]]) \u2013 -
running \u2013
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.registered","title":"registered instance-attribute","text":"registered: list[Callable[..., Any]] = []\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.running","title":"running instance-attribute","text":"running = False\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.connect","title":"connect","text":"connect(function: Callable[..., Any]) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.disconnect","title":"disconnect","text":"disconnect(function: Callable[..., Any]) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.on_new_objfile","title":"on_new_objfile","text":"on_new_objfile() -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.on_exited","title":"on_exited","text":"on_exited() -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.on_stop","title":"on_stop","text":"on_stop() -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.HandlerPriority","title":"HandlerPriority","text":" Bases: Enum
A priority level for an event handler, ordered from highest to lowest priority.
Attributes:
-
CACHE_CLEAR \u2013 -
LOW \u2013
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.HandlerPriority.CACHE_CLEAR","title":"CACHE_CLEAR class-attribute instance-attribute","text":"CACHE_CLEAR = auto()\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.HandlerPriority.LOW","title":"LOW class-attribute instance-attribute","text":"LOW = auto()\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.wrap_safe_event_handler","title":"wrap_safe_event_handler","text":"wrap_safe_event_handler(\n event_handler: Callable[P, T], event_type: Any\n) -> Callable[P, T]\n
Wraps an event handler to ensure it is only executed when the event is safe. Invalid events are queued and executed later when safe.
Note: Avoid using gdb.post_event because of another bug in gdbserver where the gdb.newest_frame function may not work properly.
Workaround to fix bug in gdbserver (gdb.events.new_objfile): #2576 Workaround to fix bug in gdb (gdb.events.stop): #425
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.pause","title":"pause","text":"pause(event_registry) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.unpause","title":"unpause","text":"unpause(event_registry) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.connect","title":"connect","text":"connect(\n func: Callable[[], T],\n event_handler: Any,\n name: str = \"\",\n priority: HandlerPriority = LOW,\n) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.exit","title":"exit","text":"exit(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.cont","title":"cont","text":"cont(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.new_objfile","title":"new_objfile","text":"new_objfile(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.stop","title":"stop","text":"stop(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.start","title":"start","text":"start(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.thread","title":"thread","text":"thread(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.before_prompt","title":"before_prompt","text":"before_prompt(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.reg_changed","title":"reg_changed","text":"reg_changed(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.mem_changed","title":"mem_changed","text":"mem_changed(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.log_objfiles","title":"log_objfiles","text":"log_objfiles(ofile: NewObjFileEvent | None = None) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.invoke_event","title":"invoke_event","text":"invoke_event(event: Any, *args: Any, **kwargs: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.after_reload","title":"after_reload","text":"after_reload(fire_start: bool = True) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.on_reload","title":"on_reload","text":"on_reload() -> None\n
"},{"location":"reference/pwndbg/gdblib/functions/","title":"pwndbg.gdblib.functions","text":""},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions","title":"functions","text":"Put all functions defined for gdb in here.
This file might be changed into a module in the future.
Functions:
-
GdbFunction \u2013 -
rebase \u2013 Return address rebased onto the executable's mappings.
-
base \u2013 Return the base address of the first memory mapping containing the given name.
-
hex2ptr \u2013 Converts a hex string to a little-endian address and returns the address.
-
argc \u2013 Get the number of program arguments.
-
argv \u2013 Get the n-th program argument.
-
environ \u2013 Get an environment variable by name.
-
envp \u2013 Get the n-th environment variable.
-
dbg_value_to_gdb \u2013 -
fsbase \u2013 Get the value of the FS segment register.
-
gsbase \u2013 Get the value of the GS segment register.
Attributes:
-
functions (list[_GdbFunction]) \u2013
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.functions","title":"functions module-attribute","text":"functions: list[_GdbFunction] = []\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.GdbFunction","title":"GdbFunction","text":"GdbFunction(only_when_running: bool = False) -> Callable[..., Any]\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.rebase","title":"rebase","text":"rebase(addr: int | Value) -> int\n
Return address rebased onto the executable's mappings.
Example:
pwndbg> p/x $rebase(0xd9020)\n$1 = 0x55555562d020\npwndbg> vmmap\n0x555555554000 0x55555556f000 r--p 1b000 0 /usr/bin/bash\n0x55555556f000 0x55555562d000 r-xp be000 1b000 /usr/bin/bash\n0x55555562d000 0x55555565e000 r--p 31000 d9000 /usr/bin/bash\n[...]\npwndbg> p $rebase(0xd9020) == 0x555555554000 + 0xd9020\n$2 = 1\npwndbg> tele $rebase(0xd9020)\n00:0000\u2502 0x55555562d020 \u25c2\u2014 0x204900636f6c6c61 /* 'alloc' */\n01:0008\u2502 0x55555562d028 \u25c2\u2014 'have no name!'\n02:0010\u2502 0x55555562d030 \u25c2\u2014 0x65720021656d616e /* 'name!' */\n03:0018\u2502 0x55555562d038 \u25c2\u2014 'adline stdin'\n[...]\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.base","title":"base","text":"base(name_pattern: str | Value) -> int\n
Return the base address of the first memory mapping containing the given name.
Example:
pwndbg> p/x $base(\"libc\")\n$4 = 0x7ffff7d4b000\npwndbg> vmmap libc\n 0x7ffff7d4a000 0x7ffff7d4b000 rw-p 1000 6e000 /usr/lib/libncursesw.so.6.5\n\u25ba 0x7ffff7d4b000 0x7ffff7d6f000 r--p 24000 0 /usr/lib/libc.so.6\n\u25ba 0x7ffff7d6f000 0x7ffff7ed6000 r-xp 167000 24000 /usr/lib/libc.so.6\n\u25ba 0x7ffff7ed6000 0x7ffff7f2b000 r--p 55000 18b000 /usr/lib/libc.so.6\n\u25ba 0x7ffff7f2b000 0x7ffff7f2f000 r--p 4000 1e0000 /usr/lib/libc.so.6\n\u25ba 0x7ffff7f2f000 0x7ffff7f31000 rw-p 2000 1e4000 /usr/lib/libc.so.6\n 0x7ffff7f31000 0x7ffff7f39000 rw-p 8000 0 [anon_7ffff7f31]\npwndbg> tele $base(\\\"libc\\\")+0x1337\n00:0000\u2502 0x7ffff7d4c337 \u25c2\u2014 0x80480a04214000f0\n01:0008\u2502 0x7ffff7d4c33f \u25c2\u2014 0x8040c02204452040\n02:0010\u2502 0x7ffff7d4c347 \u25c2\u2014 0x20042400000200\n03:0018\u2502 0x7ffff7d4c34f \u25c2\u2014 0x20 /* ' ' */\n[...]\n
Beware of accidentally matching the wrong mapping. For instance, if the loaded executable contained the string \"libc\" anywhere in it's path, it would've been returned.
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.hex2ptr","title":"hex2ptr","text":"hex2ptr(hex_string: str | Value) -> int\n
Converts a hex string to a little-endian address and returns the address.
Example:
pwndbg> p/x $hex2ptr(\"20 74 ed f7 ff 7f\")\n$1 = 0x7ffff7ed7420\npwndbg> p/x $hex2ptr(\"2074edf7ff7f\")\n$2 = 0x7ffff7ed7420\npwndbg> distance '$base(\"libc\")' '$hex2ptr(\"20 74 ed f7 ff 7f\")'\n0x7ffff7d4b000->0x7ffff7ed7420 is 0x18c420 bytes (0x31884 words)\n
Especially useful for quickly converting pwntools output.
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.argc","title":"argc","text":"argc() -> int\n
Get the number of program arguments. Evaluates to argc.
Example:
pwndbg> p $argc()\n$1 = 2\npwndbg> argv\n00:0000\u2502 0x7fffffffe288 \u2014\u25b8 0x7fffffffe659 \u25c2\u2014 '/usr/bin/cat'\n01:0008\u2502 0x7fffffffe290 \u2014\u25b8 0x7fffffffe666 \u25c2\u2014 'gdbinit.py'\n02:0010\u2502 0x7fffffffe298 \u25c2\u2014 0\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.argv","title":"argv","text":"argv(index: Value) -> Value\n
Get the n-th program argument. Evaluate argv on the supplied value.
Example:
pwndbg> p $argv(0)\n$11 = (signed char *) 0x7fffffffe666 \"/usr/bin/sh\"\npwndbg> argv\n00:0000\u2502 0x7fffffffe2a8 \u2014\u25b8 0x7fffffffe666 \u25c2\u2014 '/usr/bin/sh'\n01:0008\u2502 0x7fffffffe2b0 \u25c2\u2014 0\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.environ","title":"environ","text":"environ(env_name: Value) -> Value\n
Get an environment variable by name. Evaluate getenv() on the supplied value.
Example:
pwndbg> p $environ(\"LANG\")\n$2 = (signed char *) 0x7fffffffebfb \"LANG=en_US.UTF-8\"\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.envp","title":"envp","text":"envp(index: Value) -> Value\n
Get the n-th environment variable. Evaluate envp on the supplied value.
Example:
pwndbg> p $envp(0x3F)\n$13 = (signed char *) 0x7fffffffef7d \"LANG=en_US.UTF-8\"\npwndbg> p $envp(0x3F) == $environ(\"LANG\")\n$14 = 1\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.dbg_value_to_gdb","title":"dbg_value_to_gdb","text":"dbg_value_to_gdb(d: Value) -> Value\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.fsbase","title":"fsbase","text":"fsbase(offset: Value = Value(0)) -> int\n
Get the value of the FS segment register. Only valid on x86(-64).
Example:
pwndbg> p/x $fsbase()\n$3 = 0x7ffff7cdab80\npwndbg> p $fs_base == $fsbase()\n$4 = 1\npwndbg> x/gx $fsbase(0x28)\n0x7ffff7cdaba8: 0x4da926e1668e5a00\npwndbg> x/gx $fsbase(0x30)\n0x7ffff7cdabb0: 0x190a86d93bccf0ad\npwndbg> tls\nThread Local Storage (TLS) base: 0x7ffff7cdab80\nTLS is located at:\n 0x7ffff7cda000 0x7ffff7cdc000 rw-p 2000 0 [anon_7ffff7cda]\nDumping the address:\ntcbhead_t @ 0x7ffff7cdab80\n 0x00007ffff7cdab80 +0x0000 tcb : 0x7ffff7cdab80\n 0x00007ffff7cdab88 +0x0008 dtv : 0x7ffff7cdb4f0\n 0x00007ffff7cdab90 +0x0010 self : 0x7ffff7cdab80\n 0x00007ffff7cdab98 +0x0018 multiple_threads : 0x0\n 0x00007ffff7cdab9c +0x001c gscope_flag : 0x0\n 0x00007ffff7cdaba0 +0x0020 sysinfo : 0x0\n 0x00007ffff7cdaba8 +0x0028 stack_guard : 0x4da926e1668e5a00\n 0x00007ffff7cdabb0 +0x0030 pointer_guard : 0x190a86d93bccf0ad\n [...]\npwndbg> canary\n[...]\nCanary = 0x4da926e1668e5a00 (may be incorrect on != glibc)\n[...]\n
FS will usually point to the start of the TLS. If you're not providing an offset, it is usually easier to use GDB's builtin $fs_base variable."},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.gsbase","title":"gsbase","text":"gsbase(offset: Value = Value(0)) -> int\n
Get the value of the GS segment register. Only valid on x86(-64).
Example:
pwndbg> p/x $gsbase()\n$1 = 0x0\n
The value of the GS register is more interesting when doing kernel debugging: pwndbg> p/x $gsbase()\n$1 = 0xffff999287a00000\npwndbg> tele $gsbase()\n00:0000\u2502 0xffff999287a00000 \u25c2\u2014 0\n... \u2193 4 skipped\n05:0028\u2502 0xffff999287a00028 \u25c2\u2014 0xd6aa9b336d52a400\n06:0030\u2502 0xffff999287a00030 \u25c2\u2014 0\n07:0038\u2502 0xffff999287a00038 \u25c2\u2014 0\npwndbg> p $gsbase() == $gs_base\n$2 = 1\n
If you're not providing an offset, it is usually easier to use GDB's builtin $gs_base variable."},{"location":"reference/pwndbg/gdblib/got/","title":"pwndbg.gdblib.got","text":""},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got","title":"got","text":"Global Offset Table Tracker
Subsystem for tracking accesses to external function calls made through pointers in an inferior's Global Offset Table, such as those made by the stubs in the Procedure Linkage Table.
Currently, it does this by attatching watchpoints to the entries in the GOT and taking note of where the call came from, but it could be done much faster by injecting our own code into the program space to track this.
Classes:
-
RelocTypes \u2013 This class contains all the relocation type constants so that one may
-
TrapAllocator \u2013 Utility that allocates and manages executable addresses in the space of the
-
Patcher \u2013 Watches for changes made by program code to the GOT and fixes them up.
-
Tracker \u2013 Class that tracks the accesses made to the entries in the GOT.
Functions:
-
is_mmap_error \u2013 Checks whether the return value of an mmap of indicates an error.
-
display_name \u2013 Return the display name for a symbol or objfile.
-
all_tracked_entries \u2013 Return an iterator over all of the GOT whose accesses are being tracked.
-
tracked_entry_by_address \u2013 Return the tracker associated with the entry at the given address, if any.
-
enable_got_call_tracking \u2013 Enable the analysis of calls made through the GOT.
-
disable_got_call_tracking \u2013 Disable the analysis of calls made through the GOT.
-
jump_slots_for \u2013 Returns the jump slot addresses described by the given dynamic section.
Attributes:
-
JUMP_SLOTS \u2013 -
IRELATIVE_SLOTS \u2013 -
TRAP_ALLOCATOR \u2013 -
GOT_TRACKING \u2013 -
INSTALLED_WATCHPOINTS (dict[int, tuple[Tracker, Patcher]]) \u2013
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.JUMP_SLOTS","title":"JUMP_SLOTS module-attribute","text":"JUMP_SLOTS = {\n \"x86-64\": {R_X86_64_JUMP_SLOT},\n \"i386\": {R_386_JMP_SLOT},\n \"aarch64\": {R_AARCH64_JUMP_SLOT},\n \"mips\": {R_MIPS_JUMP_SLOT},\n \"powerpc\": {R_PPC_JMP_SLOT},\n \"sparc\": {R_SPARC_JMP_SLOT},\n \"arm\": {R_ARM_JUMP_SLOT},\n \"armcm\": {R_ARM_JUMP_SLOT},\n \"rv32\": {R_RISCV_JUMP_SLOT},\n \"rv64\": {R_RISCV_JUMP_SLOT},\n}\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.IRELATIVE_SLOTS","title":"IRELATIVE_SLOTS module-attribute","text":"IRELATIVE_SLOTS = {\n \"x86-64\": {R_X86_64_IRELATIVE},\n \"i386\": {R_386_IRELATIVE},\n \"aarch64\": {R_AARCH64_P32_IRELATIVE, R_AARCH64_IRELATIVE},\n \"mips\": set(),\n \"powerpc\": {R_PPC_IRELATIVE},\n \"sparc\": {R_SPARC_IRELATIVE},\n \"arm\": {R_ARM_IRELATIVE},\n \"armcm\": {R_ARM_IRELATIVE},\n \"rv32\": {R_RISCV_IRELATIVE},\n \"rv64\": {R_RISCV_IRELATIVE},\n}\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TRAP_ALLOCATOR","title":"TRAP_ALLOCATOR module-attribute","text":"TRAP_ALLOCATOR = TrapAllocator()\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.GOT_TRACKING","title":"GOT_TRACKING module-attribute","text":"GOT_TRACKING = False\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.INSTALLED_WATCHPOINTS","title":"INSTALLED_WATCHPOINTS module-attribute","text":"INSTALLED_WATCHPOINTS: dict[int, tuple[Tracker, Patcher]] = {}\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes","title":"RelocTypes","text":"This class contains all the relocation type constants so that one may interpret the relocations types present in the DYNAMIC segment. These constants are defined in each of the processors' SystemV R4 psABI document, or equivalent, and should stay the same across all implementations of libc on systems that adhere to that ABI, such as Linux.
Most of these were sourced from GLibc, which conveniently lists all of the relocations types in a single file1.
Attributes:
-
R_RISCV_JUMP_SLOT \u2013 -
R_X86_64_JUMP_SLOT \u2013 -
R_386_JMP_SLOT \u2013 -
R_CRIS_JUMP_SLOT \u2013 -
R_390_JMP_SLOT \u2013 -
R_CKCORE_JUMP_SLOT \u2013 -
R_TILEPRO_JMP_SLOT \u2013 -
R_MICROBLAZE_JUMP_SLOT \u2013 -
R_TILEGX_JMP_SLOT \u2013 -
R_OR1K_JMP_SLOT \u2013 -
R_68K_JMP_SLOT \u2013 -
R_SPARC_JMP_SLOT \u2013 -
R_PPC_JMP_SLOT \u2013 -
R_PPC64_JMP_SLOT \u2013 -
R_ARM_JUMP_SLOT \u2013 -
R_MN10300_JMP_SLOT \u2013 -
R_ALPHA_JMP_SLOT \u2013 -
R_NIOS2_JUMP_SLOT \u2013 -
R_NDS32_JMP_SLOT \u2013 -
R_METAG_JMP_SLOT \u2013 -
R_M32R_JMP_SLOT \u2013 -
R_ARC_JMP_SLOT \u2013 -
R_MIPS_JUMP_SLOT \u2013 -
R_SH_JMP_SLOT \u2013 -
R_AARCH64_JUMP_SLOT \u2013 -
R_X86_64_IRELATIVE \u2013 -
R_386_IRELATIVE \u2013 -
R_RISCV_IRELATIVE \u2013 -
R_390_IRELATIVE \u2013 -
R_ARM_IRELATIVE \u2013 -
R_AARCH64_P32_IRELATIVE \u2013 -
R_PPC_IRELATIVE \u2013 -
R_PPC64_IRELATIVE \u2013 -
R_SPARC_IRELATIVE \u2013 -
R_AARCH64_IRELATIVE \u2013
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_RISCV_JUMP_SLOT","title":"R_RISCV_JUMP_SLOT class-attribute instance-attribute","text":"R_RISCV_JUMP_SLOT = 5\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_X86_64_JUMP_SLOT","title":"R_X86_64_JUMP_SLOT class-attribute instance-attribute","text":"R_X86_64_JUMP_SLOT = 7\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_386_JMP_SLOT","title":"R_386_JMP_SLOT class-attribute instance-attribute","text":"R_386_JMP_SLOT = 7\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_CRIS_JUMP_SLOT","title":"R_CRIS_JUMP_SLOT class-attribute instance-attribute","text":"R_CRIS_JUMP_SLOT = 11\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_390_JMP_SLOT","title":"R_390_JMP_SLOT class-attribute instance-attribute","text":"R_390_JMP_SLOT = 11\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_CKCORE_JUMP_SLOT","title":"R_CKCORE_JUMP_SLOT class-attribute instance-attribute","text":"R_CKCORE_JUMP_SLOT = 12\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_TILEPRO_JMP_SLOT","title":"R_TILEPRO_JMP_SLOT class-attribute instance-attribute","text":"R_TILEPRO_JMP_SLOT = 12\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_MICROBLAZE_JUMP_SLOT","title":"R_MICROBLAZE_JUMP_SLOT class-attribute instance-attribute","text":"R_MICROBLAZE_JUMP_SLOT = 17\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_TILEGX_JMP_SLOT","title":"R_TILEGX_JMP_SLOT class-attribute instance-attribute","text":"R_TILEGX_JMP_SLOT = 18\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_OR1K_JMP_SLOT","title":"R_OR1K_JMP_SLOT class-attribute instance-attribute","text":"R_OR1K_JMP_SLOT = 20\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_68K_JMP_SLOT","title":"R_68K_JMP_SLOT class-attribute instance-attribute","text":"R_68K_JMP_SLOT = 21\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_SPARC_JMP_SLOT","title":"R_SPARC_JMP_SLOT class-attribute instance-attribute","text":"R_SPARC_JMP_SLOT = 21\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC_JMP_SLOT","title":"R_PPC_JMP_SLOT class-attribute instance-attribute","text":"R_PPC_JMP_SLOT = 21\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC64_JMP_SLOT","title":"R_PPC64_JMP_SLOT class-attribute instance-attribute","text":"R_PPC64_JMP_SLOT = 21\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ARM_JUMP_SLOT","title":"R_ARM_JUMP_SLOT class-attribute instance-attribute","text":"R_ARM_JUMP_SLOT = 22\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_MN10300_JMP_SLOT","title":"R_MN10300_JMP_SLOT class-attribute instance-attribute","text":"R_MN10300_JMP_SLOT = 22\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ALPHA_JMP_SLOT","title":"R_ALPHA_JMP_SLOT class-attribute instance-attribute","text":"R_ALPHA_JMP_SLOT = 26\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_NIOS2_JUMP_SLOT","title":"R_NIOS2_JUMP_SLOT class-attribute instance-attribute","text":"R_NIOS2_JUMP_SLOT = 38\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_NDS32_JMP_SLOT","title":"R_NDS32_JMP_SLOT class-attribute instance-attribute","text":"R_NDS32_JMP_SLOT = 41\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_METAG_JMP_SLOT","title":"R_METAG_JMP_SLOT class-attribute instance-attribute","text":"R_METAG_JMP_SLOT = 44\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_M32R_JMP_SLOT","title":"R_M32R_JMP_SLOT class-attribute instance-attribute","text":"R_M32R_JMP_SLOT = 52\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ARC_JMP_SLOT","title":"R_ARC_JMP_SLOT class-attribute instance-attribute","text":"R_ARC_JMP_SLOT = 55\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_MIPS_JUMP_SLOT","title":"R_MIPS_JUMP_SLOT class-attribute instance-attribute","text":"R_MIPS_JUMP_SLOT = 127\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_SH_JMP_SLOT","title":"R_SH_JMP_SLOT class-attribute instance-attribute","text":"R_SH_JMP_SLOT = 164\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_AARCH64_JUMP_SLOT","title":"R_AARCH64_JUMP_SLOT class-attribute instance-attribute","text":"R_AARCH64_JUMP_SLOT = 1026\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_X86_64_IRELATIVE","title":"R_X86_64_IRELATIVE class-attribute instance-attribute","text":"R_X86_64_IRELATIVE = 37\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_386_IRELATIVE","title":"R_386_IRELATIVE class-attribute instance-attribute","text":"R_386_IRELATIVE = 42\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_RISCV_IRELATIVE","title":"R_RISCV_IRELATIVE class-attribute instance-attribute","text":"R_RISCV_IRELATIVE = 58\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_390_IRELATIVE","title":"R_390_IRELATIVE class-attribute instance-attribute","text":"R_390_IRELATIVE = 61\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ARM_IRELATIVE","title":"R_ARM_IRELATIVE class-attribute instance-attribute","text":"R_ARM_IRELATIVE = 160\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_AARCH64_P32_IRELATIVE","title":"R_AARCH64_P32_IRELATIVE class-attribute instance-attribute","text":"R_AARCH64_P32_IRELATIVE = 188\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC_IRELATIVE","title":"R_PPC_IRELATIVE class-attribute instance-attribute","text":"R_PPC_IRELATIVE = 248\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC64_IRELATIVE","title":"R_PPC64_IRELATIVE class-attribute instance-attribute","text":"R_PPC64_IRELATIVE = 248\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_SPARC_IRELATIVE","title":"R_SPARC_IRELATIVE class-attribute instance-attribute","text":"R_SPARC_IRELATIVE = 249\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_AARCH64_IRELATIVE","title":"R_AARCH64_IRELATIVE class-attribute instance-attribute","text":"R_AARCH64_IRELATIVE = 1032\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator","title":"TrapAllocator","text":"TrapAllocator()\n
Utility that allocates and manages executable addresses in the space of the executing program that we can trap.
Methods:
-
alloc \u2013 Allocates a new address to where program execution can be diverted.
-
free \u2013 Indicates that an address obtained from alloc() can be recycled.
-
clear \u2013 Deletes all memory mappings and frees all addresses.
Attributes:
-
block_capacity \u2013 -
slot_size \u2013
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.block_capacity","title":"block_capacity class-attribute instance-attribute","text":"block_capacity = 4096\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.slot_size","title":"slot_size class-attribute instance-attribute","text":"slot_size = 8\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.alloc","title":"alloc","text":"alloc()\n
Allocates a new address to where program execution can be diverted.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.free","title":"free","text":"free(address) -> None\n
Indicates that an address obtained from alloc() can be recycled.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.clear","title":"clear","text":"clear()\n
Deletes all memory mappings and frees all addresses.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher","title":"Patcher","text":"Patcher(entry, tracker)\n
Bases: Breakpoint
Watches for changes made by program code to the GOT and fixes them up.
This class is paired with Tracker, and instances of both classes always function together.
Methods:
-
should_stop \u2013 -
stop \u2013
Attributes:
-
silent \u2013 -
entry \u2013 -
tracker \u2013 -
init \u2013
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.silent","title":"silent instance-attribute","text":"silent = True\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.entry","title":"entry class-attribute instance-attribute","text":"entry = entry\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.tracker","title":"tracker class-attribute instance-attribute","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.init","title":"init instance-attribute","text":"init = True\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.should_stop","title":"should_stop","text":"should_stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.stop","title":"stop","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker","title":"Tracker","text":"Tracker()\n
Bases: Breakpoint
Class that tracks the accesses made to the entries in the GOT.
This class is paired with Patcher, and instances of both classes always function together.
Methods:
-
delete \u2013 -
should_stop \u2013 -
stop \u2013
Attributes:
-
total_hits \u2013 -
target \u2013 -
dynamic_section \u2013 -
relocation_fn \u2013 -
relocation_index \u2013 -
link_map_entry \u2013 -
trapped_address \u2013 -
hits (dict[tuple[int, ...], int]) \u2013 -
silent \u2013
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.total_hits","title":"total_hits class-attribute instance-attribute","text":"total_hits = 0\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.target","title":"target class-attribute instance-attribute","text":"target = 0\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.dynamic_section","title":"dynamic_section class-attribute instance-attribute","text":"dynamic_section = None\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.relocation_fn","title":"relocation_fn class-attribute instance-attribute","text":"relocation_fn = None\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.relocation_index","title":"relocation_index class-attribute instance-attribute","text":"relocation_index = 0\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.link_map_entry","title":"link_map_entry class-attribute instance-attribute","text":"link_map_entry = None\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.trapped_address","title":"trapped_address class-attribute instance-attribute","text":"trapped_address = alloc()\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.hits","title":"hits class-attribute instance-attribute","text":"hits: dict[tuple[int, ...], int] = {}\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.silent","title":"silent instance-attribute","text":"silent = True\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.delete","title":"delete","text":"delete() -> None\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.should_stop","title":"should_stop","text":"should_stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.stop","title":"stop","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.is_mmap_error","title":"is_mmap_error","text":"is_mmap_error(ptr: int)\n
Checks whether the return value of an mmap of indicates an error.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.display_name","title":"display_name","text":"display_name(name, basename=False)\n
Return the display name for a symbol or objfile.
Ideally, we'd like to display all of the names of the symbols as text, but there is really nothing stopping symbol names from being stored in some fairly wacky encoding or really from having names that aren't text at all.
We should try our best to turn whatever the symbol name is into text, but not so much that non-text entries or entries in unknown encodings become unrecognizable.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.all_tracked_entries","title":"all_tracked_entries","text":"all_tracked_entries()\n
Return an iterator over all of the GOT whose accesses are being tracked.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.tracked_entry_by_address","title":"tracked_entry_by_address","text":"tracked_entry_by_address(address)\n
Return the tracker associated with the entry at the given address, if any.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.enable_got_call_tracking","title":"enable_got_call_tracking","text":"enable_got_call_tracking(disable_hardware_whatchpoints=True) -> None\n
Enable the analysis of calls made through the GOT.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.disable_got_call_tracking","title":"disable_got_call_tracking","text":"disable_got_call_tracking() -> None\n
Disable the analysis of calls made through the GOT.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.jump_slots_for","title":"jump_slots_for","text":"jump_slots_for(dynamic)\n
Returns the jump slot addresses described by the given dynamic section.
"},{"location":"reference/pwndbg/gdblib/hooks/","title":"pwndbg.gdblib.hooks","text":""},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks","title":"hooks","text":"Functions:
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.update_typeinfo","title":"update_typeinfo","text":"update_typeinfo() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.update_arch","title":"update_arch","text":"update_arch() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.reset_config","title":"reset_config","text":"reset_config() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.on_start","title":"on_start","text":"on_start() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.on_stop","title":"on_stop","text":"on_stop() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.on_exit","title":"on_exit","text":"on_exit() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.init","title":"init","text":"init() -> None\n
Calls all GDB hook functions that need to be called when GDB/pwndbg itself is loaded, as opposed to when an actual hook event occurs
"},{"location":"reference/pwndbg/gdblib/info/","title":"pwndbg.gdblib.info","text":""},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info","title":"info","text":"Runs a few useful commands which are available under \"info\".
Functions:
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.proc_mappings","title":"proc_mappings","text":"proc_mappings() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.auxv","title":"auxv","text":"auxv() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.files","title":"files","text":"files() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.target","title":"target","text":"target() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.sharedlibrary","title":"sharedlibrary","text":"sharedlibrary() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.parsed_sharedlibrary","title":"parsed_sharedlibrary","text":"parsed_sharedlibrary() -> dict[str, tuple[int, int]]\n
Returns a dictionary of shared libraries with their .text section from and to addresses.
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.sharedlibrary_paths","title":"sharedlibrary_paths","text":"sharedlibrary_paths() -> list[str]\n
Get the paths of all shared libraries loaded in the process by parsing the output of \"info sharedlibrary\".
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.address","title":"address","text":"address(symbol: str) -> int | None\n
"},{"location":"reference/pwndbg/gdblib/prompt/","title":"pwndbg.gdblib.prompt","text":""},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt","title":"prompt","text":"Functions:
Attributes:
-
show_tip \u2013 -
cur (tuple[Inferior, InferiorThread] | None) \u2013 -
context_shown \u2013 -
last_alive_state \u2013
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.show_tip","title":"show_tip module-attribute","text":"show_tip = add_param(\n \"show-tips\", True, \"whether to display the tip of the day on startup\"\n)\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.cur","title":"cur module-attribute","text":"cur: tuple[Inferior, InferiorThread] | None = None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.context_shown","title":"context_shown module-attribute","text":"context_shown = False\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.last_alive_state","title":"last_alive_state module-attribute","text":"last_alive_state = False\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.initial_hook","title":"initial_hook","text":"initial_hook(*a: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.show_hint","title":"show_hint","text":"show_hint() -> None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.thread_is_stopped","title":"thread_is_stopped","text":"thread_is_stopped() -> bool\n
This detects whether selected thread is stopped. It is not stopped in situations when gdb is executing commands that are attached to a breakpoint by command command.
For more info see issue #229 ( #299 ) :return: Whether gdb executes commands attached to bp with command command.
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.prompt_hook","title":"prompt_hook","text":"prompt_hook(*a: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.reset_context_shown","title":"reset_context_shown","text":"reset_context_shown(*a: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.set_prompt","title":"set_prompt","text":"set_prompt() -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/","title":"pwndbg.gdblib.ptmalloc2_tracking","text":""},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking","title":"ptmalloc2_tracking","text":"Heap Tracking
This module implements runtime tracking of the heap, allowing pwndbg to detect heap related misbehavior coming from an inferior in real time, which lets us catch UAF bugs, double frees (and more), and report them to the user.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking--approach","title":"Approach","text":"The approach used starting with using breakpoints to hook into the following libc symbols: malloc, free, calloc, and realloc. Each hook has a reference to a shared instance of the Tracker class, which is responsible for handling the tracking of the chunks of memory from the heap.
The tracker keeps two sorted maps of chunks, for freed and in use chunks, keyed by their base address. Newly allocated chunks are added to the map of in use chunks right before an allocating call returns, and newly freed chunks are moved from the map of in use chunks to the map of free ones right before a freeing call returns. The tracker is also responsible for installing watchpoints for free chunks when they're added to the free chunk map and deleting them when their corresponding chunks are removed from the map.
Additionally, because going through the data structures inside of libc to determine whether a chunk is free or not is, more often than not, a fairly slow operation, this module will only do so when it determines its view of the chunks has diverged from the one in libc in a way that would affect behavior. When such a diffence is detected, this module will rebuild the chunk maps in the range it determines to have been affected.
Currently, the way it does this is by deleting and querying from libc the new status of all chunks that overlap the region of a new allocation when it detects that allocation overlaps chunks it previously considered free.
This approach lets us avoid a lot of the following linked lists that comes with trying to answer the allocation status of a chunk, by keeping at hand as much known-good information as possible about them. Keep in mind that, although it is much faster than going to libc every time we need to know the allocation status of a chunk, this approach does have drawbacks when it comes to memory usage.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking--compatibility","title":"Compatibility","text":"Currently module assumes the inferior is using GLibc.
There are points along the code in this module where the assumptions it makes are explicitly documented and checked to be valid for the current inferior, so that it may be immediately clear to the user that something has gone wrong if they happen to not be valid. However, be aware that there may be assumptions that were not made explicit.
Classes:
-
FreeChunkWatchpoint \u2013 -
AllocChunkWatchpoint \u2013 -
Chunk \u2013 -
Tracker \u2013 -
MallocEnterBreakpoint \u2013 -
CallocEnterBreakpoint \u2013 -
AllocExitBreakpoint \u2013 -
ReallocEnterBreakpoint \u2013 -
ReallocExitBreakpoint \u2013 -
FreeEnterBreakpoint \u2013 -
FreeExitBreakpoint \u2013
Functions:
-
is_enabled \u2013 Whether the heap tracker in enabled.
-
resolve_address \u2013 Checks whether a given symbol is available and part of libc, and returns its
-
get_chunk \u2013 Reads a chunk from a given address.
-
in_program_code_stack \u2013 -
install \u2013 -
uninstall \u2013
Attributes:
-
LIBC_NAME \u2013 -
MALLOC_NAME \u2013 -
CALLOC_NAME \u2013 -
REALLOC_NAME \u2013 -
FREE_NAME \u2013 -
last_issue (str | None) \u2013 -
PRINT_DEBUG \u2013 -
DEFERED_DELETE (list[Breakpoint]) \u2013 -
malloc_enter \u2013 -
calloc_enter \u2013 -
realloc_enter \u2013 -
free_enter \u2013 -
stop_on_error \u2013
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.LIBC_NAME","title":"LIBC_NAME module-attribute","text":"LIBC_NAME = 'libc.so.6'\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.MALLOC_NAME","title":"MALLOC_NAME module-attribute","text":"MALLOC_NAME = 'malloc'\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.CALLOC_NAME","title":"CALLOC_NAME module-attribute","text":"CALLOC_NAME = 'calloc'\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.REALLOC_NAME","title":"REALLOC_NAME module-attribute","text":"REALLOC_NAME = 'realloc'\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FREE_NAME","title":"FREE_NAME module-attribute","text":"FREE_NAME = 'free'\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.last_issue","title":"last_issue module-attribute","text":"last_issue: str | None = None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.PRINT_DEBUG","title":"PRINT_DEBUG module-attribute","text":"PRINT_DEBUG = False\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.DEFERED_DELETE","title":"DEFERED_DELETE module-attribute","text":"DEFERED_DELETE: list[Breakpoint] = []\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.malloc_enter","title":"malloc_enter module-attribute","text":"malloc_enter = None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.calloc_enter","title":"calloc_enter module-attribute","text":"calloc_enter = None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.realloc_enter","title":"realloc_enter module-attribute","text":"realloc_enter = None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.free_enter","title":"free_enter module-attribute","text":"free_enter = None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.stop_on_error","title":"stop_on_error module-attribute","text":"stop_on_error = True\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeChunkWatchpoint","title":"FreeChunkWatchpoint","text":"FreeChunkWatchpoint(chunk: Chunk, tracker: Tracker)\n
Bases: Breakpoint
Methods:
Attributes:
-
chunk \u2013 -
tracker \u2013
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeChunkWatchpoint.chunk","title":"chunk instance-attribute","text":"chunk = chunk\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeChunkWatchpoint.tracker","title":"tracker instance-attribute","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeChunkWatchpoint.stop","title":"stop","text":"stop()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocChunkWatchpoint","title":"AllocChunkWatchpoint","text":"AllocChunkWatchpoint(chunk: Chunk)\n
Bases: Breakpoint
Methods:
Attributes:
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocChunkWatchpoint.chunk","title":"chunk instance-attribute","text":"chunk = chunk\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocChunkWatchpoint.stop","title":"stop","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk","title":"Chunk","text":"Chunk(address: int, size: int, requested_size: int, flags: int)\n
Attributes:
-
address \u2013 -
size \u2013 -
requested_size \u2013 -
flags \u2013
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk.address","title":"address instance-attribute","text":"address = address\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk.size","title":"size instance-attribute","text":"size = size\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk.requested_size","title":"requested_size instance-attribute","text":"requested_size = requested_size\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk.flags","title":"flags instance-attribute","text":"flags = flags\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker","title":"Tracker","text":"Tracker()\n
Methods:
-
is_performing_memory_management \u2013 -
enter_memory_management \u2013 -
exit_memory_management \u2013 -
malloc \u2013 -
free \u2013
Attributes:
-
free_chunks (SortedDict[int, Chunk]) \u2013 -
alloc_chunks (SortedDict[int, Chunk]) \u2013 -
free_watchpoints (dict[int, FreeChunkWatchpoint]) \u2013 -
memory_management_calls (dict[int, bool]) \u2013
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.free_chunks","title":"free_chunks instance-attribute","text":"free_chunks: SortedDict[int, Chunk] = SortedDict()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.alloc_chunks","title":"alloc_chunks instance-attribute","text":"alloc_chunks: SortedDict[int, Chunk] = SortedDict()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.free_watchpoints","title":"free_watchpoints instance-attribute","text":"free_watchpoints: dict[int, FreeChunkWatchpoint] = {}\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.memory_management_calls","title":"memory_management_calls instance-attribute","text":"memory_management_calls: dict[int, bool] = {}\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.is_performing_memory_management","title":"is_performing_memory_management","text":"is_performing_memory_management()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.enter_memory_management","title":"enter_memory_management","text":"enter_memory_management(name: str) -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.exit_memory_management","title":"exit_memory_management","text":"exit_memory_management() -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.malloc","title":"malloc","text":"malloc(chunk: Chunk) -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.free","title":"free","text":"free(address: int) -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.MallocEnterBreakpoint","title":"MallocEnterBreakpoint","text":"MallocEnterBreakpoint(address, tracker)\n
Bases: Breakpoint
Methods:
Attributes:
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.MallocEnterBreakpoint.tracker","title":"tracker instance-attribute","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.MallocEnterBreakpoint.stop","title":"stop","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.CallocEnterBreakpoint","title":"CallocEnterBreakpoint","text":"CallocEnterBreakpoint(address, tracker)\n
Bases: Breakpoint
Methods:
Attributes:
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.CallocEnterBreakpoint.tracker","title":"tracker instance-attribute","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.CallocEnterBreakpoint.stop","title":"stop","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint","title":"AllocExitBreakpoint","text":"AllocExitBreakpoint(tracker, requested_size, name)\n
Bases: FinishBreakpoint
Methods:
-
stop \u2013 -
out_of_scope \u2013
Attributes:
-
requested_size \u2013 -
tracker \u2013 -
name \u2013
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.requested_size","title":"requested_size instance-attribute","text":"requested_size = requested_size\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.tracker","title":"tracker instance-attribute","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.name","title":"name instance-attribute","text":"name = name\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.stop","title":"stop","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.out_of_scope","title":"out_of_scope","text":"out_of_scope() -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocEnterBreakpoint","title":"ReallocEnterBreakpoint","text":"ReallocEnterBreakpoint(address, tracker)\n
Bases: Breakpoint
Methods:
Attributes:
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocEnterBreakpoint.tracker","title":"tracker instance-attribute","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocEnterBreakpoint.stop","title":"stop","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint","title":"ReallocExitBreakpoint","text":"ReallocExitBreakpoint(tracker, freed_ptr, requested_size)\n
Bases: FinishBreakpoint
Methods:
-
stop \u2013 -
out_of_scope \u2013
Attributes:
-
freed_ptr \u2013 -
requested_size \u2013 -
tracker \u2013
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.freed_ptr","title":"freed_ptr instance-attribute","text":"freed_ptr = freed_ptr\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.requested_size","title":"requested_size instance-attribute","text":"requested_size = requested_size\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.tracker","title":"tracker instance-attribute","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.stop","title":"stop","text":"stop()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.out_of_scope","title":"out_of_scope","text":"out_of_scope() -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeEnterBreakpoint","title":"FreeEnterBreakpoint","text":"FreeEnterBreakpoint(address, tracker)\n
Bases: Breakpoint
Methods:
Attributes:
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeEnterBreakpoint.tracker","title":"tracker instance-attribute","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeEnterBreakpoint.stop","title":"stop","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint","title":"FreeExitBreakpoint","text":"FreeExitBreakpoint(tracker, ptr)\n
Bases: FinishBreakpoint
Methods:
-
stop \u2013 -
out_of_scope \u2013
Attributes:
-
ptr \u2013 -
tracker \u2013
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.ptr","title":"ptr instance-attribute","text":"ptr = ptr\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.tracker","title":"tracker instance-attribute","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.stop","title":"stop","text":"stop()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.out_of_scope","title":"out_of_scope","text":"out_of_scope() -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.is_enabled","title":"is_enabled","text":"is_enabled() -> bool\n
Whether the heap tracker in enabled.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.resolve_address","title":"resolve_address","text":"resolve_address(name: str) -> int | None\n
Checks whether a given symbol is available and part of libc, and returns its address.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.get_chunk","title":"get_chunk","text":"get_chunk(address, requested_size)\n
Reads a chunk from a given address.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.in_program_code_stack","title":"in_program_code_stack","text":"in_program_code_stack() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.install","title":"install","text":"install(disable_hardware_watchpoints=True) -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.uninstall","title":"uninstall","text":"uninstall() -> None\n
"},{"location":"reference/pwndbg/gdblib/scheduler/","title":"pwndbg.gdblib.scheduler","text":""},{"location":"reference/pwndbg/gdblib/scheduler/#pwndbg.gdblib.scheduler","title":"scheduler","text":"Functions:
"},{"location":"reference/pwndbg/gdblib/scheduler/#pwndbg.gdblib.scheduler.lock_scheduler","title":"lock_scheduler","text":"lock_scheduler() -> Iterator[None]\n
This context manager can be used to run GDB commands with threads scheduling being locked which means that other threads will be stopped during execution.
This is useful to prevent bugs where e.g.: gdb.parse_and_eval(\"(int)foo()\") would execute foo() on the current debugee thread but would also unlock other threads for being executed and those other threads may for example hit a breakpoint we set previously which would be confusing for the user.
See also: https://sourceware.org/gdb/onlinedocs/gdb/All_002dStop-Mode.html
"},{"location":"reference/pwndbg/gdblib/scheduler/#pwndbg.gdblib.scheduler.parse_and_eval_with_scheduler_lock","title":"parse_and_eval_with_scheduler_lock","text":"parse_and_eval_with_scheduler_lock(expr: str) -> Value\n
"},{"location":"reference/pwndbg/gdblib/shellcode/","title":"pwndbg.gdblib.shellcode","text":""},{"location":"reference/pwndbg/gdblib/shellcode/#pwndbg.gdblib.shellcode","title":"shellcode","text":"Shellcode
This module implements functionality that allows for the execution of a small amount of code in the context of the inferior.
Functions:
"},{"location":"reference/pwndbg/gdblib/shellcode/#pwndbg.gdblib.shellcode.exec_syscall","title":"exec_syscall","text":"exec_syscall(\n syscall,\n arg0=None,\n arg1=None,\n arg2=None,\n arg3=None,\n arg4=None,\n arg5=None,\n arg6=None,\n disable_breakpoints=False,\n)\n
Tries executing the given syscall in the context of the inferior.
"},{"location":"reference/pwndbg/gdblib/shellcode/#pwndbg.gdblib.shellcode.exec_shellcode","title":"exec_shellcode","text":"exec_shellcode(\n blob, restore_context=True, capture=None, disable_breakpoints=False\n)\n
Tries executing the given blob of machine code in the current context of the inferior, optionally restoring the values of the registers as they were before the shellcode ran, as a means to allow for execution of the inferior to continue uninterrupted. The value of the program counter is always restored.
Additionally, the caller may specify an object to be called before the context is restored, so that information stored in the registers after the shellcode finishes can be retrieved. The return value of that call will be returned by this function.
"},{"location":"reference/pwndbg/gdblib/shellcode/#pwndbg.gdblib.shellcode.exec_shellcode--safety","title":"Safety","text":"Seeing as this function injects code directly into the inferior and runs it, the caller must be careful to inject code that will (1) terminate and (2) not cause the inferior to misbehave. Otherwise, it is fairly easy to crash or currupt the memory in the inferior.
"},{"location":"reference/pwndbg/gdblib/symbol/","title":"pwndbg.gdblib.symbol","text":""},{"location":"reference/pwndbg/gdblib/symbol/#pwndbg.gdblib.symbol","title":"symbol","text":"Looking up addresses for function names / symbols, and vice-versa.
Uses IDA when available if there isn't sufficient symbol information available.
Functions:
"},{"location":"reference/pwndbg/gdblib/symbol/#pwndbg.gdblib.symbol.selected_frame_source_absolute_filename","title":"selected_frame_source_absolute_filename","text":"selected_frame_source_absolute_filename()\n
Retrieve the symbol table\u2019s source absolute file name from the selected frame.
In case of missing symbol table or frame information, None is returned.
"},{"location":"reference/pwndbg/gdblib/tui/","title":"pwndbg.gdblib.tui","text":""},{"location":"reference/pwndbg/gdblib/tui/#pwndbg.gdblib.tui","title":"tui","text":"Modules:
-
context \u2013 -
control \u2013
Functions:
"},{"location":"reference/pwndbg/gdblib/tui/#pwndbg.gdblib.tui.setup","title":"setup","text":"setup() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/","title":"pwndbg.gdblib.tui.context","text":""},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context","title":"context","text":"Classes:
Attributes:
-
sections \u2013 -
target_func (Callable[..., _Window]) \u2013
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.sections","title":"sections module-attribute","text":"sections = ['legend'] + [replace('context_', '') for section in values()]\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.target_func","title":"target_func module-attribute","text":"target_func: Callable[..., _Window] = (\n lambda window, section_name=section_name: ContextTUIWindow(\n window, section_name\n )\n)\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow","title":"ContextTUIWindow","text":"ContextTUIWindow(tui_window: 'gdb.TuiWindow', section: str)\n
Methods:
-
close \u2013 -
render \u2013 -
hscroll \u2013 -
vscroll \u2013 -
click \u2013
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.___ansi_substr","title":"___ansi_substr class-attribute instance-attribute","text":"___ansi_substr = _ansi_substr\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.close","title":"close","text":"close() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.render","title":"render","text":"render() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.hscroll","title":"hscroll","text":"hscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.vscroll","title":"vscroll","text":"vscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.click","title":"click","text":"click(x: int, y: int, button: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/","title":"pwndbg.gdblib.tui.control","text":""},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control","title":"control","text":"Classes:
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow","title":"ControlTUIWindow","text":"ControlTUIWindow(tui_window: 'gdb.TuiWindow')\n
Methods:
-
close \u2013 -
render \u2013 -
hscroll \u2013 -
vscroll \u2013 -
click \u2013
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.close","title":"close","text":"close() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.render","title":"render","text":"render() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.hscroll","title":"hscroll","text":"hscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.vscroll","title":"vscroll","text":"vscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.click","title":"click","text":"click(x: int, y: int, button: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/vmmap/","title":"pwndbg.gdblib.vmmap","text":""},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap","title":"vmmap","text":"Routines to enumerate mapped memory, and attempt to associate address ranges with various ELF files and permissions.
The reason that we need robustness is that not every operating system has /proc/$$/maps, which backs 'info proc mapping'.
Functions:
-
is_corefile \u2013 For example output use:
-
get_known_maps \u2013 Similar to vmmap.get(), except only returns maps in cases where
-
coredump_maps \u2013 Parses info proc mappings and maintenance info sections
-
parse_info_proc_mappings_line \u2013 Parse a line from info proc mappings and return a pwndbg.lib.memory.Page
-
info_proc_maps \u2013 Parse the result of info proc mappings.
-
proc_tid_maps \u2013 Parse the contents of /proc/$TID/maps on the server.
-
info_sharedlibrary \u2013 Parses the output of info sharedlibrary.
-
info_files \u2013 -
info_auxv \u2013 Extracts the name of the executable from the output of the command
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.is_corefile","title":"is_corefile","text":"is_corefile() -> bool\n
For example output use gdb ./tests/binaries/crash_simple.out -ex run -ex 'generate-core-file ./core' -ex 'quit'
And then use gdb ./tests/binaries/crash_simple.out -core ./core -ex 'info target'
And: gdb -core ./core
As the two differ in output slighty.
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.get_known_maps","title":"get_known_maps","text":"get_known_maps() -> tuple[Page, ...] | None\n
Similar to vmmap.get(), except only returns maps in cases where the mappings are known, like if it's a coredump, or if process mappings are available.
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.coredump_maps","title":"coredump_maps","text":"coredump_maps() -> tuple[Page, ...]\n
Parses info proc mappings and maintenance info sections and tries to make sense out of the result :)
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.parse_info_proc_mappings_line","title":"parse_info_proc_mappings_line","text":"parse_info_proc_mappings_line(\n line: str, perms_available: bool, parse_flags: bool\n) -> Page | None\n
Parse a line from info proc mappings and return a pwndbg.lib.memory.Page object if the line is valid.
Example lines 0x4c3000 0x4c5000 0x2000 0xc2000 rw-p /root/hello_world/main 0x4c5000 0x4cb000 0x6000 0x0 rw-p
The objfile column might be empty, and the permissions column is only present in GDB versions >= 12.1 bminor/binutils-gdb@29ef4c0
Parameters:
Returns:
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.info_proc_maps","title":"info_proc_maps","text":"info_proc_maps(parse_flags=True) -> tuple[Page, ...]\n
Parse the result of info proc mappings.
Example output:
Start Addr End Addr Size Offset Perms objfile\n 0x400000 0x401000 0x1000 0x0 r--p /root/hello_world/main\n 0x401000 0x497000 0x96000 0x1000 r-xp /root/hello_world/main\n 0x497000 0x4be000 0x27000 0x97000 r--p /root/hello_world/main\n 0x4be000 0x4c3000 0x5000 0xbd000 r--p /root/hello_world/main\n 0x4c3000 0x4c5000 0x2000 0xc2000 rw-p /root/hello_world/main\n 0x4c5000 0x4cb000 0x6000 0x0 rw-p\n 0x4cb000 0x4ed000 0x22000 0x0 rw-p [heap]\n0x7ffff7ff9000 0x7ffff7ffd000 0x4000 0x0 r--p [vvar]\n0x7ffff7ffd000 0x7ffff7fff000 0x2000 0x0 r-xp [vdso]\n0x7ffffffde000 0x7ffffffff000 0x21000 0x0 rw-p [stack]\n
0xffffffffff600000 0xffffffffff601000 0x1000 0x0 --xp [vsyscall]
Note: this may return no pages due to a bug/behavior of GDB. See https://sourceware.org/bugzilla/show_bug.cgi?id=31207 for more information.
Returns:
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.proc_tid_maps","title":"proc_tid_maps","text":"proc_tid_maps() -> tuple[Page, ...] | None\n
Parse the contents of /proc/$TID/maps on the server. (TID == Thread Identifier. We do not use PID since it may not be correct)
Returns:
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.info_sharedlibrary","title":"info_sharedlibrary","text":"info_sharedlibrary() -> tuple[Page, ...]\n
Parses the output of info sharedlibrary.
Specifically, all we really want is any valid pointer into each library, and the path to the library on disk.
With this information, we can use the ELF parser to get all of the page permissions for every mapped page in the ELF.
Returns:
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.info_files","title":"info_files","text":"info_files() -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.info_auxv","title":"info_auxv","text":"info_auxv(skip_exe: bool = False) -> tuple[Page, ...]\n
Extracts the name of the executable from the output of the command \"info auxv\". Note that if the executable path is a symlink, it is not dereferenced by info auxv and we also don't dereference it.
Parameters:
Returns:
"},{"location":"reference/pwndbg/ghidra/","title":"pwndbg.ghidra","text":""},{"location":"reference/pwndbg/ghidra/#pwndbg.ghidra","title":"ghidra","text":"Ghidra integration.
Functions:
Attributes:
"},{"location":"reference/pwndbg/ghidra/#pwndbg.ghidra.r2decompiler","title":"r2decompiler module-attribute","text":"r2decompiler = add_param(\n \"r2decompiler\",\n \"radare2\",\n \"framework that your ghidra plugin installed\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"radare2\", \"rizin\"],\n)\n
"},{"location":"reference/pwndbg/ghidra/#pwndbg.ghidra.set_r2decompiler","title":"set_r2decompiler","text":"set_r2decompiler() -> None\n
"},{"location":"reference/pwndbg/ghidra/#pwndbg.ghidra.decompile","title":"decompile","text":"decompile(func=None)\n
Return the source of the given function decompiled by ghidra.
If no function is given, decompile the function within the current pc. This function requires radare2, r2pipe and r2ghidra, or their related rizin counterparts.
Raises Exception if any fatal error occurs.
"},{"location":"reference/pwndbg/glibc/","title":"pwndbg.glibc","text":""},{"location":"reference/pwndbg/glibc/#pwndbg.glibc","title":"glibc","text":"Get information about the GLibc
Functions:
-
set_glibc_version \u2013 -
get_version \u2013 -
get_libc_filename_from_info_sharedlibrary \u2013 Get the filename of the libc by parsing the output of info sharedlibrary.
-
dump_elf_data_section \u2013 Dump .data section of libc ELF file
-
dump_relocations_by_section_name \u2013 Dump relocations of a section by section name of libc ELF file
-
get_section_address_by_name \u2013 Find section address of libc by section name
-
OnlyWhenGlibcLoaded \u2013 -
check_safe_linking \u2013 Safe-linking is a glibc 2.32 mitigation; see:
Attributes:
-
P \u2013 -
T \u2013 -
safe_lnk \u2013 -
glibc_version \u2013
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.safe_lnk","title":"safe_lnk module-attribute","text":"safe_lnk = add_param(\n \"safe-linking\",\n None,\n \"whether glibc uses safe-linking\",\n param_class=PARAM_AUTO_BOOLEAN,\n)\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.glibc_version","title":"glibc_version module-attribute","text":"glibc_version = add_param(\n \"glibc\",\n \"\",\n \"glibc version for heap heuristics resolution (e.g. 2.31)\",\n scope=heap,\n)\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.set_glibc_version","title":"set_glibc_version","text":"set_glibc_version() -> None\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.get_version","title":"get_version","text":"get_version() -> tuple[int, ...] | None\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.get_libc_filename_from_info_sharedlibrary","title":"get_libc_filename_from_info_sharedlibrary","text":"get_libc_filename_from_info_sharedlibrary() -> str | None\n
Get the filename of the libc by parsing the output of info sharedlibrary.
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.dump_elf_data_section","title":"dump_elf_data_section","text":"dump_elf_data_section() -> tuple[int, int, bytes] | None\n
Dump .data section of libc ELF file
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.dump_relocations_by_section_name","title":"dump_relocations_by_section_name","text":"dump_relocations_by_section_name(\n section_name: str,\n) -> tuple[Relocation, ...] | None\n
Dump relocations of a section by section name of libc ELF file
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.get_section_address_by_name","title":"get_section_address_by_name","text":"get_section_address_by_name(section_name: str) -> int\n
Find section address of libc by section name
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.OnlyWhenGlibcLoaded","title":"OnlyWhenGlibcLoaded","text":"OnlyWhenGlibcLoaded(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.check_safe_linking","title":"check_safe_linking","text":"check_safe_linking() -> bool\n
Safe-linking is a glibc 2.32 mitigation; see: - https://lanph3re.blogspot.com/2020/08/blog-post.html - https://research.checkpoint.com/2020/safe-linking-eliminating-a-20-year-old-malloc-exploit-primitive/
"},{"location":"reference/pwndbg/hexdump/","title":"pwndbg.hexdump","text":""},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump","title":"hexdump","text":"Hexdump implementation, ~= stolen from pwntools.
Functions:
-
groupby \u2013 -
load_color_scheme \u2013 -
hexdump \u2013
Attributes:
-
color_scheme \u2013 -
printable \u2013 -
config_colorize_ascii \u2013 -
config_separator \u2013 -
config_byte_separator \u2013
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.color_scheme","title":"color_scheme module-attribute","text":"color_scheme = None\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.printable","title":"printable module-attribute","text":"printable = None\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.config_colorize_ascii","title":"config_colorize_ascii module-attribute","text":"config_colorize_ascii = add_param(\n \"hexdump-colorize-ascii\",\n True,\n \"whether to colorize the hexdump command ascii section\",\n)\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.config_separator","title":"config_separator module-attribute","text":"config_separator = add_param(\n \"hexdump-ascii-block-separator\",\n \"\u2502\",\n \"block separator char of the hexdump command\",\n)\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.config_byte_separator","title":"config_byte_separator module-attribute","text":"config_byte_separator = add_param(\n \"hexdump-byte-separator\",\n \" \",\n \"separator of single bytes in hexdump (does NOT affect group separator)\",\n)\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.groupby","title":"groupby","text":"groupby(width: int, array, fill=None)\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.load_color_scheme","title":"load_color_scheme","text":"load_color_scheme() -> None\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.hexdump","title":"hexdump","text":"hexdump(\n data: bytes,\n address: int = 0,\n width: int = 16,\n group_width: int = 4,\n flip_group_endianness: bool = False,\n skip: bool = True,\n offset: int = 0,\n size: int = 0,\n count: int = 0,\n repeat: bool = False,\n dX_call: bool = False,\n)\n
"},{"location":"reference/pwndbg/integration/","title":"pwndbg.integration","text":""},{"location":"reference/pwndbg/integration/#pwndbg.integration","title":"integration","text":"Decompiler integration.
Modules:
-
binja \u2013 Talks to an XMLRPC server running inside of an active Binary Ninja instance,
-
ida \u2013 Talks to an XMLRPC server running inside of an active IDA Pro instance,
Classes:
Functions:
Attributes:
-
provider_name \u2013 -
symbol_lookup \u2013 -
smart_enhance \u2013 -
function_lookup \u2013 -
provider (IntegrationProvider) \u2013
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.provider_name","title":"provider_name module-attribute","text":"provider_name = add_param(\n \"integration-provider\",\n \"none\",\n \"which provider to use for integration features\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"none\", \"binja\", \"ida\"],\n)\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.symbol_lookup","title":"symbol_lookup module-attribute","text":"symbol_lookup = add_param(\n \"integration-symbol-lookup\",\n True,\n \"whether to use integration to look up unknown symbols\",\n)\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.smart_enhance","title":"smart_enhance module-attribute","text":"smart_enhance = add_param(\n \"integration-smart-enhance\",\n True,\n \"use integration to determine when to disassemble during enhancing\",\n)\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.function_lookup","title":"function_lookup module-attribute","text":"function_lookup = add_param(\n \"integration-function-lookup\",\n True,\n \"use integration to look up function type signatures\",\n)\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.provider","title":"provider module-attribute","text":"provider: IntegrationProvider = IntegrationProvider()\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider","title":"IntegrationProvider","text":"A class representing an integration that provides intelligence external to GDB.
Methods:
-
get_symbol \u2013 Get a symbol at an address, or an offset from a symbol.
-
get_versions \u2013 Gets any version strings relevant to the integration,
-
is_in_function \u2013 Checks if integration thinks that an address is in a function,
-
get_comment_lines \u2013 Gets any comments attached to an instruction.
-
decompile \u2013 Decompiles the code near an address given a line count.
-
get_func_type \u2013 Gets the type signature of a function, used for argument labeling.
-
get_stack_var_name \u2013 Gets the name of a stack variable based on only the address of the variable.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_symbol","title":"get_symbol","text":"get_symbol(addr: int) -> str | None\n
Get a symbol at an address, or an offset from a symbol.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_versions","title":"get_versions","text":"get_versions() -> tuple[str, ...]\n
Gets any version strings relevant to the integration, which are used when displaying the version command.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.is_in_function","title":"is_in_function","text":"is_in_function(addr: int) -> bool\n
Checks if integration thinks that an address is in a function, which is used to determine if tel should try to disassemble something.
If uncertain, it's better to default to True than to False.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_comment_lines","title":"get_comment_lines","text":"get_comment_lines(addr: int) -> list[str]\n
Gets any comments attached to an instruction.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.decompile","title":"decompile","text":"decompile(addr: int, lines: int) -> list[str] | None\n
Decompiles the code near an address given a line count.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_func_type","title":"get_func_type","text":"get_func_type(addr: int) -> Function | None\n
Gets the type signature of a function, used for argument labeling.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_stack_var_name","title":"get_stack_var_name","text":"get_stack_var_name(addr: int) -> str | None\n
Gets the name of a stack variable based on only the address of the variable.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider","title":"ConfigurableProvider dataclass","text":"ConfigurableProvider(inner: IntegrationProvider)\n
Bases: IntegrationProvider
A wrapper around an IntegrationProvider that skips calling functions if disabled in config.
Methods:
-
get_symbol \u2013 -
get_versions \u2013 -
is_in_function \u2013 -
get_comment_lines \u2013 -
decompile \u2013 -
get_func_type \u2013 -
get_stack_var_name \u2013
Attributes:
-
inner (IntegrationProvider) \u2013
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.inner","title":"inner instance-attribute","text":"inner: IntegrationProvider\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_symbol","title":"get_symbol","text":"get_symbol(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_versions","title":"get_versions","text":"get_versions() -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.is_in_function","title":"is_in_function","text":"is_in_function(addr: int) -> bool\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_comment_lines","title":"get_comment_lines","text":"get_comment_lines(addr: int) -> list[str]\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.decompile","title":"decompile","text":"decompile(addr: int, lines: int) -> list[str] | None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_func_type","title":"get_func_type","text":"get_func_type(addr: int) -> Function | None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_stack_var_name","title":"get_stack_var_name","text":"get_stack_var_name(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.switch_providers","title":"switch_providers","text":"switch_providers()\n
"},{"location":"reference/pwndbg/integration/binja/","title":"pwndbg.integration.binja","text":""},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja","title":"binja","text":"Talks to an XMLRPC server running inside of an active Binary Ninja instance, in order to query it about the database. Allows symbol resolution and interactive debugging.
Classes:
-
DarkTheme \u2013 -
LightTheme \u2013 -
BinjaProvider \u2013
Functions:
-
init_bn_rpc_client \u2013 -
with_bn \u2013 -
available \u2013 -
can_connect \u2013 -
l2r \u2013 -
r2l \u2013 -
base \u2013 -
auto_update_pc \u2013 -
auto_update_bp \u2013 -
auto_clear_pc \u2013 -
navigate_to \u2013 -
bn_to_pygment_tok \u2013 -
bn_to_pygment_theme \u2013
Attributes:
-
bn_rpc_host \u2013 -
bn_rpc_port \u2013 -
bn_timeout \u2013 -
bn_autosync \u2013 -
bn_il_level \u2013 -
P \u2013 -
T \u2013 -
K \u2013 -
themes \u2013 -
style \u2013
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_rpc_host","title":"bn_rpc_host module-attribute","text":"bn_rpc_host = add_param(\n \"bn-rpc-host\", \"127.0.0.1\", \"Binary Ninja XML-RPC server host\"\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_rpc_port","title":"bn_rpc_port module-attribute","text":"bn_rpc_port = add_param(\n \"bn-rpc-port\", 31337, \"Binary Ninja XML-RPC server port\"\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_timeout","title":"bn_timeout module-attribute","text":"bn_timeout = add_param(\n \"bn-timeout\", 2, \"time to wait for Binary Ninja XML-RPC, in seconds\"\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_autosync","title":"bn_autosync module-attribute","text":"bn_autosync = add_param(\n \"bn-autosync\", False, \"whether to automatically run bn-sync every step\"\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_il_level","title":"bn_il_level module-attribute","text":"bn_il_level = add_param(\n \"bn-il-level\",\n \"hlil\",\n \"the IL level to use when displaying Binary Ninja decompilation\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"disasm\", \"llil\", \"mlil\", \"hlil\"],\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.K","title":"K module-attribute","text":"K = TypeVar('K')\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.themes","title":"themes module-attribute","text":"themes = {}\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.style","title":"style module-attribute","text":"style = add_param(\n \"bn-decomp-style\",\n \"dark\",\n \"decompilation highlight theme for Binary Ninja\",\n param_class=PARAM_ENUM,\n enum_sequence=list(keys()),\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.DarkTheme","title":"DarkTheme","text":" Bases: Style
Attributes:
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.DarkTheme.styles","title":"styles class-attribute instance-attribute","text":"styles = bn_to_pygment_theme(\n {\n \"TextToken\": \"#e0e0e0\",\n \"InstructionToken\": \"#eddfb3\",\n \"OperandSeparatorToken\": \"#e0e0e0\",\n \"RegisterToken\": \"#e0e0e0\",\n \"IntegerToken\": \"#a2d9af\",\n \"PossibleAddressToken\": \"#a2d9af\",\n \"BeginMemoryOperandToken\": \"#e0e0e0\",\n \"EndMemoryOperandToken\": \"#e0e0e0\",\n \"FloatingPointToken\": \"#a2d9af\",\n \"AnnotationToken\": \"#dac4d1\",\n \"CodeRelativeAddressToken\": \"#a2d9af\",\n \"ArgumentNameToken\": \"#e0e0e0\",\n \"HexDumpByteValueToken\": \"#e0e0e0\",\n \"HexDumpSkippedByteToken\": \"#e0e0e0\",\n \"HexDumpInvalidByteToken\": \"#909090\",\n \"HexDumpTextToken\": \"#e0e0e0\",\n \"OpcodeToken\": \"#909090\",\n \"StringToken\": \"#dac4d1\",\n \"CharacterConstantToken\": \"#dac4d1\",\n \"KeywordToken\": \"#eddfb3\",\n \"TypeNameToken\": \"#edbd81\",\n \"FieldNameToken\": \"#b0dde4\",\n \"NameSpaceToken\": \"#80c6e9\",\n \"NameSpaceSeparatorToken\": \"#80c6e9\",\n \"TagToken\": \"#e0e0e0\",\n \"StructOffsetToken\": \"#b0dde4\",\n \"StructOffsetByteValueToken\": \"#e0e0e0\",\n \"StructureHexDumpTextToken\": \"#e0e0e0\",\n \"GotoLabelToken\": \"#80c6e9\",\n \"CommentToken\": \"#dac4d1\",\n \"PossibleValueToken\": \"#e0e0e0\",\n \"PossibleValueTypeToken\": \"#e0e0e0\",\n \"ArrayIndexToken\": \"#a2d9af\",\n \"IndentationToken\": \"#5d5d5d\",\n \"UnknownMemoryToken\": \"#909090\",\n \"EnumerationMemberToken\": \"#eddfb3\",\n \"OperationToken\": \"#89a4b1\",\n \"BaseStructureNameToken\": \"#dac4d1\",\n \"BaseStructureSeparatorToken\": \"#dac4d1\",\n \"BraceToken\": \"#e0e0e0\",\n \"CodeSymbolToken\": \"#80c6e9\",\n \"DataSymbolToken\": \"#8ee6ed\",\n \"LocalVariableToken\": \"#e0e0e0\",\n \"ImportToken\": \"#edbd81\",\n \"AddressDisplayToken\": \"#a2d9af\",\n \"IndirectImportToken\": \"#edbd81\",\n \"ExternalSymbolToken\": \"#edbd81\",\n \"StackVariableToken\": \"#c1dcc7\",\n \"AddressSeparatorToken\": \"#e0e0e0\",\n }\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.LightTheme","title":"LightTheme","text":" Bases: Style
Attributes:
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.LightTheme.styles","title":"styles class-attribute instance-attribute","text":"styles = bn_to_pygment_theme(\n {\n \"TextToken\": \"#1f1f1f\",\n \"InstructionToken\": \"#8d8d2d\",\n \"OperandSeparatorToken\": \"#1f1f1f\",\n \"RegisterToken\": \"#1f1f1f\",\n \"IntegerToken\": \"#30820d\",\n \"PossibleAddressToken\": \"#30820d\",\n \"BeginMemoryOperandToken\": \"#1f1f1f\",\n \"EndMemoryOperandToken\": \"#1f1f1f\",\n \"FloatingPointToken\": \"#30820d\",\n \"AnnotationToken\": \"#bf2624\",\n \"CodeRelativeAddressToken\": \"#30820d\",\n \"ArgumentNameToken\": \"#1f1f1f\",\n \"HexDumpByteValueToken\": \"#1f1f1f\",\n \"HexDumpSkippedByteToken\": \"#1f1f1f\",\n \"HexDumpInvalidByteToken\": \"#7a7a7a\",\n \"HexDumpTextToken\": \"#1f1f1f\",\n \"OpcodeToken\": \"#7a7a7a\",\n \"StringToken\": \"#203635\",\n \"CharacterConstantToken\": \"#203635\",\n \"KeywordToken\": \"#8d8d2d\",\n \"TypeNameToken\": \"#e07c35\",\n \"FieldNameToken\": \"#35dae0\",\n \"NameSpaceToken\": \"#00a4c7\",\n \"NameSpaceSeparatorToken\": \"#00a4c7\",\n \"TagToken\": \"#1f1f1f\",\n \"StructOffsetToken\": \"#35dae0\",\n \"StructOffsetByteValueToken\": \"#1f1f1f\",\n \"StructureHexDumpTextToken\": \"#1f1f1f\",\n \"GotoLabelToken\": \"#00a4c7\",\n \"CommentToken\": \"#bf2624\",\n \"PossibleValueToken\": \"#1f1f1f\",\n \"PossibleValueTypeToken\": \"#1f1f1f\",\n \"ArrayIndexToken\": \"#30820d\",\n \"IndentationToken\": \"#bcbcbc\",\n \"UnknownMemoryToken\": \"#7a7a7a\",\n \"EnumerationMemberToken\": \"#8d8d2d\",\n \"OperationToken\": \"#5b848d\",\n \"BaseStructureNameToken\": \"#bf2624\",\n \"BaseStructureSeparatorToken\": \"#bf2624\",\n \"BraceToken\": \"#1f1f1f\",\n \"CodeSymbolToken\": \"#00a4c7\",\n \"DataSymbolToken\": \"#278cad\",\n \"LocalVariableToken\": \"#1f1f1f\",\n \"ImportToken\": \"#e07c35\",\n \"AddressDisplayToken\": \"#30820d\",\n \"IndirectImportToken\": \"#e07c35\",\n \"ExternalSymbolToken\": \"#e07c35\",\n \"StackVariableToken\": \"#275016\",\n \"AddressSeparatorToken\": \"#1f1f1f\",\n }\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider","title":"BinjaProvider","text":" Bases: IntegrationProvider
Methods:
-
get_symbol \u2013 -
get_versions \u2013 -
is_in_function \u2013 -
get_comment_lines \u2013 -
decompile \u2013 -
get_func_type \u2013 -
get_stack_var_name \u2013
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_symbol","title":"get_symbol","text":"get_symbol(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_versions","title":"get_versions","text":"get_versions() -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.is_in_function","title":"is_in_function","text":"is_in_function(addr: int) -> bool\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_comment_lines","title":"get_comment_lines","text":"get_comment_lines(addr: int) -> list[str]\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.decompile","title":"decompile","text":"decompile(addr: int, lines: int) -> list[str] | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_func_type","title":"get_func_type","text":"get_func_type(addr: int) -> Function | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_stack_var_name","title":"get_stack_var_name","text":"get_stack_var_name(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.init_bn_rpc_client","title":"init_bn_rpc_client","text":"init_bn_rpc_client() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.with_bn","title":"with_bn","text":"with_bn(\n fallback: K = None,\n) -> Callable[[Callable[P, T]], Callable[P, T | K]]\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.available","title":"available","text":"available() -> bool\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.can_connect","title":"can_connect","text":"can_connect() -> bool\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.l2r","title":"l2r","text":"l2r(addr: int) -> int\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.r2l","title":"r2l","text":"r2l(addr: int) -> int\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.base","title":"base","text":"base()\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.auto_update_pc","title":"auto_update_pc","text":"auto_update_pc() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.auto_update_bp","title":"auto_update_bp","text":"auto_update_bp() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.auto_clear_pc","title":"auto_clear_pc","text":"auto_clear_pc() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.navigate_to","title":"navigate_to","text":"navigate_to(addr: int) -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_to_pygment_tok","title":"bn_to_pygment_tok","text":"bn_to_pygment_tok(tok: str) -> Any\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_to_pygment_theme","title":"bn_to_pygment_theme","text":"bn_to_pygment_theme(theme: dict[str, str]) -> dict[Any, str]\n
"},{"location":"reference/pwndbg/integration/ida/","title":"pwndbg.integration.ida","text":""},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida","title":"ida","text":"Talks to an XMLRPC server running inside of an active IDA Pro instance, in order to query it about the database. Allows symbol resolution and interactive debugging.
Classes:
-
IDC \u2013 -
IdaProvider \u2013
Functions:
Attributes:
-
ida_rpc_host \u2013 -
ida_rpc_port \u2013 -
ida_timeout \u2013 -
P \u2013 -
T \u2013 -
colored_pc \u2013 -
idc \u2013 -
ida_replacements \u2013
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_rpc_host","title":"ida_rpc_host module-attribute","text":"ida_rpc_host = add_param(\n \"ida-rpc-host\", \"127.0.0.1\", \"ida xmlrpc server address\"\n)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_rpc_port","title":"ida_rpc_port module-attribute","text":"ida_rpc_port = add_param('ida-rpc-port', 31337, 'ida xmlrpc server port')\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_timeout","title":"ida_timeout module-attribute","text":"ida_timeout = add_param(\n \"ida-timeout\", 2, \"time to wait for ida xmlrpc in seconds\"\n)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.colored_pc","title":"colored_pc module-attribute","text":"colored_pc = None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.idc","title":"idc module-attribute","text":"idc = IDC()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_replacements","title":"ida_replacements module-attribute","text":"ida_replacements = {\n \"__int64\": \"signed long long int\",\n \"__int32\": \"signed int\",\n \"__int16\": \"signed short\",\n \"__int8\": \"signed char\",\n \"__uint64\": \"unsigned long long int\",\n \"__uint32\": \"unsigned int\",\n \"__uint16\": \"unsigned short\",\n \"__uint8\": \"unsigned char\",\n \"_BOOL_1\": \"unsigned char\",\n \"_BOOL_2\": \"unsigned short\",\n \"_BOOL_4\": \"unsigned int\",\n \"_BYTE\": \"unsigned char\",\n \"_WORD\": \"unsigned short\",\n \"_DWORD\": \"unsigned int\",\n \"_QWORD\": \"unsigned long long\",\n \"__pure\": \"\",\n \"__hidden\": \"\",\n \"__return_ptr\": \"\",\n \"__struct_ptr\": \"\",\n \"__array_ptr\": \"\",\n \"__fastcall\": \"\",\n \"__cdecl\": \"\",\n \"__thiscall\": \"\",\n \"__userpurge\": \"\",\n}\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IDC","title":"IDC","text":"IDC()\n
Attributes:
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IDC.query","title":"query class-attribute instance-attribute","text":"query = (\n \"{k:v for k,v in globals()['idc'].__dict__.items() if isinstance(v, int)}\"\n)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider","title":"IdaProvider","text":" Bases: IntegrationProvider
Methods:
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_symbol","title":"get_symbol","text":"get_symbol(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_versions","title":"get_versions","text":"get_versions() -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.is_in_function","title":"is_in_function","text":"is_in_function(addr: int) -> bool\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_comment_lines","title":"get_comment_lines","text":"get_comment_lines(addr: int) -> list[str]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.decompile","title":"decompile","text":"decompile(addr: int, lines: int) -> list[str] | None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_func_type","title":"get_func_type","text":"get_func_type(addr: int) -> Function | None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_stack_var_name","title":"get_stack_var_name","text":"get_stack_var_name(addr: int) -> str | None\n
Gets the name of a stack variable based on only the address of the variable.
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.init_ida_rpc_client","title":"init_ida_rpc_client","text":"init_ida_rpc_client() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.withIDA","title":"withIDA","text":"withIDA(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.withHexrays","title":"withHexrays","text":"withHexrays(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.takes_address","title":"takes_address","text":"takes_address(\n function: Callable[Concatenate[int, P], T],\n) -> Callable[Concatenate[int, P], T]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.returns_address","title":"returns_address","text":"returns_address(function: Callable[P, int]) -> Callable[P, int]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.available","title":"available","text":"available() -> bool\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.can_connect","title":"can_connect","text":"can_connect() -> bool\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.l2r","title":"l2r","text":"l2r(addr: int) -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.r2l","title":"r2l","text":"r2l(addr: int) -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.remote","title":"remote","text":"remote(function) -> None\n
Runs the provided function in IDA's interpreter.
The function must be self-contained and not reference any global variables.
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.base","title":"base","text":"base()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Comment","title":"Comment","text":"Comment(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Name","title":"Name","text":"Name(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFuncOffset","title":"GetFuncOffset","text":"GetFuncOffset(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFuncAttr","title":"GetFuncAttr","text":"GetFuncAttr(addr: int, attr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetType","title":"GetType","text":"GetType(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.here","title":"here","text":"here() -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Jump","title":"Jump","text":"Jump(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Anterior","title":"Anterior","text":"Anterior(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetBreakpoints","title":"GetBreakpoints","text":"GetBreakpoints()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetBptQty","title":"GetBptQty","text":"GetBptQty()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetBptEA","title":"GetBptEA","text":"GetBptEA(i: int) -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.UpdateBreakpoints","title":"UpdateBreakpoints","text":"UpdateBreakpoints() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.SetColor","title":"SetColor","text":"SetColor(pc, color)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Auto_Color_PC","title":"Auto_Color_PC","text":"Auto_Color_PC() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Auto_UnColor_PC","title":"Auto_UnColor_PC","text":"Auto_UnColor_PC() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.LocByName","title":"LocByName","text":"LocByName(name) -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.PrevHead","title":"PrevHead","text":"PrevHead(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.NextHead","title":"NextHead","text":"NextHead(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFunctionName","title":"GetFunctionName","text":"GetFunctionName(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFlags","title":"GetFlags","text":"GetFlags(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.isASCII","title":"isASCII","text":"isASCII(flags)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ArgCount","title":"ArgCount","text":"ArgCount(address) -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.SaveBase","title":"SaveBase","text":"SaveBase(path: str)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetIdbPath","title":"GetIdbPath","text":"GetIdbPath()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.has_cached_cfunc","title":"has_cached_cfunc","text":"has_cached_cfunc(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.decompile","title":"decompile","text":"decompile(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.decompile_context","title":"decompile_context","text":"decompile_context(pc, context_lines)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.get_ida_versions","title":"get_ida_versions","text":"get_ida_versions() -> dict[str, str]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucQty","title":"GetStrucQty","text":"GetStrucQty()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucId","title":"GetStrucId","text":"GetStrucId(idx)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucName","title":"GetStrucName","text":"GetStrucName(sid)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucSize","title":"GetStrucSize","text":"GetStrucSize(sid)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFrameId","title":"GetFrameId","text":"GetFrameId(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberQty","title":"GetMemberQty","text":"GetMemberQty(sid)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberSize","title":"GetMemberSize","text":"GetMemberSize(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberId","title":"GetMemberId","text":"GetMemberId(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberName","title":"GetMemberName","text":"GetMemberName(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberOffset","title":"GetMemberOffset","text":"GetMemberOffset(sid, member_name)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberFlag","title":"GetMemberFlag","text":"GetMemberFlag(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucNextOff","title":"GetStrucNextOff","text":"GetStrucNextOff(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.print_member","title":"print_member","text":"print_member(sid, offset) -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.print_structs","title":"print_structs","text":"print_structs() -> None\n
"},{"location":"reference/pwndbg/lib/","title":"pwndbg.lib","text":""},{"location":"reference/pwndbg/lib/#pwndbg.lib","title":"lib","text":"Library for non-debugger-dependant functionality.
Modules:
-
abi \u2013 -
android \u2013 -
arch \u2013 -
cache \u2013 Caches return values until some event in the inferior happens,
-
common \u2013 -
config \u2013 -
disasm \u2013 -
elftypes \u2013 -
exception \u2013 -
funcparser \u2013 -
functions \u2013 -
functions_data \u2013 -
gcc \u2013 Functions for determining the architecture-dependent path to
-
heap \u2013 -
kernel \u2013 -
memory \u2013 Reading, writing, and describing memory.
-
net \u2013 Re-implements some psutil functionality to be able to get information from
-
regs \u2013 Reading register value from the inferior, and provides a
-
stdio \u2013 Provides functionality to circumvent GDB's hooks on sys.stdin and sys.stdout
-
strings \u2013 -
tempfile \u2013 Common helper and cache for pwndbg tempdir
-
tips \u2013 -
version \u2013 -
which \u2013
"},{"location":"reference/pwndbg/lib/abi/","title":"pwndbg.lib.abi","text":""},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi","title":"abi","text":"Classes:
-
ABI \u2013 Encapsulates information about a calling convention.
-
SyscallABI \u2013 The syscall ABI treats the syscall number as the zeroth argument,
-
SigreturnABI \u2013 The sigreturn ABI is similar to the syscall ABI, except that
Attributes:
-
linux_i386 \u2013 -
linux_amd64 \u2013 -
linux_arm \u2013 -
linux_aarch64 \u2013 -
linux_mips \u2013 -
linux_mips64 \u2013 -
linux_ppc \u2013 -
linux_ppc64 \u2013 -
linux_riscv32 \u2013 -
linux_riscv64 \u2013 -
linux_i386_syscall \u2013 -
linux_amd64_syscall \u2013 -
linux_arm_syscall \u2013 -
linux_aarch64_syscall \u2013 -
linux_mips_syscall \u2013 -
linux_mips64_syscall \u2013 -
linux_ppc_syscall \u2013 -
linux_ppc64_syscall \u2013 -
linux_riscv32_syscall \u2013 -
linux_riscv64_syscall \u2013 -
linux_i386_sigreturn \u2013 -
linux_amd64_sigreturn \u2013 -
linux_arm_sigreturn \u2013 -
linux_i386_srop \u2013 -
linux_amd64_srop \u2013 -
linux_arm_srop \u2013 -
DEFAULT_ABIS (dict[tuple[int, str, str], ABI]) \u2013 -
SYSCALL_ABIS (dict[tuple[int, str, str], SyscallABI]) \u2013 -
SIGRETURN_ABIS (dict[tuple[int, str, str], SigreturnABI]) \u2013
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_i386","title":"linux_i386 module-attribute","text":"linux_i386 = ABI([], 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64","title":"linux_amd64 module-attribute","text":"linux_amd64 = ABI(['rdi', 'rsi', 'rdx', 'rcx', 'r8', 'r9'], 8, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm","title":"linux_arm module-attribute","text":"linux_arm = ABI(['r0', 'r1', 'r2', 'r3'], 8, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_aarch64","title":"linux_aarch64 module-attribute","text":"linux_aarch64 = ABI(['x0', 'x1', 'x2', 'x3'], 16, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips","title":"linux_mips module-attribute","text":"linux_mips = ABI(['$a0', '$a1', '$a2', '$a3'], 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips64","title":"linux_mips64 module-attribute","text":"linux_mips64 = ABI(\n [\"$a0\", \"$a1\", \"$a2\", \"$a3\", \"$a4\", \"$a5\", \"$a6\", \"$a7\"], 8, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc","title":"linux_ppc module-attribute","text":"linux_ppc = ABI(['r3', 'r4', 'r5', 'r6', 'r7', 'r8', 'r9', 'r10'], 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc64","title":"linux_ppc64 module-attribute","text":"linux_ppc64 = ABI(['r3', 'r4', 'r5', 'r6', 'r7', 'r8', 'r9', 'r10'], 8, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv32","title":"linux_riscv32 module-attribute","text":"linux_riscv32 = ABI(['a0', 'a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'a7'], 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv64","title":"linux_riscv64 module-attribute","text":"linux_riscv64 = ABI(['a0', 'a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'a7'], 8, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_i386_syscall","title":"linux_i386_syscall module-attribute","text":"linux_i386_syscall = SyscallABI(\n [\"eax\", \"ebx\", \"ecx\", \"edx\", \"esi\", \"edi\", \"ebp\"], 4, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64_syscall","title":"linux_amd64_syscall module-attribute","text":"linux_amd64_syscall = SyscallABI(\n [\"rax\", \"rdi\", \"rsi\", \"rdx\", \"r10\", \"r8\", \"r9\"], 8, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm_syscall","title":"linux_arm_syscall module-attribute","text":"linux_arm_syscall = SyscallABI(\n [\"r7\", \"r0\", \"r1\", \"r2\", \"r3\", \"r4\", \"r5\", \"r6\"], 4, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_aarch64_syscall","title":"linux_aarch64_syscall module-attribute","text":"linux_aarch64_syscall = SyscallABI(\n [\"x8\", \"x0\", \"x1\", \"x2\", \"x3\", \"x4\", \"x5\"], 16, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips_syscall","title":"linux_mips_syscall module-attribute","text":"linux_mips_syscall = SyscallABI(['$v0', '$a0', '$a1', '$a2', '$a3'], 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips64_syscall","title":"linux_mips64_syscall module-attribute","text":"linux_mips64_syscall = SyscallABI(\n [\"$v0\", \"$a0\", \"$a1\", \"$a2\", \"$a3\", \"$a4\", \"$a5\"], 4, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc_syscall","title":"linux_ppc_syscall module-attribute","text":"linux_ppc_syscall = SyscallABI(\n [\"r0\", \"r3\", \"r4\", \"r5\", \"r6\", \"r7\", \"r8\", \"r9\"], 4, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc64_syscall","title":"linux_ppc64_syscall module-attribute","text":"linux_ppc64_syscall = SyscallABI(\n [\"r0\", \"r3\", \"r4\", \"r5\", \"r6\", \"r7\", \"r8\"], 8, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv32_syscall","title":"linux_riscv32_syscall module-attribute","text":"linux_riscv32_syscall = SyscallABI(\n [\"a7\", \"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\"], 4, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv64_syscall","title":"linux_riscv64_syscall module-attribute","text":"linux_riscv64_syscall = SyscallABI(\n [\"a7\", \"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\"], 8, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_i386_sigreturn","title":"linux_i386_sigreturn module-attribute","text":"linux_i386_sigreturn = SigreturnABI(['eax'], 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64_sigreturn","title":"linux_amd64_sigreturn module-attribute","text":"linux_amd64_sigreturn = SigreturnABI(['rax'], 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm_sigreturn","title":"linux_arm_sigreturn module-attribute","text":"linux_arm_sigreturn = SigreturnABI(['r7'], 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_i386_srop","title":"linux_i386_srop module-attribute","text":"linux_i386_srop = ABI(['eax'], 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64_srop","title":"linux_amd64_srop module-attribute","text":"linux_amd64_srop = ABI(['rax'], 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm_srop","title":"linux_arm_srop module-attribute","text":"linux_arm_srop = ABI(['r7'], 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.DEFAULT_ABIS","title":"DEFAULT_ABIS module-attribute","text":"DEFAULT_ABIS: dict[tuple[int, str, str], ABI] = {\n (32, \"i386\", \"linux\"): linux_i386,\n (64, \"x86-64\", \"linux\"): linux_amd64,\n (64, \"aarch64\", \"linux\"): linux_aarch64,\n (32, \"arm\", \"linux\"): linux_arm,\n (32, \"thumb\", \"linux\"): linux_arm,\n (32, \"mips\", \"linux\"): linux_mips,\n (64, \"mips\", \"linux\"): linux_mips64,\n (32, \"powerpc\", \"linux\"): linux_ppc,\n (64, \"powerpc\", \"linux\"): linux_ppc64,\n (32, \"rv32\", \"linux\"): linux_riscv32,\n (64, \"rv64\", \"linux\"): linux_riscv64,\n}\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SYSCALL_ABIS","title":"SYSCALL_ABIS module-attribute","text":"SYSCALL_ABIS: dict[tuple[int, str, str], SyscallABI] = {\n (32, \"i386\", \"linux\"): linux_i386_syscall,\n (64, \"x86-64\", \"linux\"): linux_amd64_syscall,\n (64, \"aarch64\", \"linux\"): linux_aarch64_syscall,\n (32, \"arm\", \"linux\"): linux_arm_syscall,\n (32, \"thumb\", \"linux\"): linux_arm_syscall,\n (32, \"mips\", \"linux\"): linux_mips_syscall,\n (64, \"mips\", \"linux\"): linux_mips64_syscall,\n (32, \"powerpc\", \"linux\"): linux_ppc_syscall,\n (64, \"powerpc\", \"linux\"): linux_ppc64_syscall,\n (32, \"rv32\", \"linux\"): linux_riscv32_syscall,\n (64, \"rv64\", \"linux\"): linux_riscv64_syscall,\n}\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SIGRETURN_ABIS","title":"SIGRETURN_ABIS module-attribute","text":"SIGRETURN_ABIS: dict[tuple[int, str, str], SigreturnABI] = {\n (32, \"i386\", \"linux\"): linux_i386_sigreturn,\n (64, \"x86-64\", \"linux\"): linux_amd64_sigreturn,\n (32, \"arm\", \"linux\"): linux_arm_sigreturn,\n (32, \"thumb\", \"linux\"): linux_arm_sigreturn,\n}\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI","title":"ABI","text":"ABI(regs: list[str], align: int, minimum: int)\n
Encapsulates information about a calling convention.
Attributes:
-
returns \u2013 -
register_arguments (list[str]) \u2013 -
arg_alignment \u2013 -
stack_minimum \u2013
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.returns","title":"returns class-attribute instance-attribute","text":"returns = True\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.register_arguments","title":"register_arguments class-attribute instance-attribute","text":"register_arguments: list[str] = regs\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.arg_alignment","title":"arg_alignment class-attribute instance-attribute","text":"arg_alignment = align\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.stack_minimum","title":"stack_minimum class-attribute instance-attribute","text":"stack_minimum = minimum\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI","title":"SyscallABI","text":"SyscallABI(register_arguments: list[str], *a: Any, **kw: Any)\n
Bases: ABI
The syscall ABI treats the syscall number as the zeroth argument, which must be loaded into the specified register.
Attributes:
-
syscall_register \u2013 -
register_arguments (list[str]) \u2013 -
arg_alignment \u2013 -
stack_minimum \u2013 -
returns \u2013
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.syscall_register","title":"syscall_register instance-attribute","text":"syscall_register = pop(0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.register_arguments","title":"register_arguments class-attribute instance-attribute","text":"register_arguments: list[str] = regs\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.arg_alignment","title":"arg_alignment class-attribute instance-attribute","text":"arg_alignment = align\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.stack_minimum","title":"stack_minimum class-attribute instance-attribute","text":"stack_minimum = minimum\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.returns","title":"returns class-attribute instance-attribute","text":"returns = True\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI","title":"SigreturnABI","text":"SigreturnABI(register_arguments: list[str], *a: Any, **kw: Any)\n
Bases: SyscallABI
The sigreturn ABI is similar to the syscall ABI, except that both PC and SP are loaded from the stack. Because of this, there is no 'return' slot necessary on the stack.
Attributes:
-
returns \u2013 -
register_arguments (list[str]) \u2013 -
arg_alignment \u2013 -
stack_minimum \u2013 -
syscall_register \u2013
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.returns","title":"returns class-attribute instance-attribute","text":"returns = False\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.register_arguments","title":"register_arguments class-attribute instance-attribute","text":"register_arguments: list[str] = regs\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.arg_alignment","title":"arg_alignment class-attribute instance-attribute","text":"arg_alignment = align\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.stack_minimum","title":"stack_minimum class-attribute instance-attribute","text":"stack_minimum = minimum\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.syscall_register","title":"syscall_register instance-attribute","text":"syscall_register = pop(0)\n
"},{"location":"reference/pwndbg/lib/android/","title":"pwndbg.lib.android","text":""},{"location":"reference/pwndbg/lib/android/#pwndbg.lib.android","title":"android","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/lib/android/#pwndbg.lib.android.KNOWN_AIDS","title":"KNOWN_AIDS module-attribute","text":"KNOWN_AIDS = {\n 0: \"AID_ROOT\",\n 1000: \"AID_SYSTEM\",\n 1001: \"AID_RADIO\",\n 1002: \"AID_BLUETOOTH\",\n 1003: \"AID_GRAPHICS\",\n 1004: \"AID_INPUT\",\n 1005: \"AID_AUDIO\",\n 1006: \"AID_CAMERA\",\n 1007: \"AID_LOG\",\n 1008: \"AID_COMPASS\",\n 1009: \"AID_MOUNT\",\n 1010: \"AID_WIFI\",\n 1011: \"AID_ADB\",\n 1012: \"AID_INSTALL\",\n 1013: \"AID_MEDIA\",\n 1014: \"AID_DHCP\",\n 1015: \"AID_SDCARD_RW\",\n 1016: \"AID_VPN\",\n 1017: \"AID_KEYSTORE\",\n 1018: \"AID_USB\",\n 1019: \"AID_DRM\",\n 1020: \"AID_MDNSR\",\n 1021: \"AID_GPS\",\n 1022: \"AID_UNUSED1\",\n 1023: \"AID_MEDIA_RW\",\n 1024: \"AID_MTP\",\n 1025: \"AID_UNUSED2\",\n 1026: \"AID_DRMRPC\",\n 1027: \"AID_NFC\",\n 1028: \"AID_SDCARD_R\",\n 1029: \"AID_CLAT\",\n 1030: \"AID_LOOP_RADIO\",\n 1031: \"AID_MEDIA_DRM\",\n 1032: \"AID_PACKAGE_INFO\",\n 1033: \"AID_SDCARD_PICS\",\n 1034: \"AID_SDCARD_AV\",\n 1035: \"AID_SDCARD_ALL\",\n 1036: \"AID_LOGD\",\n 1037: \"AID_SHARED_RELRO\",\n 1038: \"AID_DBUS\",\n 1039: \"AID_TLSDATE\",\n 1040: \"AID_MEDIA_EX\",\n 1041: \"AID_AUDIOSERVER\",\n 1042: \"AID_METRICS_COLL\",\n 1043: \"AID_METRICSD\",\n 1044: \"AID_WEBSERV\",\n 1045: \"AID_DEBUGGERD\",\n 1046: \"AID_MEDIA_CODEC\",\n 1047: \"AID_CAMERASERVER\",\n 1048: \"AID_FIREWALL\",\n 1049: \"AID_TRUNKS\",\n 1050: \"AID_NVRAM\",\n 2001: \"AID_CACHE\",\n 2002: \"AID_DIAG\",\n 2900: \"AID_OEM_RESERVED_START\",\n 2999: \"AID_OEM_RESERVED_END\",\n 3001: \"AID_NET_BT_ADMIN\",\n 3002: \"AID_NET_BT\",\n 3003: \"AID_INET\",\n 3004: \"AID_NET_RAW\",\n 3005: \"AID_NET_ADMIN\",\n 3006: \"AID_NET_BW_STATS\",\n 3007: \"AID_NET_BW_ACCT\",\n 3008: \"AID_NET_BT_STACK\",\n 3009: \"AID_READPROC\",\n 3010: \"AID_WAKELOCK\",\n 5000: \"AID_OEM_RESERVED_2_START\",\n 5999: \"AID_OEM_RESERVED_2_END\",\n 9997: \"AID_EVERYBODY\",\n 9998: \"AID_MISC\",\n 9999: \"AID_NOBODY\",\n 10000: \"AID_APP\",\n 50000: \"AID_SHARED_GID_START\",\n 59999: \"AID_SHARED_GID_END\",\n 99000: \"AID_ISOLATED_START\",\n 99999: \"AID_ISOLATED_END\",\n 100000: \"AID_USER\",\n}\n
"},{"location":"reference/pwndbg/lib/android/#pwndbg.lib.android.aid_name","title":"aid_name","text":"aid_name(uid: int) -> str\n
"},{"location":"reference/pwndbg/lib/arch/","title":"pwndbg.lib.arch","text":""},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch","title":"arch","text":"Classes:
-
Platform \u2013 -
ArchAttribute \u2013 -
ArchDefinition \u2013
Attributes:
-
PWNDBG_SUPPORTED_ARCHITECTURES_TYPE \u2013 -
PWNDBG_SUPPORTED_ARCHITECTURES (list[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE]) \u2013 -
PWNLIB_ARCH_MAPPINGS \u2013 -
PWNLIB_PLATFORM_MAPPINGS (dict[Platform, str]) \u2013
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.PWNDBG_SUPPORTED_ARCHITECTURES_TYPE","title":"PWNDBG_SUPPORTED_ARCHITECTURES_TYPE module-attribute","text":"PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = Literal[\n \"x86-64\",\n \"i386\",\n \"i8086\",\n \"mips\",\n \"aarch64\",\n \"arm\",\n \"armcm\",\n \"rv32\",\n \"rv64\",\n \"sparc\",\n \"powerpc\",\n \"loongarch64\",\n \"s390x\",\n]\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.PWNDBG_SUPPORTED_ARCHITECTURES","title":"PWNDBG_SUPPORTED_ARCHITECTURES module-attribute","text":"PWNDBG_SUPPORTED_ARCHITECTURES: list[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE] = (\n list(get_args(PWNDBG_SUPPORTED_ARCHITECTURES_TYPE))\n)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.PWNLIB_ARCH_MAPPINGS","title":"PWNLIB_ARCH_MAPPINGS module-attribute","text":"PWNLIB_ARCH_MAPPINGS = {\n \"x86-64\": \"amd64\",\n \"i386\": \"i386\",\n \"i8086\": \"none\",\n \"mips\": \"mips\",\n \"aarch64\": \"aarch64\",\n \"arm\": \"arm\",\n \"armcm\": \"thumb\",\n \"rv32\": \"riscv32\",\n \"rv64\": \"riscv64\",\n \"powerpc\": \"powerpc\",\n \"sparc\": \"sparc\",\n \"loongarch64\": \"none\",\n \"s390x\": \"s390\",\n}\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.PWNLIB_PLATFORM_MAPPINGS","title":"PWNLIB_PLATFORM_MAPPINGS module-attribute","text":"PWNLIB_PLATFORM_MAPPINGS: dict[Platform, str] = {\n LINUX: \"linux\",\n DARWIN: \"darwin\",\n}\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Platform","title":"Platform","text":" Bases: Enum
Attributes:
-
LINUX \u2013 -
DARWIN \u2013
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Platform.LINUX","title":"LINUX class-attribute instance-attribute","text":"LINUX = (auto(),)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Platform.DARWIN","title":"DARWIN class-attribute instance-attribute","text":"DARWIN = (auto(),)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute","title":"ArchAttribute","text":"ArchAttribute(_, cs_mode)\n
Bases: Enum
Attributes:
-
MIPS_ISA_1 \u2013 -
MIPS_ISA_2 \u2013 -
MIPS_ISA_3 \u2013 -
MIPS_ISA_4 \u2013 -
MIPS_ISA_5 \u2013 -
MIPS_ISA_32 \u2013 -
MIPS_ISA_32R2 \u2013 -
MIPS_ISA_32R3 \u2013 -
MIPS_ISA_32R5 \u2013 -
MIPS_ISA_32R6 \u2013 -
MIPS_ISA_64 \u2013 -
MIPS_ISA_64R2 \u2013 -
MIPS_ISA_64R3 \u2013 -
MIPS_ISA_64R5 \u2013 -
MIPS_ISA_64R6 \u2013 -
MIPS_ISA_MICRO \u2013 -
MIPS_ISA_NANO \u2013 -
cs_mode \u2013
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_1","title":"MIPS_ISA_1 class-attribute instance-attribute","text":"MIPS_ISA_1 = (auto(), CS_MODE_MIPS1)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_2","title":"MIPS_ISA_2 class-attribute instance-attribute","text":"MIPS_ISA_2 = (auto(), CS_MODE_MIPS2)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_3","title":"MIPS_ISA_3 class-attribute instance-attribute","text":"MIPS_ISA_3 = (auto(), CS_MODE_MIPS3)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_4","title":"MIPS_ISA_4 class-attribute instance-attribute","text":"MIPS_ISA_4 = (auto(), CS_MODE_MIPS4)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_5","title":"MIPS_ISA_5 class-attribute instance-attribute","text":"MIPS_ISA_5 = (auto(), CS_MODE_MIPS5)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_32","title":"MIPS_ISA_32 class-attribute instance-attribute","text":"MIPS_ISA_32 = (auto(), CS_MODE_MIPS32)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_32R2","title":"MIPS_ISA_32R2 class-attribute instance-attribute","text":"MIPS_ISA_32R2 = (auto(), CS_MODE_MIPS32R2)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_32R3","title":"MIPS_ISA_32R3 class-attribute instance-attribute","text":"MIPS_ISA_32R3 = (auto(), CS_MODE_MIPS32R3)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_32R5","title":"MIPS_ISA_32R5 class-attribute instance-attribute","text":"MIPS_ISA_32R5 = (auto(), CS_MODE_MIPS32R5)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_32R6","title":"MIPS_ISA_32R6 class-attribute instance-attribute","text":"MIPS_ISA_32R6 = (auto(), CS_MODE_MIPS32R6)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_64","title":"MIPS_ISA_64 class-attribute instance-attribute","text":"MIPS_ISA_64 = (auto(), CS_MODE_MIPS64)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_64R2","title":"MIPS_ISA_64R2 class-attribute instance-attribute","text":"MIPS_ISA_64R2 = (auto(), CS_MODE_MIPS64R2)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_64R3","title":"MIPS_ISA_64R3 class-attribute instance-attribute","text":"MIPS_ISA_64R3 = (auto(), CS_MODE_MIPS64R3)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_64R5","title":"MIPS_ISA_64R5 class-attribute instance-attribute","text":"MIPS_ISA_64R5 = (auto(), CS_MODE_MIPS64R5)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_64R6","title":"MIPS_ISA_64R6 class-attribute instance-attribute","text":"MIPS_ISA_64R6 = (auto(), CS_MODE_MIPS64R6)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_MICRO","title":"MIPS_ISA_MICRO class-attribute instance-attribute","text":"MIPS_ISA_MICRO = (auto(), CS_MODE_MICRO)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_NANO","title":"MIPS_ISA_NANO class-attribute instance-attribute","text":"MIPS_ISA_NANO = (auto(), CS_MODE_NANOMIPS)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.cs_mode","title":"cs_mode instance-attribute","text":"cs_mode = cs_mode\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition","title":"ArchDefinition dataclass","text":"ArchDefinition(\n name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE,\n ptrsize: int,\n endian: Literal[\"little\", \"big\"],\n platform: Platform,\n attributes: list[ArchAttribute] = list(),\n)\n
Attributes:
-
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (Literal['little', 'big']) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition.endian","title":"endian instance-attribute","text":"endian: Literal['little', 'big']\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition.attributes","title":"attributes class-attribute instance-attribute","text":"attributes: list[ArchAttribute] = field(default_factory=list)\n
"},{"location":"reference/pwndbg/lib/cache/","title":"pwndbg.lib.cache","text":""},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache","title":"cache","text":"Caches return values until some event in the inferior happens, e.g. execution stops because of a SIGINT or breakpoint, or a new library/objfile are loaded, etc.
Classes:
Functions:
Attributes:
-
T \u2013 -
P \u2013 -
debug \u2013 -
debug_name \u2013 -
Cache \u2013 -
IS_CACHING \u2013 -
IS_CACHING_DISABLED_FOR (dict[str, bool]) \u2013
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.debug","title":"debug module-attribute","text":"debug = NO_DEBUG\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.debug_name","title":"debug_name module-attribute","text":"debug_name = 'regs'\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.Cache","title":"Cache module-attribute","text":"Cache = Union[Dict[Tuple[Any, ...], Any], DebugCacheDict]\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.IS_CACHING","title":"IS_CACHING module-attribute","text":"IS_CACHING = True\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.IS_CACHING_DISABLED_FOR","title":"IS_CACHING_DISABLED_FOR module-attribute","text":"IS_CACHING_DISABLED_FOR: dict[str, bool] = {\n \"stop\": False,\n \"exit\": False,\n \"objfile\": False,\n \"start\": False,\n \"cont\": False,\n \"thread\": False,\n \"prompt\": False,\n \"forever\": False,\n}\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict","title":"DebugCacheDict","text":"DebugCacheDict(func: Callable[P, T], *args: Any, **kwargs: Any)\n
Bases: UserDict
Methods:
-
__getitem__ \u2013 -
__setitem__ \u2013 -
clear \u2013
Attributes:
-
hits \u2013 -
misses \u2013 -
func \u2013 -
name \u2013
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.hits","title":"hits instance-attribute","text":"hits = 0\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.misses","title":"misses instance-attribute","text":"misses = 0\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.func","title":"func instance-attribute","text":"func = func\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.name","title":"name instance-attribute","text":"name = f'{split('.')[-1]}.{__name__}'\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.__getitem__","title":"__getitem__","text":"__getitem__(key: tuple[Any, ...]) -> Any\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.__setitem__","title":"__setitem__","text":"__setitem__(key: tuple[Any, ...], value: Any) -> None\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.clear","title":"clear","text":"clear() -> None\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.connect_clear_caching_events","title":"connect_clear_caching_events","text":"connect_clear_caching_events(\n event_dicts: dict[str, tuple[Any, ...]], **kwargs: Any\n) -> None\n
Connect given debugger event hooks to correspoonding _CacheUntilEvent instances
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.cache_until","title":"cache_until","text":"cache_until(\n *event_names: str,\n) -> Callable[[Callable[P, T]], Callable[P, T]]\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.clear_caches","title":"clear_caches","text":"clear_caches() -> None\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.clear_cache","title":"clear_cache","text":"clear_cache(cache_name: str) -> None\n
"},{"location":"reference/pwndbg/lib/common/","title":"pwndbg.lib.common","text":""},{"location":"reference/pwndbg/lib/common/#pwndbg.lib.common","title":"common","text":"Functions:
"},{"location":"reference/pwndbg/lib/common/#pwndbg.lib.common.hex2ptr_common","title":"hex2ptr_common","text":"hex2ptr_common(arg: str) -> int\n
Converts a hex string to a little-endian integer address.
"},{"location":"reference/pwndbg/lib/config/","title":"pwndbg.lib.config","text":""},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config","title":"config","text":"Classes:
-
Scope \u2013 -
Parameter \u2013 -
Config \u2013
Attributes:
-
T \u2013 -
PARAM_BOOLEAN \u2013 -
PARAM_AUTO_BOOLEAN \u2013 -
PARAM_INTEGER \u2013 -
PARAM_ZINTEGER \u2013 -
PARAM_UINTEGER \u2013 -
PARAM_ZUINTEGER \u2013 -
PARAM_ZUINTEGER_UNLIMITED \u2013 -
PARAM_STRING \u2013 -
PARAM_ENUM \u2013 -
PARAM_OPTIONAL_FILENAME \u2013 -
PARAM_CLASSES \u2013 -
HELP_DEFAULT_PREFIX \u2013 -
HELP_VALID_VALUES_PREFIX \u2013
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_BOOLEAN","title":"PARAM_BOOLEAN module-attribute","text":"PARAM_BOOLEAN = 0\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_AUTO_BOOLEAN","title":"PARAM_AUTO_BOOLEAN module-attribute","text":"PARAM_AUTO_BOOLEAN = 1\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_INTEGER","title":"PARAM_INTEGER module-attribute","text":"PARAM_INTEGER = 2\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ZINTEGER","title":"PARAM_ZINTEGER module-attribute","text":"PARAM_ZINTEGER = 3\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_UINTEGER","title":"PARAM_UINTEGER module-attribute","text":"PARAM_UINTEGER = 4\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ZUINTEGER","title":"PARAM_ZUINTEGER module-attribute","text":"PARAM_ZUINTEGER = 5\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ZUINTEGER_UNLIMITED","title":"PARAM_ZUINTEGER_UNLIMITED module-attribute","text":"PARAM_ZUINTEGER_UNLIMITED = 6\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_STRING","title":"PARAM_STRING module-attribute","text":"PARAM_STRING = 7\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ENUM","title":"PARAM_ENUM module-attribute","text":"PARAM_ENUM = 8\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_OPTIONAL_FILENAME","title":"PARAM_OPTIONAL_FILENAME module-attribute","text":"PARAM_OPTIONAL_FILENAME = 9\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_CLASSES","title":"PARAM_CLASSES module-attribute","text":"PARAM_CLASSES = {bool: PARAM_BOOLEAN, int: PARAM_ZINTEGER, str: PARAM_STRING}\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.HELP_DEFAULT_PREFIX","title":"HELP_DEFAULT_PREFIX module-attribute","text":"HELP_DEFAULT_PREFIX = 'Default:'\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.HELP_VALID_VALUES_PREFIX","title":"HELP_VALID_VALUES_PREFIX module-attribute","text":"HELP_VALID_VALUES_PREFIX = 'Valid values:'\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Scope","title":"Scope","text":" Bases: Enum
Attributes:
-
config \u2013 -
theme \u2013 -
heap \u2013
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Scope.config","title":"config class-attribute instance-attribute","text":"config = 1\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Scope.theme","title":"theme class-attribute instance-attribute","text":"theme = 2\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Scope.heap","title":"heap class-attribute instance-attribute","text":"heap = 3\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter","title":"Parameter","text":"Parameter(\n name: str,\n default: Any,\n set_show_doc: str,\n *,\n help_docstring: str = \"\",\n param_class: int | None = None,\n enum_sequence: Sequence[str] | None = None,\n scope: Scope = config,\n)\n
Methods:
-
add_update_listener \u2013 -
revert_default \u2013 -
attr_name \u2013 Returns the attribute name associated with this config option,
-
__getattr__ \u2013 -
pretty_val \u2013 Convert a value this object could contain to its pretty string representation.
-
pretty \u2013 -
pretty_default \u2013 -
__int__ \u2013 -
__str__ \u2013 -
__bool__ \u2013 -
__eq__ \u2013 -
__lt__ \u2013 -
__add__ \u2013 -
__radd__ \u2013 -
__sub__ \u2013 -
__rsub__ \u2013 -
__mul__ \u2013 -
__rmul__ \u2013 -
__div__ \u2013 -
__floordiv__ \u2013 -
__pow__ \u2013 -
__mod__ \u2013 -
__len__ \u2013
Attributes:
-
name \u2013 -
default \u2013 -
param_class \u2013 -
set_show_doc \u2013 -
help_docstring \u2013 -
enum_sequence \u2013 -
scope \u2013 -
update_listeners (list[Callable[[Any], None]]) \u2013 -
value (Any) \u2013 -
is_changed (bool) \u2013
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.name","title":"name instance-attribute","text":"name = name\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.default","title":"default instance-attribute","text":"default = default\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.param_class","title":"param_class instance-attribute","text":"param_class = param_class or PARAM_CLASSES[type(default)]\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.set_show_doc","title":"set_show_doc instance-attribute","text":"set_show_doc = set_show_doc\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.help_docstring","title":"help_docstring instance-attribute","text":"help_docstring = help_docstring\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.enum_sequence","title":"enum_sequence instance-attribute","text":"enum_sequence = enum_sequence\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.scope","title":"scope instance-attribute","text":"scope = scope\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.update_listeners","title":"update_listeners instance-attribute","text":"update_listeners: list[Callable[[Any], None]] = []\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.value","title":"value property writable","text":"value: Any\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.is_changed","title":"is_changed property","text":"is_changed: bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.add_update_listener","title":"add_update_listener","text":"add_update_listener(listener: Callable[[Any], None]) -> None\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.revert_default","title":"revert_default","text":"revert_default() -> None\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.attr_name","title":"attr_name","text":"attr_name() -> str\n
Returns the attribute name associated with this config option, i.e. my-config has the attribute name my_config
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.pretty_val","title":"pretty_val","text":"pretty_val(val: Any) -> str\n
Convert a value this object could contain to its pretty string representation.
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.pretty","title":"pretty","text":"pretty() -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.pretty_default","title":"pretty_default","text":"pretty_default() -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__int__","title":"__int__","text":"__int__() -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__bool__","title":"__bool__","text":"__bool__() -> bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__eq__","title":"__eq__","text":"__eq__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__lt__","title":"__lt__","text":"__lt__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__add__","title":"__add__","text":"__add__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__radd__","title":"__radd__","text":"__radd__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__sub__","title":"__sub__","text":"__sub__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__rsub__","title":"__rsub__","text":"__rsub__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__mul__","title":"__mul__","text":"__mul__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__rmul__","title":"__rmul__","text":"__rmul__(other: int) -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__div__","title":"__div__","text":"__div__(other: float) -> float\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__floordiv__","title":"__floordiv__","text":"__floordiv__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__pow__","title":"__pow__","text":"__pow__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__mod__","title":"__mod__","text":"__mod__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__len__","title":"__len__","text":"__len__() -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config","title":"Config","text":"Config()\n
Methods:
-
add_param \u2013 -
add_param_obj \u2013 -
trigger \u2013 -
get_params \u2013 -
__getattr__ \u2013 -
__setattr__ \u2013
Attributes:
-
params (dict[str, Parameter]) \u2013 -
triggers (DefaultDict[str, list[Callable[..., Any]]]) \u2013
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.params","title":"params instance-attribute","text":"params: dict[str, Parameter] = {}\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.triggers","title":"triggers instance-attribute","text":"triggers: DefaultDict[str, list[Callable[..., Any]]] = defaultdict(list)\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.add_param","title":"add_param","text":"add_param(\n name: str,\n default: Any,\n set_show_doc: str,\n *,\n help_docstring: str = \"\",\n param_class: int | None = None,\n enum_sequence: Sequence[str] | None = None,\n scope: Scope = config,\n) -> Parameter\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.add_param_obj","title":"add_param_obj","text":"add_param_obj(p: Parameter) -> Parameter\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.trigger","title":"trigger","text":"trigger(*params: Parameter) -> Callable[[Callable[..., T]], Callable[..., T]]\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.get_params","title":"get_params","text":"get_params(scope: Scope) -> list[Parameter]\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.__getattr__","title":"__getattr__","text":"__getattr__(name: str) -> Parameter\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.__setattr__","title":"__setattr__","text":"__setattr__(attr, val)\n
"},{"location":"reference/pwndbg/lib/disasm/","title":"pwndbg.lib.disasm","text":""},{"location":"reference/pwndbg/lib/disasm/#pwndbg.lib.disasm","title":"disasm","text":"Modules:
"},{"location":"reference/pwndbg/lib/disasm/helpers/","title":"pwndbg.lib.disasm.helpers","text":""},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers","title":"helpers","text":"Functions:
-
to_signed \u2013 Returns the signed number associated with the two's-complement binary representation of unsigned
-
logical_shift_left \u2013 -
logical_shift_right \u2013 n is truncated to the width of bit_width before the operation takes place.
-
rotate_right \u2013 n is truncated to the width of bit_width before the operation takes place.
-
arithmetic_shift_right \u2013 This returns the value represented by the two's-complement binary representation of the final result.
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.to_signed","title":"to_signed","text":"to_signed(unsigned: int, bit_width: int)\n
Returns the signed number associated with the two's-complement binary representation of unsigned
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.logical_shift_left","title":"logical_shift_left","text":"logical_shift_left(n: int, shift_amt: int, bit_width: int)\n
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.logical_shift_right","title":"logical_shift_right","text":"logical_shift_right(n: int, shift_amt: int, bit_width: int)\n
n is truncated to the width of bit_width before the operation takes place.
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.rotate_right","title":"rotate_right","text":"rotate_right(n: int, shift_amt: int, bit_width: int)\n
n is truncated to the width of bit_width before the operation takes place.
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.arithmetic_shift_right","title":"arithmetic_shift_right","text":"arithmetic_shift_right(n: int, shift_amt: int, bit_width: int)\n
This returns the value represented by the two's-complement binary representation of the final result. This means the result could be negative (if the top bit of the input is negative)
n is truncated to the width of bit_width before the operation takes place.
"},{"location":"reference/pwndbg/lib/elftypes/","title":"pwndbg.lib.elftypes","text":""},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes","title":"elftypes","text":"Classes:
-
constants \u2013 -
Elf32_Ehdr \u2013 -
Elf64_Ehdr \u2013 -
Elf32_Phdr \u2013 -
Elf64_Phdr \u2013 -
AUXV \u2013
Attributes:
-
Elf32_Addr \u2013 -
Elf32_Half \u2013 -
Elf32_Off \u2013 -
Elf32_Sword \u2013 -
Elf32_Word \u2013 -
Elf64_Addr \u2013 -
Elf64_Half \u2013 -
Elf64_SHalf \u2013 -
Elf64_Off \u2013 -
Elf64_Sword \u2013 -
Elf64_Word \u2013 -
Elf64_Xword \u2013 -
Elf64_Sxword \u2013 -
AT_CONSTANTS (dict[int, str]) \u2013 -
AT_CONSTANT_NAMES \u2013
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Addr","title":"Elf32_Addr module-attribute","text":"Elf32_Addr = c_uint32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Half","title":"Elf32_Half module-attribute","text":"Elf32_Half = c_uint16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Off","title":"Elf32_Off module-attribute","text":"Elf32_Off = c_uint32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Sword","title":"Elf32_Sword module-attribute","text":"Elf32_Sword = c_int32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Word","title":"Elf32_Word module-attribute","text":"Elf32_Word = c_uint32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Addr","title":"Elf64_Addr module-attribute","text":"Elf64_Addr = c_uint64\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Half","title":"Elf64_Half module-attribute","text":"Elf64_Half = c_uint16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_SHalf","title":"Elf64_SHalf module-attribute","text":"Elf64_SHalf = c_int16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Off","title":"Elf64_Off module-attribute","text":"Elf64_Off = c_uint64\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Sword","title":"Elf64_Sword module-attribute","text":"Elf64_Sword = c_int32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Word","title":"Elf64_Word module-attribute","text":"Elf64_Word = c_uint32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Xword","title":"Elf64_Xword module-attribute","text":"Elf64_Xword = c_uint64\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Sxword","title":"Elf64_Sxword module-attribute","text":"Elf64_Sxword = c_int64\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AT_CONSTANTS","title":"AT_CONSTANTS module-attribute","text":"AT_CONSTANTS: dict[int, str] = {\n 0: \"AT_NULL\",\n 1: \"AT_IGNORE\",\n 2: \"AT_EXECFD\",\n 3: \"AT_PHDR\",\n 4: \"AT_PHENT\",\n 5: \"AT_PHNUM\",\n 6: \"AT_PAGESZ\",\n 7: \"AT_BASE\",\n 8: \"AT_FLAGS\",\n 9: \"AT_ENTRY\",\n 10: \"AT_NOTELF\",\n 11: \"AT_UID\",\n 12: \"AT_EUID\",\n 13: \"AT_GID\",\n 14: \"AT_EGID\",\n 15: \"AT_PLATFORM\",\n 16: \"AT_HWCAP\",\n 17: \"AT_CLKTCK\",\n 18: \"AT_FPUCW\",\n 19: \"AT_DCACHEBSIZE\",\n 20: \"AT_ICACHEBSIZE\",\n 21: \"AT_UCACHEBSIZE\",\n 22: \"AT_IGNOREPPC\",\n 23: \"AT_SECURE\",\n 24: \"AT_BASE_PLATFORM\",\n 25: \"AT_RANDOM\",\n 26: \"AT_HWCAP2\",\n 27: \"AT_RSEQ_FEATURE_SIZE\",\n 28: \"AT_RSEQ_ALIGN\",\n 29: \"AT_HWCAP3\",\n 30: \"AT_HWCAP4\",\n 31: \"AT_EXECFN\",\n 32: \"AT_SYSINFO\",\n 33: \"AT_SYSINFO_EHDR\",\n 34: \"AT_L1I_CACHESHAPE\",\n 35: \"AT_L1D_CACHESHAPE\",\n 36: \"AT_L2_CACHESHAPE\",\n 37: \"AT_L3_CACHESHAPE\",\n 40: \"AT_L1I_CACHESIZE\",\n 41: \"AT_L1I_CACHEGEOMETRY\",\n 42: \"AT_L1D_CACHESIZE\",\n 43: \"AT_L1D_CACHEGEOMETRY\",\n 44: \"AT_L2_CACHESIZE\",\n 45: \"AT_L2_CACHEGEOMETRY\",\n 46: \"AT_L3_CACHESIZE\",\n 47: \"AT_L3_CACHEGEOMETRY\",\n 51: \"AT_MINSIGSTKSZ\",\n}\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AT_CONSTANT_NAMES","title":"AT_CONSTANT_NAMES module-attribute","text":"AT_CONSTANT_NAMES = {v: _ffor (k, v) in items()}\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants","title":"constants","text":"Attributes:
-
EI_MAG0 \u2013 -
EI_MAG1 \u2013 -
EI_MAG2 \u2013 -
EI_MAG3 \u2013 -
EI_CLASS \u2013 -
EI_DATA \u2013 -
EI_VERSION \u2013 -
EI_OSABI \u2013 -
EI_ABIVERSION \u2013 -
EI_PAD \u2013 -
EI_NIDENT \u2013 -
ELFMAG0 \u2013 -
ELFMAG1 \u2013 -
ELFMAG2 \u2013 -
ELFMAG3 \u2013 -
ELFCLASSNONE \u2013 -
ELFCLASS32 \u2013 -
ELFCLASS64 \u2013 -
ELFDATANONE \u2013 -
ELFDATA2LSB \u2013 -
ELFDATA2MSB \u2013 -
PT_NULL \u2013 -
PT_LOAD \u2013 -
PT_DYNAMIC \u2013 -
PT_INTERP \u2013 -
PT_NOTE \u2013 -
PT_SHLIB \u2013 -
PT_PHDR \u2013 -
PT_TLS \u2013 -
ET_NONE \u2013 -
ET_REL \u2013 -
ET_EXEC \u2013 -
ET_DYN \u2013 -
ET_CORE \u2013 -
DT_NULL \u2013 -
DT_NEEDED \u2013 -
DT_PLTRELSZ \u2013 -
DT_PLTGOT \u2013 -
DT_HASH \u2013 -
DT_STRTAB \u2013 -
DT_SYMTAB \u2013 -
DT_RELA \u2013 -
DT_RELASZ \u2013 -
DT_RELAENT \u2013 -
DT_STRSZ \u2013 -
DT_SYMENT \u2013 -
DT_INIT \u2013 -
DT_FINI \u2013 -
DT_SONAME \u2013 -
DT_RPATH \u2013 -
DT_SYMBOLIC \u2013 -
DT_REL \u2013 -
DT_RELSZ \u2013 -
DT_RELENT \u2013 -
DT_PLTREL \u2013 -
DT_DEBUG \u2013 -
DT_TEXTREL \u2013 -
DT_JMPREL \u2013 -
DT_ENCODING \u2013 -
SHT_NULL \u2013 -
SHT_PROGBITS \u2013 -
SHT_SYMTAB \u2013 -
SHT_STRTAB \u2013 -
SHT_RELA \u2013 -
SHT_HASH \u2013 -
SHT_DYNAMIC \u2013 -
SHT_NOTE \u2013 -
SHT_NOBITS \u2013 -
SHT_REL \u2013 -
SHT_SHLIB \u2013 -
SHT_DYNSYM \u2013 -
SHT_NUM \u2013 -
STT_NOTYPE \u2013 -
STT_OBJECT \u2013 -
STT_FUNC \u2013 -
STT_SECTION \u2013 -
STT_FILE \u2013 -
STT_COMMON \u2013 -
STT_TLS \u2013 -
NT_PRSTATUS \u2013 -
NT_PRFPREG \u2013 -
NT_PRPSINFO \u2013 -
NT_TASKSTRUCT \u2013 -
NT_AUXV \u2013 -
NT_SIGINFO \u2013 -
NT_FILE \u2013 -
NT_PRXFPREG \u2013 -
NT_PPC_VMX \u2013 -
NT_PPC_SPE \u2013 -
NT_PPC_VSX \u2013 -
NT_386_TLS \u2013 -
NT_386_IOPERM \u2013 -
NT_X86_XSTATE \u2013 -
NT_S390_HIGH_GPRS \u2013 -
NT_S390_TIMER \u2013 -
NT_S390_TODCMP \u2013 -
NT_S390_TODPREG \u2013 -
NT_S390_CTRS \u2013 -
NT_S390_PREFIX \u2013 -
NT_S390_LAST_BREAK \u2013 -
NT_S390_SYSTEM_CALL \u2013 -
NT_S390_TDB \u2013 -
NT_ARM_VFP \u2013 -
NT_ARM_TLS \u2013 -
NT_ARM_HW_BREAK \u2013 -
NT_ARM_HW_WATCH \u2013 -
NT_METAG_CBUF \u2013 -
NT_METAG_RPIPE \u2013 -
NT_METAG_TLS \u2013 -
AT_NULL \u2013 -
AT_IGNORE \u2013 -
AT_EXECFD \u2013 -
AT_PHDR \u2013 -
AT_PHENT \u2013 -
AT_PHNUM \u2013 -
AT_PAGESZ \u2013 -
AT_BASE \u2013 -
AT_FLAGS \u2013 -
AT_ENTRY \u2013 -
AT_NOTELF \u2013 -
AT_UID \u2013 -
AT_EUID \u2013 -
AT_GID \u2013 -
AT_EGID \u2013 -
AT_PLATFORM \u2013 -
AT_HWCAP \u2013 -
AT_CLKTCK \u2013 -
AT_FPUCW \u2013 -
AT_DCACHEBSIZE \u2013 -
AT_ICACHEBSIZE \u2013 -
AT_UCACHEBSIZE \u2013 -
AT_IGNOREPPC \u2013 -
AT_SECURE \u2013 -
AT_BASE_PLATFORM \u2013 -
AT_RANDOM \u2013 -
AT_EXECFN \u2013 -
AT_SYSINFO \u2013 -
AT_SYSINFO_EHDR \u2013 -
AT_L1I_CACHESHAPE \u2013 -
AT_L1D_CACHESHAPE \u2013 -
AT_L2_CACHESHAPE \u2013 -
AT_L3_CACHESHAPE \u2013
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_MAG0","title":"EI_MAG0 class-attribute instance-attribute","text":"EI_MAG0 = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_MAG1","title":"EI_MAG1 class-attribute instance-attribute","text":"EI_MAG1 = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_MAG2","title":"EI_MAG2 class-attribute instance-attribute","text":"EI_MAG2 = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_MAG3","title":"EI_MAG3 class-attribute instance-attribute","text":"EI_MAG3 = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_CLASS","title":"EI_CLASS class-attribute instance-attribute","text":"EI_CLASS = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_DATA","title":"EI_DATA class-attribute instance-attribute","text":"EI_DATA = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_VERSION","title":"EI_VERSION class-attribute instance-attribute","text":"EI_VERSION = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_OSABI","title":"EI_OSABI class-attribute instance-attribute","text":"EI_OSABI = 7\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_ABIVERSION","title":"EI_ABIVERSION class-attribute instance-attribute","text":"EI_ABIVERSION = 8\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_PAD","title":"EI_PAD class-attribute instance-attribute","text":"EI_PAD = 9\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_NIDENT","title":"EI_NIDENT class-attribute instance-attribute","text":"EI_NIDENT = 16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG0","title":"ELFMAG0 class-attribute instance-attribute","text":"ELFMAG0 = 127\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG1","title":"ELFMAG1 class-attribute instance-attribute","text":"ELFMAG1 = ord('E')\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG2","title":"ELFMAG2 class-attribute instance-attribute","text":"ELFMAG2 = ord('L')\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG3","title":"ELFMAG3 class-attribute instance-attribute","text":"ELFMAG3 = ord('F')\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFCLASSNONE","title":"ELFCLASSNONE class-attribute instance-attribute","text":"ELFCLASSNONE = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFCLASS32","title":"ELFCLASS32 class-attribute instance-attribute","text":"ELFCLASS32 = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFCLASS64","title":"ELFCLASS64 class-attribute instance-attribute","text":"ELFCLASS64 = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFDATANONE","title":"ELFDATANONE class-attribute instance-attribute","text":"ELFDATANONE = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFDATA2LSB","title":"ELFDATA2LSB class-attribute instance-attribute","text":"ELFDATA2LSB = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFDATA2MSB","title":"ELFDATA2MSB class-attribute instance-attribute","text":"ELFDATA2MSB = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_NULL","title":"PT_NULL class-attribute instance-attribute","text":"PT_NULL = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_LOAD","title":"PT_LOAD class-attribute instance-attribute","text":"PT_LOAD = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_DYNAMIC","title":"PT_DYNAMIC class-attribute instance-attribute","text":"PT_DYNAMIC = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_INTERP","title":"PT_INTERP class-attribute instance-attribute","text":"PT_INTERP = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_NOTE","title":"PT_NOTE class-attribute instance-attribute","text":"PT_NOTE = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_SHLIB","title":"PT_SHLIB class-attribute instance-attribute","text":"PT_SHLIB = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_PHDR","title":"PT_PHDR class-attribute instance-attribute","text":"PT_PHDR = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_TLS","title":"PT_TLS class-attribute instance-attribute","text":"PT_TLS = 7\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_NONE","title":"ET_NONE class-attribute instance-attribute","text":"ET_NONE = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_REL","title":"ET_REL class-attribute instance-attribute","text":"ET_REL = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_EXEC","title":"ET_EXEC class-attribute instance-attribute","text":"ET_EXEC = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_DYN","title":"ET_DYN class-attribute instance-attribute","text":"ET_DYN = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_CORE","title":"ET_CORE class-attribute instance-attribute","text":"ET_CORE = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_NULL","title":"DT_NULL class-attribute instance-attribute","text":"DT_NULL = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_NEEDED","title":"DT_NEEDED class-attribute instance-attribute","text":"DT_NEEDED = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_PLTRELSZ","title":"DT_PLTRELSZ class-attribute instance-attribute","text":"DT_PLTRELSZ = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_PLTGOT","title":"DT_PLTGOT class-attribute instance-attribute","text":"DT_PLTGOT = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_HASH","title":"DT_HASH class-attribute instance-attribute","text":"DT_HASH = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_STRTAB","title":"DT_STRTAB class-attribute instance-attribute","text":"DT_STRTAB = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SYMTAB","title":"DT_SYMTAB class-attribute instance-attribute","text":"DT_SYMTAB = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELA","title":"DT_RELA class-attribute instance-attribute","text":"DT_RELA = 7\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELASZ","title":"DT_RELASZ class-attribute instance-attribute","text":"DT_RELASZ = 8\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELAENT","title":"DT_RELAENT class-attribute instance-attribute","text":"DT_RELAENT = 9\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_STRSZ","title":"DT_STRSZ class-attribute instance-attribute","text":"DT_STRSZ = 10\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SYMENT","title":"DT_SYMENT class-attribute instance-attribute","text":"DT_SYMENT = 11\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_INIT","title":"DT_INIT class-attribute instance-attribute","text":"DT_INIT = 12\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_FINI","title":"DT_FINI class-attribute instance-attribute","text":"DT_FINI = 13\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SONAME","title":"DT_SONAME class-attribute instance-attribute","text":"DT_SONAME = 14\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RPATH","title":"DT_RPATH class-attribute instance-attribute","text":"DT_RPATH = 15\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SYMBOLIC","title":"DT_SYMBOLIC class-attribute instance-attribute","text":"DT_SYMBOLIC = 16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_REL","title":"DT_REL class-attribute instance-attribute","text":"DT_REL = 17\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELSZ","title":"DT_RELSZ class-attribute instance-attribute","text":"DT_RELSZ = 18\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELENT","title":"DT_RELENT class-attribute instance-attribute","text":"DT_RELENT = 19\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_PLTREL","title":"DT_PLTREL class-attribute instance-attribute","text":"DT_PLTREL = 20\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_DEBUG","title":"DT_DEBUG class-attribute instance-attribute","text":"DT_DEBUG = 21\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_TEXTREL","title":"DT_TEXTREL class-attribute instance-attribute","text":"DT_TEXTREL = 22\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_JMPREL","title":"DT_JMPREL class-attribute instance-attribute","text":"DT_JMPREL = 23\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_ENCODING","title":"DT_ENCODING class-attribute instance-attribute","text":"DT_ENCODING = 32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NULL","title":"SHT_NULL class-attribute instance-attribute","text":"SHT_NULL = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_PROGBITS","title":"SHT_PROGBITS class-attribute instance-attribute","text":"SHT_PROGBITS = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_SYMTAB","title":"SHT_SYMTAB class-attribute instance-attribute","text":"SHT_SYMTAB = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_STRTAB","title":"SHT_STRTAB class-attribute instance-attribute","text":"SHT_STRTAB = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_RELA","title":"SHT_RELA class-attribute instance-attribute","text":"SHT_RELA = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_HASH","title":"SHT_HASH class-attribute instance-attribute","text":"SHT_HASH = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_DYNAMIC","title":"SHT_DYNAMIC class-attribute instance-attribute","text":"SHT_DYNAMIC = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NOTE","title":"SHT_NOTE class-attribute instance-attribute","text":"SHT_NOTE = 7\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NOBITS","title":"SHT_NOBITS class-attribute instance-attribute","text":"SHT_NOBITS = 8\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_REL","title":"SHT_REL class-attribute instance-attribute","text":"SHT_REL = 9\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_SHLIB","title":"SHT_SHLIB class-attribute instance-attribute","text":"SHT_SHLIB = 10\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_DYNSYM","title":"SHT_DYNSYM class-attribute instance-attribute","text":"SHT_DYNSYM = 11\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NUM","title":"SHT_NUM class-attribute instance-attribute","text":"SHT_NUM = 12\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_NOTYPE","title":"STT_NOTYPE class-attribute instance-attribute","text":"STT_NOTYPE = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_OBJECT","title":"STT_OBJECT class-attribute instance-attribute","text":"STT_OBJECT = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_FUNC","title":"STT_FUNC class-attribute instance-attribute","text":"STT_FUNC = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_SECTION","title":"STT_SECTION class-attribute instance-attribute","text":"STT_SECTION = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_FILE","title":"STT_FILE class-attribute instance-attribute","text":"STT_FILE = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_COMMON","title":"STT_COMMON class-attribute instance-attribute","text":"STT_COMMON = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_TLS","title":"STT_TLS class-attribute instance-attribute","text":"STT_TLS = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRSTATUS","title":"NT_PRSTATUS class-attribute instance-attribute","text":"NT_PRSTATUS = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRFPREG","title":"NT_PRFPREG class-attribute instance-attribute","text":"NT_PRFPREG = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRPSINFO","title":"NT_PRPSINFO class-attribute instance-attribute","text":"NT_PRPSINFO = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_TASKSTRUCT","title":"NT_TASKSTRUCT class-attribute instance-attribute","text":"NT_TASKSTRUCT = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_AUXV","title":"NT_AUXV class-attribute instance-attribute","text":"NT_AUXV = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_SIGINFO","title":"NT_SIGINFO class-attribute instance-attribute","text":"NT_SIGINFO = 1397311305\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_FILE","title":"NT_FILE class-attribute instance-attribute","text":"NT_FILE = 1179208773\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRXFPREG","title":"NT_PRXFPREG class-attribute instance-attribute","text":"NT_PRXFPREG = 1189489535\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PPC_VMX","title":"NT_PPC_VMX class-attribute instance-attribute","text":"NT_PPC_VMX = 256\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PPC_SPE","title":"NT_PPC_SPE class-attribute instance-attribute","text":"NT_PPC_SPE = 257\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PPC_VSX","title":"NT_PPC_VSX class-attribute instance-attribute","text":"NT_PPC_VSX = 258\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_386_TLS","title":"NT_386_TLS class-attribute instance-attribute","text":"NT_386_TLS = 512\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_386_IOPERM","title":"NT_386_IOPERM class-attribute instance-attribute","text":"NT_386_IOPERM = 513\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_X86_XSTATE","title":"NT_X86_XSTATE class-attribute instance-attribute","text":"NT_X86_XSTATE = 514\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_HIGH_GPRS","title":"NT_S390_HIGH_GPRS class-attribute instance-attribute","text":"NT_S390_HIGH_GPRS = 768\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TIMER","title":"NT_S390_TIMER class-attribute instance-attribute","text":"NT_S390_TIMER = 769\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TODCMP","title":"NT_S390_TODCMP class-attribute instance-attribute","text":"NT_S390_TODCMP = 770\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TODPREG","title":"NT_S390_TODPREG class-attribute instance-attribute","text":"NT_S390_TODPREG = 771\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_CTRS","title":"NT_S390_CTRS class-attribute instance-attribute","text":"NT_S390_CTRS = 772\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_PREFIX","title":"NT_S390_PREFIX class-attribute instance-attribute","text":"NT_S390_PREFIX = 773\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_LAST_BREAK","title":"NT_S390_LAST_BREAK class-attribute instance-attribute","text":"NT_S390_LAST_BREAK = 774\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_SYSTEM_CALL","title":"NT_S390_SYSTEM_CALL class-attribute instance-attribute","text":"NT_S390_SYSTEM_CALL = 775\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TDB","title":"NT_S390_TDB class-attribute instance-attribute","text":"NT_S390_TDB = 776\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_VFP","title":"NT_ARM_VFP class-attribute instance-attribute","text":"NT_ARM_VFP = 1024\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_TLS","title":"NT_ARM_TLS class-attribute instance-attribute","text":"NT_ARM_TLS = 1025\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_HW_BREAK","title":"NT_ARM_HW_BREAK class-attribute instance-attribute","text":"NT_ARM_HW_BREAK = 1026\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_HW_WATCH","title":"NT_ARM_HW_WATCH class-attribute instance-attribute","text":"NT_ARM_HW_WATCH = 1027\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_METAG_CBUF","title":"NT_METAG_CBUF class-attribute instance-attribute","text":"NT_METAG_CBUF = 1280\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_METAG_RPIPE","title":"NT_METAG_RPIPE class-attribute instance-attribute","text":"NT_METAG_RPIPE = 1281\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_METAG_TLS","title":"NT_METAG_TLS class-attribute instance-attribute","text":"NT_METAG_TLS = 1282\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_NULL","title":"AT_NULL class-attribute instance-attribute","text":"AT_NULL = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_IGNORE","title":"AT_IGNORE class-attribute instance-attribute","text":"AT_IGNORE = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EXECFD","title":"AT_EXECFD class-attribute instance-attribute","text":"AT_EXECFD = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PHDR","title":"AT_PHDR class-attribute instance-attribute","text":"AT_PHDR = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PHENT","title":"AT_PHENT class-attribute instance-attribute","text":"AT_PHENT = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PHNUM","title":"AT_PHNUM class-attribute instance-attribute","text":"AT_PHNUM = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PAGESZ","title":"AT_PAGESZ class-attribute instance-attribute","text":"AT_PAGESZ = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_BASE","title":"AT_BASE class-attribute instance-attribute","text":"AT_BASE = 7\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_FLAGS","title":"AT_FLAGS class-attribute instance-attribute","text":"AT_FLAGS = 8\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_ENTRY","title":"AT_ENTRY class-attribute instance-attribute","text":"AT_ENTRY = 9\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_NOTELF","title":"AT_NOTELF class-attribute instance-attribute","text":"AT_NOTELF = 10\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_UID","title":"AT_UID class-attribute instance-attribute","text":"AT_UID = 11\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EUID","title":"AT_EUID class-attribute instance-attribute","text":"AT_EUID = 12\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_GID","title":"AT_GID class-attribute instance-attribute","text":"AT_GID = 13\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EGID","title":"AT_EGID class-attribute instance-attribute","text":"AT_EGID = 14\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PLATFORM","title":"AT_PLATFORM class-attribute instance-attribute","text":"AT_PLATFORM = 15\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_HWCAP","title":"AT_HWCAP class-attribute instance-attribute","text":"AT_HWCAP = 16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_CLKTCK","title":"AT_CLKTCK class-attribute instance-attribute","text":"AT_CLKTCK = 17\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_FPUCW","title":"AT_FPUCW class-attribute instance-attribute","text":"AT_FPUCW = 18\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_DCACHEBSIZE","title":"AT_DCACHEBSIZE class-attribute instance-attribute","text":"AT_DCACHEBSIZE = 19\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_ICACHEBSIZE","title":"AT_ICACHEBSIZE class-attribute instance-attribute","text":"AT_ICACHEBSIZE = 20\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_UCACHEBSIZE","title":"AT_UCACHEBSIZE class-attribute instance-attribute","text":"AT_UCACHEBSIZE = 21\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_IGNOREPPC","title":"AT_IGNOREPPC class-attribute instance-attribute","text":"AT_IGNOREPPC = 22\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_SECURE","title":"AT_SECURE class-attribute instance-attribute","text":"AT_SECURE = 23\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_BASE_PLATFORM","title":"AT_BASE_PLATFORM class-attribute instance-attribute","text":"AT_BASE_PLATFORM = 24\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_RANDOM","title":"AT_RANDOM class-attribute instance-attribute","text":"AT_RANDOM = 25\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EXECFN","title":"AT_EXECFN class-attribute instance-attribute","text":"AT_EXECFN = 31\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_SYSINFO","title":"AT_SYSINFO class-attribute instance-attribute","text":"AT_SYSINFO = 32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_SYSINFO_EHDR","title":"AT_SYSINFO_EHDR class-attribute instance-attribute","text":"AT_SYSINFO_EHDR = 33\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L1I_CACHESHAPE","title":"AT_L1I_CACHESHAPE class-attribute instance-attribute","text":"AT_L1I_CACHESHAPE = 34\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L1D_CACHESHAPE","title":"AT_L1D_CACHESHAPE class-attribute instance-attribute","text":"AT_L1D_CACHESHAPE = 35\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L2_CACHESHAPE","title":"AT_L2_CACHESHAPE class-attribute instance-attribute","text":"AT_L2_CACHESHAPE = 36\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L3_CACHESHAPE","title":"AT_L3_CACHESHAPE class-attribute instance-attribute","text":"AT_L3_CACHESHAPE = 37\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Ehdr","title":"Elf32_Ehdr","text":" Bases: Structure
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Ehdr","title":"Elf64_Ehdr","text":" Bases: Structure
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Phdr","title":"Elf32_Phdr","text":" Bases: Structure
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Phdr","title":"Elf64_Phdr","text":" Bases: Structure
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV","title":"AUXV","text":" Bases: dict[str, int | str]
Methods:
-
set \u2013 -
__getattr__ \u2013 -
__str__ \u2013
Attributes:
-
AT_PHDR (int | None) \u2013 -
AT_BASE (int | None) \u2013 -
AT_PLATFORM (str | None) \u2013 -
AT_BASE_PLATFORM (str | None) \u2013 -
AT_ENTRY (int | None) \u2013 -
AT_RANDOM (int | None) \u2013 -
AT_EXECFN (str | None) \u2013 -
AT_SYSINFO (int | None) \u2013 -
AT_SYSINFO_EHDR (int | None) \u2013
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_PHDR","title":"AT_PHDR instance-attribute","text":"AT_PHDR: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_BASE","title":"AT_BASE instance-attribute","text":"AT_BASE: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_PLATFORM","title":"AT_PLATFORM instance-attribute","text":"AT_PLATFORM: str | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_BASE_PLATFORM","title":"AT_BASE_PLATFORM instance-attribute","text":"AT_BASE_PLATFORM: str | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_ENTRY","title":"AT_ENTRY instance-attribute","text":"AT_ENTRY: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_RANDOM","title":"AT_RANDOM instance-attribute","text":"AT_RANDOM: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_EXECFN","title":"AT_EXECFN instance-attribute","text":"AT_EXECFN: str | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_SYSINFO","title":"AT_SYSINFO instance-attribute","text":"AT_SYSINFO: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_SYSINFO_EHDR","title":"AT_SYSINFO_EHDR instance-attribute","text":"AT_SYSINFO_EHDR: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.set","title":"set","text":"set(const: int, value: int) -> None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.__getattr__","title":"__getattr__","text":"__getattr__(attr: str) -> int | str | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/lib/exception/","title":"pwndbg.lib.exception","text":""},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception","title":"exception","text":"Classes:
-
IndentContextManager \u2013
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager","title":"IndentContextManager","text":"IndentContextManager()\n
Methods:
-
__enter__ \u2013 -
__exit__ \u2013 -
print \u2013 -
addr_hex \u2013 -
aux_hex \u2013 -
prefix \u2013
Attributes:
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.indent","title":"indent instance-attribute","text":"indent = 0\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.__enter__","title":"__enter__","text":"__enter__() -> None\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.__exit__","title":"__exit__","text":"__exit__(\n exc_type: type[BaseException] | None,\n exc_value: BaseException | None,\n exc_tb: TracebackType | None,\n) -> None\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.print","title":"print","text":"print(*a, **kw) -> None\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.addr_hex","title":"addr_hex","text":"addr_hex(val: int) -> str\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.aux_hex","title":"aux_hex","text":"aux_hex(val: int) -> str\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.prefix","title":"prefix","text":"prefix(s: str)\n
"},{"location":"reference/pwndbg/lib/funcparser/","title":"pwndbg.lib.funcparser","text":""},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser","title":"funcparser","text":"Functions:
-
extractTypeAndName \u2013 -
Stringify \u2013 -
ExtractFuncDecl \u2013 -
ExtractAllFuncDecls \u2013 -
ExtractFuncDeclFromSource \u2013
Attributes:
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.CAstNode","title":"CAstNode module-attribute","text":"CAstNode = Union[\n EllipsisParam, PtrDecl, ArrayDecl, FuncDecl, Struct, Union, Enum\n]\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.extractTypeAndName","title":"extractTypeAndName","text":"extractTypeAndName(\n n: CAstNode, defaultName: str | None = None\n) -> tuple[str, int, str] | None\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.Stringify","title":"Stringify","text":"Stringify(X: Function | Argument) -> str\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.ExtractFuncDecl","title":"ExtractFuncDecl","text":"ExtractFuncDecl(node: CAstNode, verbose: bool = False) -> Function | None\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.ExtractAllFuncDecls","title":"ExtractAllFuncDecls","text":"ExtractAllFuncDecls(ast: CAstNode, verbose: bool = False)\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.ExtractFuncDeclFromSource","title":"ExtractFuncDeclFromSource","text":"ExtractFuncDeclFromSource(source: str) -> Function | None\n
"},{"location":"reference/pwndbg/lib/functions/","title":"pwndbg.lib.functions","text":""},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions","title":"functions","text":"Classes:
-
Function \u2013 -
Argument \u2013 -
Flag \u2013 -
LazyFunctions \u2013
Functions:
-
format_flags_argument \u2013
Attributes:
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.functions","title":"functions module-attribute","text":"functions = LazyFunctions()\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function","title":"Function","text":" Bases: NamedTuple
Attributes:
-
type (str) \u2013 -
derefcnt (int) \u2013 -
name (str) \u2013 -
args (list[Argument]) \u2013
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function.type","title":"type instance-attribute","text":"type: str\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function.derefcnt","title":"derefcnt instance-attribute","text":"derefcnt: int\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function.args","title":"args instance-attribute","text":"args: list[Argument]\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument","title":"Argument","text":" Bases: NamedTuple
Attributes:
-
type (str) \u2013 -
derefcnt (int) \u2013 -
name (str) \u2013 -
flags (tuple[Flag, ...] | None) \u2013
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument.type","title":"type instance-attribute","text":"type: str\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument.derefcnt","title":"derefcnt instance-attribute","text":"derefcnt: int\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument.flags","title":"flags class-attribute instance-attribute","text":"flags: tuple[Flag, ...] | None = None\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Flag","title":"Flag","text":" Bases: NamedTuple
Attributes:
-
value (int) \u2013 -
name (str) \u2013
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Flag.value","title":"value instance-attribute","text":"value: int\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Flag.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.LazyFunctions","title":"LazyFunctions","text":"LazyFunctions(*args, **kw)\n
Bases: Mapping[str, Function]
Methods:
-
__getitem__ \u2013 -
__iter__ \u2013 -
__len__ \u2013
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.LazyFunctions.__getitem__","title":"__getitem__","text":"__getitem__(key)\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.LazyFunctions.__iter__","title":"__iter__","text":"__iter__()\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.LazyFunctions.__len__","title":"__len__","text":"__len__()\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.format_flags_argument","title":"format_flags_argument","text":"format_flags_argument(flags: tuple[Flag, ...], value: int)\n
"},{"location":"reference/pwndbg/lib/functions_data/","title":"pwndbg.lib.functions_data","text":""},{"location":"reference/pwndbg/lib/functions_data/#pwndbg.lib.functions_data","title":"functions_data","text":"Functions:
"},{"location":"reference/pwndbg/lib/functions_data/#pwndbg.lib.functions_data.load_functions","title":"load_functions","text":"load_functions()\n
"},{"location":"reference/pwndbg/lib/gcc/","title":"pwndbg.lib.gcc","text":""},{"location":"reference/pwndbg/lib/gcc/#pwndbg.lib.gcc","title":"gcc","text":"Functions for determining the architecture-dependent path to GCC and any flags it should be executed with.
Functions:
Attributes:
"},{"location":"reference/pwndbg/lib/gcc/#pwndbg.lib.gcc.printed_message","title":"printed_message module-attribute","text":"printed_message = False\n
"},{"location":"reference/pwndbg/lib/gcc/#pwndbg.lib.gcc.which","title":"which","text":"which(arch: ArchDefinition) -> list[str]\n
"},{"location":"reference/pwndbg/lib/heap/","title":"pwndbg.lib.heap","text":""},{"location":"reference/pwndbg/lib/heap/#pwndbg.lib.heap","title":"heap","text":"Modules:
"},{"location":"reference/pwndbg/lib/heap/helpers/","title":"pwndbg.lib.heap.helpers","text":""},{"location":"reference/pwndbg/lib/heap/helpers/#pwndbg.lib.heap.helpers","title":"helpers","text":"Functions:
"},{"location":"reference/pwndbg/lib/heap/helpers/#pwndbg.lib.heap.helpers.find_fastbin_size","title":"find_fastbin_size","text":"find_fastbin_size(\n mem: bytes, max_size: int, step: int\n) -> Generator[int, None, None]\n
"},{"location":"reference/pwndbg/lib/kernel/","title":"pwndbg.lib.kernel","text":""},{"location":"reference/pwndbg/lib/kernel/#pwndbg.lib.kernel","title":"kernel","text":"Modules:
-
kconfig \u2013 -
structs \u2013
"},{"location":"reference/pwndbg/lib/kernel/kconfig/","title":"pwndbg.lib.kernel.kconfig","text":""},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig","title":"kconfig","text":"Classes:
Functions:
-
parse_config \u2013 -
parse_compresed_config \u2013 -
config_to_key \u2013
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig","title":"Kconfig","text":"Kconfig(compressed_config: bytes, *args: Any, **kwargs: Any)\n
Bases: UserDict
Methods:
-
get_key \u2013 -
__getitem__ \u2013 -
__contains__ \u2013 -
__getattr__ \u2013
Attributes:
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.data","title":"data instance-attribute","text":"data = parse_compresed_config(compressed_config)\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.get_key","title":"get_key","text":"get_key(name: str) -> str | None\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.__getitem__","title":"__getitem__","text":"__getitem__(name: str)\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.__contains__","title":"__contains__","text":"__contains__(name: object) -> bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.parse_config","title":"parse_config","text":"parse_config(config_text: bytes) -> dict[str, str]\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.parse_compresed_config","title":"parse_compresed_config","text":"parse_compresed_config(compressed_config: bytes) -> dict[str, str]\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.config_to_key","title":"config_to_key","text":"config_to_key(name: str) -> str\n
"},{"location":"reference/pwndbg/lib/kernel/structs/","title":"pwndbg.lib.kernel.structs","text":""},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs","title":"structs","text":"Classes:
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry","title":"IDTEntry","text":"IDTEntry(entry)\n
Represents an entry in the Interrupt Descriptor Table (IDT)
The IDTEntry class stores information about an IDT entry, including its index, offset, segment selector, descriptor privilege level (DPL), gate type, and interrupt stack table (IST) index.
https://wiki.osdev.org/Interrupt_Descriptor_Table
Attributes:
-
offset \u2013 -
segment \u2013 -
dpl \u2013 -
type \u2013 -
ist \u2013 -
present \u2013
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.offset","title":"offset instance-attribute","text":"offset = None\n
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.segment","title":"segment instance-attribute","text":"segment = None\n
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.dpl","title":"dpl instance-attribute","text":"dpl = None\n
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.type","title":"type instance-attribute","text":"type = None\n
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.ist","title":"ist instance-attribute","text":"ist = None\n
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.present","title":"present instance-attribute","text":"present = None\n
"},{"location":"reference/pwndbg/lib/memory/","title":"pwndbg.lib.memory","text":""},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory","title":"memory","text":"Reading, writing, and describing memory.
Classes:
Functions:
-
round_down \u2013 round_down(address, align) -> int
-
round_up \u2013 round_up(address, align) -> int
-
page_align \u2013 page_align(address) -> int
-
page_size_align \u2013 -
page_offset \u2013
Attributes:
-
PAGE_SIZE \u2013 -
PAGE_MASK \u2013 -
align_down \u2013 -
align_up \u2013
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.PAGE_SIZE","title":"PAGE_SIZE module-attribute","text":"PAGE_SIZE = 4096\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.PAGE_MASK","title":"PAGE_MASK module-attribute","text":"PAGE_MASK = ~PAGE_SIZE - 1\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.align_down","title":"align_down module-attribute","text":"align_down = round_down\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.align_up","title":"align_up module-attribute","text":"align_up = round_up\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page","title":"Page","text":"Page(start: int, size: int, flags: int, offset: int, objfile: str = '')\n
Represents the address space and page permissions of at least one page of memory.
Methods:
-
__str__ \u2013 -
__repr__ \u2013 -
__contains__ \u2013 -
__eq__ \u2013 -
__lt__ \u2013 -
__hash__ \u2013
Attributes:
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.vaddr","title":"vaddr class-attribute instance-attribute","text":"vaddr = start\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.memsz","title":"memsz class-attribute instance-attribute","text":"memsz = size\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.flags","title":"flags class-attribute instance-attribute","text":"flags = flags\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.offset","title":"offset class-attribute instance-attribute","text":"offset = offset\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.objfile","title":"objfile class-attribute instance-attribute","text":"objfile = objfile\n
Possible non-empty values of objfile: - Contains square brackets \"[]\" if it's not a memory mapped file. Examples: [stack], [vsyscall], [heap], [vdso] - A path to a file, such as /usr/lib/libc.so.6
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.start","title":"start property","text":"start: int\n
Mapping start address.
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.end","title":"end property","text":"end: int\n
Address beyond mapping. So the last effective address is self.end-1 It is the same as displayed in /proc//maps"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.is_stack","title":"is_stack property","text":"
is_stack: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.is_memory_mapped_file","title":"is_memory_mapped_file property","text":"is_memory_mapped_file: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.read","title":"read property","text":"read: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.write","title":"write property","text":"write: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.execute","title":"execute property","text":"execute: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.rw","title":"rw property","text":"rw: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.wx","title":"wx property","text":"wx: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.rwx","title":"rwx property","text":"rwx: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.is_guard","title":"is_guard property","text":"is_guard: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.permstr","title":"permstr property","text":"permstr: str\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__repr__","title":"__repr__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__contains__","title":"__contains__","text":"__contains__(addr: int) -> bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__eq__","title":"__eq__","text":"__eq__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__lt__","title":"__lt__","text":"__lt__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__hash__","title":"__hash__","text":"__hash__() -> int\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.round_down","title":"round_down","text":"round_down(address: int, align: int) -> int\n
round_down(address, align) -> int
Round down address to the nearest increment of align.
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.round_up","title":"round_up","text":"round_up(address: int, align: int) -> int\n
round_up(address, align) -> int
Round up address to the nearest increment of align.
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.page_align","title":"page_align","text":"page_align(address: int) -> int\n
page_align(address) -> int
Round down address to the nearest page boundary.
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.page_size_align","title":"page_size_align","text":"page_size_align(address: int) -> int\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.page_offset","title":"page_offset","text":"page_offset(address: int) -> int\n
"},{"location":"reference/pwndbg/lib/net/","title":"pwndbg.lib.net","text":""},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net","title":"net","text":"Re-implements some psutil functionality to be able to get information from remote debugging sessions.
Classes:
-
inode \u2013 -
Connection \u2013 -
UnixSocket \u2013 -
Netlink \u2013
Functions:
-
format_host_port \u2013 -
tcp \u2013 -
tcp6 \u2013 -
unix \u2013 -
netlink \u2013
Attributes:
-
TCP_STATUSES \u2013 -
NETLINK_TYPES \u2013
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.TCP_STATUSES","title":"TCP_STATUSES module-attribute","text":"TCP_STATUSES = {\n \"01\": \"established\",\n \"02\": \"syn_sent\",\n \"03\": \"syn_recv\",\n \"04\": \"fin_wait1\",\n \"05\": \"fin_wait2\",\n \"06\": \"time_wait\",\n \"07\": \"close\",\n \"08\": \"close_wait\",\n \"09\": \"last_ack\",\n \"0A\": \"listen\",\n \"0B\": \"closing\",\n}\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.NETLINK_TYPES","title":"NETLINK_TYPES module-attribute","text":"NETLINK_TYPES = {\n 0: \"NETLINK_ROUTE\",\n 1: \"NETLINK_UNUSED\",\n 2: \"NETLINK_USERSOCK\",\n 3: \"NETLINK_FIREWALL\",\n 4: \"NETLINK_SOCK_DIAG\",\n 5: \"NETLINK_NFLOG\",\n 6: \"NETLINK_XFRM\",\n 7: \"NETLINK_SELINUX\",\n 8: \"NETLINK_ISCSI\",\n 9: \"NETLINK_AUDIT\",\n 10: \"NETLINK_FIB_LOOKUP\",\n 11: \"NETLINK_CONNECTOR\",\n 12: \"NETLINK_NETFILTER\",\n 13: \"NETLINK_IP6_FW\",\n 14: \"NETLINK_DNRTMSG\",\n 15: \"NETLINK_KOBJECT_UEVENT\",\n 16: \"NETLINK_GENERIC\",\n 18: \"NETLINK_SCSITRANSPORT\",\n 19: \"NETLINK_ECRYPTFS\",\n 20: \"NETLINK_RDMA\",\n 21: \"NETLINK_CRYPTO\",\n}\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.inode","title":"inode","text":"Attributes:
-
inode (int | None) \u2013
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.inode.inode","title":"inode class-attribute instance-attribute","text":"inode: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection","title":"Connection","text":" Bases: inode
Methods:
-
__str__ \u2013 -
__repr__ \u2013
Attributes:
-
rhost (str | None) \u2013 -
lhost (str | None) \u2013 -
rport (int | None) \u2013 -
lport (int | None) \u2013 -
inode (int | None) \u2013 -
status (str | None) \u2013 -
family (str | None) \u2013
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.rhost","title":"rhost class-attribute instance-attribute","text":"rhost: str | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.lhost","title":"lhost class-attribute instance-attribute","text":"lhost: str | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.rport","title":"rport class-attribute instance-attribute","text":"rport: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.lport","title":"lport class-attribute instance-attribute","text":"lport: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.inode","title":"inode class-attribute instance-attribute","text":"inode: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.status","title":"status class-attribute instance-attribute","text":"status: str | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.family","title":"family class-attribute instance-attribute","text":"family: str | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.__repr__","title":"__repr__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket","title":"UnixSocket","text":" Bases: inode
Methods:
-
__str__ \u2013 -
__repr__ \u2013
Attributes:
-
path \u2013 -
inode (int | None) \u2013
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket.path","title":"path class-attribute instance-attribute","text":"path = '(anonymous)'\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket.inode","title":"inode class-attribute instance-attribute","text":"inode: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket.__repr__","title":"__repr__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink","title":"Netlink","text":" Bases: inode
Methods:
-
__str__ \u2013 -
__repr__ \u2013
Attributes:
-
eth (int) \u2013 -
portid (int | None) \u2013 -
inode (int | None) \u2013
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.eth","title":"eth class-attribute instance-attribute","text":"eth: int = 0\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.portid","title":"portid class-attribute instance-attribute","text":"portid: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.inode","title":"inode class-attribute instance-attribute","text":"inode: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.__repr__","title":"__repr__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.format_host_port","title":"format_host_port","text":"format_host_port(ip, port)\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.tcp","title":"tcp","text":"tcp(data: str) -> list[Connection]\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.tcp6","title":"tcp6","text":"tcp6(data: str) -> list[Connection]\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.unix","title":"unix","text":"unix(data: str) -> list[UnixSocket]\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.netlink","title":"netlink","text":"netlink(data: str) -> list[Netlink]\n
"},{"location":"reference/pwndbg/lib/regs/","title":"pwndbg.lib.regs","text":""},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs","title":"regs","text":"Reading register value from the inferior, and provides a standardized interface to registers like \"sp\" and \"pc\".
Classes:
-
BitFlags \u2013 -
AddressingRegister \u2013 Represents a register that is used to store an address, e.g. cr3, gsbase, fsbase
-
SegmentRegisters \u2013 Represents the x86 segment register set
-
KernelRegisterSet \u2013 additional registers that are useful when pwning kernels
-
UnicornRegisterWrite \u2013 Represent a register to write to the Unicorn emulator.
-
Reg \u2013 -
RegisterSet \u2013 -
PsuedoEmulatedRegisterFile \u2013 This class represents a set of registers that can be written, read, and invalidated.
Attributes:
-
arm_cpsr_flags \u2013 -
arm_xpsr_flags \u2013 -
aarch64_cpsr_flags \u2013 -
aarch64_sctlr_flags \u2013 -
aarch64_scr_flags \u2013 -
arm \u2013 -
armcm \u2013 -
aarch64 \u2013 -
x86flags \u2013 -
amd64_kernel \u2013 -
amd64 \u2013 -
i386 \u2013 -
powerpc \u2013 -
sparc \u2013 -
mips \u2013 -
riscv \u2013 -
loongarch64 \u2013 -
s390x \u2013 -
reg_sets (dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, RegisterSet]) \u2013
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.arm_cpsr_flags","title":"arm_cpsr_flags module-attribute","text":"arm_cpsr_flags = BitFlags(\n [\n (\"N\", 31),\n (\"Z\", 30),\n (\"C\", 29),\n (\"V\", 28),\n (\"Q\", 27),\n (\"J\", 24),\n (\"T\", 5),\n (\"E\", 9),\n (\"A\", 8),\n (\"I\", 7),\n (\"F\", 6),\n ]\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.arm_xpsr_flags","title":"arm_xpsr_flags module-attribute","text":"arm_xpsr_flags = BitFlags(\n [(\"N\", 31), (\"Z\", 30), (\"C\", 29), (\"V\", 28), (\"Q\", 27), (\"T\", 24)]\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64_cpsr_flags","title":"aarch64_cpsr_flags module-attribute","text":"aarch64_cpsr_flags = BitFlags(\n [\n (\"N\", 31),\n (\"Z\", 30),\n (\"C\", 29),\n (\"V\", 28),\n (\"Q\", 27),\n (\"PAN\", 22),\n (\"IL\", 20),\n (\"D\", 9),\n (\"A\", 8),\n (\"I\", 7),\n (\"F\", 6),\n (\"EL\", (2, 2)),\n (\"SP\", 0),\n ]\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64_sctlr_flags","title":"aarch64_sctlr_flags module-attribute","text":"aarch64_sctlr_flags = BitFlags(\n [\n (\"TIDCP\", 63),\n (\"SPINTMASK\", 62),\n (\"NMI\", 61),\n (\"EPAN\", 57),\n (\"ATA0\", 43),\n (\"ATA0\", 42),\n (\"TCF\", (40, 2)),\n (\"TCF0\", (38, 2)),\n (\"ITFSB\", 37),\n (\"BT1\", 36),\n (\"BT0\", 35),\n (\"EnIA\", 31),\n (\"EnIB\", 30),\n (\"EnDA\", 27),\n (\"UCI\", 26),\n (\"EE\", 25),\n (\"E0E\", 24),\n (\"SPAN\", 23),\n (\"TSCXT\", 20),\n (\"WXN\", 19),\n (\"nTWE\", 18),\n (\"nTWI\", 16),\n (\"UCT\", 15),\n (\"DZE\", 14),\n (\"EnDB\", 13),\n (\"I\", 12),\n (\"UMA\", 9),\n (\"SED\", 8),\n (\"ITD\", 7),\n (\"nAA\", 6),\n (\"CP15BEN\", 5),\n (\"SA0\", 4),\n (\"SA\", 3),\n (\"C\", 2),\n (\"A\", 1),\n (\"M\", 0),\n ]\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64_scr_flags","title":"aarch64_scr_flags module-attribute","text":"aarch64_scr_flags = BitFlags(\n [(\"HCE\", 8), (\"SMD\", 7), (\"EA\", 3), (\"FIQ\", 2), (\"IRQ\", 1), (\"NS\", 0)]\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.arm","title":"arm module-attribute","text":"arm = RegisterSet(\n retaddr=(Reg(\"lr\", 4),),\n flags={\"cpsr\": arm_cpsr_flags},\n gpr=(\n Reg(\"r0\", 4),\n Reg(\"r1\", 4),\n Reg(\"r2\", 4),\n Reg(\"r3\", 4),\n Reg(\"r4\", 4),\n Reg(\"r5\", 4),\n Reg(\"r6\", 4),\n Reg(\"r7\", 4),\n Reg(\"r8\", 4),\n Reg(\"r9\", 4),\n Reg(\"r10\", 4),\n Reg(\"r11\", 4),\n Reg(\"r12\", 4),\n ),\n args=(\"r0\", \"r1\", \"r2\", \"r3\"),\n retval=\"r0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.armcm","title":"armcm module-attribute","text":"armcm = RegisterSet(\n retaddr=(Reg(\"lr\", 4),),\n flags={\"xpsr\": arm_xpsr_flags},\n gpr=(\n Reg(\"r0\", 4),\n Reg(\"r1\", 4),\n Reg(\"r2\", 4),\n Reg(\"r3\", 4),\n Reg(\"r4\", 4),\n Reg(\"r5\", 4),\n Reg(\"r6\", 4),\n Reg(\"r7\", 4),\n Reg(\"r8\", 4),\n Reg(\"r9\", 4),\n Reg(\"r10\", 4),\n Reg(\"r11\", 4),\n Reg(\"r12\", 4),\n ),\n args=(\"r0\", \"r1\", \"r2\", \"r3\"),\n retval=\"r0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64","title":"aarch64 module-attribute","text":"aarch64 = RegisterSet(\n retaddr=(Reg(\"lr\", 8),),\n flags={\"cpsr\": aarch64_cpsr_flags},\n extra_flags={\n \"scr_el3\": aarch64_scr_flags,\n \"sctlr\": aarch64_sctlr_flags,\n \"sctlr_el2\": aarch64_sctlr_flags,\n \"sctlr_el3\": aarch64_sctlr_flags,\n \"spsr_el1\": aarch64_cpsr_flags,\n \"spsr_el2\": aarch64_cpsr_flags,\n \"spsr_el3\": aarch64_cpsr_flags,\n },\n gpr=(\n Reg(\"x0\", 8, subregisters=(Reg(\"w0\", 4, zero_extend_writes=True),)),\n Reg(\"x1\", 8, subregisters=(Reg(\"w1\", 4, zero_extend_writes=True),)),\n Reg(\"x2\", 8, subregisters=(Reg(\"w2\", 4, zero_extend_writes=True),)),\n Reg(\"x3\", 8, subregisters=(Reg(\"w3\", 4, zero_extend_writes=True),)),\n Reg(\"x4\", 8, subregisters=(Reg(\"w4\", 4, zero_extend_writes=True),)),\n Reg(\"x5\", 8, subregisters=(Reg(\"w5\", 4, zero_extend_writes=True),)),\n Reg(\"x6\", 8, subregisters=(Reg(\"w6\", 4, zero_extend_writes=True),)),\n Reg(\"x7\", 8, subregisters=(Reg(\"w7\", 4, zero_extend_writes=True),)),\n Reg(\"x8\", 8, subregisters=(Reg(\"w8\", 4, zero_extend_writes=True),)),\n Reg(\"x9\", 8, subregisters=(Reg(\"w9\", 4, zero_extend_writes=True),)),\n Reg(\"x10\", 8, subregisters=(Reg(\"w10\", 4, zero_extend_writes=True),)),\n Reg(\"x11\", 8, subregisters=(Reg(\"w11\", 4, zero_extend_writes=True),)),\n Reg(\"x12\", 8, subregisters=(Reg(\"w12\", 4, zero_extend_writes=True),)),\n Reg(\"x13\", 8, subregisters=(Reg(\"w13\", 4, zero_extend_writes=True),)),\n Reg(\"x14\", 8, subregisters=(Reg(\"w14\", 4, zero_extend_writes=True),)),\n Reg(\"x15\", 8, subregisters=(Reg(\"w15\", 4, zero_extend_writes=True),)),\n Reg(\"x16\", 8, subregisters=(Reg(\"w16\", 4, zero_extend_writes=True),)),\n Reg(\"x17\", 8, subregisters=(Reg(\"w17\", 4, zero_extend_writes=True),)),\n Reg(\"x18\", 8, subregisters=(Reg(\"w18\", 4, zero_extend_writes=True),)),\n Reg(\"x19\", 8, subregisters=(Reg(\"w19\", 4, zero_extend_writes=True),)),\n Reg(\"x20\", 8, subregisters=(Reg(\"w20\", 4, zero_extend_writes=True),)),\n Reg(\"x21\", 8, subregisters=(Reg(\"w21\", 4, zero_extend_writes=True),)),\n Reg(\"x22\", 8, subregisters=(Reg(\"w22\", 4, zero_extend_writes=True),)),\n Reg(\"x23\", 8, subregisters=(Reg(\"w23\", 4, zero_extend_writes=True),)),\n Reg(\"x24\", 8, subregisters=(Reg(\"w24\", 4, zero_extend_writes=True),)),\n Reg(\"x25\", 8, subregisters=(Reg(\"w25\", 4, zero_extend_writes=True),)),\n Reg(\"x26\", 8, subregisters=(Reg(\"w26\", 4, zero_extend_writes=True),)),\n Reg(\"x27\", 8, subregisters=(Reg(\"w27\", 4, zero_extend_writes=True),)),\n Reg(\"x28\", 8, subregisters=(Reg(\"w28\", 4, zero_extend_writes=True),)),\n Reg(\"x29\", 8, subregisters=(Reg(\"w29\", 4, zero_extend_writes=True),)),\n ),\n args=(\"x0\", \"x1\", \"x2\", \"x3\"),\n retval=\"x0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.x86flags","title":"x86flags module-attribute","text":"x86flags = {\n \"eflags\": BitFlags(\n [\n (\"CF\", 0),\n (\"PF\", 2),\n (\"AF\", 4),\n (\"ZF\", 6),\n (\"SF\", 7),\n (\"IF\", 9),\n (\"DF\", 10),\n (\"OF\", 11),\n (\"AC\", 18),\n ]\n )\n}\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.amd64_kernel","title":"amd64_kernel module-attribute","text":"amd64_kernel = KernelRegisterSet(\n segments=SegmentRegisters([\"cs\", \"ss\", \"ds\", \"es\", \"fs\", \"gs\"]),\n controls={\n \"cr0\": BitFlags([(\"PE\", 0), (\"WP\", 16), (\"PG\", 31)]),\n \"cr3\": AddressingRegister(\"cr3\", False),\n \"cr4\": BitFlags(\n [\n (\"UMIP\", 11),\n (\"FSGSBASE\", 16),\n (\"SMEP\", 20),\n (\"SMAP\", 21),\n (\"PKE\", 22),\n (\"CET\", 23),\n (\"PKS\", 24),\n ]\n ),\n },\n msrs={\n \"efer\": BitFlags([(\"NXE\", 11)]),\n \"gs_base\": AddressingRegister(\"gs_base\", True),\n \"fs_base\": AddressingRegister(\"fs_base\", True),\n },\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.amd64","title":"amd64 module-attribute","text":"amd64 = RegisterSet(\n pc=Reg(\"rip\"),\n stack=Reg(\n \"rsp\",\n 8,\n subregisters=(\n Reg(\"esp\", 4, 0, zero_extend_writes=True),\n Reg(\"sp\", 2, 0),\n Reg(\"spl\", 1, 0),\n ),\n ),\n frame=Reg(\n \"rbp\",\n 8,\n subregisters=(\n Reg(\"ebp\", 4, 0, zero_extend_writes=True),\n Reg(\"bp\", 2, 0),\n Reg(\"bpl\", 1, 0),\n ),\n ),\n flags=x86flags,\n gpr=(\n Reg(\n \"rax\",\n 8,\n subregisters=(\n Reg(\"eax\", 4, 0, zero_extend_writes=True),\n Reg(\"ax\", 2, 0),\n Reg(\"ah\", 1, 1),\n Reg(\"al\", 1, 0),\n ),\n ),\n Reg(\n \"rbx\",\n 8,\n subregisters=(\n Reg(\"ebx\", 4, 0, zero_extend_writes=True),\n Reg(\"bx\", 2, 0),\n Reg(\"bh\", 1, 1),\n Reg(\"bl\", 1, 0),\n ),\n ),\n Reg(\n \"rcx\",\n 8,\n subregisters=(\n Reg(\"ecx\", 4, 0, zero_extend_writes=True),\n Reg(\"cx\", 2, 0),\n Reg(\"ch\", 1, 1),\n Reg(\"cl\", 1, 0),\n ),\n ),\n Reg(\n \"rdx\",\n 8,\n subregisters=(\n Reg(\"edx\", 4, 0, zero_extend_writes=True),\n Reg(\"dx\", 2, 0),\n Reg(\"dh\", 1, 1),\n Reg(\"dl\", 1, 0),\n ),\n ),\n Reg(\n \"rdi\",\n 8,\n subregisters=(\n Reg(\"edi\", 4, 0, zero_extend_writes=True),\n Reg(\"di\", 2, 0),\n Reg(\"dil\", 1, 0),\n ),\n ),\n Reg(\n \"rsi\",\n 8,\n subregisters=(\n Reg(\"esi\", 4, 0, zero_extend_writes=True),\n Reg(\"si\", 2, 0),\n Reg(\"sil\", 1, 0),\n ),\n ),\n Reg(\n \"r8\",\n 8,\n subregisters=(\n Reg(\"r8d\", 4, 0, zero_extend_writes=True),\n Reg(\"r8w\", 2, 0),\n Reg(\"r8b\", 1, 0),\n ),\n ),\n Reg(\n \"r9\",\n 8,\n subregisters=(\n Reg(\"r9d\", 4, 0, zero_extend_writes=True),\n Reg(\"r9w\", 2, 0),\n Reg(\"r9b\", 1, 0),\n ),\n ),\n Reg(\n \"r10\",\n 8,\n subregisters=(\n Reg(\"r10d\", 4, 0, zero_extend_writes=True),\n Reg(\"r10w\", 2, 0),\n Reg(\"r10b\", 1, 0),\n ),\n ),\n Reg(\n \"r11\",\n 8,\n subregisters=(\n Reg(\"r11d\", 4, 0, zero_extend_writes=True),\n Reg(\"r11w\", 2, 0),\n Reg(\"r11b\", 1, 0),\n ),\n ),\n Reg(\n \"r12\",\n 8,\n subregisters=(\n Reg(\"r12d\", 4, 0, zero_extend_writes=True),\n Reg(\"r12w\", 2, 0),\n Reg(\"r12b\", 1, 0),\n ),\n ),\n Reg(\n \"r13\",\n 8,\n subregisters=(\n Reg(\"r13d\", 4, 0, zero_extend_writes=True),\n Reg(\"r13w\", 2, 0),\n Reg(\"r13b\", 1, 0),\n ),\n ),\n Reg(\n \"r14\",\n 8,\n subregisters=(\n Reg(\"r14d\", 4, 0, zero_extend_writes=True),\n Reg(\"r14w\", 2, 0),\n Reg(\"r14b\", 1, 0),\n ),\n ),\n Reg(\n \"r15\",\n 8,\n subregisters=(\n Reg(\"r15d\", 4, 0, zero_extend_writes=True),\n Reg(\"r15w\", 2, 0),\n Reg(\"r15b\", 1, 0),\n ),\n ),\n ),\n misc=(\"cs\", \"ss\", \"ds\", \"es\", \"fs\", \"gs\", \"fs_base\", \"gs_base\", \"ip\"),\n kernel=amd64_kernel,\n args=(\"rdi\", \"rsi\", \"rdx\", \"rcx\", \"r8\", \"r9\"),\n retval=\"rax\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.i386","title":"i386 module-attribute","text":"i386 = RegisterSet(\n pc=Reg(\"eip\"),\n stack=Reg(\"esp\", 4, subregisters=(Reg(\"sp\", 2, 0),)),\n frame=Reg(\"ebp\", 4, subregisters=(Reg(\"bp\", 2, 0),)),\n flags=x86flags,\n gpr=(\n Reg(\n \"eax\",\n 4,\n subregisters=(Reg(\"ax\", 2, 0), Reg(\"ah\", 1, 1), Reg(\"al\", 1, 0)),\n ),\n Reg(\n \"ebx\",\n 4,\n subregisters=(Reg(\"bx\", 2, 0), Reg(\"bh\", 1, 1), Reg(\"bl\", 1, 0)),\n ),\n Reg(\n \"ecx\",\n 4,\n subregisters=(Reg(\"cx\", 2, 0), Reg(\"ch\", 1, 1), Reg(\"cl\", 1, 0)),\n ),\n Reg(\n \"edx\",\n 4,\n subregisters=(Reg(\"dx\", 2, 0), Reg(\"dh\", 1, 1), Reg(\"dl\", 1, 0)),\n ),\n Reg(\"edi\", 4, subregisters=(Reg(\"di\", 2, 0),)),\n Reg(\"esi\", 4, subregisters=(Reg(\"si\", 2, 0),)),\n ),\n misc=(\"cs\", \"ss\", \"ds\", \"es\", \"fs\", \"gs\", \"fs_base\", \"gs_base\", \"ip\"),\n retval=\"eax\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.powerpc","title":"powerpc module-attribute","text":"powerpc = RegisterSet(\n retaddr=(Reg(\"lr\"),),\n flags={\"msr\": BitFlags(), \"xer\": BitFlags()},\n gpr=(\n Reg(\"r0\"),\n Reg(\"r1\"),\n Reg(\"r2\"),\n Reg(\"r3\"),\n Reg(\"r4\"),\n Reg(\"r5\"),\n Reg(\"r6\"),\n Reg(\"r7\"),\n Reg(\"r8\"),\n Reg(\"r9\"),\n Reg(\"r10\"),\n Reg(\"r11\"),\n Reg(\"r12\"),\n Reg(\"r13\"),\n Reg(\"r14\"),\n Reg(\"r15\"),\n Reg(\"r16\"),\n Reg(\"r17\"),\n Reg(\"r18\"),\n Reg(\"r19\"),\n Reg(\"r20\"),\n Reg(\"r21\"),\n Reg(\"r22\"),\n Reg(\"r23\"),\n Reg(\"r24\"),\n Reg(\"r25\"),\n Reg(\"r26\"),\n Reg(\"r27\"),\n Reg(\"r28\"),\n Reg(\"r29\"),\n Reg(\"r30\"),\n Reg(\"r31\"),\n Reg(\"cr\"),\n Reg(\"ctr\"),\n ),\n args=(\"r3\", \"r4\", \"r5\", \"r6\", \"r7\", \"r8\", \"r9\", \"r10\"),\n retval=\"r3\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.sparc","title":"sparc module-attribute","text":"sparc = RegisterSet(\n stack=Reg(\"sp\"),\n frame=Reg(\"fp\"),\n retaddr=(Reg(\"i7\"),),\n flags={\"psr\": BitFlags()},\n gpr=(\n Reg(\"g1\"),\n Reg(\"g2\"),\n Reg(\"g3\"),\n Reg(\"g4\"),\n Reg(\"g5\"),\n Reg(\"g6\"),\n Reg(\"g7\"),\n Reg(\"o0\"),\n Reg(\"o1\"),\n Reg(\"o2\"),\n Reg(\"o3\"),\n Reg(\"o4\"),\n Reg(\"o5\"),\n Reg(\"o7\"),\n Reg(\"l0\"),\n Reg(\"l1\"),\n Reg(\"l2\"),\n Reg(\"l3\"),\n Reg(\"l4\"),\n Reg(\"l5\"),\n Reg(\"l6\"),\n Reg(\"l7\"),\n Reg(\"i0\"),\n Reg(\"i1\"),\n Reg(\"i2\"),\n Reg(\"i3\"),\n Reg(\"i4\"),\n Reg(\"i5\"),\n ),\n args=(\"i0\", \"i1\", \"i2\", \"i3\", \"i4\", \"i5\"),\n retval=\"o0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.mips","title":"mips module-attribute","text":"mips = RegisterSet(\n frame=Reg(\"fp\"),\n retaddr=(Reg(\"ra\"),),\n gpr=(\n Reg(\"v0\"),\n Reg(\"v1\"),\n Reg(\"a0\"),\n Reg(\"a1\"),\n Reg(\"a2\"),\n Reg(\"a3\"),\n Reg(\"t0\"),\n Reg(\"t1\"),\n Reg(\"t2\"),\n Reg(\"t3\"),\n Reg(\"t4\"),\n Reg(\"t5\"),\n Reg(\"t6\"),\n Reg(\"t7\"),\n Reg(\"t8\"),\n Reg(\"t9\"),\n Reg(\"s0\"),\n Reg(\"s1\"),\n Reg(\"s2\"),\n Reg(\"s3\"),\n Reg(\"s4\"),\n Reg(\"s5\"),\n Reg(\"s6\"),\n Reg(\"s7\"),\n Reg(\"s8\"),\n Reg(\"gp\"),\n ),\n args=(\"a0\", \"a1\", \"a2\", \"a3\"),\n retval=\"v0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.riscv","title":"riscv module-attribute","text":"riscv = RegisterSet(\n pc=Reg(\"pc\"),\n stack=Reg(\"sp\"),\n retaddr=(Reg(\"ra\"),),\n gpr=(\n Reg(\"gp\"),\n Reg(\"tp\"),\n Reg(\"t0\"),\n Reg(\"t1\"),\n Reg(\"t2\"),\n Reg(\"s0\"),\n Reg(\"s1\"),\n Reg(\"a0\"),\n Reg(\"a1\"),\n Reg(\"a2\"),\n Reg(\"a3\"),\n Reg(\"a4\"),\n Reg(\"a5\"),\n Reg(\"a6\"),\n Reg(\"a7\"),\n Reg(\"s2\"),\n Reg(\"s3\"),\n Reg(\"s4\"),\n Reg(\"s5\"),\n Reg(\"s6\"),\n Reg(\"s7\"),\n Reg(\"s8\"),\n Reg(\"s9\"),\n Reg(\"s10\"),\n Reg(\"s11\"),\n Reg(\"t3\"),\n Reg(\"t4\"),\n Reg(\"t5\"),\n Reg(\"t6\"),\n ),\n args=(\"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\", \"a7\"),\n retval=\"a0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.loongarch64","title":"loongarch64 module-attribute","text":"loongarch64 = RegisterSet(\n pc=Reg(\"pc\"),\n stack=Reg(\"sp\"),\n frame=Reg(\"fp\"),\n retaddr=(Reg(\"ra\"),),\n gpr=(\n Reg(\"a0\"),\n Reg(\"a1\"),\n Reg(\"a2\"),\n Reg(\"a3\"),\n Reg(\"a4\"),\n Reg(\"a5\"),\n Reg(\"a6\"),\n Reg(\"a7\"),\n Reg(\"t0\"),\n Reg(\"t1\"),\n Reg(\"t2\"),\n Reg(\"t3\"),\n Reg(\"t4\"),\n Reg(\"t5\"),\n Reg(\"t6\"),\n Reg(\"t7\"),\n Reg(\"t8\"),\n Reg(\"s0\"),\n Reg(\"s1\"),\n Reg(\"s2\"),\n Reg(\"s3\"),\n Reg(\"s4\"),\n Reg(\"s5\"),\n Reg(\"s6\"),\n Reg(\"s7\"),\n Reg(\"s8\"),\n ),\n args=(\"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\", \"a7\"),\n misc=(\"tp\", \"r21\"),\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.s390x","title":"s390x module-attribute","text":"s390x = RegisterSet(\n pc=Reg(\"pc\"),\n retaddr=(Reg(\"r14\"),),\n stack=Reg(\"r15\"),\n flags={\"pswm\": BitFlags()},\n gpr=(\n Reg(\"r0\"),\n Reg(\"r1\"),\n Reg(\"r2\"),\n Reg(\"r3\"),\n Reg(\"r4\"),\n Reg(\"r5\"),\n Reg(\"r6\"),\n Reg(\"r7\"),\n Reg(\"r8\"),\n Reg(\"r9\"),\n Reg(\"r10\"),\n Reg(\"r11\"),\n Reg(\"r12\"),\n Reg(\"r13\"),\n ),\n args=(\"r2\", \"r3\", \"r4\", \"r5\", \"r6\"),\n retval=\"r2\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.reg_sets","title":"reg_sets module-attribute","text":"reg_sets: dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, RegisterSet] = {\n \"i386\": i386,\n \"i8086\": i386,\n \"x86-64\": amd64,\n \"rv32\": riscv,\n \"rv64\": riscv,\n \"mips\": mips,\n \"sparc\": sparc,\n \"arm\": arm,\n \"armcm\": armcm,\n \"aarch64\": aarch64,\n \"powerpc\": powerpc,\n \"loongarch64\": loongarch64,\n \"s390x\": s390x,\n}\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags","title":"BitFlags","text":"BitFlags(flags: list[tuple[str, int | tuple[int, int]]] = [])\n
Methods:
-
__getattr__ \u2013 -
__getitem__ \u2013 -
__setitem__ \u2013 -
__delitem__ \u2013 -
__iter__ \u2013 -
__len__ \u2013 -
__repr__ \u2013 -
update \u2013 -
context \u2013
Attributes:
-
regname (str) \u2013 -
flags (OrderedDict[str, int | tuple[int, int]]) \u2013
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.regname","title":"regname instance-attribute","text":"regname: str = ''\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.flags","title":"flags instance-attribute","text":"flags: OrderedDict[str, int | tuple[int, int]] = {}\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__getattr__","title":"__getattr__","text":"__getattr__(name)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__getitem__","title":"__getitem__","text":"__getitem__(key)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__setitem__","title":"__setitem__","text":"__setitem__(key, value)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__delitem__","title":"__delitem__","text":"__delitem__(key)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__iter__","title":"__iter__","text":"__iter__()\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__len__","title":"__len__","text":"__len__()\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__repr__","title":"__repr__","text":"__repr__()\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.update","title":"update","text":"update(regname: str)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.context","title":"context","text":"context(rc)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister","title":"AddressingRegister","text":"AddressingRegister(reg: str, is_virtual: bool)\n
Represents a register that is used to store an address, e.g. cr3, gsbase, fsbase
Methods:
-
update \u2013 -
context \u2013
Attributes:
-
reg (str) \u2013 -
value (int) \u2013 -
is_virtual (bool) \u2013
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister.reg","title":"reg instance-attribute","text":"reg: str = reg\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister.value","title":"value instance-attribute","text":"value: int = 0\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister.is_virtual","title":"is_virtual instance-attribute","text":"is_virtual: bool = is_virtual\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister.update","title":"update","text":"update(regname: str)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister.context","title":"context","text":"context(rc)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.SegmentRegisters","title":"SegmentRegisters","text":"SegmentRegisters(regs: list[str])\n
Represents the x86 segment register set
Methods:
Attributes:
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.SegmentRegisters.regs","title":"regs instance-attribute","text":"regs: list[str] = regs\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.SegmentRegisters.context","title":"context","text":"context(rc)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.KernelRegisterSet","title":"KernelRegisterSet","text":"KernelRegisterSet(\n segments: SegmentRegisters | None,\n controls: dict[str, BitFlags | AddressingRegister] = {},\n msrs: dict[str, BitFlags | AddressingRegister] = {},\n)\n
additional registers that are useful when pwning kernels used only for x86-64 for now
Attributes:
-
segments (SegmentRegisters) \u2013 -
controls (dict[str, BitFlags | AddressingRegister]) \u2013 -
msrs (dict[str, BitFlags | AddressingRegister]) \u2013
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.KernelRegisterSet.segments","title":"segments instance-attribute","text":"segments: SegmentRegisters = segments\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.KernelRegisterSet.controls","title":"controls instance-attribute","text":"controls: dict[str, BitFlags | AddressingRegister] = controls\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.KernelRegisterSet.msrs","title":"msrs instance-attribute","text":"msrs: dict[str, BitFlags | AddressingRegister] = msrs\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.UnicornRegisterWrite","title":"UnicornRegisterWrite dataclass","text":"UnicornRegisterWrite(name: str, force_write: bool)\n
Represent a register to write to the Unicorn emulator.
Attributes:
-
name (str) \u2013 -
force_write (bool) \u2013
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.UnicornRegisterWrite.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.UnicornRegisterWrite.force_write","title":"force_write instance-attribute","text":"force_write: bool\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg","title":"Reg dataclass","text":"Reg(\n name: str,\n size: int | None = None,\n offset: int = 0,\n zero_extend_writes: bool = False,\n subregisters: tuple[Reg, ...] = (),\n)\n
Attributes:
-
name (str) \u2013 -
size (int | None) \u2013 Register width in bytes. None if the register size is arch.ptrsize
-
offset (int) \u2013 Relevant for subregisters - the offset of this register in the main register
-
zero_extend_writes (bool) \u2013 Upon writing a value to this subregister, are the higher bits of the full register zeroed out?
-
subregisters (tuple[Reg, ...]) \u2013
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg.size","title":"size class-attribute instance-attribute","text":"size: int | None = None\n
Register width in bytes. None if the register size is arch.ptrsize
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg.offset","title":"offset class-attribute instance-attribute","text":"offset: int = 0\n
Relevant for subregisters - the offset of this register in the main register
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg.zero_extend_writes","title":"zero_extend_writes class-attribute instance-attribute","text":"zero_extend_writes: bool = False\n
Upon writing a value to this subregister, are the higher bits of the full register zeroed out?
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg.subregisters","title":"subregisters class-attribute instance-attribute","text":"subregisters: tuple[Reg, ...] = ()\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet","title":"RegisterSet","text":"RegisterSet(\n pc: Reg = Reg(\"pc\"),\n stack: Reg = Reg(\"sp\"),\n frame: Reg | None = None,\n retaddr: tuple[Reg, ...] = (),\n flags: dict[str, BitFlags] = {},\n extra_flags: dict[str, BitFlags] = {},\n gpr: tuple[Reg, ...] = (),\n misc: tuple[str, ...] = (),\n args: tuple[str, ...] = (),\n kernel: KernelRegisterSet | None = None,\n retval: str | None = None,\n)\n
Methods:
-
__contains__ \u2013 -
__iter__ \u2013
Attributes:
-
pc (str) \u2013 -
stack (str) \u2013 -
frame (str | None) \u2013 -
retaddr (tuple[str, ...]) \u2013 -
flags (dict[str, BitFlags]) \u2013 -
extra_flags \u2013 -
gpr (tuple[str, ...]) \u2013 -
misc (tuple[str, ...]) \u2013 -
args (tuple[str, ...]) \u2013 -
retval (str | None) \u2013 -
kernel (KernelRegisterSet | None) \u2013 -
reg_definitions (dict[str, Reg]) \u2013 -
full_register_lookup (dict[str, Reg]) \u2013 -
common (list[str]) \u2013 -
emulated_regs_order (list[UnicornRegisterWrite]) \u2013 -
all (set[str]) \u2013
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.pc","title":"pc instance-attribute","text":"pc: str = name\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.stack","title":"stack instance-attribute","text":"stack: str = name\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.frame","title":"frame class-attribute instance-attribute","text":"frame: str | None = name if frame else None\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.retaddr","title":"retaddr instance-attribute","text":"retaddr: tuple[str, ...] = tuple(name for x in retaddr)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.flags","title":"flags instance-attribute","text":"flags: dict[str, BitFlags] = flags\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.extra_flags","title":"extra_flags instance-attribute","text":"extra_flags = extra_flags\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.gpr","title":"gpr instance-attribute","text":"gpr: tuple[str, ...] = tuple(name for x in gpr)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.misc","title":"misc instance-attribute","text":"misc: tuple[str, ...] = misc\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.args","title":"args instance-attribute","text":"args: tuple[str, ...] = args\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.retval","title":"retval instance-attribute","text":"retval: str | None = retval\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.kernel","title":"kernel instance-attribute","text":"kernel: KernelRegisterSet | None = kernel\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.reg_definitions","title":"reg_definitions instance-attribute","text":"reg_definitions: dict[str, Reg] = {}\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.full_register_lookup","title":"full_register_lookup instance-attribute","text":"full_register_lookup: dict[str, Reg] = {}\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.common","title":"common class-attribute instance-attribute","text":"common: list[str] = []\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.emulated_regs_order","title":"emulated_regs_order instance-attribute","text":"emulated_regs_order: list[UnicornRegisterWrite] = []\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.all","title":"all instance-attribute","text":"all: set[str] = (\n set(misc)\n | set(flags)\n | set(extra_flags)\n | set(retaddr)\n | set(common)\n | set(all_subregisters)\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.__contains__","title":"__contains__","text":"__contains__(reg: str) -> bool\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.__iter__","title":"__iter__","text":"__iter__() -> Iterator[str]\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PsuedoEmulatedRegisterFile","title":"PsuedoEmulatedRegisterFile","text":"PsuedoEmulatedRegisterFile(register_set: RegisterSet, ptrsize: int)\n
This class represents a set of registers that can be written, read, and invalidated.
The aim is to allow some manual dynamic/static analysis without the need for a full emulator.
The implementation can handle the behavior of architectures with partial registers, such as x86 (Ex: rax has \"eax\", \"ax\", \"ah\", and \"al\" as subregisters) or AArch64 (Ex: X0 contains W0). Most of the complexity of the bitshifts and masks arise from the necessity to handle these cases.
Methods:
Attributes:
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PsuedoEmulatedRegisterFile.register_set","title":"register_set instance-attribute","text":"register_set: RegisterSet = register_set\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PsuedoEmulatedRegisterFile.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int = ptrsize\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PsuedoEmulatedRegisterFile.masks","title":"masks instance-attribute","text":"masks: defaultdict[str, int] = defaultdict(int)\n
Map of register name to bitmask indicating what bits of the register we know the value of.
Example: { \"rax\": 0xFFFF } This indicates that in the RAX register, we only know the bottom 16 bits. This likely resulted from writing the \"ax\" register. Any attempt to read any other bits returns None. In this case, we can read from \"ax\", \"ah\", and \"al\", but not \"eax\" or \"rax\".
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PsuedoEmulatedRegisterFile.values","title":"values instance-attribute","text":"values: defaultdict[str, int] = defaultdict(int)\n
Map of register to the value we know it to have.
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PsuedoEmulatedRegisterFile.write_register","title":"write_register","text":"write_register(\n reg: str,\n value: int,\n source_width: int | None = None,\n sign_extend: bool = False,\n) -> None\n
source_width is the byte width of the value's source. It should be specified when the source has a width shorter than the destination register.
Examples:
movsbl EAX, AL // sign extend 1 byte register to 4 byte register movzbl EAX, AL // zero extend
Source width would be 1, and in the first case sign_extend should be set to True. If sign_extend is False, we zero extend.
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PsuedoEmulatedRegisterFile.read_register","title":"read_register","text":"read_register(reg: str) -> int | None\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PsuedoEmulatedRegisterFile.invalidate_all_registers","title":"invalidate_all_registers","text":"invalidate_all_registers() -> None\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PsuedoEmulatedRegisterFile.invalidate_register","title":"invalidate_register","text":"invalidate_register(reg: str) -> None\n
Invalidate the bits that a write to this register would override.
This can be used when we statically detect that a register is written, but we don't know the concrete value that is written so we have to invalidate any current knowledge of the register's bits.
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PsuedoEmulatedRegisterFile.__repr__","title":"__repr__","text":"__repr__()\n
"},{"location":"reference/pwndbg/lib/stdio/","title":"pwndbg.lib.stdio","text":""},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio","title":"stdio","text":"Provides functionality to circumvent GDB's hooks on sys.stdin and sys.stdout which prevent output from appearing on-screen inside of certain event handlers.
Classes:
Attributes:
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.stdio","title":"stdio module-attribute","text":"stdio = Stdio()\n
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.Stdio","title":"Stdio","text":"Methods:
-
__enter__ \u2013 -
__exit__ \u2013
Attributes:
-
queue (list[tuple[TextIO, TextIO, TextIO]]) \u2013
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.Stdio.queue","title":"queue class-attribute instance-attribute","text":"queue: list[tuple[TextIO, TextIO, TextIO]] = []\n
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.Stdio.__enter__","title":"__enter__","text":"__enter__(*a: Any, **kw: Any) -> None\n
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.Stdio.__exit__","title":"__exit__","text":"__exit__(\n exc_type: type[BaseException] | None,\n exc_value: BaseException | None,\n traceback: TracebackType | None,\n) -> None\n
"},{"location":"reference/pwndbg/lib/strings/","title":"pwndbg.lib.strings","text":""},{"location":"reference/pwndbg/lib/strings/#pwndbg.lib.strings","title":"strings","text":"Functions:
"},{"location":"reference/pwndbg/lib/strings/#pwndbg.lib.strings.strip_colors","title":"strip_colors","text":"strip_colors(text)\n
Remove all ANSI color codes from the text
"},{"location":"reference/pwndbg/lib/tempfile/","title":"pwndbg.lib.tempfile","text":""},{"location":"reference/pwndbg/lib/tempfile/#pwndbg.lib.tempfile","title":"tempfile","text":"Common helper and cache for pwndbg tempdir
Functions:
"},{"location":"reference/pwndbg/lib/tempfile/#pwndbg.lib.tempfile.tempdir","title":"tempdir","text":"tempdir() -> str\n
Returns a safe and unpredictable temporary directory with pwndbg prefix.
"},{"location":"reference/pwndbg/lib/tempfile/#pwndbg.lib.tempfile.cachedir","title":"cachedir","text":"cachedir(namespace: str | None = None) -> str\n
Returns and potentially creates a persistent safe cachedir location based on XDG_CACHE_HOME or ~/.cache
Optionally creates a sub namespace inside the pwndbg cache folder.
"},{"location":"reference/pwndbg/lib/tips/","title":"pwndbg.lib.tips","text":""},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips","title":"tips","text":"Functions:
Attributes:
-
GDB_TIPS (list[str]) \u2013 -
PWNDBG_TIPS (list[str]) \u2013 -
LLDB_TIPS (list[str]) \u2013
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.GDB_TIPS","title":"GDB_TIPS module-attribute","text":"GDB_TIPS: list[str] = [\n \"GDB's `apropos <topic>` command displays all registered commands that are related to the given <topic>\",\n \"GDB's `follow-fork-mode` parameter can be used to set whether to trace parent or child after fork() calls. Pwndbg sets it to child by default\",\n 'Use GDB\\'s `dprintf` command to print all calls to given function. E.g. `dprintf malloc, \"malloc(%p)\\\\n\", (void*)$rdi` will print all malloc calls',\n \"Use GDB's `pi` command to run an interactive Python console where you can use Pwndbg APIs like `pwndbg.aglib.memory.read(addr, len)`, `pwndbg.aglib.memory.write(addr, data)`, `pwndbg.aglib.vmmap.get()` and so on!\",\n \"GDB's `set directories <path>` parameter can be used to debug e.g. glibc sources like the malloc/free functions!\",\n \"If you have debugging symbols the `info args` command shows current frame's function arguments (use `up` and `down` to switch between frames)\",\n 'Calling functions like `call (void)puts(\"hello world\")` will run all other target threads for the time the function runs. Use `set scheduler-locking on` to lock the execution to current thread when calling functions',\n \"Use the `pipe <cmd> | <prog>` command to pass output of a GDB/Pwndbg command to a shell program, e.g. `pipe elfsections | grep bss`. This can also be shortened to: `| <cmd> | <prog>`\",\n \"Prefixing a command with `!` in GDB will execute it as a shell command, e.g.: `!ls` or `!cat flag.txt`\",\n]\n
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.PWNDBG_TIPS","title":"PWNDBG_TIPS module-attribute","text":"PWNDBG_TIPS: list[str] = [\n \"If you want Pwndbg to clear screen on each command (but still save previous output in history) use `set context-clear-screen on`\",\n \"The `set show-flags on` setting will display CPU flags register in the regs context panel\",\n \"GDB and Pwndbg parameters can be shown or set with `show <param>` and `set <param> <value>` GDB commands\",\n \"Use Pwndbg's `config` and `theme` commands to tune its configuration and theme colors!\",\n \"Pwndbg mirrors some of WinDbg commands like `eq`, `ew`, `ed`, `eb`, `es`, `dq`, `dw`, `dd`, `db`, `ds` for writing and reading memory\",\n \"Pwndbg resolves kernel memory maps by parsing page tables (default) or via `monitor info mem` QEMU gdbstub command (use `set kernel-vmmap-via-page-tables off` for that)\",\n \"Use the `vmmap` command for a better & colored memory maps display (than the GDB's `info proc mappings`)\",\n \"Use the `telescope` command to dereference a given address/pointer multiple times (if the dereferenced value is a valid ptr; see `config telescope` to configure its behavior)\",\n \"Use the `context` (or `ctx`) command to display the context once again. You can reconfigure the context layout with `set context-section <sections>` or forward the output to a file/tty via `set context-output <file>`. See also `config context` to configure it further!\",\n \"Disable Pwndbg context information display with `set context-sections ''`\",\n \"Pwndbg context displays where the program branches to thanks to emulating few instructions into the future. You can disable this with `set emulate off` which may also speed up debugging\",\n \"Use the `canary` command to see all stack canary/cookie values on the stack (based on the *usual* stack canary value initialized by glibc)\",\n \"Use the `procinfo` command for better process introspection (than the GDB's `info proc` command)\",\n \"Want to display each context panel in a separate tmux window? See https://github.com/pwndbg/pwndbg/blob/dev/FEATURES.md#splitting--layouting-context\",\n 'Use `$base(\"heap\")` to get the start address of a [heap] memory page',\n \"Use the `errno` (or `errno <number>`) command to see the name of the last or provided (libc) error\",\n \"Pwndbg sets the SIGLARM, SIGBUS, SIGPIPE and SIGSEGV signals so they are not passed to the app; see `info signals` for full GDB signals configuration\",\n \"Use `vmmap -A|-B <number> <filter>` to display <number> of maps after/before filtered ones\",\n \"Use the `killall` command to kill all specified threads (via their ids)\",\n \"Use the `spray` command to spray memory with cyclic pattern or specified value\",\n \"Use `patch <address> '<assembly>'` to patch an address with given assembly code\",\n \"Want to NOP some instructions? Use `patch <address> 'nop; nop; nop'`\",\n \"`heap-config` shows heap related configuration\",\n \"`break-if-taken` and `break-if-not-taken` commands sets breakpoints after a given jump instruction was taken or not\",\n \"`stepuntilasm <assembly-instruction [operands]>` steps program forward until matching instruction occures\",\n \"Use `plist` command to dump elements of linked list\",\n \"If your program has multiple threads they will be displayed in the context display or using the `context threads` command\",\n \"Use `track-got enable|info|query` to track GOT accesses - useful for hijacking control flow via writable GOT/PLT\",\n \"Need to `mmap` or `mprotect` memory in the debugee? Use commands with the same name to inject and run such syscalls\",\n \"Use `hi` to see if a an address belongs to a glibc heap chunk\",\n \"Use `contextprev` and `contextnext` to display a previous context output again without scrolling\",\n \"Try splitting the context output into multiple TUI windows using `layout pwndbg` (`tui disable` or `ctrl-x + a` to go back to CLI mode)\",\n]\n
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.LLDB_TIPS","title":"LLDB_TIPS module-attribute","text":"LLDB_TIPS: list[str] = [\n \"Use LLDB's `help <command>` to get detailed help on any command\",\n \"LLDB's `expr` command lets you evaluate expressions in the current frame context\",\n \"Use `frame variable` (or `fr v`) to show all variables in the current frame\",\n \"The `watchpoint set` command allows you to stop execution when a variable changes\",\n \"Use `process launch --stop-at-entry` to stop at the program entry point\",\n \"LLDB's `memory read` (or `m read`) command displays memory contents at a specified address\",\n \"Use `thread backtrace all` to see backtraces of all threads\",\n \"The `breakpoint set --func-regex <regex>` command sets breakpoints on functions matching a regular expression\",\n \"Use `target modules list` to see all loaded modules in your process\",\n \"LLDB's `image lookup` command helps find symbols, addresses, and files in the executable and loaded libraries\",\n \"Use `command alias` to create custom shortcuts for frequently used commands\",\n \"LLDB's `register read` shows the contents of registers in the selected frame\",\n \"The `disassemble` command shows assembly instructions for the current function\",\n \"Use `thread step-inst` (or `si`) to step one instruction\",\n \"LLDB's Python API can be accessed with the `script` command to extend debugging capabilities\",\n \"Use `process attach --pid <pid>` to attach to a running process\",\n \"The `breakpoint command add` lets you run commands when a breakpoint is hit\",\n \"Use `memory find` to search for a value in the process's memory\",\n \"LLDB's `settings set` command allows you to customize debugger behavior\",\n \"The `platform list` command shows all available platforms for remote debugging\",\n]\n
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.get_tip_of_the_day","title":"get_tip_of_the_day","text":"get_tip_of_the_day() -> str\n
Returns a random tip based on the current debugger type.
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.get_all_tips","title":"get_all_tips","text":"get_all_tips() -> list[str]\n
Returns all tips applicable to the current debugger.
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.color_tip","title":"color_tip","text":"color_tip(tip: str) -> str\n
"},{"location":"reference/pwndbg/lib/version/","title":"pwndbg.lib.version","text":""},{"location":"reference/pwndbg/lib/version/#pwndbg.lib.version","title":"version","text":"Functions:
Attributes:
-
__version__ \u2013 -
b_id \u2013
"},{"location":"reference/pwndbg/lib/version/#pwndbg.lib.version.__version__","title":"__version__ module-attribute","text":"__version__ = '2025.05.30'\n
"},{"location":"reference/pwndbg/lib/version/#pwndbg.lib.version.b_id","title":"b_id module-attribute","text":"b_id = build_id()\n
"},{"location":"reference/pwndbg/lib/version/#pwndbg.lib.version.build_id","title":"build_id","text":"build_id() -> str\n
Returns pwndbg commit id if git is available.
"},{"location":"reference/pwndbg/lib/which/","title":"pwndbg.lib.which","text":""},{"location":"reference/pwndbg/lib/which/#pwndbg.lib.which","title":"which","text":"Functions:
"},{"location":"reference/pwndbg/lib/which/#pwndbg.lib.which.which","title":"which","text":"which(name: str, all: bool = False) -> str | set[str] | None\n
which(name, flags = os.X_OK, all = False) -> str or str set
Works as the system command which; searches $PATH for name and returns a full path if found.
If all is True the set of all found locations is returned, else the first occurrence or None is returned.
Parameters:
Returns:
-
str | set[str] | None \u2013 If all is True the set of all locations where name was found,
-
str | set[str] | None \u2013 else the first location or None if not found.
Example which('sh') '/bin/sh'
"},{"location":"reference/pwndbg/log/","title":"pwndbg.log","text":""},{"location":"reference/pwndbg/log/#pwndbg.log","title":"log","text":"Logging.
Classes:
"},{"location":"reference/pwndbg/log/#pwndbg.log.ColorFormatter","title":"ColorFormatter","text":" Bases: Formatter
Methods:
Attributes:
"},{"location":"reference/pwndbg/log/#pwndbg.log.ColorFormatter.log_funcs","title":"log_funcs class-attribute instance-attribute","text":"log_funcs = {\n DEBUG: debug,\n INFO: info,\n WARNING: warn,\n ERROR: error,\n CRITICAL: error,\n}\n
"},{"location":"reference/pwndbg/log/#pwndbg.log.ColorFormatter.format","title":"format","text":"format(record)\n
"},{"location":"reference/pwndbg/profiling/","title":"pwndbg.profiling","text":""},{"location":"reference/pwndbg/profiling/#pwndbg.profiling","title":"profiling","text":"Pwndbg profiling.
Classes:
Functions:
Attributes:
-
profiler (Profiler | None) \u2013
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.profiler","title":"profiler module-attribute","text":"profiler: Profiler | None = None\n
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.Profiler","title":"Profiler","text":"Profiler(p: Profile)\n
Methods:
-
print_time_elapsed \u2013 -
start \u2013 -
stop \u2013
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.Profiler.print_time_elapsed","title":"print_time_elapsed","text":"print_time_elapsed() -> None\n
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.Profiler.start","title":"start","text":"start() -> None\n
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.Profiler.stop","title":"stop","text":"stop(filename: str | None = None) -> None\n
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.init","title":"init","text":"init(p: Profile, _start_time: float | None) -> None\n
"},{"location":"reference/pwndbg/radare2/","title":"pwndbg.radare2","text":""},{"location":"reference/pwndbg/radare2/#pwndbg.radare2","title":"radare2","text":"Radare2 integration with r2pipe.
Functions:
"},{"location":"reference/pwndbg/radare2/#pwndbg.radare2.r2pipe","title":"r2pipe","text":"r2pipe()\n
Spawn and return a r2pipe handle for the current process file.
This function requires a radare2 installation plus the r2pipe python library. The base address is automatically set for PIE when loading the binary. After opening the handle, the binary is automatically analyzed.
Raises ImportError if r2pipe python library is not available. Raises Exception if anything goes fatally wrong.
Returns a r2pipe.open handle.
"},{"location":"reference/pwndbg/rizin/","title":"pwndbg.rizin","text":""},{"location":"reference/pwndbg/rizin/#pwndbg.rizin","title":"rizin","text":"Rizin integration with rzpipe.
Functions:
"},{"location":"reference/pwndbg/rizin/#pwndbg.rizin.rzpipe","title":"rzpipe","text":"rzpipe()\n
Spawn and return a rzpipe handle for the current process file. This function requires a rizin installation plus the rzpipe python library. The base address is automatically set for PIE when loading the binary. After opening the handle, the binary is automatically analyzed. Raises ImportError if rzpipe python library is not available. Raises Exception if anything goes fatally wrong. Returns a rzpipe.open handle.
"},{"location":"reference/pwndbg/search/","title":"pwndbg.search","text":""},{"location":"reference/pwndbg/search/#pwndbg.search","title":"search","text":"Search the address space for byte patterns.
Functions:
"},{"location":"reference/pwndbg/search/#pwndbg.search.search","title":"search","text":"search(\n searchfor: bytes,\n mappings: Collection[Page] | None = None,\n start: int | None = None,\n end: int | None = None,\n step: int | None = None,\n aligned: int | None = None,\n limit: int | None = None,\n executable: bool = False,\n writable: bool = False,\n) -> Generator[int, None, None]\n
Search inferior memory for a byte sequence.
Parameters:
-
searchfor (bytes) \u2013 Byte sequence to find
-
mappings (Collection[Page] | None, default: None ) \u2013 List of pwndbg.lib.memory.Page objects to search By default, uses all available mappings.
-
start (int | None, default: None ) \u2013 First address to search, inclusive.
-
end (int | None, default: None ) \u2013 Last address to search, exclusive.
-
step (int | None, default: None ) \u2013 Size of memory region to skip each result
-
aligned (int | None, default: None ) \u2013 Strict byte alignment for search result
-
limit (int | None, default: None ) \u2013 Maximum number of results to return
-
executable (bool, default: False ) \u2013 Restrict search to executable pages
-
writable (bool, default: False ) \u2013 Restrict search to writable pages
Yields:
"},{"location":"reference/pwndbg/ui/","title":"pwndbg.ui","text":""},{"location":"reference/pwndbg/ui/#pwndbg.ui","title":"ui","text":"A few helpers for making things print pretty-like.
Functions:
-
banner \u2013 -
addrsz \u2013 -
get_window_size \u2013 -
get_cmd_window_size \u2013
Attributes:
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.title_position","title":"title_position module-attribute","text":"title_position = add_param(\n \"banner-title-position\",\n \"center\",\n \"banner title position\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"center\", \"left\", \"right\"],\n)\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.banner","title":"banner","text":"banner(title, target=stdout, width=None, extra='')\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.addrsz","title":"addrsz","text":"addrsz(address) -> str\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.get_window_size","title":"get_window_size","text":"get_window_size(target=stdout)\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.get_cmd_window_size","title":"get_cmd_window_size","text":"get_cmd_window_size()\n
"},{"location":"reference/pwndbg/wrappers/","title":"pwndbg.wrappers","text":""},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers","title":"wrappers","text":"Specific command output wrappers.
Modules:
-
checksec \u2013 -
readelf \u2013
Classes:
Functions:
Attributes:
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand","title":"OnlyWithCommand","text":"OnlyWithCommand(*commands: str | list[str])\n
Methods:
Attributes:
-
all_cmds (list[str]) \u2013 -
cmd (list[str]) \u2013 -
cmd_path (str | None) \u2013
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand.all_cmds","title":"all_cmds instance-attribute","text":"all_cmds: list[str] = [\n cmd[0] if isinstance(cmd, list) else cmd for cmd in commands\n]\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand.cmd","title":"cmd instance-attribute","text":"cmd: list[str] = command if isinstance(command, list) else [command]\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand.cmd_path","title":"cmd_path instance-attribute","text":"cmd_path: str | None = which(cmd[0])\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand.__call__","title":"__call__","text":"__call__(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.call_cmd","title":"call_cmd","text":"call_cmd(cmd: str | list[str]) -> str\n
"},{"location":"reference/pwndbg/wrappers/checksec/","title":"pwndbg.wrappers.checksec","text":""},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec","title":"checksec","text":"Functions:
-
monkeypatch_pwnlib_term_text \u2013 -
get_raw_out \u2013 -
relro_status \u2013 -
pie_status \u2013
"},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec.monkeypatch_pwnlib_term_text","title":"monkeypatch_pwnlib_term_text","text":"monkeypatch_pwnlib_term_text() -> Iterator[None]\n
"},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec.get_raw_out","title":"get_raw_out","text":"get_raw_out(local_path: str) -> str\n
"},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec.relro_status","title":"relro_status","text":"relro_status(local_path: str) -> str\n
"},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec.pie_status","title":"pie_status","text":"pie_status(local_path: str) -> str\n
"},{"location":"reference/pwndbg/wrappers/readelf/","title":"pwndbg.wrappers.readelf","text":""},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf","title":"readelf","text":"Classes:
Functions:
Attributes:
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.cmd_name","title":"cmd_name module-attribute","text":"cmd_name = 'readelf'\n
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.RelocationType","title":"RelocationType","text":" Bases: Enum
Attributes:
-
JUMP_SLOT \u2013 -
GLOB_DAT \u2013 -
IRELATIVE \u2013
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.RelocationType.JUMP_SLOT","title":"JUMP_SLOT class-attribute instance-attribute","text":"JUMP_SLOT = 1\n
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.RelocationType.GLOB_DAT","title":"GLOB_DAT class-attribute instance-attribute","text":"GLOB_DAT = 2\n
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.RelocationType.IRELATIVE","title":"IRELATIVE class-attribute instance-attribute","text":"IRELATIVE = 3\n
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.get_got_entry","title":"get_got_entry","text":"get_got_entry(local_path: str) -> dict[RelocationType, list[str]]\n
"},{"location":"blog/archive/2022/","title":"2022","text":""}]}
\ No newline at end of file
+{"config":{"lang":["en"],"separator":"[\\s\\u200b\\-_,:!=\\[\\]()\"`/]+|\\.(?!\\d)|&[lg]t;|(?!\\b)(?=[A-Z][a-z])","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Home","text":""},{"location":"#pwndbg","title":"pwndbg","text":"pwndbg (/pa\u028an\u02c8di\u02ccb\u028c\u0261/) is a GDB and LLDB plug-in that makes debugging suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.
It has a boatload of features, see our Features page and CHEATSHEET (feel free to print it!). If you have any questions you may read the documentation or asks us in our Discord server.
"},{"location":"#why","title":"Why?","text":"Vanilla GDB and LLDB are terrible to use for reverse engineering and exploit development. Typing x/30gx $rsp or navigating cumbersome LLDB commands is not fun and often provides minimal information. The year is 2025, and core debuggers still lack many user-friendly features such as a robust hexdump command. WinDbg users are completely lost when they occasionally need to bump into GDB or LLDB.
Pwndbg is a Python module which can be loaded into GDB or run as a REPL interface for LLDB. It provides a suite of utilities and enhancements that fill the gaps left by these debuggers, smoothing out rough edges and making them more user-friendly.
"},{"location":"#installation","title":"Installation","text":"See installation instructions.
"},{"location":"#what-about","title":"What about ...?","text":"Many past (gdbinit, PEDA) and present projects (GEF, bata24/GEF) offer great features, but are hard to extend and are packaged as large single files (103KB, 195KB, 423KB, 4.12MB). Pwndbg aims to replace them with a faster, cleaner, and more robust implementation.
"},{"location":"#when-to-use-gdb-or-lldb","title":"When to Use GDB or LLDB?","text":"Pwndbg supports both GDB and LLDB, and each debugger has its own strengths. Here's a quick guide to help you decide which one to use:
Use Case Supported Debugger Debugging Linux binaries or ELF files GDB, LLDB Debugging Mach-O binaries on macOS LLDB Linux kernel debugging (qemu-system) GDB, LLDB Linux user-space emulation (qemu-user) GDB Embedded debugging (ARM Cortex M* or RISC-V/32) GDB, LLDB Pwndbg ensures a consistent experience across both, so switching between them is seamless.
The LLDB implementation in pwndbg is still in early-stage and may contain bugs or limitations. Known issues are tracked in GitHub Issues.
If you encounter any problems, feel free to report them or discuss on our Discord server.
"},{"location":"#compatibility-table","title":"Compatibility Table","text":"Feature Supported Version Notes pwndbg-gdb - Python 3.10+ - GDB 12.1+ Battle-tested on Ubuntu 22.04/24.04 pwndbg-lldb - Python 3.12+ - LLDB 19+ Experimental/early-stage support qemu-user QEMU 8.1+ vFile API is needed for vmmap qemu-system QEMU 6.2+ Supported version since ubuntu 22.04"},{"location":"#contributing","title":"Contributing","text":"Pull requests are welcome \u2764\ufe0f. Check out the Contributing Guide.
"},{"location":"#acknowledgements","title":"Acknowledgements","text":"Pwndbg was originally created by Zach Riggle, who is no longer with us. We want to thank Zach for all of his contributions to pwndbg and the wider security community.
"},{"location":"features/","title":"Features","text":""},{"location":"features/#features","title":"Features","text":"Pwndbg has a great deal of useful features. You can a see all available commands at any time by typing the pwndbg command or by checking the Commands section of the documentation. For configuration and theming see the Configuration section. Below is a subset of commands which are easy to capture in screenshots.
"},{"location":"features/#disassembly-and-emulation","title":"Disassembly and Emulation","text":"Pwndbg leverages the capstone and unicorn engines, along with its own instrospection, to display, annotate and emulate instructions.
Operands of instructions are resolved, conditions evaluated, and only the instructions that will actually be executed are shown.
This is incredibly useful when stepping through jump tables, PLT entries, and ROPping.
"},{"location":"features/#context","title":"Context","text":"A useful summary of the current execution context is printed every time the debugger stops (e.g. breakpoint or single-step), displaying all registers, the stack, call frames, disassembly, and additionally recursively dereferencing all pointers. All memory addresses are color-coded to the type of memory they represent.
A history of previous context output is kept which can be accessed using the contextprev and contextnext commands.
"},{"location":"features/#arguments","title":"Arguments","text":"All function call sites are annotated with the arguments to those functions. This works best with debugging symbols, but also works in the most common case where an imported function (e.g. libc function via GOT or PLT) is used.
"},{"location":"features/#splitting-layouting-context","title":"Splitting / Layouting Context","text":"The context sections can be distributed among different tty by using the contextoutput command. Thus, if you want to make better use of some of the empty space in the default Pwndbg output, you can split the panes in your terminal and redirect the various contexts among them.
See Splitting the Context for more information.
"},{"location":"features/#gdb-tui","title":"GDB TUI","text":"The context sections are available as native GDB TUI windows named pwndbg_[sectionname]. There are some predefined layouts coming with Pwndbg which you can select using layout pwndbg or layout pwndbg_code.
See GDB TUI for more information.
"},{"location":"features/#watch-expressions","title":"Watch Expressions","text":"You can add expressions to be watched by the context. Those expressions are evaluated and shown on every context refresh. For instance by doing contextwatch execute \"info args\" we can see the arguments of every function we are in (here we are in mmap):
See contextwatch for more information.
"},{"location":"features/#integrations","title":"Integrations","text":""},{"location":"features/#ghidra","title":"Ghidra","text":"With the help of radare2 or rizin it is possible to show the decompiled source code of the ghidra decompiler.
See Ghidra Integration for more information.
"},{"location":"features/#ida-probinary-ninja","title":"IDA Pro/Binary Ninja","text":"Pwndbg is capable of integrating with IDA Pro or Binary Ninja by installing an XMLRPC server in the decompiler as a plugin, and then querying it for information.
This allows extraction of comments, decompiled lines of source, breakpoints, symbols, and synchronized debugging (single-steps update the cursor in the decompiler).
See Binary Ninja Integration or IDA Integration for setup information.
"},{"location":"features/#heap-inspection","title":"Heap Inspection","text":"Pwndbg provides commands for inspecting the heap and the allocator's state. Currently supported are:
- glibc malloc
- jemalloc
- linux's buddy allocator
- linux's SLUB allocator
See some of the commands for glibc malloc:
"},{"location":"features/#lldb","title":"LLDB","text":"While most other GDB plugins are well GDB plugins, Pwndbg's implementation is debugger-agnostic. You can use Pwndbg with LLDB!
"},{"location":"features/#windbg-compatibility","title":"WinDbg Compatibility","text":"For those coming from a Windows background, Pwndbg has a complete WinDbg compatibility layer. You can dd, dps, eq, and even eb $rip 90 to your heart's content.
"},{"location":"features/#go-debugging","title":"Go Debugging","text":"Pwndbg has support for dumping complex Go values like maps and slices, including automatically parsing out type layouts in certain cases.
See the Go debugging guide for more information.
"},{"location":"features/#so-many-commands","title":"So many commands","text":"Go take a look at Commands! Here is some cool stuff you can do to get you started.
"},{"location":"features/#process-state-inspection","title":"Process State Inspection","text":"Use the procinfo command in order to inspect the current process state, like UID, GID, Groups, SELinux context, and open file descriptors! Pwndbg works particularly well with remote GDB debugging like with Android phones.
"},{"location":"features/#rop-gadgets","title":"ROP Gadgets","text":"Tools for finding rop gadgets statically don't know about everything that will be loaded into the address space and they can make mistakes about which addresses will actually end up executable. You can now rop at runtime with Pwndbg's rop and ropper.
"},{"location":"features/#search","title":"Search","text":"Pwndbg makes searching the target memory space easy, with a complete and easy-to-use interface. Whether you're searching for bytes, strings, or various sizes of integer values or pointers, it's a simple command away.
"},{"location":"features/#finding-leaks","title":"Finding Leaks","text":"Finding leak chains can be done using the leakfind and probeleak commands. They recursively inspect address ranges for pointers, and report on all pointers found.
"},{"location":"features/#telescope","title":"Telescope","text":"Inspecting memory dumps is easy with the telescope command. It recursively dereferences a range of memory, letting you see everything at once. As an added bonus, Pwndbg checks all of the available registers to see if they point into the memory range.
"},{"location":"features/#virtual-memory-maps","title":"Virtual Memory Maps","text":"Pwndbg enhances the standard memory map listing and allows easy searching with vmmap.
"},{"location":"features/#tracking-glibc-heap-allocations","title":"Tracking glibc heap allocations","text":"It can be very useful to see allocations happening in real time. It can give us a good idea of what the allocation pattern of a program looks like, and allows us to make informed decisions on how to optimize or attack it. The track-heap command does just that.
"},{"location":"features/#tracking-the-got","title":"Tracking the GOT","text":"The Procedure Linkage Table (PLT) and Global Offset Table (GOT) are very interesting exploitation targets since they contain many often-accessed function pointers. You can track how your program goes through the GOT using the track-got command.
"},{"location":"features/#attach-to-a-process-by-name","title":"Attach to a process by name","text":"The days of running pidof in a different terminal are over. Use attachp to attach to any process by name, pid, arguments or device file!
"},{"location":"setup/","title":"Setup","text":"There are multiple ways to install Pwndbg, depending on whether you want to use it with GDB, with LLDB, use a portable release, or install it from source.
"},{"location":"setup/#installing-pwndbg-gdb","title":"Installing pwndbg-gdb","text":"Install via curl/sh (Linux/macOS)
curl -qsL 'https://install.pwndbg.re' | sh -s -- -t pwndbg-gdb\n
Install via Homebrew (macOS) brew install pwndbg/tap/pwndbg-gdb\n
Install via the Nix package manager (Linux/macOS) nix shell github:pwndbg/pwndbg\n
"},{"location":"setup/#through-package-manager","title":"Through package manager","text":"When installing with GDB, you may also download a package to install through your package manager of choice. Download the package from the releases page and pick the appropriate download from the second table.
RPM-based Systems (CentOS/Alma/Rocky/RHEL):
dnf install ./pwndbg-2025.05.30.x86_64.rpm\n
DEB-based Systems (Debian/Ubuntu/Kali): apt install ./pwndbg_2025.05.30_amd64.deb\n
Alpine: apk add --allow-untrusted ./pwndbg_2025.05.30_x86_64.apk\n
Arch Linux: pacman -U ./pwndbg-2025.05.30-1-x86_64.pkg.tar.zst\n
"},{"location":"setup/#installing-pwndbg-lldb","title":"Installing pwndbg-lldb","text":"These installation methods provide the
pwndbg-lldb ./your-binary\n
command. Install via curl/sh (Linux/macOS)
curl -qsL 'https://install.pwndbg.re' | sh -s -- -t pwndbg-lldb\n
Install via Homebrew (macOS) brew install pwndbg/tap/pwndbg-lldb\n
Install via the Nix package manager (Linux/macOS): nix shell github:pwndbg/pwndbg#pwndbg-lldb\n
"},{"location":"setup/#download-the-portable-version","title":"Download the Portable Version","text":"You can download a portable release on the Pwndbg releases page. There are seperate releases for GDB and LLDB. Use the first table to pick the appropriate download for your system architecture. You can then unpack the archive with:
tar -v -xf <archive-name>\n
And run Pwndbg with ./pwndbg/bin/pwndbg\n
or ./pwndbg/bin/pwndbg-lldb\n
depending on which version you installed. You may add the appropriate file to your shell's PATH."},{"location":"setup/#installing-from-source","title":"Installing from source","text":"See contributing/Installing Pwndbg from source, you do not need the \"The development environment\" section.
"},{"location":"blog/","title":"Blog","text":""},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/","title":"Pwndbg coding sprints report","text":"(originally posted on https://disconnect3d.pl/2022/08/21/pwndbg-coding-sprints/)
This blog post is a report of the two coding sprints for the Pwndbg project that I organized first on the EuroPython 2022 conference and then, taking inspiration from the previous one, in the Hackerspace Krak\u00f3w, located in Cracow, Poland.
PS: If you are only looking for a list of things done, scroll down!
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#where-i-got-the-idea-for-sprints","title":"Where I got the idea for sprints?","text":"I have recently attended the EuroPython 2022 conference and I enjoyed the \u201csprints\u201d there. In short, a sprint is a semi-organized event, where anyone can announce a project they will be working on and others can join them. This helps both the projects and the event participants to learn about the project and to make first-time contributions. At the EuroPython conference, there were 16 officially announced projects, but I know that even more projects were being worked on in practice. Of course, other communities or conferences also do this (e.g. NixCon).
At the EuroPython conference, I announced my own sprint to work on the Pwndbg project that I maintain. Having no expectations, I felt excited when four people showed up to learn something new and hack together on the project. Later, taking inspiration from it, I organized another sprint, this time in Cracow in the local Hackerspace with even a bigger response. Below, you can read a small report on the two sprints that have happened.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#my-general-idea-for-a-pwndbg-sprint","title":"My general idea for a Pwndbg sprint","text":"Pwndbg is written in Python, so on one hand is easy to hack on, but on the other hand it is a plugin for GDB, a console debugger for native programs (e.g. ones written in C, C++, Go or Rust). The general idea of Pwndbg is to alleviate the pain points of working with and improve the UX of GDB when debugging assembly code, reverse engineering a binary or during exploit development.
Since not everyone is familiar with debuggers or the underlyings of programs execution (e.g. assembly code, CPU registers or stack or heap memory) I knew that I had to make some introduction to those concepts and if possible, prepare a list of simple tasks, so that people can get familiar with the codebase and the tool and contribute something.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#europython-2022-sprint","title":"EuroPython 2022 sprint","text":"On the first sprint, four people showed up, mostly having no prior experience with the topic. We started with an introduction to what GDB and Pwndbg are and why and when they are useful.
For this, I took a small C program that had a buffer overflow bug:
#include <stdio.h>\n#include <string.h>\n\nint main(int argc, char* argv[]) {\n char name[16] = {0};\n\n // NOTE: We copy the `argv[1]` string which may be of arbitrary length\n // into the `name` buffer which is only of 16-bytes long. Thus, we can\n // overwrite the stack memory of the program past the `name` buffer.\n strcpy(name, argv[1]);\n\n printf(\"Hello %s!\\n\", name);\n}\n
Then, after compiling it (gcc main.c), we ran the program twice to see that it will crash if we provide a too long string as its argument:
$ ./a.out Disconnect3d\nHello Disconnect3d!\n\n$ ./a.out Disconnect3d_at_EuroPython\nHello Disconnect3d_at_EuroPython!\n*** stack smashing detected ***: <unknown> terminated\nAborted (core dumped)\n
Then, I explained that the \"stack smashing detected\" we see is the \"stack canaries\" (also called \"stack cookies\") exploit mitigation added by compilers. This compiler feature adds a special 8-bytes canary value after the function's local variables located on the stack, so that then a stack frame may look like this:
------------------------------ lower addresses\nchar name[16]; |\nuint8_t canary[8]; |\nvoid* function_return_address; V\n------------------------------ higher addresses\n
This local stack canary value is then filled in just after the function\u2019s prologue and is verified against a global value before the function returns to see if the stack was not corrupted (starting from the canary). Of course this may not detect all possible stack memory corruptions but it often makes it impossible to exploit a program (e.g. by changing the return address, also located on the stack), knowing just this vulnerability.
The stack canary mitigation can also be disabled. And if it were done (by passing in a -fno-stack-protector flag during compilation), we would get a different result when running the resulting program:
$ gcc -fno-stack-protector buf.c\n\n$ ./a.out Disconnect3d_on_EuroPython\nHello Disconnect3d_on_EuroPython!\nSegmentation fault (core dumped)\n
Now, the \"stack smashing detected\" is gone, but the program still crashed, because we still corrupted a part of its memory that we shouldn't have touched in a way that made the program do illegal things (e.g. accessing unmapped memory).
During the sprint, we also ran a GDB+Pwndbg session to see the exact instructions that placed the canary value on the stack memory, to see that our input string was located just before it and how the canary was checked just before the function was returned.
I am not going to describe all of this here, but you can see some of it in the below asciinema recording.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#hackerspace-krakow-sprint","title":"Hackerspace Krak\u00f3w sprint","text":"Since the second sprint was an ad-hoc event, I had to organize it myself. As a member of Hackerspace Krak\u00f3w, I was able to reserve the hackerspace's softroom, which is a perfect place for people to hack on things using their computers. Then, I advertised the event on the Hackerspace's mailing list and on a few other mediums.
I did not expect many people to come, especially that I advertised the sprint ~2 days before the event.
But... 8 people (!) showed up (excluding me). I prepared a document with some basic information and tasks, which can be found here (though, it is in Polish and it was modified during and after the sprint).
I won't lie: most people that came were friends of mine, some of which I play CTFs with. However, not all of them had really used or developed Pwndbg before.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#accomplishments-from-the-two-sprints","title":"Accomplishments from the two sprints","text":"On the EP sprint, since we were just a group of four, we focused on small improvements to the codebase. In total, we did the following: * reviewed and merged the fs/gs_base fetching improvement PR, * pinned the project's dependencies, * updated the unicorn dependency version, * added a \"tip of the day\" feature, * improved the UX of using Pwndbg within a Python virtual environment, * and also worked on enhancing the display of arguments when stopping on a call to the printf functions family.
The last item from the list was the hardest to jump on and it still requires enhancements until it is merged. Nonetheless, all of this was a nice outcome from the whole sprint :).
On the second sprint, while we were a bigger group, we had much more limited time (since instead of having ~8 hours, we had just a few). Anyway, we were able to do the following:
- Cleanup some code leftover after dropping Python 2 support,
- Added documentation on how to debug Pwndbg using PyCharm remote debugging,
- Reviewed and merged the PRs that sets
$base_heap variable and a tip for it, which may be useful for heap exploitation, - Fix the X30 register display on AARCH64 targets,
- Fix
context args display when PC/IP register pointed to unmapped memory, - Fixed the
xor and memfrob commands and added tests for them (! :D), - Worked on adding a way to dump memory that can be copied right away as C or Python code (this needs to be changed to a command flag),
- Investigated a potential parsing issue, even looking at GDB's command parsing source code, implemented potential patch, which only later turned out to be redundant and the issue to be invalid.
"},{"location":"blog/2022/08/21/pwndbg-coding-sprints-report/#summary-and-whats-next","title":"Summary and what's next?","text":"Organizing those sprints helped me to get back to develop the Pwndbg project more and and attract more people to contribute to it. I also think that more conferences should have this kind of attractions (similarly as more conferences should have lightning talk sessions, heh).
Regarding the Pwndbg sprints, I am organizing another one this week in Cracow on Tuesday, so if you live nearby and are interested in learning about Pwndbg or contributing to the project, feel invited! :)
PS: Thanks a lot to @arturcygan for reviewing this blog post.
"},{"location":"commands/","title":"Index","text":""},{"location":"commands/#commands","title":"Commands","text":""},{"location":"commands/#breakpoint","title":"Breakpoint","text":" - break-if-not-taken - Breaks on a branch if it is not taken.
- break-if-taken - Breaks on a branch if it is taken.
- breakrva - Break at RVA from PIE base.
- ignore - Set ignore-count of breakpoint number N to COUNT.
"},{"location":"commands/#context","title":"Context","text":" - context - Print out the currently enabled context sections.
- contextnext - Select next entry in context history.
- contextoutput - Sets the output of a context section.
- contextprev - Select previous entry in context history.
- contextsearch - Search for a string in the context history and select that entry.
- contextunwatch - Removes an expression previously added to be watched.
- contextwatch - Adds an expression to be shown on context.
- regs - Print out all registers and enhance the information.
"},{"location":"commands/#developer","title":"Developer","text":" - dev-dump-instruction - Dump internal PwndbgInstruction attributes.
- log-level - Set the log level.
"},{"location":"commands/#disassemble","title":"Disassemble","text":" - emulate - Like nearpc, but will emulate instructions from the current $PC forward.
- nearpc - Disassemble near a specified address.
"},{"location":"commands/#glibc-ptmalloc2-heap","title":"GLibc ptmalloc2 Heap","text":" - arena - Print the contents of an arena.
- arenas - List this process's arenas.
- bins - Print the contents of all an arena's bins and a thread's tcache.
- fastbins - Print the contents of an arena's fastbins.
- find-fake-fast - Find candidate fake fast or tcache chunks overlapping the specified address.
- heap - Iteratively print chunks on a heap.
- hi - Searches all heaps to find if an address belongs to a chunk. If yes, prints the chunk.
- largebins - Print the contents of an arena's largebins.
- malloc-chunk - Print a chunk.
- mp - Print the mp_ struct's contents.
- smallbins - Print the contents of an arena's smallbins.
- tcache - Print a thread's tcache contents.
- tcachebins - Print the contents of a tcache.
- top-chunk - Print relevant information about an arena's top chunk.
- try-free - Check what would happen if free was called with given address.
- unsortedbin - Print the contents of an arena's unsortedbin.
- vis-heap-chunks - Visualize chunks on a heap.
"},{"location":"commands/#integrations","title":"Integrations","text":" - ai - Ask GPT-3 a question about the current debugging context.
- bn-sync - Synchronize Binary Ninja's cursor with GDB.
- decomp - Use the current integration to decompile code near an address.
- j - Synchronize IDA's cursor with GDB.
- r2 - Launches radare2.
- r2pipe - Execute stateful radare2 commands through r2pipe.
- rop - Dump ROP gadgets with Jon Salwan's ROPgadget tool.
- ropper - ROP gadget search with ropper.
- rz - Launches rizin.
- rzpipe - Execute stateful rizin commands through rzpipe.
- save-ida - Save the ida database.
"},{"location":"commands/#kernel","title":"Kernel","text":" - binder - Show Android Binder information
- buddydump - Displays metadata and freelists of the buddy allocator.
- kbase - Finds the kernel virtual base address.
- kchecksec - Checks for kernel hardening configuration options.
- kcmdline - Return the kernel commandline (/proc/cmdline).
- kconfig - Outputs the kernel config (requires CONFIG_IKCONFIG).
- klookup - Lookup kernel symbols
- knft-dump - Dump all nftables: tables, chains, rules, expressions
- knft-list-chains - Dump netfilter chains form a specific table
- knft-list-exprs - Dump only expressions from specific rule
- knft-list-flowtables - Dump netfilter flowtables from a specific table
- knft-list-objects - Dump netfilter objects from a specific table
- knft-list-rules - Dump netfilter rules form a specific chain
- knft-list-sets - Dump netfilter sets from a specific table
- knft-list-tables - Dump netfliter tables from a specific network namespace
- kversion - Outputs the kernel version (/proc/version).
- msr - Read or write to Model Specific Register (MSR)
- p2v - Translate physical address to its corresponding virtual address.
- pagewalk - Performs pagewalk.
- slab - Prints information about the linux kernel's slab allocator SLUB.
- v2p - Translate virtual address to its corresponding physical address.
"},{"location":"commands/#linuxlibcelf","title":"Linux/libc/ELF","text":" - argc - Prints out the number of arguments.
- argv - Prints out the contents of argv.
- aslr - Check the current ASLR status, or turn it on/off.
- auxv-explore - Explore and print information from the Auxiliary ELF Vector.
- auxv - Print information from the Auxiliary ELF Vector.
- elfsections - Prints the section mappings contained in the ELF header.
- envp - Prints out the contents of the environment.
- errno - Converts errno (or argument) to its string representation.
- got - Show the state of the Global Offset Table.
- gotplt - Prints any symbols found in the .got.plt section if it exists.
- libcinfo - Show libc version and link to its sources
- linkmap - Show the state of the Link Map
- onegadget - Find gadgets which single-handedly give code execution.
- piebase - Calculate VA of RVA from PIE base.
- plt - Prints any symbols found in Procedure Linkage Table sections if any exist.
- strings - Extracts and displays ASCII strings from readable memory pages of the debugged process.
- threads - List all threads belonging to the selected inferior.
- tls - Print out base address of the current Thread Local Storage (TLS).
- track-got - Controls GOT tracking
- track-heap - Manages the heap tracker.
"},{"location":"commands/#memory","title":"Memory","text":" - distance - Print the distance between the two arguments, or print the offset to the address's page base.
- dump-register-frame - Display the registers saved to memory for a certain frame type
- gdt - Decode X86-64 GDT entries at address
- go-dump - Dumps a Go value of a given type at a specified address.
- go-type - Dumps a Go runtime reflection type at a specified address.
- hexdump - Hexdumps data at the specified address or module name.
- leakfind - Attempt to find a leak chain given a starting address.
- memfrob - Memfrobs a region of memory (xor with '*').
- mmap - Calls the mmap syscall and prints its resulting address.
- mprotect - Calls the mprotect syscall and prints its result value.
- p2p - Pointer to pointer chain search. Searches given mapping for all pointers that point to specified mapping.
- probeleak - Pointer scan for possible offset leaks.
- search - Search memory for byte sequences, strings, pointers, and integer values.
- telescope - Recursively dereferences pointers starting at the specified address.
- vmmap-add - Add virtual memory map page.
- vmmap-clear - Clear the vmmap cache.
- vmmap-explore - Explore a page, trying to guess permissions.
- vmmap - Print virtual memory map pages.
- xinfo - Shows offsets of the specified address from various useful locations.
- xor - XOR
count bytes at address with the key key.
"},{"location":"commands/#misc","title":"Misc","text":" - asm - Assemble shellcode into bytes
- checksec - Prints out the binary security settings using
checksec. - comm - Put comments in assembly code.
- cyclic - Cyclic pattern creator/finder.
- cymbol - Add, show, load, edit, or delete custom structures in plain C.
- down - Select and print stack frame called by this one.
- dt - Dump out information on a type (e.g. ucontext_t).
- dumpargs - Prints determined arguments for call/syscall instruction.
- getfile - Gets the current file.
- hex2ptr - Converts a space-separated hex string to a little-endian address.
- hijack-fd - Replace a file descriptor of a debugged process.
- ipi - Start an interactive IPython prompt.
- patch-list - List all patches.
- patch-revert - Revert patch at given address.
- patch - Patches given instruction with given code or bytes.
- plist - Dumps the elements of a linked list.
- sigreturn - Display the SigreturnFrame at the specific address
- spray - Spray memory with cyclic() generated values
- tips - Shows tips.
- up - Select and print stack frame that called this one.
- valist - Dumps the arguments of a va_list.
- vmmap-load - Load virtual memory map pages from ELF file.
"},{"location":"commands/#process","title":"Process","text":" - killthreads - Kill all or given threads.
- pid - Gets the pid.
- procinfo - Display information about the running process.
"},{"location":"commands/#pwndbg","title":"Pwndbg","text":" - bugreport - Generate a bug report.
- config - Shows Pwndbg-specific configuration.
- configfile - Generates a configuration file for the current Pwndbg options.
- heap-config - Shows heap related configuration.
- memoize - Toggles memoization (caching).
- profiler - Utilities for profiling Pwndbg.
- pwndbg - Prints out a list of all Pwndbg commands.
- reinit-pwndbg - Makes Pwndbg reinitialize all state.
- reload - Reload Pwndbg.
- theme - Shows Pwndbg-specific theme configuration.
- themefile - Generates a configuration file for the current Pwndbg theme options.
- version - Displays Pwndbg and its important deps versions.
"},{"location":"commands/#register","title":"Register","text":" - cpsr - Print out ARM CPSR or xPSR register.
- fsbase - Prints out the FS base address. See also $fsbase.
- gsbase - Prints out the GS base address. See also $gsbase.
- setflag - Modify the flags register.
"},{"location":"commands/#stack","title":"Stack","text":" - canary - Print out the current stack canary.
- retaddr - Print out the stack addresses that contain return addresses.
- stack-explore - Explore stack from all threads.
- stack - Dereferences on stack data with specified count and offset.
- stackf - Dereferences on stack data, printing the entire stack frame with specified count and offset .
"},{"location":"commands/#start","title":"Start","text":" - attachp - Attaches to a given pid, process name, process found with partial argv match or to a device file.
- entry - Start the debugged program stopping at its entrypoint address.
- sstart - Alias for 'tbreak __libc_start_main; run'.
- start - Start the debugged program stopping at the first convenient location
"},{"location":"commands/#stepnextcontinue","title":"Step/Next/Continue","text":" - nextcall - Breaks at the next call instruction.
- nextjmp - Breaks at the next jump instruction.
- nextproginstr - Breaks at the next instruction that belongs to the running program.
- nextret - Breaks at next return-like instruction.
- nextsyscall - Breaks at the next syscall not taking branches.
- stepover - Breaks on the instruction after this one.
- stepret - Breaks at next return-like instruction by 'stepping' to it.
- stepsyscall - Breaks at the next syscall by taking branches.
- stepuntilasm - Breaks on the next matching instruction.
- xuntil - Continue execution until an address or expression.
"},{"location":"commands/#windbg","title":"WinDbg","text":" - bc - Clear the breakpoint with the specified index.
- bd - Disable the breakpoint with the specified index.
- be - Enable the breakpoint with the specified index.
- bl - List breakpoints.
- bp - Set a breakpoint at the specified address.
- da - Dump a string at the specified address.
- db - Starting at the specified address, dump N bytes.
- dc - Starting at the specified address, hexdump.
- dd - Starting at the specified address, dump N dwords.
- dds - Dump pointers and symbols at the specified address.
- dq - Starting at the specified address, dump N qwords.
- ds - Dump a string at the specified address.
- dw - Starting at the specified address, dump N words.
- eb - Write hex bytes at the specified address.
- ed - Write hex dwords at the specified address.
- eq - Write hex qwords at the specified address.
- ew - Write hex words at the specified address.
- ez - Write a string at the specified address.
- eza - Write a string at the specified address.
- go - WinDbg compatibility alias for 'continue' command.
- k - Print a backtrace (alias 'bt').
- ln - List the symbols nearest to the provided value.
- pc - WinDbg compatibility alias for 'nextcall' command.
- peb - Not be windows.
"},{"location":"commands/#jemalloc-heap","title":"jemalloc Heap","text":" - jemalloc-extent-info - Prints extent information for the given address
- jemalloc-find-extent - Returns extent information for pointer address allocated by jemalloc
- jemalloc-heap - Prints all extents information
"},{"location":"commands/breakpoint/break-if-not-taken/","title":"Break if not taken","text":""},{"location":"commands/breakpoint/break-if-not-taken/#break-if-not-taken","title":"break-if-not-taken","text":"(only in GDB)
usage: break-if-not-taken [-h] branch\n
Breaks on a branch if it is not taken.
"},{"location":"commands/breakpoint/break-if-not-taken/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help branch The branch instruction to break on."},{"location":"commands/breakpoint/break-if-not-taken/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/breakpoint/break-if-taken/","title":"Break if taken","text":""},{"location":"commands/breakpoint/break-if-taken/#break-if-taken","title":"break-if-taken","text":"(only in GDB)
usage: break-if-taken [-h] branch\n
Breaks on a branch if it is taken.
"},{"location":"commands/breakpoint/break-if-taken/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help branch The branch instruction to break on."},{"location":"commands/breakpoint/break-if-taken/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/breakpoint/breakrva/","title":"Breakrva","text":""},{"location":"commands/breakpoint/breakrva/#breakrva","title":"breakrva","text":"(only in GDB)
usage: breakrva [-h] [offset] [module]\n
Break at RVA from PIE base.
Alias: brva
"},{"location":"commands/breakpoint/breakrva/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help offset Offset to add. (default: 0) module Module to choose as base. Defaults to the target executable. (default: '')"},{"location":"commands/breakpoint/breakrva/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/breakpoint/ignore/","title":"Ignore","text":""},{"location":"commands/breakpoint/ignore/#ignore","title":"ignore","text":"(only in GDB)
usage: ignore [-h] [N] COUNT\n
Set ignore-count of breakpoint number N to COUNT.
While the ignore count is positive, execution will not stop on the breakpoint.
By default, if `N' is ommitted, the last breakpoint (i.e. greatest breakpoint number) will be used.
"},{"location":"commands/breakpoint/ignore/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help bpnum The breakpoint number N. count The number to set COUNT."},{"location":"commands/breakpoint/ignore/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/context/","title":"Context","text":""},{"location":"commands/context/context/#context","title":"context","text":"usage: context [-h] [--on] [--off] [subcontext ...]\n
Print out the currently enabled context sections.
This is the text that gets printed on every stop. It can be useful to run this command manually when you change some process/debugger state but don't want to step/continue (e.g. after using the down and up commands).
Alias: ctx
"},{"location":"commands/context/context/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help subcontext Submenu to display: 'regs', 'disasm', 'code', 'stack', 'backtrace', 'ghidra', 'args', 'threads', 'heap_tracker', 'expressions', and/or 'last_signal'"},{"location":"commands/context/context/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --on Show the section(s) in subsequent context commands again. The section(s) have to be in the 'context-sections' list. --off Do not show the section(s) in subsequent context commands even though they might be in the 'context-sections' list."},{"location":"commands/context/context/#notes","title":"Notes","text":"To see more commands related to context control run:
pwndbg -c context\n
To see context configuration run: config context\n
"},{"location":"commands/context/context/#usage-example","title":"Usage example","text":""},{"location":"commands/context/contextnext/","title":"Contextnext","text":""},{"location":"commands/context/contextnext/#contextnext","title":"contextnext","text":"usage: contextnext [-h] [count]\n
Select next entry in context history.
Alias: ctxn
"},{"location":"commands/context/contextnext/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count The number of entries to go forward in history (default: 1)"},{"location":"commands/context/contextnext/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextoutput/","title":"Contextoutput","text":""},{"location":"commands/context/contextoutput/#contextoutput","title":"contextoutput","text":"usage: contextoutput [-h] section path clearing [banner] [width]\n
Sets the output of a context section.
Alias: ctx-out
"},{"location":"commands/context/contextoutput/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help section The section which is to be configured. ('regs', 'disasm', 'code', 'stack', 'backtrace', 'ghidra', 'args', 'threads', 'heap_tracker', 'expressions', and/or 'last_signal') path The path to which the output is written clearing Indicates whether to clear the output banner Where a banner should be placed: both, top , bottom, none (default: 'both') width Sets a fixed width (used for banner). Set to None for auto"},{"location":"commands/context/contextoutput/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextprev/","title":"Contextprev","text":""},{"location":"commands/context/contextprev/#contextprev","title":"contextprev","text":"usage: contextprev [-h] [count]\n
Select previous entry in context history.
Alias: ctxp
"},{"location":"commands/context/contextprev/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count The number of entries to go back in history (default: 1)"},{"location":"commands/context/contextprev/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextsearch/","title":"Contextsearch","text":""},{"location":"commands/context/contextsearch/#contextsearch","title":"contextsearch","text":"usage: contextsearch [-h] needle [section]\n
Search for a string in the context history and select that entry.
Alias: ctxsearch
"},{"location":"commands/context/contextsearch/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help needle The string to search for in the context history section The section to search in. If not provided, search in all sections"},{"location":"commands/context/contextsearch/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextunwatch/","title":"Contextunwatch","text":""},{"location":"commands/context/contextunwatch/#contextunwatch","title":"contextunwatch","text":"usage: contextunwatch [-h] num\n
Removes an expression previously added to be watched.
Aliases: ctx-unwatch, cunwatch
"},{"location":"commands/context/contextunwatch/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help num The expression number to be removed from context"},{"location":"commands/context/contextunwatch/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextwatch/","title":"Contextwatch","text":""},{"location":"commands/context/contextwatch/#contextwatch","title":"contextwatch","text":"usage: contextwatch [-h] [{eval,execute}] expression\n
Adds an expression to be shown on context.
To remove an expression, see cunwatch.
Aliases: ctx-watch, cwatch
"},{"location":"commands/context/contextwatch/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help cmd Command to be used with the expression. - eval: the expression is parsed and evaluated as in the debugged language. - execute: the expression is executed as a GDB command. (default: 'eval') expression The expression to be evaluated and shown in context"},{"location":"commands/context/contextwatch/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/context/contextwatch/#examples","title":"Examples","text":"For watching variables/expressions:\n cwatch BUF\n cwatch ITEMS[0]\n\nFor running commands:\n cwatch execute \"ds BUF\"\n cwatch execute \"x/20x $rsp\"\n cwatch execute \"info args\"\n
"},{"location":"commands/context/regs/","title":"Regs","text":""},{"location":"commands/context/regs/#regs","title":"regs","text":"usage: regs [-h] [regs ...]\n
Print out all registers and enhance the information.
"},{"location":"commands/context/regs/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help regs Registers to be shown"},{"location":"commands/context/regs/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/developer/dev-dump-instruction/","title":"Dev dump instruction","text":""},{"location":"commands/developer/dev-dump-instruction/#dev-dump-instruction","title":"dev-dump-instruction","text":"usage: dev-dump-instruction [-h] [-e] [-n] [address]\n
Dump internal PwndbgInstruction attributes.
Useful for debugging the disassembly and annotation subsystems in Pwndbg. See https://pwndbg.re/pwndbg/dev/contributing/improving-annotations/#bug-root-cause for more information.
"},{"location":"commands/developer/dev-dump-instruction/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to get the enhanced instruction from - must be in cache."},{"location":"commands/developer/dev-dump-instruction/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -e --emulate Force the use of emulation when enhancing the instruction, regardless of global 'emulate' setting. -n --no-emulate Disable the use of emulation when enhancing the instruction, regardless of global 'emulate' setting."},{"location":"commands/developer/log-level/","title":"Log level","text":""},{"location":"commands/developer/log-level/#log-level","title":"log-level","text":"usage: log-level [-h] [{debug,info,warning,error,critical}]\n
Set the log level.
"},{"location":"commands/developer/log-level/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help level The log level to set. (default: 'warning')"},{"location":"commands/developer/log-level/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/disassemble/emulate/","title":"Emulate","text":""},{"location":"commands/disassemble/emulate/#emulate","title":"emulate","text":"usage: emulate [-h] [pc] [lines]\n
Like nearpc, but will emulate instructions from the current $PC forward.
"},{"location":"commands/disassemble/emulate/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help pc Address to emulate near. lines Number of lines to show on either side of the address."},{"location":"commands/disassemble/emulate/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/disassemble/nearpc/","title":"Nearpc","text":""},{"location":"commands/disassemble/nearpc/#nearpc","title":"nearpc","text":"usage: nearpc [-h] [-e] [pc] [lines]\n
Disassemble near a specified address.
Aliases: pdisass, u
"},{"location":"commands/disassemble/nearpc/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help pc Address to disassemble near. If this is the only argument and the value provided is small enough, it is interpreted as lines instead. lines Number of lines to show on either side of the address."},{"location":"commands/disassemble/nearpc/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -e --emulate Whether to emulate instructions to find the next ones or just linearly disassemble."},{"location":"commands/glibc_ptmalloc2_heap/arena/","title":"Arena","text":""},{"location":"commands/glibc_ptmalloc2_heap/arena/#arena","title":"arena","text":"usage: arena [-h] [addr]\n
Print the contents of an arena.
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/arena/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/arena/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/arenas/","title":"Arenas","text":""},{"location":"commands/glibc_ptmalloc2_heap/arenas/#arenas","title":"arenas","text":"usage: arenas [-h]\n
List this process's arenas.
"},{"location":"commands/glibc_ptmalloc2_heap/arenas/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/bins/","title":"Bins","text":""},{"location":"commands/glibc_ptmalloc2_heap/bins/#bins","title":"bins","text":"usage: bins [-h] [addr] [tcache_addr]\n
Print the contents of all an arena's bins and a thread's tcache.
Default to the current thread's arena and tcache.
"},{"location":"commands/glibc_ptmalloc2_heap/bins/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena. tcache_addr Address of the tcache."},{"location":"commands/glibc_ptmalloc2_heap/bins/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/fastbins/","title":"Fastbins","text":""},{"location":"commands/glibc_ptmalloc2_heap/fastbins/#fastbins","title":"fastbins","text":"usage: fastbins [-h] [-v] [addr]\n
Print the contents of an arena's fastbins.
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/fastbins/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/fastbins/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Show all fastbins, including empty ones"},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/","title":"Find fake fast","text":""},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/#find-fake-fast","title":"find-fake-fast","text":"usage: find-fake-fast [-h] [--align] [--glibc-fastbin-bug]\n [--partial-overwrite]\n target_address [max_candidate_size]\n
Find candidate fake fast or tcache chunks overlapping the specified address.
"},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help target_address Address of the word-sized value to overlap. max_candidate_size Maximum size of fake chunks to find."},{"location":"commands/glibc_ptmalloc2_heap/find-fake-fast/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --align Whether the fake chunk must be aligned to MALLOC_ALIGNMENT. This is required for tcache chunks and for all chunks when Safe Linking is enabled -b --glibc-fastbin-bug Does the GLIBC fastbin size field bug affect the candidate size field width? -p --partial-overwrite Consider partial overwrite candidates, default behavior only shows word-size overwrites."},{"location":"commands/glibc_ptmalloc2_heap/heap/","title":"Heap","text":""},{"location":"commands/glibc_ptmalloc2_heap/heap/#heap","title":"heap","text":"usage: heap [-h] [-v] [-s] [addr]\n
Iteratively print chunks on a heap.
Default to the current thread's active heap.
"},{"location":"commands/glibc_ptmalloc2_heap/heap/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the first chunk (malloc_chunk struct start, prev_size field)."},{"location":"commands/glibc_ptmalloc2_heap/heap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Print all chunk fields, even unused ones. -s --simple Simply print malloc_chunk struct's contents."},{"location":"commands/glibc_ptmalloc2_heap/hi/","title":"Hi","text":""},{"location":"commands/glibc_ptmalloc2_heap/hi/#hi","title":"hi","text":"usage: hi [-h] [-v] [-s] [-f] addr\n
Searches all heaps to find if an address belongs to a chunk. If yes, prints the chunk.
"},{"location":"commands/glibc_ptmalloc2_heap/hi/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the interest."},{"location":"commands/glibc_ptmalloc2_heap/hi/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Print all chunk fields, even unused ones. -s --simple Simply print malloc_chunk struct's contents. -f --fake Allow fake chunks. If set, displays any memory as a heap chunk (even if its not a real chunk)."},{"location":"commands/glibc_ptmalloc2_heap/largebins/","title":"Largebins","text":""},{"location":"commands/glibc_ptmalloc2_heap/largebins/#largebins","title":"largebins","text":"usage: largebins [-h] [-v] [addr]\n
Print the contents of an arena's largebins.
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/largebins/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/largebins/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Show all largebins, including empty ones"},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/","title":"Malloc chunk","text":""},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/#malloc-chunk","title":"malloc-chunk","text":"usage: malloc-chunk [-h] [-f] [-v] [-s] [-d] [-n NEXT] addr\n
Print a chunk.
"},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the chunk (malloc_chunk struct start, prev_size field)."},{"location":"commands/glibc_ptmalloc2_heap/malloc-chunk/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -f --fake Is this a fake chunk? -v --verbose Print all chunk fields, even unused ones. -s --simple Simply print malloc_chunk struct's contents. -d --dump Print a hexdump of the chunk. -n --next Print the next N chunks after the specified address. (default: 0)"},{"location":"commands/glibc_ptmalloc2_heap/mp/","title":"Mp","text":""},{"location":"commands/glibc_ptmalloc2_heap/mp/#mp","title":"mp","text":"usage: mp [-h]\n
Print the mp_ struct's contents.
"},{"location":"commands/glibc_ptmalloc2_heap/mp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/smallbins/","title":"Smallbins","text":""},{"location":"commands/glibc_ptmalloc2_heap/smallbins/#smallbins","title":"smallbins","text":"usage: smallbins [-h] [-v] [addr]\n
Print the contents of an arena's smallbins.
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/smallbins/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/smallbins/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Show all smallbins, including empty ones"},{"location":"commands/glibc_ptmalloc2_heap/tcache/","title":"Tcache","text":""},{"location":"commands/glibc_ptmalloc2_heap/tcache/#tcache","title":"tcache","text":"usage: tcache [-h] [addr]\n
Print a thread's tcache contents.
Default to the current thread's tcache.
"},{"location":"commands/glibc_ptmalloc2_heap/tcache/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the tcache."},{"location":"commands/glibc_ptmalloc2_heap/tcache/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/","title":"Tcachebins","text":""},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/#tcachebins","title":"tcachebins","text":"usage: tcachebins [-h] [-v] [addr]\n
Print the contents of a tcache.
Default to the current thread's tcache.
"},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr The address of the tcache bins."},{"location":"commands/glibc_ptmalloc2_heap/tcachebins/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Show all tcachebins, including empty ones"},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/","title":"Top chunk","text":""},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/#top-chunk","title":"top-chunk","text":"usage: top-chunk [-h] [addr]\n
Print relevant information about an arena's top chunk.
Default to current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/top-chunk/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/try-free/","title":"Try free","text":""},{"location":"commands/glibc_ptmalloc2_heap/try-free/#try-free","title":"try-free","text":"usage: try-free [-h] addr\n
Check what would happen if free was called with given address.
"},{"location":"commands/glibc_ptmalloc2_heap/try-free/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address passed to free"},{"location":"commands/glibc_ptmalloc2_heap/try-free/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/","title":"Unsortedbin","text":""},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/#unsortedbin","title":"unsortedbin","text":"usage: unsortedbin [-h] [-v] [addr]\n
Print the contents of an arena's unsortedbin.
Default to the current thread's arena.
"},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the arena."},{"location":"commands/glibc_ptmalloc2_heap/unsortedbin/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Show the \"all\" bin even if it's empty"},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/","title":"Vis heap chunks","text":""},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/#vis-heap-chunks","title":"vis-heap-chunks","text":"usage: vis-heap-chunks [-h] [--beyond_top] [--no_truncate] [--all_chunks]\n [count] [addr]\n
Visualize chunks on a heap.
Default to the current arena's active heap.
Alias: vis
"},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count Number of chunks to visualize. If the value is big enough and addr isn't provided, this is interpreted as addr instead. (default: 10) addr Address of the first chunk."},{"location":"commands/glibc_ptmalloc2_heap/vis-heap-chunks/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -b --beyond_top Attempt to keep printing beyond the top chunk. -n --no_truncate Display all the chunk contents (Ignore the max-visualize-chunk-size configuration). -a --all_chunks Display all chunks (Ignore the default-visualize-chunk-number configuration)."},{"location":"commands/integrations/ai/","title":"Ai","text":""},{"location":"commands/integrations/ai/#ai","title":"ai","text":"(only in GDB)
usage: ai [-h] [-M MODEL] [-t TEMPERATURE] [-m MAX_TOKENS] [-v] [-L]\n [-c COMMAND]\n [question ...]\n
Ask GPT-3 a question about the current debugging context.
"},{"location":"commands/integrations/ai/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help question The question to ask."},{"location":"commands/integrations/ai/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -M --model The OpenAI model to use. -t --temperature The temperature to use. -m --max-tokens The maximum number of tokens to generate. -v --verbose Print the prompt and response. -L --list-models List the available models. -c --command Run a command in the GDB debugger and ask a question about the output."},{"location":"commands/integrations/bn-sync/","title":"Bn sync","text":""},{"location":"commands/integrations/bn-sync/#bn-sync","title":"bn-sync","text":"usage: bn-sync [-h]\n
Synchronize Binary Ninja's cursor with GDB.
Alias: bns
"},{"location":"commands/integrations/bn-sync/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/decomp/","title":"Decomp","text":""},{"location":"commands/integrations/decomp/#decomp","title":"decomp","text":"usage: decomp [-h] [addr] [lines]\n
Use the current integration to decompile code near an address.
"},{"location":"commands/integrations/decomp/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address to decompile near. lines Number of lines of decompilation to show."},{"location":"commands/integrations/decomp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/j/","title":"J","text":""},{"location":"commands/integrations/j/#j","title":"j","text":"(only in GDB)
usage: j [-h]\n
Synchronize IDA's cursor with GDB.
"},{"location":"commands/integrations/j/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/r2/","title":"R2","text":""},{"location":"commands/integrations/r2/#r2","title":"r2","text":"usage: r2 [-h] [--no-seek] [--no-rebase] [arguments ...]\n
Launches radare2.
Alias: radare2
"},{"location":"commands/integrations/r2/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help arguments Arguments to pass to radare"},{"location":"commands/integrations/r2/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --no-seek Do not seek to current pc --no-rebase Do not set the base address for PIE according to the current mapping"},{"location":"commands/integrations/r2/#examples","title":"Examples","text":"pwndbg> r2 -- -S -AA\nWARN: Relocs has not been applied. Please use `-e bin.relocs.apply=true` or `-e bin.cache=true` next time\nINFO: Analyze all flags starting with sym. and entry0 (aa)\n[...]\nINFO: Debugger commands disabled in sandbox mode\n[0x0001d3d0]> help\n\nWelcome to radare2!\n[...]\n
"},{"location":"commands/integrations/r2pipe/","title":"R2pipe","text":""},{"location":"commands/integrations/r2pipe/#r2pipe","title":"r2pipe","text":"usage: r2pipe [-h] arguments [arguments ...]\n
Execute stateful radare2 commands through r2pipe.
"},{"location":"commands/integrations/r2pipe/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help arguments Arguments to pass to r2pipe"},{"location":"commands/integrations/r2pipe/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/r2pipe/#examples","title":"Examples","text":"pwndbg> r2pipe pdf @ sym.main\n ; ICOD XREF from entry0 @ 0x1d3e8(r)\n\u250c 6786: int main (uint32_t argc, char **argv, char **envp);\n\u2502 `- args(rdi, rsi, rdx) vars(21:sp[0x40..0x18c])\n\u2502 0x0001b920 f30f1efa endbr64\n\u2502 0x0001b924 4157 push r15\n\u2502 0x0001b926 4156 push r14\n\u2502 0x0001b928 4155 push r13\n\u2502 0x0001b92a 4154 push r12\n[...]\n\u2502 0x0001b966 85c0 test eax, eax\n\u2502 \u250c\u2500< 0x0001b968 7545 jne 0x1b9af\n\u2502 \u2502 0x0001b96a e8311b0100 call sym.xtrace_init\n\u2502 \u2502 0x0001b96f e80cff0000 call sym.check_dev_tty\n\u2502 \u2502 ; CODE XREF from main @ 0x1b988(x)\n\u2502 \u250c\u2500\u2500> 0x0001b974 833dd1680f.. cmp dword [obj.debugging_login_shell], 0 ; [0x11224c:4]=0\n\u2502 \u250c\u2500\u2500\u2500< 0x0001b97b 743d je 0x1b9ba\n\u2502 \u2502\u254e\u2502 0x0001b97d bf03000000 mov edi, 3\n[...]\n
"},{"location":"commands/integrations/rop/","title":"Rop","text":""},{"location":"commands/integrations/rop/#rop","title":"rop","text":"usage: rop [-h] [--grep GREP] [--memlimit MEMLIMIT] [argument ...]\n
Dump ROP gadgets with Jon Salwan's ROPgadget tool.
Alias: ropgadget
"},{"location":"commands/integrations/rop/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help argument Arguments to pass to ROPgadget"},{"location":"commands/integrations/rop/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --grep String to grep the output for --memlimit String to grep the output for (default: '50MB')"},{"location":"commands/integrations/rop/#examples","title":"Examples","text":"pwndbg> rop --grep 'pop rdi' -- --nojop\nGadgets information\n============================================================\n[...]\n0x0007dce8 : pop rdi ; or dword ptr [rax], eax ; add rsp, 0x28 ; ret\n0x0007d838 : pop rdi ; or dword ptr [rax], eax ; je 0x7d840 ; ret\n0x0005b13d : pop rdi ; pop rbp ; ret\n0x0001ee23 : pop rdi ; ret\n\nUnique gadgets found: 8514\n
"},{"location":"commands/integrations/ropper/","title":"Ropper","text":""},{"location":"commands/integrations/ropper/#ropper","title":"ropper","text":"(only in GDB)
usage: ropper [-h] [argument ...]\n
ROP gadget search with ropper.
"},{"location":"commands/integrations/ropper/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help argument Arguments to pass to ropper"},{"location":"commands/integrations/ropper/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/ropper/#examples","title":"Examples","text":"pwndbg> ropper -- --console\n[INFO] Load gadgets from cache\n[LOAD] loading... 100%\n[LOAD] removing double gadgets... 100%\n(bash/ELF/x86_64)>\n----\npwndbg> ropper -- --search 'pop rdi; ret;'\n[INFO] Load gadgets from cache\n[LOAD] loading... 100%\n[LOAD] removing double gadgets... 100%\n[INFO] Searching for gadgets: pop rdi; ret;\n\n[INFO] File: /usr/bin/bash\n0x000000000001ee23: pop rdi; ret;\n
"},{"location":"commands/integrations/rz/","title":"Rz","text":""},{"location":"commands/integrations/rz/#rz","title":"rz","text":"usage: rz [-h] [--no-seek] [--no-rebase] [arguments ...]\n
Launches rizin.
Alias: rizin
"},{"location":"commands/integrations/rz/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help arguments Arguments to pass to rizin"},{"location":"commands/integrations/rz/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --no-seek Do not seek to current pc --no-rebase Do not set the base address for PIE according to the current mapping"},{"location":"commands/integrations/rz/#examples","title":"Examples","text":"pwndbg> rz -- -AA\n[x] Analyze all flags starting with sym. and entry0 (aa)\n[x] Analyze function calls\n[...]\n[x] Enable constraint types analysis for variables\n -- Use 'e asm.offset=true' to show offsets in 16bit segment addressing mode.\n[0x0001d3d0]>\n
"},{"location":"commands/integrations/rzpipe/","title":"Rzpipe","text":""},{"location":"commands/integrations/rzpipe/#rzpipe","title":"rzpipe","text":"usage: rzpipe [-h] arguments [arguments ...]\n
Execute stateful rizin commands through rzpipe.
"},{"location":"commands/integrations/rzpipe/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help arguments Arguments to pass to rzpipe"},{"location":"commands/integrations/rzpipe/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/integrations/rzpipe/#examples","title":"Examples","text":"pwndbg> rzpipe pdf @ sym.main\n ; DATA XREF from entry0 @ 0x1d3e8\n\u250c int main(int argc, char **argv, char **envp);\n\u2502 ; arg int argc @ rdi\n\u2502 ; arg char **argv @ rsi\n\u2502 ; arg char **envp @ rdx\n[...]\n\u2502 ; var uint64_t var_18ch @ stack - 0x18c\n\u2502 ; var int64_t var_188h @ stack - 0x188\n[...]\n\u2502 ; var int64_t canary @ stack - 0x40\n\u2502 0x0001b920 endbr64\n\u2502 0x0001b924 push r15\n\u2502 0x0001b926 push r14\n\u2502 0x0001b928 push r13\n\u2502 0x0001b92a push r12\n[...]\n\u2502 0x0001b966 test eax, eax\n\u2502 \u250c\u2500< 0x0001b968 jne 0x1b9af\n\u2502 \u2502 0x0001b96a call sym.xtrace_init\n\u2502 \u2502 0x0001b96f call sym.check_dev_tty\n\u2502 \u2502 ; CODE XREF from main @ 0x1b988\n\u2502 \u250c\u2500\u2500> 0x0001b974 cmp dword [obj.debugging_login_shell], 0 ; [0x11224c:4]=0\n\u2502 \u250c\u2500\u2500\u2500< 0x0001b97b je 0x1b9ba\n\u2502 \u2502\u254e\u2502 0x0001b97d mov edi, 3 ; int s\n[...]\n
"},{"location":"commands/integrations/save-ida/","title":"Save ida","text":""},{"location":"commands/integrations/save-ida/#save-ida","title":"save-ida","text":"(only in GDB)
usage: save-ida [-h]\n
Save the ida database.
"},{"location":"commands/integrations/save-ida/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/jemalloc_heap/jemalloc-extent-info/","title":"Jemalloc extent info","text":""},{"location":"commands/jemalloc_heap/jemalloc-extent-info/#jemalloc-extent-info","title":"jemalloc-extent-info","text":"usage: jemalloc-extent-info [-h] [-v] addr\n
Prints extent information for the given address
"},{"location":"commands/jemalloc_heap/jemalloc-extent-info/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the extent metadata"},{"location":"commands/jemalloc_heap/jemalloc-extent-info/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -v --verbose Print all chunk fields, even unused ones."},{"location":"commands/jemalloc_heap/jemalloc-find-extent/","title":"Jemalloc find extent","text":""},{"location":"commands/jemalloc_heap/jemalloc-find-extent/#jemalloc-find-extent","title":"jemalloc-find-extent","text":"usage: jemalloc-find-extent [-h] addr\n
Returns extent information for pointer address allocated by jemalloc
"},{"location":"commands/jemalloc_heap/jemalloc-find-extent/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the allocated memory location"},{"location":"commands/jemalloc_heap/jemalloc-find-extent/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/jemalloc_heap/jemalloc-heap/","title":"Jemalloc heap","text":""},{"location":"commands/jemalloc_heap/jemalloc-heap/#jemalloc-heap","title":"jemalloc-heap","text":"usage: jemalloc-heap [-h]\n
Prints all extents information
"},{"location":"commands/jemalloc_heap/jemalloc-heap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/binder/","title":"Binder","text":""},{"location":"commands/kernel/binder/#binder","title":"binder","text":"usage: binder [-h]\n
Show Android Binder information
"},{"location":"commands/kernel/binder/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/buddydump/","title":"Buddydump","text":""},{"location":"commands/kernel/buddydump/#buddydump","title":"buddydump","text":"usage: buddydump [-h] [-z {DMA,DMA32,Normal,HighMem,Movable,Device}]\n [-o ORDER]\n [-m {Unmovable,Movable,Reclaimable,HighAtomic,CMA,Isolate}]\n [-p] [-c CPU] [-n NODE] [-f FIND]\n
Displays metadata and freelists of the buddy allocator.
"},{"location":"commands/kernel/buddydump/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -z --zone Displays/searches lists only in the specified zone. -o --order Displays/searches lists only with the specified order. -m --mtype Displays/searches lists only with the specified mtype. -p --pcp-only Displays/searches only PCP lists. -c --cpu CPU nr for searching PCP. -n --node (default: 0) -f --find The address to find in page free lists."},{"location":"commands/kernel/kbase/","title":"Kbase","text":""},{"location":"commands/kernel/kbase/#kbase","title":"kbase","text":"usage: kbase [-h] [-r]\n
Finds the kernel virtual base address.
"},{"location":"commands/kernel/kbase/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -r --rebase rebase loaded symbol file"},{"location":"commands/kernel/kchecksec/","title":"Kchecksec","text":""},{"location":"commands/kernel/kchecksec/#kchecksec","title":"kchecksec","text":"usage: kchecksec [-h]\n
Checks for kernel hardening configuration options.
"},{"location":"commands/kernel/kchecksec/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/kcmdline/","title":"Kcmdline","text":""},{"location":"commands/kernel/kcmdline/#kcmdline","title":"kcmdline","text":"usage: kcmdline [-h]\n
Return the kernel commandline (/proc/cmdline).
"},{"location":"commands/kernel/kcmdline/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/kconfig/","title":"Kconfig","text":""},{"location":"commands/kernel/kconfig/#kconfig","title":"kconfig","text":"usage: kconfig [-h] [config_name]\n
Outputs the kernel config (requires CONFIG_IKCONFIG).
"},{"location":"commands/kernel/kconfig/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help config_name A config name to search for"},{"location":"commands/kernel/kconfig/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/klookup/","title":"Klookup","text":""},{"location":"commands/kernel/klookup/#klookup","title":"klookup","text":"usage: klookup [-h] symbol\n
Lookup kernel symbols
"},{"location":"commands/kernel/klookup/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help symbol Address or symbol name to lookup"},{"location":"commands/kernel/klookup/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/knft-dump/","title":"Knft dump","text":""},{"location":"commands/kernel/knft-dump/#knft-dump","title":"knft-dump","text":"usage: knft-dump [-h] [nsid]\n
Dump all nftables: tables, chains, rules, expressions
"},{"location":"commands/kernel/knft-dump/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help nsid Network Namespace ID"},{"location":"commands/kernel/knft-dump/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/knft-list-chains/","title":"Knft list chains","text":""},{"location":"commands/kernel/knft-list-chains/#knft-list-chains","title":"knft-list-chains","text":"usage: knft-list-chains [-h] [--nsid NSID] [table_family] [table_name]\n
Dump netfilter chains form a specific table
"},{"location":"commands/kernel/knft-list-chains/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Netfilter table family (inet, ip, ip6, netdev, bridge, arp) table_name Table name"},{"location":"commands/kernel/knft-list-chains/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-exprs/","title":"Knft list exprs","text":""},{"location":"commands/kernel/knft-list-exprs/#knft-list-exprs","title":"knft-list-exprs","text":"usage: knft-list-exprs [-h] [--nsid NSID]\n [table_family] [table_name] [chain_name] [rule_id]\n
Dump only expressions from specific rule
"},{"location":"commands/kernel/knft-list-exprs/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Table family, eg: inet, ip, ip6, netdev, bridge, arp table_name Table name chain_name Chain name rule_id Rule Handle ID"},{"location":"commands/kernel/knft-list-exprs/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-flowtables/","title":"Knft list flowtables","text":""},{"location":"commands/kernel/knft-list-flowtables/#knft-list-flowtables","title":"knft-list-flowtables","text":"usage: knft-list-flowtables [-h] [--nsid NSID] [table_family] [table_name]\n
Dump netfilter flowtables from a specific table
"},{"location":"commands/kernel/knft-list-flowtables/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Netfilter table family (inet, ip, ip6, netdev, bridge, arp) table_name Table name"},{"location":"commands/kernel/knft-list-flowtables/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-objects/","title":"Knft list objects","text":""},{"location":"commands/kernel/knft-list-objects/#knft-list-objects","title":"knft-list-objects","text":"usage: knft-list-objects [-h] [--nsid NSID] [table_family] [table_name]\n
Dump netfilter objects from a specific table
"},{"location":"commands/kernel/knft-list-objects/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Table family, eg: inet, ip, ip6, netdev, bridge, arp table_name Table name"},{"location":"commands/kernel/knft-list-objects/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-rules/","title":"Knft list rules","text":""},{"location":"commands/kernel/knft-list-rules/#knft-list-rules","title":"knft-list-rules","text":"usage: knft-list-rules [-h] [--nsid NSID]\n [table_family] [table_name] [chain_name]\n
Dump netfilter rules form a specific chain
"},{"location":"commands/kernel/knft-list-rules/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Table family, eg: inet, ip, ip6, netdev, bridge, arp table_name Table name chain_name Chain name"},{"location":"commands/kernel/knft-list-rules/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-sets/","title":"Knft list sets","text":""},{"location":"commands/kernel/knft-list-sets/#knft-list-sets","title":"knft-list-sets","text":"usage: knft-list-sets [-h] [--nsid NSID] [table_family] [table_name]\n
Dump netfilter sets from a specific table
"},{"location":"commands/kernel/knft-list-sets/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help table_family Table family, eg: inet, ip, ip6, netdev, bridge, arp table_name Table name"},{"location":"commands/kernel/knft-list-sets/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/knft-list-tables/","title":"Knft list tables","text":""},{"location":"commands/kernel/knft-list-tables/#knft-list-tables","title":"knft-list-tables","text":"usage: knft-list-tables [-h] [--nsid NSID]\n
Dump netfliter tables from a specific network namespace
"},{"location":"commands/kernel/knft-list-tables/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n --nsid Network Namespace ID"},{"location":"commands/kernel/kversion/","title":"Kversion","text":""},{"location":"commands/kernel/kversion/#kversion","title":"kversion","text":"usage: kversion [-h]\n
Outputs the kernel version (/proc/version).
"},{"location":"commands/kernel/kversion/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/msr/","title":"Msr","text":""},{"location":"commands/kernel/msr/#msr","title":"msr","text":"usage: msr [-h] [-w [write_value]] [-l] [-r [MSR_RANGE]] [msr]\n
Read or write to Model Specific Register (MSR)
"},{"location":"commands/kernel/msr/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help msr MSR value or name"},{"location":"commands/kernel/msr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -w --write value to write in MSR -l --list list common MSRs for the current arch -r --range dash separated range of MSRs to read (eg. --range=1-10 where 10 is included)"},{"location":"commands/kernel/p2v/","title":"P2v","text":""},{"location":"commands/kernel/p2v/#p2v","title":"p2v","text":"usage: p2v [-h] paddr\n
Translate physical address to its corresponding virtual address.
"},{"location":"commands/kernel/p2v/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help paddr"},{"location":"commands/kernel/p2v/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/pagewalk/","title":"Pagewalk","text":""},{"location":"commands/kernel/pagewalk/#pagewalk","title":"pagewalk","text":"usage: pagewalk [-h] [--pgd ENTRY] vaddr\n
Performs pagewalk.
"},{"location":"commands/kernel/pagewalk/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help vaddr virtual address to walk"},{"location":"commands/kernel/pagewalk/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --pgd"},{"location":"commands/kernel/slab/","title":"Slab","text":""},{"location":"commands/kernel/slab/#slab","title":"slab","text":"usage: slab [-h] {list,info,contains} ...\n
Prints information about the linux kernel's slab allocator SLUB.
"},{"location":"commands/kernel/slab/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help command"},{"location":"commands/kernel/slab/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/kernel/v2p/","title":"V2p","text":""},{"location":"commands/kernel/v2p/#v2p","title":"v2p","text":"usage: v2p [-h] vaddr\n
Translate virtual address to its corresponding physical address.
"},{"location":"commands/kernel/v2p/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help vaddr"},{"location":"commands/kernel/v2p/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/argc/","title":"Argc","text":""},{"location":"commands/linux_libc_elf/argc/#argc","title":"argc","text":"usage: argc [-h]\n
Prints out the number of arguments.
"},{"location":"commands/linux_libc_elf/argc/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/argv/","title":"Argv","text":""},{"location":"commands/linux_libc_elf/argv/#argv","title":"argv","text":"usage: argv [-h] [i]\n
Prints out the contents of argv.
"},{"location":"commands/linux_libc_elf/argv/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help i Index of the argument to print out."},{"location":"commands/linux_libc_elf/argv/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/aslr/","title":"Aslr","text":""},{"location":"commands/linux_libc_elf/aslr/#aslr","title":"aslr","text":"usage: aslr [-h] [{on,off}]\n
Check the current ASLR status, or turn it on/off.
Does not take effect until the program is restarted.
"},{"location":"commands/linux_libc_elf/aslr/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help state Turn ASLR on or off (takes effect when target is started)"},{"location":"commands/linux_libc_elf/aslr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/auxv-explore/","title":"Auxv explore","text":""},{"location":"commands/linux_libc_elf/auxv-explore/#auxv-explore","title":"auxv-explore","text":"usage: auxv-explore [-h]\n
Explore and print information from the Auxiliary ELF Vector.
"},{"location":"commands/linux_libc_elf/auxv-explore/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/auxv/","title":"Auxv","text":""},{"location":"commands/linux_libc_elf/auxv/#auxv","title":"auxv","text":"usage: auxv [-h]\n
Print information from the Auxiliary ELF Vector.
"},{"location":"commands/linux_libc_elf/auxv/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/elfsections/","title":"Elfsections","text":""},{"location":"commands/linux_libc_elf/elfsections/#elfsections","title":"elfsections","text":"usage: elfsections [-h] [-R]\n
Prints the section mappings contained in the ELF header. If binary not start or use --no-rebase, the section permission based on section flags.
"},{"location":"commands/linux_libc_elf/elfsections/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -R --no-rebase Print the non-rebased section address."},{"location":"commands/linux_libc_elf/elfsections/#examples","title":"Examples","text":"elfsections\nelfsections --no-rebase\n
"},{"location":"commands/linux_libc_elf/envp/","title":"Envp","text":""},{"location":"commands/linux_libc_elf/envp/#envp","title":"envp","text":"usage: envp [-h] [name]\n
Prints out the contents of the environment.
Aliases: env, environ
"},{"location":"commands/linux_libc_elf/envp/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help name Name of the environment variable to see."},{"location":"commands/linux_libc_elf/envp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/errno/","title":"Errno","text":""},{"location":"commands/linux_libc_elf/errno/#errno","title":"errno","text":"usage: errno [-h] [err]\n
Converts errno (or argument) to its string representation.
"},{"location":"commands/linux_libc_elf/errno/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help err Errno; if not passed, it is retrieved from __errno_location"},{"location":"commands/linux_libc_elf/errno/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/got/","title":"Got","text":""},{"location":"commands/linux_libc_elf/got/#got","title":"got","text":"(only in GDB)
usage: got [-h] [-p PATH_FILTER | -a] [-r] [symbol_filter]\n
Show the state of the Global Offset Table.
"},{"location":"commands/linux_libc_elf/got/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help symbol_filter Filter results by symbol name. (default: '')"},{"location":"commands/linux_libc_elf/got/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -p --path Filter results by library/objfile path. (default: '') -a --all Process all libs/obfjiles including the target executable. -r --show-readonly Also display read-only entries (which are filtered out by default)."},{"location":"commands/linux_libc_elf/got/#examples","title":"Examples","text":"> got\n Print all writable GOT entries in the executable.\n> got -r puts\n Print all GOT entries that contain the string \"puts\".\n> got -p libc\n Print all writable GOT entries used by libc. (And any other loaded\n object files that contain the string \"libc\" in their path).\n> got -ra\n Print all GOT entries in the address space.\n
"},{"location":"commands/linux_libc_elf/gotplt/","title":"Gotplt","text":""},{"location":"commands/linux_libc_elf/gotplt/#gotplt","title":"gotplt","text":"usage: gotplt [-h]\n
Prints any symbols found in the .got.plt section if it exists.
"},{"location":"commands/linux_libc_elf/gotplt/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/libcinfo/","title":"Libcinfo","text":""},{"location":"commands/linux_libc_elf/libcinfo/#libcinfo","title":"libcinfo","text":"usage: libcinfo [-h]\n
Show libc version and link to its sources
"},{"location":"commands/linux_libc_elf/libcinfo/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/linkmap/","title":"Linkmap","text":""},{"location":"commands/linux_libc_elf/linkmap/#linkmap","title":"linkmap","text":"usage: linkmap [-h]\n
Show the state of the Link Map
"},{"location":"commands/linux_libc_elf/linkmap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/onegadget/","title":"Onegadget","text":""},{"location":"commands/linux_libc_elf/onegadget/#onegadget","title":"onegadget","text":"usage: onegadget [-h] [--show-unsat] [--no-unknown] [-v]\n
Find gadgets which single-handedly give code execution.
Uses the onegadget tool by david942j.
"},{"location":"commands/linux_libc_elf/onegadget/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --show-unsat Show unsatisfiable gadgets. --no-unknown Do not show unknown gadgets. -v --verbose Show verbose output."},{"location":"commands/linux_libc_elf/piebase/","title":"Piebase","text":""},{"location":"commands/linux_libc_elf/piebase/#piebase","title":"piebase","text":"usage: piebase [-h] [offset] [module]\n
Calculate VA of RVA from PIE base.
"},{"location":"commands/linux_libc_elf/piebase/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help offset Offset from PIE base. (default: 0) module Module to choose as base. Defaults to the target executable. (default: '')"},{"location":"commands/linux_libc_elf/piebase/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/plt/","title":"Plt","text":""},{"location":"commands/linux_libc_elf/plt/#plt","title":"plt","text":"usage: plt [-h]\n
Prints any symbols found in Procedure Linkage Table sections if any exist.
"},{"location":"commands/linux_libc_elf/plt/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/strings/","title":"Strings","text":""},{"location":"commands/linux_libc_elf/strings/#strings","title":"strings","text":"usage: strings [-h] [-n N] [--save-as SAVE_AS] [page_names ...]\n
Extracts and displays ASCII strings from readable memory pages of the debugged process.
"},{"location":"commands/linux_libc_elf/strings/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help page_names Mapping to search [e.g. libc]. Can be used with multiple mappings [e.g libc heap stack] (default: '[]')"},{"location":"commands/linux_libc_elf/strings/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -n Minimum length of ASCII strings to include (default: 4) --save-as Sets the filename for the output of this command [e.g. --save-as='out.txt']"},{"location":"commands/linux_libc_elf/threads/","title":"Threads","text":""},{"location":"commands/linux_libc_elf/threads/#threads","title":"threads","text":"usage: threads [-h] [-c] [num_threads]\n
List all threads belonging to the selected inferior.
"},{"location":"commands/linux_libc_elf/threads/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help num_threads Number of threads to display. Omit to display all threads."},{"location":"commands/linux_libc_elf/threads/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -c --config Respect context-max-threads config to limit number of threads displayed."},{"location":"commands/linux_libc_elf/tls/","title":"Tls","text":""},{"location":"commands/linux_libc_elf/tls/#tls","title":"tls","text":"usage: tls [-h] [-p] [-a]\n
Print out base address of the current Thread Local Storage (TLS).
"},{"location":"commands/linux_libc_elf/tls/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -p --pthread-self Try to get the address of TLS by calling pthread_self(). -a --all Do not truncate the dump output."},{"location":"commands/linux_libc_elf/track-got/","title":"Track got","text":""},{"location":"commands/linux_libc_elf/track-got/#track-got","title":"track-got","text":"(only in GDB)
usage: track-got [-h] {enable,disable,info,query} ...\n
Controls GOT tracking
"},{"location":"commands/linux_libc_elf/track-got/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/linux_libc_elf/track-heap/","title":"Track heap","text":""},{"location":"commands/linux_libc_elf/track-heap/#track-heap","title":"track-heap","text":"(only in GDB)
usage: track-heap [-h] {enable,disable,toggle-break} ...\n
Manages the heap tracker.
The heap tracker is a module that tracks usage of the GLibc heap and looks for user errors such as double frees and use after frees.
Currently, the following errors can be detected: - Use After Free
"},{"location":"commands/linux_libc_elf/track-heap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/distance/","title":"Distance","text":""},{"location":"commands/memory/distance/#distance","title":"distance","text":"usage: distance [-h] a [b]\n
Print the distance between the two arguments, or print the offset to the address's page base.
"},{"location":"commands/memory/distance/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help a The first address. b The second address."},{"location":"commands/memory/distance/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/dump-register-frame/","title":"Dump register frame","text":""},{"location":"commands/memory/dump-register-frame/#dump-register-frame","title":"dump-register-frame","text":"usage: dump-register-frame [-h] [-p]\n {armcm-exception,armcm-exception2} [address]\n
Display the registers saved to memory for a certain frame type
"},{"location":"commands/memory/dump-register-frame/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help frame_type The type of frame to print address The address to read the frame from"},{"location":"commands/memory/dump-register-frame/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -p --print Show addresses of frame values"},{"location":"commands/memory/gdt/","title":"Gdt","text":""},{"location":"commands/memory/gdt/#gdt","title":"gdt","text":"usage: gdt [-h] address [count]\n
Decode X86-64 GDT entries at address
See also:
- https://wiki.osdev.org/Global_Descriptor_Table
- https://wiki.osdev.org/GDT_Tutorial
"},{"location":"commands/memory/gdt/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address x86-64 GDTR base address (e.g. read from sgdt instruction from [16:79] bits) count Number of entries to dump (should be (GDTR.size+1)/8) (default: 8)"},{"location":"commands/memory/gdt/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/gdt/#notes","title":"Notes","text":"In 64-bit mode, the Base and Limit values are ignored, each descriptor covers the entire linear address space regardless of what they are set to.
"},{"location":"commands/memory/go-dump/","title":"Go dump","text":""},{"location":"commands/memory/go-dump/#go-dump","title":"go-dump","text":"usage: go-dump [-h] [-x] [-f [DECIMALS]] [-d] [-p] ty address\n
Dumps a Go value of a given type at a specified address.
Alias: god
"},{"location":"commands/memory/go-dump/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help ty Go type of value to dump, e.g. map[int]string, or the address of a type to resolve at runtime, e.g. 0x408860 address Address to dump"},{"location":"commands/memory/go-dump/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -x --hex Display non-pointer integers as hex -f --decimals Configures the number of decimal places to display for floating points -d --debug Shows debug info, like addresses for slice/map elements, slice capacity, etc. -p --pretty Enables pretty printing"},{"location":"commands/memory/go-type/","title":"Go type","text":""},{"location":"commands/memory/go-type/#go-type","title":"go-type","text":"usage: go-type [-h] address\n
Dumps a Go runtime reflection type at a specified address.
Alias: goty
"},{"location":"commands/memory/go-type/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address to dump"},{"location":"commands/memory/go-type/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/hexdump/","title":"Hexdump","text":""},{"location":"commands/memory/hexdump/#hexdump","title":"hexdump","text":"usage: hexdump [-h] [address] [count]\n
Hexdumps data at the specified address or module name.
"},{"location":"commands/memory/hexdump/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address or module name to dump (default: $sp) count Number of bytes to dump (default: 64)"},{"location":"commands/memory/hexdump/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/leakfind/","title":"Leakfind","text":""},{"location":"commands/memory/leakfind/#leakfind","title":"leakfind","text":"usage: leakfind [-h] [-p [PAGE_NAME]] [-o [MAX_OFFSET]] [-d [MAX_DEPTH]]\n [-s [STEP]] [--negative_offset [NEGATIVE_OFFSET]]\n [address]\n
Attempt to find a leak chain given a starting address.
Scans memory near the given address, looks for pointers, and continues that process to attempt to find leaks.
"},{"location":"commands/memory/leakfind/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Starting address to find a leak chain from (default: $sp)"},{"location":"commands/memory/leakfind/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -p --page_name Substring required to be part of the name of any found pages -o --max_offset Max offset to add to addresses when looking for leak (default: 72) -d --max_depth Maximum depth to follow pointers to (default: 4) -s --step Step to add between pointers so they are considered. For example, if this is 4 it would only consider pointers at an offset divisible by 4 from the starting pointer (default: 1) --negative_offset Max negative offset to search before an address when looking for a leak (default: 0)"},{"location":"commands/memory/leakfind/#examples","title":"Examples","text":"pwndbg> leakfind $rsp --page_name=filename --max_offset=0x48 --max_depth=6.\nThis would look for any chains of leaks that point to a section in filename\nwhich begin near $rsp, are never 0x48 bytes further from a known pointer,\nand are a maximum length of 6.\n
"},{"location":"commands/memory/memfrob/","title":"Memfrob","text":""},{"location":"commands/memory/memfrob/#memfrob","title":"memfrob","text":"usage: memfrob [-h] address count\n
Memfrobs a region of memory (xor with '*').
"},{"location":"commands/memory/memfrob/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to start xoring at. count The number of bytes to xor."},{"location":"commands/memory/memfrob/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/mmap/","title":"Mmap","text":""},{"location":"commands/memory/mmap/#mmap","title":"mmap","text":"usage: mmap [-h] [--quiet] [--force] addr length [prot] [flags] [fd] [offset]\n
Calls the mmap syscall and prints its resulting address.
Note that the mmap syscall may fail for various reasons (see man mmap) and, in case of failure, its return value will not be a valid pointer.
PROT values: NONE (0), READ (1), WRITE (2), EXEC (4)
MAP values: SHARED (1), PRIVATE (2), SHARED_VALIDATE (3), FIXED (0x10), ANONYMOUS (0x20)
Flags and protection values can be either a string containing the names of the flags or permissions or a single number corresponding to the bitwise OR of the protection and flag numbers.
"},{"location":"commands/memory/mmap/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address hint to be given to mmap. length Length of the mapping, in bytes. Needs to be greater than zero. prot Prot enum or int as in mmap(2). Eg. \"PROT_READ|PROT_EXEC\" or 7 (for RWX). (default: '7') flags Flags enum or int as in mmap(2). Eg. \"MAP_PRIVATE|MAP_ANONYMOUS\" or 0x22. (default: '0x22') fd File descriptor of the file to be mapped, or -1 if using MAP_ANONYMOUS. (default: -1) offset Offset from the start of the file, in bytes, if using file based mapping. (default: 0)"},{"location":"commands/memory/mmap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -q --quiet Disable address validity warnings and hints -f --force Force potentially unsafe actions to happen"},{"location":"commands/memory/mmap/#examples","title":"Examples","text":"mmap 0x0 4096 PROT_READ|PROT_WRITE|PROT_EXEC MAP_PRIVATE|MAP_ANONYMOUS -1 0\n - Maps a new private+anonymous page with RWX permissions at a location\n decided by the kernel.\n\nmmap 0x0 4096 PROT_READ MAP_PRIVATE 10 0\n - Maps 4096 bytes of the file pointed to by file descriptor number 10 with\n read permission at a location decided by the kernel.\n\nmmap 0xdeadbeef 0x1000\n - Maps a new private+anonymous page with RWX permissions at a page boundary\n near 0xdeadbeef.\n
"},{"location":"commands/memory/mprotect/","title":"Mprotect","text":""},{"location":"commands/memory/mprotect/#mprotect","title":"mprotect","text":"usage: mprotect [-h] addr length prot\n
Calls the mprotect syscall and prints its result value.
Note that the mprotect syscall may fail for various reasons (see man mprotect) and a non-zero error return value can be decoded with the errno <value> command.
"},{"location":"commands/memory/mprotect/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Page-aligned address to all mprotect on. length Count of bytes to call mprotect on. Needs to be multiple of page size. prot Prot string as in mprotect(2). Eg. \"PROT_READ|PROT_EXEC\", \"rx\", or \"5\""},{"location":"commands/memory/mprotect/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/mprotect/#examples","title":"Examples","text":"mprotect $rsp 4096 PROT_READ|PROT_WRITE|PROT_EXEC\nmprotect $rsp 4096 rwx\nmprotect $rsp 4096 7\nmprotect some_symbol 0x1000 PROT_NONE\n
"},{"location":"commands/memory/p2p/","title":"P2p","text":""},{"location":"commands/memory/p2p/#p2p","title":"p2p","text":"usage: p2p [-h] mapping_names [mapping_names ...]\n
Pointer to pointer chain search. Searches given mapping for all pointers that point to specified mapping.
Any chain length greater than 0 is valid. If only one mapping is given it just looks for any pointers in that mapping.
"},{"location":"commands/memory/p2p/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help mapping_names Mapping name"},{"location":"commands/memory/p2p/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/probeleak/","title":"Probeleak","text":""},{"location":"commands/memory/probeleak/#probeleak","title":"probeleak","text":"usage: probeleak [-h] [--max-distance MAX_DISTANCE] [--point-to POINT_TO]\n [--max-ptrs MAX_PTRS] [--flags FLAGS]\n [address] [count]\n
Pointer scan for possible offset leaks.
"},{"location":"commands/memory/probeleak/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Leak memory address (default: $sp) count Leak size in bytes (default: 64)"},{"location":"commands/memory/probeleak/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --max-distance Max acceptable distance between memory page boundary and leaked pointer (default: 0) --point-to Mapping name of the page that you want the pointers point to --max-ptrs Stop search after find n pointers, default 0 (default: 0) --flags flags of the page that you want the pointers point to. [e.g. rwx]"},{"location":"commands/memory/probeleak/#examples","title":"Examples","text":"> probeleak $rsp 0x64\nLeaks 0x64 bytes starting at stack pointer and search for valid pointers.\n> probeleak $rsp 0x64 --max-dist 0x10\nAs above, but pointers may point 0x10 bytes outside of memory page.\n> probeleak $rsp 0x64 --point-to libc --max-ptrs 1 --flags rwx\nLeaks 0x64 bytes starting at stack pointer and search for one valid pointer\nwhich points to a libc rwx page.\n
"},{"location":"commands/memory/search/","title":"Search","text":""},{"location":"commands/memory/search/#search","title":"search","text":"usage: search [-h] [-t {byte,short,word,dword,qword,pointer,string,bytes,asm}]\n [-1] [-2] [-4] [-8] [-p] [--asm]\n [--arch {powerpc64,aarch64,powerpc,riscv32,riscv64,sparc64,mips64,msp430,alpha,amd64,sparc,thumb,cris,i386,ia64,m68k,mips,s390,none,avr,arm,vax}]\n [--asmbp] [-x] [-e] [-w] [-s STEP] [-l LIMIT] [-a ALIGNED]\n [--save] [--no-save] [-n] [--trunc-out]\n value [mapping_name]\n
Search memory for byte sequences, strings, pointers, and integer values.
By default search results are cached. If you want to cache all results, but only print a subset, use --trunc-out. If you want to cache only a subset of results, and print the results immediately, use --limit. The latter is specially useful if you're searching a huge section of memory.
"},{"location":"commands/memory/search/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help value Value to search for mapping_name Mapping to search [e.g. libc]"},{"location":"commands/memory/search/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -t --type Size of search target (default: 'bytes') -1 --byte Search for a 1-byte integer -2 --short Search for a 2-byte integer -4 --dword Search for a 4-byte integer -8 --qword Search for an 8-byte integer -p --pointer Search for a pointer-width integer --asm Search for an assembly instruction --arch Target architecture --asmbp Set breakpoint for found assembly instruction -x --hex Target is a hex-encoded (for bytes/strings) -e --executable Search executable segments only -w --writable Search writable segments only -s --step Step search address forward to next alignment after each hit (ex: 0x1000) -l --limit Max results before quitting the search. Differs from --trunc-out in that it will not save all search results before quitting -a --aligned Result must be aligned to this byte boundary --save Save results for further searches with --next. Default comes from config 'auto-save-search' --no-save Invert --save -n --next Search only locations returned by previous search with --save --trunc-out Truncate the output to 20 results. Differs from --limit in that it will first save all search results"},{"location":"commands/memory/telescope/","title":"Telescope","text":""},{"location":"commands/memory/telescope/#telescope","title":"telescope","text":"usage: telescope [-h] [-r] [-f] [-i] [address] [count]\n
Recursively dereferences pointers starting at the specified address.
"},{"location":"commands/memory/telescope/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to telescope at. (default: $sp) count The number of lines to show. (default: 8)"},{"location":"commands/memory/telescope/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -r --reverse Show previous addresses instead of next ones -f --frame Show the stack frame, from rsp to rbp -i --inverse Show the stack reverse growth"},{"location":"commands/memory/vmmap-add/","title":"Vmmap add","text":""},{"location":"commands/memory/vmmap-add/#vmmap-add","title":"vmmap-add","text":"usage: vmmap-add [-h] start size [flags] [offset]\n
Add virtual memory map page.
"},{"location":"commands/memory/vmmap-add/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help start Starting virtual address size Size of the address space, in bytes flags Flags set by the ELF file (r - read, w - write, x - executable) (default: '') offset Offset into the original ELF file that the data is loaded from (default: 0)"},{"location":"commands/memory/vmmap-add/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/vmmap-clear/","title":"Vmmap clear","text":""},{"location":"commands/memory/vmmap-clear/#vmmap-clear","title":"vmmap-clear","text":"usage: vmmap-clear [-h]\n
Clear the vmmap cache.
"},{"location":"commands/memory/vmmap-clear/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/vmmap-explore/","title":"Vmmap explore","text":""},{"location":"commands/memory/vmmap-explore/#vmmap-explore","title":"vmmap-explore","text":"usage: vmmap-explore [-h] address\n
Explore a page, trying to guess permissions.
"},{"location":"commands/memory/vmmap-explore/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address of the page to explore"},{"location":"commands/memory/vmmap-explore/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/vmmap/","title":"Vmmap","text":""},{"location":"commands/memory/vmmap/#vmmap","title":"vmmap","text":"usage: vmmap [-h] [-w] [-x] [-A LINES_AFTER] [-B LINES_BEFORE] [-C CONTEXT]\n [--gaps]\n [gdbval_or_str]\n
Print virtual memory map pages.
Unnamed mappings are named as [anon_%#x] where %#x is high part of their start address. This is useful for filtering with vmmap or search commands.
Known issues with vmmap: For QEMU user targets, the QEMU's gdbstub does not provide memory maps information to GDB until [0] is finished & merged. We try to deal with it without parsing the QEMU process' /proc/$pid/maps file, but if our approach fails, we simply create a [0, 0xffff...] vmmap which is not great and may result in lack of proper colors or inability to search memory with the search command.
For QEMU kernel, we use gdb-pt-dump that parses page tables from the guest by reading /proc/$pid/mem of QEMU process. If this does not work for you, use set kernel-vmmap-via-page-tables off to refer to our old method of reading vmmap info from monitor info mem command exposed by QEMU. Note that the latter may be slower and will not give full vmmaps permission information.
For coredump debugging, GDB also lacks all vmmap info but we do our best to get it back by using the info proc mappings and maintenance info sections commands.
As a last resort, we sometimes try to explore the addresses in CPU registers and if they are readable by GDB, we determine their bounds and create an \"\" vmmap. However, this method is slow and is not used on each GDB stop.
Memory pages can also be added manually with the use of vmmap-add, vmmap-clear and vmmap-load commands. This may be useful for bare metal debugging.
[0] https://lore.kernel.org/all/20220221030910.3203063-1-dominik.b.czarnota@gmail.com/
Aliases: lm, address, vprot, libs
"},{"location":"commands/memory/vmmap/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help gdbval_or_str Address or module name filter"},{"location":"commands/memory/vmmap/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -w --writable Display writable maps only -x --executable Display executable maps only -A --lines-after Number of pages to display after result (default: 1) -B --lines-before Number of pages to display before result (default: 1) -C --context Number of pages to display around the result --gaps Display unmapped memory gap information in the memory map."},{"location":"commands/memory/xinfo/","title":"Xinfo","text":""},{"location":"commands/memory/xinfo/#xinfo","title":"xinfo","text":"usage: xinfo [-h] [address]\n
Shows offsets of the specified address from various useful locations.
"},{"location":"commands/memory/xinfo/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address to inspect (default: $pc)"},{"location":"commands/memory/xinfo/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/memory/xor/","title":"Xor","text":""},{"location":"commands/memory/xor/#xor","title":"xor","text":"usage: xor [-h] address key count\n
XOR count bytes at address with the key key.
"},{"location":"commands/memory/xor/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to start xoring at. key The key to use. count The number of bytes to xor."},{"location":"commands/memory/xor/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/asm/","title":"Asm","text":""},{"location":"commands/misc/asm/#asm","title":"asm","text":"usage: asm [-h] [-f {hex,string}]\n [--arch {powerpc64,aarch64,powerpc,riscv32,riscv64,sparc64,mips64,msp430,alpha,amd64,sparc,thumb,cris,i386,ia64,m68k,mips,s390,none,avr,arm,vax}]\n [-v AVOID] [-n] [-z] [-i INFILE]\n [shellcode ...]\n
Assemble shellcode into bytes
"},{"location":"commands/misc/asm/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help shellcode Assembler code to assemble (default: '[]')"},{"location":"commands/misc/asm/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -f --format Output format (default: 'hex') --arch Target architecture -v --avoid Encode the shellcode to avoid the listed bytes (provided as hex) -n --newline Encode the shellcode to avoid newlines -z --zero Encode the shellcode to avoid NULL bytes -i --infile Specify input file"},{"location":"commands/misc/checksec/","title":"Checksec","text":""},{"location":"commands/misc/checksec/#checksec","title":"checksec","text":"usage: checksec [-h] [-f FILE]\n
Prints out the binary security settings using checksec.
"},{"location":"commands/misc/checksec/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -f --file Specify the file to run checksec on."},{"location":"commands/misc/checksec/#examples","title":"Examples","text":"pwndbg> checksec\nFile: /usr/bin/bash\nArch: amd64\nRELRO: Full RELRO\nStack: Canary found\nNX: NX enabled\nPIE: PIE enabled\nSHSTK: Enabled\nIBT: Enabled\n
"},{"location":"commands/misc/comm/","title":"Comm","text":""},{"location":"commands/misc/comm/#comm","title":"comm","text":"usage: comm [-h] [--addr address] comment\n
Put comments in assembly code.
"},{"location":"commands/misc/comm/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help comment The text you want to comment"},{"location":"commands/misc/comm/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --addr Address to write comments"},{"location":"commands/misc/cyclic/","title":"Cyclic","text":""},{"location":"commands/misc/cyclic/#cyclic","title":"cyclic","text":"usage: cyclic [-h] [-a charset] [-n length] [-l lookup_value]\n [count] [filename]\n
Cyclic pattern creator/finder.
"},{"location":"commands/misc/cyclic/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count Number of characters to print from the sequence (default: print the entire sequence) (default: 100) filename Name (path) of the file to save the cyclic pattern to"},{"location":"commands/misc/cyclic/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --alphabet The alphabet to use in the cyclic pattern (default: abcdefghijklmnopqrstuvwxyz) -n --length Size of the unique subsequences (defaults to the pointer size for the current arch) -o --lookup Do a lookup instead of printing the sequence (accepts constant values as well as expressions)"},{"location":"commands/misc/cymbol/","title":"Cymbol","text":""},{"location":"commands/misc/cymbol/#cymbol","title":"cymbol","text":"(only in GDB)
usage: cymbol [-h] [-a name] [-f filepath] [-r name] [-e name] [-l name]\n [-s name]\n
Add, show, load, edit, or delete custom structures in plain C.
"},{"location":"commands/misc/cymbol/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --add Add a new custom structure -f --file Add a new custom structure from header file -r --remove Remove an existing custom structure -e --edit Edit an existing custom structure -l --load Load an existing custom structure -s --show Show the source code of an existing custom structure"},{"location":"commands/misc/down/","title":"Down","text":""},{"location":"commands/misc/down/#down","title":"down","text":"(only in GDB)
usage: down [-h] [n]\n
Select and print stack frame called by this one.
Aliases: do, dow
"},{"location":"commands/misc/down/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help n The number of stack frames to go down. (default: 1)"},{"location":"commands/misc/down/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/dt/","title":"Dt","text":""},{"location":"commands/misc/dt/#dt","title":"dt","text":"usage: dt [-h] typename [address]\n
Dump out information on a type (e.g. ucontext_t).
Optionally overlay that information at an address.
"},{"location":"commands/misc/dt/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help typename The name of the structure being dumped. Use quotes if the type contains spaces (e.g. \"struct malloc_state\"). address The address of the structure."},{"location":"commands/misc/dt/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/dumpargs/","title":"Dumpargs","text":""},{"location":"commands/misc/dumpargs/#dumpargs","title":"dumpargs","text":"usage: dumpargs [-h] [-f]\n
Prints determined arguments for call/syscall instruction.
Alias: args
"},{"location":"commands/misc/dumpargs/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -f --force Force displaying of all arguments."},{"location":"commands/misc/getfile/","title":"Getfile","text":""},{"location":"commands/misc/getfile/#getfile","title":"getfile","text":"(only in GDB)
usage: getfile [-h]\n
Gets the current file.
"},{"location":"commands/misc/getfile/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/hex2ptr/","title":"Hex2ptr","text":""},{"location":"commands/misc/hex2ptr/#hex2ptr","title":"hex2ptr","text":"usage: hex2ptr [-h] hex_string\n
Converts a space-separated hex string to a little-endian address.
"},{"location":"commands/misc/hex2ptr/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help hex_string Hexadecimal string to convert (e.g., '00 70 75 c1 cd ef 59 00')."},{"location":"commands/misc/hex2ptr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/hijack-fd/","title":"Hijack fd","text":""},{"location":"commands/misc/hijack-fd/#hijack-fd","title":"hijack-fd","text":"usage: hijack-fd [-h] fdnum newfile\n
Replace a file descriptor of a debugged process.
The new file descriptor can point to:
- a file
- a pipe
- a socket
- a device, etc.
"},{"location":"commands/misc/hijack-fd/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help fdnum File descriptor (FD) number to be replaced with the specified new socket or file. newfile Specify a file or a socket. For files, the filename must start with / (e.g., /etc/passwd). For sockets, the following formats are allowed: - 127.0.0.1:80 (default is TCP) - tcp://[::1]:80 - udp://example.com:80 - tcp+ipv6://example.com:80"},{"location":"commands/misc/hijack-fd/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/hijack-fd/#examples","title":"Examples","text":"1. Redirect STDOUT to a file:\n `hijack-fd 1 /dev/null`\n\n2. Redirect STDERR to a socket:\n `hijack-fd 2 tcp://localhost:8888`\n
"},{"location":"commands/misc/ipi/","title":"Ipi","text":""},{"location":"commands/misc/ipi/#ipi","title":"ipi","text":"(only in GDB)
usage: ipi [-h]\n
Start an interactive IPython prompt.
"},{"location":"commands/misc/ipi/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/patch-list/","title":"Patch list","text":""},{"location":"commands/misc/patch-list/#patch-list","title":"patch-list","text":"usage: patch-list [-h]\n
List all patches.
"},{"location":"commands/misc/patch-list/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/patch-revert/","title":"Patch revert","text":""},{"location":"commands/misc/patch-revert/#patch-revert","title":"patch-revert","text":"usage: patch-revert [-h] address\n
Revert patch at given address.
"},{"location":"commands/misc/patch-revert/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address to revert patch on"},{"location":"commands/misc/patch-revert/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/patch/","title":"Patch","text":""},{"location":"commands/misc/patch/#patch","title":"patch","text":"usage: patch [-h] [-q] address ins\n
Patches given instruction with given code or bytes.
"},{"location":"commands/misc/patch/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to patch ins instruction[s]"},{"location":"commands/misc/patch/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -q --quiet don't print anything"},{"location":"commands/misc/plist/","title":"Plist","text":""},{"location":"commands/misc/plist/#plist","title":"plist","text":"usage: plist [-h] [-s SENTINEL] [-i INNER_NAME] [-f FIELD_NAME] [-o OFFSET]\n [-c COUNT]\n path next\n
Dumps the elements of a linked list.
This command traverses the linked list beginning at a given element, dumping its contents and the contents of all the elements that come after it in the list. Traversal is configurable and can handle multiple types of linked lists, but will always stop when a cycle is detected.
The path to the first element can be any GDB expression that evaluates to either the first element directly, or a to pointer to it. The next element is the name of the field containing the next pointer, in either the structure itself or in the structure given by --inner.
An address value may be given with --sentinel that signals the end of the list. By default, the value used is NULL (0).
If only one field inside each node is desired, it can be printed exclusively by specifying its name with --field.
This command supports traversing three types of linked lists, classified by how the next pointer can be found in the structure and what type it is: 1 - Next pointer is field of structure, type is the same as structure. 2 - Next pointer is field of inner nested structure, pointed to type is the same as outer structure. 3 - Next pointer is field of inner nested structure, pointed to type is the same as inner structure. Types 2 and 3 require --inner to be specified.
Example 1:
struct node {\n int value;\n struct node *next;\n};\nstruct node node_c = { 2, NULL };\nstruct node node_b = { 1, &node_c };\nstruct node node_a = { 0, &node_b };\n
pwndbg> plist node_a next 0x4000011050 : { value = 0, next = 0x4000011040 } 0x4000011040 : { value = 1, next = 0x4000011010 } 0x4000011010 : { value = 2, next = 0x0 }
Example 2:
struct node_inner_a {\n struct node_inner_a *next;\n};\nstruct inner_a_node {\n int value;\n struct node_inner_a inner;\n};\nstruct inner_a_node inner_a_node_c = { 2, { NULL } };\nstruct inner_a_node inner_a_node_b = { 1, { &inner_a_node_c.inner } };\nstruct inner_a_node inner_a_node_a = { 0, { &inner_a_node_b.inner } };\n
pwndbg> plist inner_a_node_a -i inner next 0x4000011070 : { value = 0, inner = { next = 0x4000011068 } } 0x4000011060 : { value = 1, inner = { next = 0x4000011028 } } 0x4000011020 : { value = 2, inner = { next = 0x0 } }
Example 3:
struct inner_b_node;\nstruct node_inner_b {\n struct inner_b_node *next;\n};\nstruct inner_b_node {\n int value;\n struct node_inner_b inner;\n};\nstruct inner_b_node inner_b_node_c = { 2, { NULL } };\nstruct inner_b_node inner_b_node_b = { 1, { &inner_b_node_c } };\nstruct inner_b_node inner_b_node_a = { 0, { &inner_b_node_b } };\n
pwndbg> plist inner_b_node_a -i inner next 0x4000011090 : { value = 0, inner = { next = 0x4000011080 } } 0x4000011080 : { value = 1, inner = { next = 0x4000011030 } } 0x4000011030 : { value = 2, inner = { next = 0x0 } }"},{"location":"commands/misc/plist/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help path The first element of the linked list next The name of the field pointing to the next element in the list"},{"location":"commands/misc/plist/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -s --sentinel The address that stands in for an end of list marker in a non-cyclic list (default: 0) -i --inner The name of the inner nested structure where the next pointer is stored -f --field The name of the field to be displayed, if only one is desired -o --offset The offset of the first list element to display. Defaults to zero. (default: 0) -c --count The number of elements to display. Defaults to the value of dereference-limit."},{"location":"commands/misc/sigreturn/","title":"Sigreturn","text":""},{"location":"commands/misc/sigreturn/#sigreturn","title":"sigreturn","text":"
usage: sigreturn [-h] [-a] [-p] [address]\n
Display the SigreturnFrame at the specific address
"},{"location":"commands/misc/sigreturn/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to read the frame from"},{"location":"commands/misc/sigreturn/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all Show all values in the frame in addition to common registers -p --print Show addresses of frame values"},{"location":"commands/misc/spray/","title":"Spray","text":""},{"location":"commands/misc/spray/#spray","title":"spray","text":"usage: spray [-h] [--value VALUE] [-x] addr [length]\n
Spray memory with cyclic() generated values
"},{"location":"commands/misc/spray/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address to spray length Length of byte sequence, when unspecified sprays until the end of vmmap which address belongs to (default: 0)"},{"location":"commands/misc/spray/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --value Value to spray memory with, when prefixed with '0x' treated as hex string encoded big-endian -x --only-funcptrs Spray only addresses whose values points to executable pages"},{"location":"commands/misc/tips/","title":"Tips","text":""},{"location":"commands/misc/tips/#tips","title":"tips","text":"usage: tips [-h] [-a]\n
Shows tips.
"},{"location":"commands/misc/tips/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all Show all tips."},{"location":"commands/misc/up/","title":"Up","text":""},{"location":"commands/misc/up/#up","title":"up","text":"(only in GDB)
usage: up [-h] [n]\n
Select and print stack frame that called this one.
"},{"location":"commands/misc/up/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help n The number of stack frames to go up. (default: 1)"},{"location":"commands/misc/up/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/valist/","title":"Valist","text":""},{"location":"commands/misc/valist/#valist","title":"valist","text":"usage: valist [-h] addr [count]\n
Dumps the arguments of a va_list.
"},{"location":"commands/misc/valist/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr Address of the va_list count Number of arguments to dump (default: 8)"},{"location":"commands/misc/valist/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/misc/vmmap-load/","title":"Vmmap load","text":""},{"location":"commands/misc/vmmap-load/#vmmap-load","title":"vmmap-load","text":"usage: vmmap-load [-h] [filename]\n
Load virtual memory map pages from ELF file.
"},{"location":"commands/misc/vmmap-load/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help filename ELF filename, by default uses current loaded filename."},{"location":"commands/misc/vmmap-load/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/process/killthreads/","title":"Killthreads","text":""},{"location":"commands/process/killthreads/#killthreads","title":"killthreads","text":"(only in GDB)
usage: killthreads [-h] [-a] [thread_ids ...]\n
Kill all or given threads.
Switches to given threads and calls pthread_exit(0) on them. This is performed with scheduler-locking to prevent other threads from operating at the same time.
Killing all other threads may be useful to use GDB checkpoints, e.g., to test given input & restart the execution to the point of interest (checkpoint).
"},{"location":"commands/process/killthreads/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help thread_ids Thread IDs to kill."},{"location":"commands/process/killthreads/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all Kill all threads except the current one."},{"location":"commands/process/pid/","title":"Pid","text":""},{"location":"commands/process/pid/#pid","title":"pid","text":"usage: pid [-h]\n
Gets the pid.
Alias: getpid
"},{"location":"commands/process/pid/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/process/procinfo/","title":"Procinfo","text":""},{"location":"commands/process/procinfo/#procinfo","title":"procinfo","text":"usage: procinfo [-h]\n
Display information about the running process.
"},{"location":"commands/process/procinfo/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/bugreport/","title":"Bugreport","text":""},{"location":"commands/pwndbg/bugreport/#bugreport","title":"bugreport","text":"usage: bugreport [-h] [--run-browser | --use-gh]\n
Generate a bug report.
"},{"location":"commands/pwndbg/bugreport/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -b --run-browser Open browser on github/issues/new -g --use-gh Create issue using Github CLI"},{"location":"commands/pwndbg/config/","title":"Config","text":""},{"location":"commands/pwndbg/config/#config","title":"config","text":"usage: config [-h] [filter_pattern]\n
Shows Pwndbg-specific configuration.
"},{"location":"commands/pwndbg/config/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help filter_pattern Filter to apply to config parameters names/descriptions"},{"location":"commands/pwndbg/config/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/configfile/","title":"Configfile","text":""},{"location":"commands/pwndbg/configfile/#configfile","title":"configfile","text":"(only in GDB)
usage: configfile [-h] [--show-all]\n
Generates a configuration file for the current Pwndbg options.
"},{"location":"commands/pwndbg/configfile/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --show-all Display all configuration options."},{"location":"commands/pwndbg/heap-config/","title":"Heap config","text":""},{"location":"commands/pwndbg/heap-config/#heap-config","title":"heap-config","text":"usage: heap-config [-h] [filter_pattern]\n
Shows heap related configuration.
"},{"location":"commands/pwndbg/heap-config/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help filter_pattern Filter to apply to config parameters names/descriptions"},{"location":"commands/pwndbg/heap-config/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/memoize/","title":"Memoize","text":""},{"location":"commands/pwndbg/memoize/#memoize","title":"memoize","text":"usage: memoize [-h]\n
Toggles memoization (caching).
Useful for diagnosing caching-related bugs. Decreases performance.
"},{"location":"commands/pwndbg/memoize/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/profiler/","title":"Profiler","text":""},{"location":"commands/pwndbg/profiler/#profiler","title":"profiler","text":"usage: profiler [-h] {start,stop} ...\n
Utilities for profiling Pwndbg.
Check out the ./profiling folder for other useful utilities. Use ./profiling/print_stats.py to generate a report from a .pstats file.
"},{"location":"commands/pwndbg/profiler/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help command"},{"location":"commands/pwndbg/profiler/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/pwndbg/","title":"Pwndbg","text":""},{"location":"commands/pwndbg/pwndbg/#pwndbg","title":"pwndbg","text":"usage: pwndbg [-h] [-c CATEGORY_ | --list-categories] [filter_pattern]\n
Prints out a list of all Pwndbg commands.
"},{"location":"commands/pwndbg/pwndbg/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help filter_pattern Filter to apply to commands names/docs"},{"location":"commands/pwndbg/pwndbg/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -c --category Filter commands by category --list-categories List command categories"},{"location":"commands/pwndbg/reinit-pwndbg/","title":"Reinit pwndbg","text":""},{"location":"commands/pwndbg/reinit-pwndbg/#reinit-pwndbg","title":"reinit-pwndbg","text":"(only in GDB)
usage: reinit-pwndbg [-h]\n
Makes Pwndbg reinitialize all state.
"},{"location":"commands/pwndbg/reinit-pwndbg/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/reload/","title":"Reload","text":""},{"location":"commands/pwndbg/reload/#reload","title":"reload","text":"(only in GDB)
usage: reload [-h]\n
Reload Pwndbg.
"},{"location":"commands/pwndbg/reload/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/theme/","title":"Theme","text":""},{"location":"commands/pwndbg/theme/#theme","title":"theme","text":"usage: theme [-h] [filter_pattern]\n
Shows Pwndbg-specific theme configuration.
"},{"location":"commands/pwndbg/theme/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help filter_pattern Filter to apply to theme parameters names/descriptions"},{"location":"commands/pwndbg/theme/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/pwndbg/themefile/","title":"Themefile","text":""},{"location":"commands/pwndbg/themefile/#themefile","title":"themefile","text":"(only in GDB)
usage: themefile [-h] [--show-all]\n
Generates a configuration file for the current Pwndbg theme options.
"},{"location":"commands/pwndbg/themefile/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --show-all Force displaying of all theme options."},{"location":"commands/pwndbg/version/","title":"Version","text":""},{"location":"commands/pwndbg/version/#version","title":"version","text":"(only in GDB)
usage: version [-h]\n
Displays Pwndbg and its important deps versions.
"},{"location":"commands/pwndbg/version/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/register/cpsr/","title":"Cpsr","text":""},{"location":"commands/register/cpsr/#cpsr","title":"cpsr","text":"usage: cpsr [-h] [cpsr_value]\n
Print out ARM CPSR or xPSR register.
Aliases: xpsr, pstate
"},{"location":"commands/register/cpsr/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help cpsr_value Parse the given CPSR value instead of the actual one."},{"location":"commands/register/cpsr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/register/fsbase/","title":"Fsbase","text":""},{"location":"commands/register/fsbase/#fsbase","title":"fsbase","text":"(only in GDB)
usage: fsbase [-h]\n
Prints out the FS base address. See also $fsbase.
"},{"location":"commands/register/fsbase/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/register/gsbase/","title":"Gsbase","text":""},{"location":"commands/register/gsbase/#gsbase","title":"gsbase","text":"(only in GDB)
usage: gsbase [-h]\n
Prints out the GS base address. See also $gsbase.
"},{"location":"commands/register/gsbase/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/register/setflag/","title":"Setflag","text":""},{"location":"commands/register/setflag/#setflag","title":"setflag","text":"usage: setflag [-h] flag value\n
Modify the flags register.
Alias: flag
"},{"location":"commands/register/setflag/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help flag Flag for which you want to change the value value Value to which you want to set the flag - only valid options are 0 and 1"},{"location":"commands/register/setflag/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/register/setflag/#examples","title":"Examples","text":"On X86/X64:\n setflag ZF 1 -- set zero flag\n setflag CF 0 -- unset carry flag\n\nOn ARM:\n setflag Z 0 -- unset the Z cpsr/xpsr flag\n\nTo see flags registers:\n info reg eflags -- on x86/x64\n info reg cpsr/xpsr -- on ARM (specific register may vary)\n
"},{"location":"commands/register/setflag/#notes","title":"Notes","text":"This command supports flags registers that are defined for architectures in the pwndbg/regs.py file.
"},{"location":"commands/stack/canary/","title":"Canary","text":""},{"location":"commands/stack/canary/#canary","title":"canary","text":"usage: canary [-h] [-a]\n
Print out the current stack canary.
"},{"location":"commands/stack/canary/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -a --all Print out stack canaries for all threads instead of the current thread only."},{"location":"commands/stack/retaddr/","title":"Retaddr","text":""},{"location":"commands/stack/retaddr/#retaddr","title":"retaddr","text":"usage: retaddr [-h]\n
Print out the stack addresses that contain return addresses.
"},{"location":"commands/stack/retaddr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/stack/stack-explore/","title":"Stack explore","text":""},{"location":"commands/stack/stack-explore/#stack-explore","title":"stack-explore","text":"usage: stack-explore [-h]\n
Explore stack from all threads.
"},{"location":"commands/stack/stack-explore/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/stack/stack/","title":"Stack","text":""},{"location":"commands/stack/stack/#stack","title":"stack","text":"usage: stack [-h] [-f] [-i] [count] [offset]\n
Dereferences on stack data with specified count and offset.
"},{"location":"commands/stack/stack/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count number of element to dump (default: 8) offset Element offset from $sp (support negative offset) (default: 0)"},{"location":"commands/stack/stack/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit -f --frame Show the stack frame, from rsp to rbp -i --inverse Show reverse stack growth"},{"location":"commands/stack/stackf/","title":"Stackf","text":""},{"location":"commands/stack/stackf/#stackf","title":"stackf","text":"usage: stackf [-h] [count] [offset]\n
Dereferences on stack data, printing the entire stack frame with specified count and offset .
"},{"location":"commands/stack/stackf/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help count number of element to dump (default: 8) offset Element offset from $sp (support negative offset) (default: 0)"},{"location":"commands/stack/stackf/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/start/attachp/","title":"Attachp","text":""},{"location":"commands/start/attachp/#attachp","title":"attachp","text":"(only in GDB)
usage: attachp [-h] [--no-truncate] [--retry] [--user USER] [-e] [-a] [target]\n
Attaches to a given pid, process name, process found with partial argv match or to a device file.
This command wraps the original GDB attach command to add the ability to debug a process with a given name or partial name match. In such cases, the process identifier is fetched via the pidof <name> command first. If no matches are found, then it uses the ps -eo pid,args command to search for partial name matches.
Original GDB attach command help: Attach to a process or file outside of GDB. This command attaches to another target, of the same type as your last \"target\" command (\"info files\" will show your target stack). The command may take as argument a process id or a device file. For a process id, you must have permission to send the process a signal, and it must have the same effective uid as the debugger. When using \"attach\" with a process id, the debugger finds the program running in the process, looking first in the current working directory, or (if not found there) using the source file search path (see the \"directory\" command). You can also use the \"file\" command to specify the program, and to load its symbol table.
"},{"location":"commands/start/attachp/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help target pid, process name, part of cmdline to be matched or device file to attach to (uses current loaded file name if not provided)"},{"location":"commands/start/attachp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit --no-truncate dont truncate command args --retry retry until a target is found --user username or uid to filter by -e --exact get the pid only for an exact command name match -a --all get pids also for partial cmdline matches etc"},{"location":"commands/start/entry/","title":"Entry","text":""},{"location":"commands/start/entry/#entry","title":"entry","text":"usage: entry [-h] [args ...]\n
Start the debugged program stopping at its entrypoint address.
Note that the entrypoint may not be the first instruction executed by the program. If you want to stop on the first executed instruction, use the GDB's starti command.
Args may include \"*\", or \"[...]\"; they are expanded using the shell that will start the program (specified by the \"$SHELL\" environment variable). Input and output redirection with \">\", \"<\", or \">>\" are also allowed.
With no arguments, uses arguments last specified (with \"run\" or \"set args\"). To cancel previous arguments and run with no arguments, use \"set args\" without arguments.
To start the inferior without using a shell, use \"set startup-with-shell off\".
"},{"location":"commands/start/entry/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help args The arguments to run the binary with."},{"location":"commands/start/entry/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/start/sstart/","title":"Sstart","text":""},{"location":"commands/start/sstart/#sstart","title":"sstart","text":"(only in GDB)
usage: sstart [-h]\n
Alias for 'tbreak __libc_start_main; run'.
"},{"location":"commands/start/sstart/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/start/start/","title":"Start","text":""},{"location":"commands/start/start/#start","title":"start","text":"(only in GDB)
usage: start [-h] [args ...]\n
Start the debugged program stopping at the first convenient location from this list: main, _main, start, _start, init or _init. You may specify arguments to give it.
Args may include \"*\", or \"[...]\"; they are expanded using the shell that will start the program (specified by the \"$SHELL\" environment variable). Input and output redirection with \">\", \"<\", or \">>\" are also allowed.
With no arguments, uses arguments last specified (with \"run\" or \"set args\"). To cancel previous arguments and run with no arguments, use \"set args\" without arguments.
To start the inferior without using a shell, use \"set startup-with-shell off\".
Aliases: main, init
"},{"location":"commands/start/start/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help args The arguments to run the binary with."},{"location":"commands/start/start/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/nextcall/","title":"Nextcall","text":""},{"location":"commands/step_next_continue/nextcall/#nextcall","title":"nextcall","text":"usage: nextcall [-h] [symbol_regex]\n
Breaks at the next call instruction.
"},{"location":"commands/step_next_continue/nextcall/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help symbol_regex A regex matching the name of next symbol to be broken on before calling."},{"location":"commands/step_next_continue/nextcall/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/nextjmp/","title":"Nextjmp","text":""},{"location":"commands/step_next_continue/nextjmp/#nextjmp","title":"nextjmp","text":"usage: nextjmp [-h]\n
Breaks at the next jump instruction.
Alias: nextjump
"},{"location":"commands/step_next_continue/nextjmp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/nextproginstr/","title":"Nextproginstr","text":""},{"location":"commands/step_next_continue/nextproginstr/#nextproginstr","title":"nextproginstr","text":"usage: nextproginstr [-h]\n
Breaks at the next instruction that belongs to the running program.
"},{"location":"commands/step_next_continue/nextproginstr/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/nextret/","title":"Nextret","text":""},{"location":"commands/step_next_continue/nextret/#nextret","title":"nextret","text":"usage: nextret [-h]\n
Breaks at next return-like instruction.
"},{"location":"commands/step_next_continue/nextret/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/nextsyscall/","title":"Nextsyscall","text":""},{"location":"commands/step_next_continue/nextsyscall/#nextsyscall","title":"nextsyscall","text":"usage: nextsyscall [-h]\n
Breaks at the next syscall not taking branches.
Alias: nextsc
"},{"location":"commands/step_next_continue/nextsyscall/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/stepover/","title":"Stepover","text":""},{"location":"commands/step_next_continue/stepover/#stepover","title":"stepover","text":"usage: stepover [-h] [addr]\n
Breaks on the instruction after this one.
Alias: so
"},{"location":"commands/step_next_continue/stepover/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr The address to break after."},{"location":"commands/step_next_continue/stepover/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/stepret/","title":"Stepret","text":""},{"location":"commands/step_next_continue/stepret/#stepret","title":"stepret","text":"usage: stepret [-h]\n
Breaks at next return-like instruction by 'stepping' to it.
"},{"location":"commands/step_next_continue/stepret/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/stepsyscall/","title":"Stepsyscall","text":""},{"location":"commands/step_next_continue/stepsyscall/#stepsyscall","title":"stepsyscall","text":"usage: stepsyscall [-h]\n
Breaks at the next syscall by taking branches.
Alias: stepsc
"},{"location":"commands/step_next_continue/stepsyscall/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/stepuntilasm/","title":"Stepuntilasm","text":""},{"location":"commands/step_next_continue/stepuntilasm/#stepuntilasm","title":"stepuntilasm","text":"usage: stepuntilasm [-h] mnemonic [op_str ...]\n
Breaks on the next matching instruction.
"},{"location":"commands/step_next_continue/stepuntilasm/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help mnemonic The mnemonic of the instruction op_str The operands of the instruction"},{"location":"commands/step_next_continue/stepuntilasm/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/step_next_continue/xuntil/","title":"Xuntil","text":""},{"location":"commands/step_next_continue/xuntil/#xuntil","title":"xuntil","text":"(only in GDB)
usage: xuntil [-h] target\n
Continue execution until an address or expression.
"},{"location":"commands/step_next_continue/xuntil/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help target Location to stop execution at"},{"location":"commands/step_next_continue/xuntil/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/bc/","title":"Bc","text":""},{"location":"commands/windbg/bc/#bc","title":"bc","text":"(only in GDB)
usage: bc [-h] [which]\n
Clear the breakpoint with the specified index.
"},{"location":"commands/windbg/bc/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help which Index of the breakpoint to clear. (default: '*')"},{"location":"commands/windbg/bc/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/bd/","title":"Bd","text":""},{"location":"commands/windbg/bd/#bd","title":"bd","text":"(only in GDB)
usage: bd [-h] [which]\n
Disable the breakpoint with the specified index.
"},{"location":"commands/windbg/bd/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help which Index of the breakpoint to disable. (default: '*')"},{"location":"commands/windbg/bd/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/be/","title":"Be","text":""},{"location":"commands/windbg/be/#be","title":"be","text":"(only in GDB)
usage: be [-h] [which]\n
Enable the breakpoint with the specified index.
"},{"location":"commands/windbg/be/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help which Index of the breakpoint to enable. (default: '*')"},{"location":"commands/windbg/be/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/bl/","title":"Bl","text":""},{"location":"commands/windbg/bl/#bl","title":"bl","text":"(only in GDB)
usage: bl [-h]\n
List breakpoints.
"},{"location":"commands/windbg/bl/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/bp/","title":"Bp","text":""},{"location":"commands/windbg/bp/#bp","title":"bp","text":"(only in GDB)
usage: bp [-h] where\n
Set a breakpoint at the specified address.
"},{"location":"commands/windbg/bp/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help where The address to break at."},{"location":"commands/windbg/bp/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/da/","title":"Da","text":""},{"location":"commands/windbg/da/#da","title":"da","text":"usage: da [-h] address [max]\n
Dump a string at the specified address.
"},{"location":"commands/windbg/da/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address to dump max Maximum string length (default: 256)"},{"location":"commands/windbg/da/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/db/","title":"Db","text":""},{"location":"commands/windbg/db/#db","title":"db","text":"usage: db [-h] address [count]\n
Starting at the specified address, dump N bytes.
"},{"location":"commands/windbg/db/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to dump from. count The number of bytes to dump. (default: 64)"},{"location":"commands/windbg/db/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/dc/","title":"Dc","text":""},{"location":"commands/windbg/dc/#dc","title":"dc","text":"usage: dc [-h] address [count]\n
Starting at the specified address, hexdump.
"},{"location":"commands/windbg/dc/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to dump from. count The number of bytes to hexdump. (default: 8)"},{"location":"commands/windbg/dc/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/dd/","title":"Dd","text":""},{"location":"commands/windbg/dd/#dd","title":"dd","text":"usage: dd [-h] address [count]\n
Starting at the specified address, dump N dwords.
"},{"location":"commands/windbg/dd/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to dump from. count The number of dwords to dump. (default: 16)"},{"location":"commands/windbg/dd/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/dds/","title":"Dds","text":""},{"location":"commands/windbg/dds/#dds","title":"dds","text":"usage: dds [-h] addr\n
Dump pointers and symbols at the specified address.
Aliases: kd, dps, dqs
"},{"location":"commands/windbg/dds/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help addr The address to dump from."},{"location":"commands/windbg/dds/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/dq/","title":"Dq","text":""},{"location":"commands/windbg/dq/#dq","title":"dq","text":"usage: dq [-h] address [count]\n
Starting at the specified address, dump N qwords.
"},{"location":"commands/windbg/dq/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to dump from. count The number of qwords to dump. (default: 8)"},{"location":"commands/windbg/dq/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/ds/","title":"Ds","text":""},{"location":"commands/windbg/ds/#ds","title":"ds","text":"usage: ds [-h] address [max]\n
Dump a string at the specified address.
"},{"location":"commands/windbg/ds/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address Address to dump max Maximum string length (default: 256)"},{"location":"commands/windbg/ds/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/dw/","title":"Dw","text":""},{"location":"commands/windbg/dw/#dw","title":"dw","text":"usage: dw [-h] address [count]\n
Starting at the specified address, dump N words.
"},{"location":"commands/windbg/dw/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to dump from. count The number of words to dump. (default: 32)"},{"location":"commands/windbg/dw/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/eb/","title":"Eb","text":""},{"location":"commands/windbg/eb/#eb","title":"eb","text":"usage: eb [-h] address [data ...]\n
Write hex bytes at the specified address.
"},{"location":"commands/windbg/eb/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The bytes to write."},{"location":"commands/windbg/eb/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/ed/","title":"Ed","text":""},{"location":"commands/windbg/ed/#ed","title":"ed","text":"usage: ed [-h] address [data ...]\n
Write hex dwords at the specified address.
"},{"location":"commands/windbg/ed/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The dwords to write."},{"location":"commands/windbg/ed/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/eq/","title":"Eq","text":""},{"location":"commands/windbg/eq/#eq","title":"eq","text":"usage: eq [-h] address [data ...]\n
Write hex qwords at the specified address.
"},{"location":"commands/windbg/eq/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The qwords to write."},{"location":"commands/windbg/eq/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/ew/","title":"Ew","text":""},{"location":"commands/windbg/ew/#ew","title":"ew","text":"usage: ew [-h] address [data ...]\n
Write hex words at the specified address.
"},{"location":"commands/windbg/ew/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The words to write."},{"location":"commands/windbg/ew/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/ez/","title":"Ez","text":""},{"location":"commands/windbg/ez/#ez","title":"ez","text":"usage: ez [-h] address data\n
Write a string at the specified address.
"},{"location":"commands/windbg/ez/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The string to write."},{"location":"commands/windbg/ez/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/eza/","title":"Eza","text":""},{"location":"commands/windbg/eza/#eza","title":"eza","text":"usage: eza [-h] address data\n
Write a string at the specified address.
"},{"location":"commands/windbg/eza/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help address The address to write to. data The string to write."},{"location":"commands/windbg/eza/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/go/","title":"Go","text":""},{"location":"commands/windbg/go/#go","title":"go","text":"(only in GDB)
usage: go [-h]\n
WinDbg compatibility alias for 'continue' command.
"},{"location":"commands/windbg/go/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/k/","title":"K","text":""},{"location":"commands/windbg/k/#k","title":"k","text":"(only in GDB)
usage: k [-h]\n
Print a backtrace (alias 'bt').
"},{"location":"commands/windbg/k/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/ln/","title":"Ln","text":""},{"location":"commands/windbg/ln/#ln","title":"ln","text":"usage: ln [-h] [value]\n
List the symbols nearest to the provided value.
"},{"location":"commands/windbg/ln/#positional-arguments","title":"Positional arguments","text":"Positional Argument Help value The address you want the name of."},{"location":"commands/windbg/ln/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/pc/","title":"Pc","text":""},{"location":"commands/windbg/pc/#pc","title":"pc","text":"usage: pc [-h]\n
WinDbg compatibility alias for 'nextcall' command.
"},{"location":"commands/windbg/pc/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"commands/windbg/peb/","title":"Peb","text":""},{"location":"commands/windbg/peb/#peb","title":"peb","text":"usage: peb [-h]\n
Not be windows.
"},{"location":"commands/windbg/peb/#optional-arguments","title":"Optional arguments","text":"Short Long Help -h --help show this help message and exit"},{"location":"configuration/","title":"Configuration","text":"Pwndbg can be configured in various ways. You can tune features, control what it displays, how it displays it, and even what is going on under the hood.
There are three \"scopes\" of configuration parameters currently:
- the config scope - for generic parameters
- the heap scope - for heap-related parameters
- the theme scope - for Pwndbg theming
To see the parameters belonging to these scopes, use the config, heap-config, and theme commands respectively. You can also use the configfile and themefile commands to save your live configuration to a file which you can then load in your ~/.(gdb/lldb)init file (after sourcing Pwndbg!).
To see the value of any parameter, use show param-name. To set the value, use set param-name param-value. To see a more detailed description of the parameter use help set param-name.
If you wish to use a theme different from the default one, check out pwndbg/pwndbg-themes. If you made a theme yourself, feel free to open a PR!
"},{"location":"configuration/config/","title":"Config","text":""},{"location":"configuration/config/#config","title":"config","text":""},{"location":"configuration/config/#ai-anthropic-api-key","title":"ai-anthropic-api-key","text":"(only in GDB)
Anthropic API key.
Defaults to ANTHROPIC_API_KEY environment variable if not set.
Default: ''
"},{"location":"configuration/config/#ai-history-size","title":"ai-history-size","text":"(only in GDB)
Maximum number of questions and answers to keep in the prompt.
Default: 3
"},{"location":"configuration/config/#ai-max-tokens","title":"ai-max-tokens","text":"(only in GDB)
The maximum number of tokens to return in the response.
Useful when limiting verbosity or conserving resources. Set to a lower value to restrict output.
Default: 100
"},{"location":"configuration/config/#ai-model","title":"ai-model","text":"(only in GDB)
The name of the large language model to query.
Changing this affects the behavior, response quality, and cost (if applicable) of AI responses.
Default: 'gpt-3.5-turbo'
"},{"location":"configuration/config/#ai-ollama-endpoint","title":"ai-ollama-endpoint","text":"(only in GDB)
Ollama API endpoint.
Defaults to OLLAMA_ENDPOINT environment variable if not set.
Default: ''
"},{"location":"configuration/config/#ai-openai-api-key","title":"ai-openai-api-key","text":"(only in GDB)
OpenAI API key.
Will default to OPENAI_API_KEY environment variable if not set.
Default: ''
"},{"location":"configuration/config/#ai-show-usage","title":"ai-show-usage","text":"(only in GDB)
Whether to show how many tokens are used with each OpenAI API call.
Default: off
"},{"location":"configuration/config/#ai-stack-depth","title":"ai-stack-depth","text":"(only in GDB)
Rows of stack context to include in the prompt for the ai command.
Default: 16
"},{"location":"configuration/config/#ai-temperature","title":"ai-temperature","text":"(only in GDB)
The temperature specification for the LLM query.
This controls the degree of randomness in the response.
Default: 0
"},{"location":"configuration/config/#attachp-resolution-method","title":"attachp-resolution-method","text":"(only in GDB)
How to determine the process to attach when multiple candidates exists.
Default: 'ask' Valid values: 'none', 'oldest', 'newest', 'ask'
"},{"location":"configuration/config/#auto-explore-auxv","title":"auto-explore-auxv","text":"Stack exploration for AUXV information; it may be really slow.
Default: 'warn' Valid values: 'warn', 'yes', 'no'
"},{"location":"configuration/config/#auto-explore-pages","title":"auto-explore-pages","text":"Whether to try to infer page permissions when memory maps are missing.
This command can cause errors.
Default: 'warn' Valid values: 'yes', 'warn', 'no'
"},{"location":"configuration/config/#auto-explore-stack","title":"auto-explore-stack","text":"Stack exploration; it may be really slow.
Default: 'warn' Valid values: 'warn', 'yes', 'no'
"},{"location":"configuration/config/#auto-save-search","title":"auto-save-search","text":"Automatically pass --save to \"search\" command.
Default: off
"},{"location":"configuration/config/#bn-autosync","title":"bn-autosync","text":"Whether to automatically run bn-sync every step.
Default: off
"},{"location":"configuration/config/#bn-il-level","title":"bn-il-level","text":"The IL level to use when displaying Binary Ninja decompilation.
Default: 'hlil' Valid values: 'disasm', 'llil', 'mlil', 'hlil'
"},{"location":"configuration/config/#bn-rpc-host","title":"bn-rpc-host","text":"Binary Ninja XML-RPC server host.
Default: '127.0.0.1'
"},{"location":"configuration/config/#bn-rpc-port","title":"bn-rpc-port","text":"Binary Ninja XML-RPC server port.
Default: 31337
"},{"location":"configuration/config/#bn-timeout","title":"bn-timeout","text":"Time to wait for Binary Ninja XML-RPC, in seconds.
Default: 2
"},{"location":"configuration/config/#context-backtrace-lines","title":"context-backtrace-lines","text":"Number of lines to print in the backtrace context.
Default: 8
"},{"location":"configuration/config/#context-clear-screen","title":"context-clear-screen","text":"Whether to clear the screen before printing the context.
Default: off
"},{"location":"configuration/config/#context-code-lines","title":"context-code-lines","text":"Number of source code lines to print by the context command.
Default: 10
"},{"location":"configuration/config/#context-code-tabstop","title":"context-code-tabstop","text":"Number of spaces that a in the source code counts for.
Default: 8
"},{"location":"configuration/config/#context-disasm-lines","title":"context-disasm-lines","text":"Number of additional lines to print in the disasm context.
Default: 10
"},{"location":"configuration/config/#context-ghidra","title":"context-ghidra","text":"When to try to decompile the current function with ghidra.
Doing this is slow and requires radare2/r2pipe or rizin/rzpipe.
Default: 'never' Valid values: 'always', 'never', 'if-no-source'
"},{"location":"configuration/config/#context-history-size","title":"context-history-size","text":"Number of context history entries to store.
Default: 50
"},{"location":"configuration/config/#context-integration-decompile","title":"context-integration-decompile","text":"Whether context should fall back to decompilation with no source code.
Default: on
"},{"location":"configuration/config/#context-max-threads","title":"context-max-threads","text":"Maximum number of threads displayed by the context command.
Default: 4
"},{"location":"configuration/config/#context-output","title":"context-output","text":"Where Pwndbg should output (\"stdout\" or file/tty).
Default: 'stdout'
"},{"location":"configuration/config/#context-reserve-lines","title":"context-reserve-lines","text":"When to reserve lines after the prompt to reduce context shake.
The \"if-ctx-fits\" setting only reserves lines if the whole context would still fit vertically in the current terminal window. It doesn't take into account line-wrapping due to insufficient terminal width.
Default: 'if-ctx-fits' Valid values: 'never', 'if-ctx-fits', 'always'
"},{"location":"configuration/config/#context-sections","title":"context-sections","text":"Which context sections are displayed (controls order).
Default: 'regs disasm code ghidra stack backtrace expressions threads heap_tracker'
"},{"location":"configuration/config/#context-stack-lines","title":"context-stack-lines","text":"Number of lines to print in the stack context.
Default: 8
"},{"location":"configuration/config/#cymbol-editor","title":"cymbol-editor","text":"(only in GDB)
Path to the editor for editing custom structures.
Default: ''
"},{"location":"configuration/config/#debug-events","title":"debug-events","text":"(only in GDB)
Display internal event debugging info.
Default: off
"},{"location":"configuration/config/#default-visualize-chunk-number","title":"default-visualize-chunk-number","text":"Default number of chunks to visualize.
Default: 10
"},{"location":"configuration/config/#dereference-limit","title":"dereference-limit","text":"Max number of pointers to dereference in a chain.
Default: 5
"},{"location":"configuration/config/#disasm-annotations","title":"disasm-annotations","text":"Display annotations for instructions.
Default: on
"},{"location":"configuration/config/#disasm-inline-symbols","title":"disasm-inline-symbols","text":"Replacing constant operands with their symbol in the disassembly.
Default: on
"},{"location":"configuration/config/#disasm-telescope-depth","title":"disasm-telescope-depth","text":"Depth of telescope for disasm annotations.
Default: 3
"},{"location":"configuration/config/#disasm-telescope-string-length","title":"disasm-telescope-string-length","text":"The number of characters in strings to display in disasm annotations.
Default: 50
"},{"location":"configuration/config/#emulate","title":"emulate","text":"Unicorn emulation of code from the current PC register.
Emulate can be:
- off - no emulation is performed
- jumps-only - emulation is done only to resolve branch instructions
- on - emulation is done to resolve registers/memory values etc.
Emulation can slow down Pwndbg. Disabling it may improve performance. Emulation requires >1GB RAM being available on the system and ability to allocate RWX memory.
Default: 'on' Valid values: 'on', 'off', 'jumps-only'
"},{"location":"configuration/config/#emulate-annotations","title":"emulate-annotations","text":"Unicorn emulation for instruction annotations.
Refers to register and memory value annotations.
Default: on
"},{"location":"configuration/config/#emulate-future-annotations","title":"emulate-future-annotations","text":"Unicorn emulation for future instruction's annotations.
Default: on
"},{"location":"configuration/config/#exception-debugger","title":"exception-debugger","text":"Whether to debug exceptions raised in Pwndbg commands.
Default: off
"},{"location":"configuration/config/#exception-verbose","title":"exception-verbose","text":"Print a full stacktrace for exceptions raised in Pwndbg commands.
Default: off
"},{"location":"configuration/config/#gcc-compiler-path","title":"gcc-compiler-path","text":"(only in GDB)
Path to the gcc/g++ toolchain for generating imported symbols.
Default: ''
"},{"location":"configuration/config/#gdb-workaround-stop-event","title":"gdb-workaround-stop-event","text":"(only in GDB)
Asynchronous stop events to improve 'commands' functionality.
Note that this may cause unexpected behavior with Pwndbg or gdb.execute.
Values explained:
disabled - Disable the workaround (default).disabled-deadlock - Disable only deadlock detection; deadlocks may still occur.enabled - Enable asynchronous stop events; gdb.execute may behave unexpectedly (asynchronously).
Default: 'disabled' Valid values: 'disabled', 'disabled-deadlock', 'enabled'
"},{"location":"configuration/config/#go-dump-indent-amount","title":"go-dump-indent-amount","text":"The indent amount for go-dump pretty printing.
Default: 4
"},{"location":"configuration/config/#go-dump-line-width","title":"go-dump-line-width","text":"The soft line width for go-dump pretty printing.
Default: 80
"},{"location":"configuration/config/#guess-physmap","title":"guess-physmap","text":"Should guess physmap base address when debug symbols are not present.
Default: off
"},{"location":"configuration/config/#hexdump-bytes","title":"hexdump-bytes","text":"Number of bytes printed by hexdump command.
Default: 64
"},{"location":"configuration/config/#hexdump-group-use-big-endian","title":"hexdump-group-use-big-endian","text":"Use big-endian within each group of bytes in hexdump command.
When on, use big-endian within each group of bytes. Only applies to raw bytes, not the ASCII part. See also hexdump-highlight-group-lsb.
Default: off
"},{"location":"configuration/config/#hexdump-group-width","title":"hexdump-group-width","text":"Number of bytes grouped in hexdump command.
If -1, the architecture's pointer size is used.
Default: -1
"},{"location":"configuration/config/#hexdump-limit-mb","title":"hexdump-limit-mb","text":"The maximum size in megabytes (MB) hexdump will read.
Set the maximum size in megabytes (MB) that the hexdump command will attempt to read at once. Prevents GDB crashes due to excessive memory allocation requests. Set to 0 for unlimited (use with caution).
Default: 10
"},{"location":"configuration/config/#hexdump-width","title":"hexdump-width","text":"Line width of hexdump command.
Default: 16
"},{"location":"configuration/config/#ida-rpc-host","title":"ida-rpc-host","text":"(only in GDB)
Ida xmlrpc server address.
Default: '127.0.0.1'
"},{"location":"configuration/config/#ida-rpc-port","title":"ida-rpc-port","text":"(only in GDB)
Ida xmlrpc server port.
Default: 31337
"},{"location":"configuration/config/#ida-timeout","title":"ida-timeout","text":"(only in GDB)
Time to wait for ida xmlrpc in seconds.
Default: 2
"},{"location":"configuration/config/#integration-function-lookup","title":"integration-function-lookup","text":"Use integration to look up function type signatures.
Default: on
"},{"location":"configuration/config/#integration-provider","title":"integration-provider","text":"Which provider to use for integration features.
Default: 'none' Valid values: 'none', 'binja', 'ida'
"},{"location":"configuration/config/#integration-smart-enhance","title":"integration-smart-enhance","text":"Use integration to determine when to disassemble during enhancing.
Default: on
"},{"location":"configuration/config/#integration-symbol-lookup","title":"integration-symbol-lookup","text":"Whether to use integration to look up unknown symbols.
Default: on
"},{"location":"configuration/config/#kernel-vmmap","title":"kernel-vmmap","text":"The method to get vmmap information when debugging via QEMU kernel.
Values explained:
page-tables - read /proc/$qemu-pid/mem to parse kernel page tables to render vmmapmonitor - use QEMU's monitor info mem to render vmmapnone - disable vmmap rendering; useful if rendering is particularly slow
Note that the page-tables method will require the QEMU kernel process to be on the same machine and within the same PID namespace. Running QEMU kernel and GDB in different Docker containers will not work. Consider running both containers with --pid=host (meaning they will see and so be able to interact with all processes on the machine).
Default: 'page-tables' Valid values: 'page-tables', 'monitor', 'none'
"},{"location":"configuration/config/#left-pad-disasm","title":"left-pad-disasm","text":"Whether to left-pad disassembly.
Default: on
"},{"location":"configuration/config/#max-visualize-chunk-size","title":"max-visualize-chunk-size","text":"Max display size for heap chunks visualization (0 for display all).
Default: 0
"},{"location":"configuration/config/#nearpc-integration-comments","title":"nearpc-integration-comments","text":"Whether to show comments from integration provider.
Default: on
"},{"location":"configuration/config/#nearpc-lines","title":"nearpc-lines","text":"Number of additional lines to print for the nearpc command.
Default: 10
"},{"location":"configuration/config/#nearpc-num-opcode-bytes","title":"nearpc-num-opcode-bytes","text":"Number of opcode bytes to print for each instruction.
Default: 0
"},{"location":"configuration/config/#nearpc-opcode-separator-bytes","title":"nearpc-opcode-separator-bytes","text":"Number of spaces between opcode bytes.
Default: 1
"},{"location":"configuration/config/#nearpc-show-args","title":"nearpc-show-args","text":"Whether to show call arguments below instruction.
Default: on
"},{"location":"configuration/config/#r2decompiler","title":"r2decompiler","text":"Framework that your ghidra plugin installed.
Default: 'radare2' Valid values: 'radare2', 'rizin'
"},{"location":"configuration/config/#safe-linking","title":"safe-linking","text":"Whether glibc uses safe-linking.
Default: auto Valid values: on, off, auto.
"},{"location":"configuration/config/#show-compact-regs","title":"show-compact-regs","text":"Whether to show a compact register view with columns.
Default: off
"},{"location":"configuration/config/#show-compact-regs-columns","title":"show-compact-regs-columns","text":"The number of columns (0 for dynamic number of columns).
Default: 2
"},{"location":"configuration/config/#show-compact-regs-min-width","title":"show-compact-regs-min-width","text":"The minimum width of each column.
Default: 20
"},{"location":"configuration/config/#show-compact-regs-separation","title":"show-compact-regs-separation","text":"The number of spaces separating columns.
Default: 4
"},{"location":"configuration/config/#show-flags","title":"show-flags","text":"Whether to show flags registers.
Default: off
"},{"location":"configuration/config/#show-retaddr-reg","title":"show-retaddr-reg","text":"Whether to show return address register.
Default: on
"},{"location":"configuration/config/#show-tips","title":"show-tips","text":"Whether to display the tip of the day on startup.
Default: on
"},{"location":"configuration/config/#syntax-highlight","title":"syntax-highlight","text":"Source code / assembly syntax highlight.
Default: on
"},{"location":"configuration/config/#telescope-dont-skip-registers","title":"telescope-dont-skip-registers","text":"Don't skip a repeated line if a registers points to it.
Default: on
"},{"location":"configuration/config/#telescope-frame-print-retaddr","title":"telescope-frame-print-retaddr","text":"Print one pointer past the stack frame.
Default: on
"},{"location":"configuration/config/#telescope-framepointer-offset","title":"telescope-framepointer-offset","text":"Print offset to framepointer for each address, if sufficiently small.
Default: on
"},{"location":"configuration/config/#telescope-lines","title":"telescope-lines","text":"Number of lines to printed by the telescope command.
Default: 8
"},{"location":"configuration/config/#telescope-skip-repeating-val","title":"telescope-skip-repeating-val","text":"Whether to skip repeating values of the telescope command.
Default: on
"},{"location":"configuration/config/#telescope-skip-repeating-val-min","title":"telescope-skip-repeating-val-min","text":"Minimum amount of repeated values before skipping lines.
Default: 3
"},{"location":"configuration/config/#vmmap-prefer-relpaths","title":"vmmap-prefer-relpaths","text":"Show relative paths by default in vmmap.
Default: on
"},{"location":"configuration/heap/","title":"Heap","text":""},{"location":"configuration/heap/#heap","title":"heap","text":""},{"location":"configuration/heap/#glibc","title":"glibc","text":"Glibc version for heap heuristics resolution (e.g. 2.31).
Default: ''
"},{"location":"configuration/heap/#global-max-fast","title":"global-max-fast","text":"The address of global_max_fast.
Default: '0'
"},{"location":"configuration/heap/#heap-corruption-check-limit","title":"heap-corruption-check-limit","text":"Amount of chunks to traverse for the bin corruption check.
The bins are traversed both forwards and backwards.
Default: 64
"},{"location":"configuration/heap/#heap-dereference-limit","title":"heap-dereference-limit","text":"Number of chunks to dereference in each bin.
Default: 8
"},{"location":"configuration/heap/#main-arena","title":"main-arena","text":"The address of main_arena.
Default: '0'
"},{"location":"configuration/heap/#mp","title":"mp","text":"The address of mp_.
Default: '0'
"},{"location":"configuration/heap/#resolve-heap-via-heuristic","title":"resolve-heap-via-heuristic","text":"GDBLLDB The strategy to resolve heap via heuristic.
Values explained:
auto - Pwndbg will try to use heuristics if debug symbols are missingforce - Pwndbg will always try to use heuristics, even if debug symbols are availablenever - Pwndbg will never use heuristics to resolve the heap
If the output of the heap related command produces errors with heuristics, you can try manually setting the libc symbol addresses. For this, see the heap_config command output and set the main_arena, mp_, global_max_fast, tcache and thread_arena addresses.
Note: Pwndbg will generate more reliable results with proper debug symbols. Therefore, when debug symbols are missing, you should try to install them first if you haven't already.
They can probably be installed via the package manager of your choice. See also: https://sourceware.org/gdb/onlinedocs/gdb/Separate-Debug-Files.html .
E.g. on Ubuntu/Debian you might need to do the following steps (for 64-bit and 32-bit binaries):
sudo apt-get install libc6-dbg\nsudo dpkg --add-architecture i386\nsudo apt-get install libc-dbg:i386\n
If you used setup.sh on Arch based distro you'll need to do a power cycle or set environment variable manually like this: export DEBUGINFOD_URLS=https://debuginfod.archlinux.org\n
In addition, even you have the debug symbols of libc, you might still see the following warning when debugging a multi-threaded program:
warning: Unable to find libthread_db matching inferior's thread library, thread\ndebugging will not be available.\n
You'll need to ensure that the correct libthread_db.so is loaded. To do this, set the search path using:
set libthread-db-search-path <path having correct libthread_db.so>\n
Then, restart your program to enable proper thread debugging. Default: 'auto' Valid values: 'auto', 'force', 'never'
The strategy to resolve heap via heuristic.
Values explained:
auto - Pwndbg will try to use heuristics if debug symbols are missingforce - Pwndbg will always try to use heuristics, even if debug symbols are availablenever - Pwndbg will never use heuristics to resolve the heap
If the output of the heap related command produces errors with heuristics, you can try manually setting the libc symbol addresses. For this, see the heap_config command output and set the main_arena, mp_, global_max_fast, tcache and thread_arena addresses.
Note: Pwndbg will generate more reliable results with proper debug symbols. Therefore, when debug symbols are missing, you should try to install them first if you haven't already.
They can probably be installed via the package manager of your choice. See also: https://sourceware.org/gdb/onlinedocs/gdb/Separate-Debug-Files.html .
E.g. on Ubuntu/Debian you might need to do the following steps (for 64-bit and 32-bit binaries):
sudo apt-get install libc6-dbg\nsudo dpkg --add-architecture i386\nsudo apt-get install libc-dbg:i386\n
If you used setup.sh on Arch based distro you'll need to do a power cycle or set environment variable manually like this: export DEBUGINFOD_URLS=https://debuginfod.archlinux.org\n
Default: 'auto' Valid values: 'auto', 'force', 'never'
"},{"location":"configuration/heap/#tcache","title":"tcache","text":"The address pointed by tcache.
Default: '0'
"},{"location":"configuration/heap/#thread-arena","title":"thread-arena","text":"The address pointed by thread_arena.
Default: '0'
"},{"location":"configuration/theme/","title":"Theme","text":""},{"location":"configuration/theme/#theme","title":"theme","text":""},{"location":"configuration/theme/#backtrace-address-color","title":"backtrace-address-color","text":"Color for backtrace (address).
Default: 'none'
"},{"location":"configuration/theme/#backtrace-frame-label","title":"backtrace-frame-label","text":"Frame number label for backtrace.
Default: ''
"},{"location":"configuration/theme/#backtrace-frame-label-color","title":"backtrace-frame-label-color","text":"Color for backtrace (frame label).
Default: 'none'
"},{"location":"configuration/theme/#backtrace-prefix","title":"backtrace-prefix","text":"Prefix for current backtrace label.
Default: '\u25ba'
"},{"location":"configuration/theme/#backtrace-prefix-color","title":"backtrace-prefix-color","text":"Color for prefix of current backtrace label.
Default: 'none'
"},{"location":"configuration/theme/#backtrace-symbol-color","title":"backtrace-symbol-color","text":"Color for backtrace (symbol).
Default: 'none'
"},{"location":"configuration/theme/#banner-color","title":"banner-color","text":"Color for banner line.
Default: 'blue'
"},{"location":"configuration/theme/#banner-separator","title":"banner-separator","text":"Repeated banner separator character.
Default: '\u2500'
"},{"location":"configuration/theme/#banner-title-color","title":"banner-title-color","text":"Color for banner title.
Default: 'none'
"},{"location":"configuration/theme/#banner-title-position","title":"banner-title-position","text":"Banner title position.
Default: 'center' Valid values: 'center', 'left', 'right'
"},{"location":"configuration/theme/#banner-title-surrounding-left","title":"banner-title-surrounding-left","text":"Banner title surrounding char (left side).
Default: '[ '
"},{"location":"configuration/theme/#banner-title-surrounding-right","title":"banner-title-surrounding-right","text":"Banner title surrounding char (right side).
Default: ' ]'
"},{"location":"configuration/theme/#bn-decomp-style","title":"bn-decomp-style","text":"Decompilation highlight theme for Binary Ninja.
Default: 'dark' Valid values: 'dark', 'light'
"},{"location":"configuration/theme/#chain-arrow-color","title":"chain-arrow-color","text":"Color of chain formatting (arrow).
Default: 'normal'
"},{"location":"configuration/theme/#chain-arrow-left","title":"chain-arrow-left","text":"Left arrow of chain formatting.
Default: '\u25c2\u2014'
"},{"location":"configuration/theme/#chain-arrow-right","title":"chain-arrow-right","text":"Right arrow of chain formatting.
Default: '\u2014\u25b8'
"},{"location":"configuration/theme/#chain-contiguous-marker","title":"chain-contiguous-marker","text":"Contiguous marker of chain formatting.
Default: '...'
"},{"location":"configuration/theme/#chain-contiguous-marker-color","title":"chain-contiguous-marker-color","text":"Color of chain formatting (contiguous marker).
Default: 'normal'
"},{"location":"configuration/theme/#code-prefix","title":"code-prefix","text":"Prefix marker for 'context code' command.
Default: '\u25ba'
"},{"location":"configuration/theme/#code-prefix-color","title":"code-prefix-color","text":"Color for 'context code' command (prefix marker).
Default: 'none'
"},{"location":"configuration/theme/#comment-color","title":"comment-color","text":"Color for comment.
Default: 'gray'
"},{"location":"configuration/theme/#context-flag-bracket-color","title":"context-flag-bracket-color","text":"Color for flags register (bracket).
Default: 'none'
"},{"location":"configuration/theme/#context-flag-changed-color","title":"context-flag-changed-color","text":"Color for flags register (flag changed).
Default: 'underline'
"},{"location":"configuration/theme/#context-flag-set-color","title":"context-flag-set-color","text":"Color for flags register (flag set).
Default: 'green,bold'
"},{"location":"configuration/theme/#context-flag-unset-color","title":"context-flag-unset-color","text":"Color for flags register (flag unset).
Default: 'red'
"},{"location":"configuration/theme/#context-flag-value-color","title":"context-flag-value-color","text":"Color for flags register (register value).
Default: 'none'
"},{"location":"configuration/theme/#context-register-changed-color","title":"context-register-changed-color","text":"Color for registers label (change marker).
Default: 'red'
"},{"location":"configuration/theme/#context-register-changed-marker","title":"context-register-changed-marker","text":"Change marker for registers label.
Default: '*'
"},{"location":"configuration/theme/#context-register-color","title":"context-register-color","text":"Color for registers label.
Default: 'bold'
"},{"location":"configuration/theme/#disable-colors","title":"disable-colors","text":"Whether to color the output or not.
Default: off
"},{"location":"configuration/theme/#disasm-branch-color","title":"disasm-branch-color","text":"Color for disasm (branch/call instruction).
Default: 'bold'
"},{"location":"configuration/theme/#enhance-comment-color","title":"enhance-comment-color","text":"Color of value enhance (comment).
Default: 'none'
"},{"location":"configuration/theme/#enhance-integer-value-color","title":"enhance-integer-value-color","text":"Color of value enhance (integer).
Default: 'none'
"},{"location":"configuration/theme/#enhance-string-value-color","title":"enhance-string-value-color","text":"Color of value enhance (string).
Default: 'none'
"},{"location":"configuration/theme/#enhance-unknown-color","title":"enhance-unknown-color","text":"Color of value enhance (unknown value).
Default: 'none'
"},{"location":"configuration/theme/#go-dump-debug","title":"go-dump-debug","text":"Color for 'go-dump' command's debug info when --debug is specified.
Default: 'blue'
"},{"location":"configuration/theme/#hexdump-address-color","title":"hexdump-address-color","text":"Color for hexdump command (address label).
Default: 'none'
"},{"location":"configuration/theme/#hexdump-ascii-block-separator","title":"hexdump-ascii-block-separator","text":"Block separator char of the hexdump command.
Default: '\u2502'
"},{"location":"configuration/theme/#hexdump-byte-separator","title":"hexdump-byte-separator","text":"Separator of single bytes in hexdump (does NOT affect group separator).
Default: ' '
"},{"location":"configuration/theme/#hexdump-colorize-ascii","title":"hexdump-colorize-ascii","text":"Whether to colorize the hexdump command ascii section.
Default: on
"},{"location":"configuration/theme/#hexdump-highlight-group-lsb","title":"hexdump-highlight-group-lsb","text":"Highlight LSB of each group.
Applies only if hexdump-use-big-endian actually changes byte order.
Default: 'underline'
"},{"location":"configuration/theme/#hexdump-normal-color","title":"hexdump-normal-color","text":"Color for hexdump command (normal bytes).
Default: 'none'
"},{"location":"configuration/theme/#hexdump-offset-color","title":"hexdump-offset-color","text":"Color for hexdump command (offset label).
Default: 'none'
"},{"location":"configuration/theme/#hexdump-printable-color","title":"hexdump-printable-color","text":"Color for hexdump command (printable characters).
Default: 'bold'
"},{"location":"configuration/theme/#hexdump-separator-color","title":"hexdump-separator-color","text":"Color for hexdump command (group separator).
Default: 'none'
"},{"location":"configuration/theme/#hexdump-special-color","title":"hexdump-special-color","text":"Color for hexdump command (special bytes).
Default: 'yellow'
"},{"location":"configuration/theme/#hexdump-zero-color","title":"hexdump-zero-color","text":"Color for hexdump command (zero bytes).
Default: 'red'
"},{"location":"configuration/theme/#highlight-breakpoints","title":"highlight-breakpoints","text":"Whether to highlight breakpoints.
Default: on
"},{"location":"configuration/theme/#highlight-color","title":"highlight-color","text":"Color added to highlights like source/pc.
Default: 'green,bold'
"},{"location":"configuration/theme/#highlight-pc","title":"highlight-pc","text":"Whether to highlight the current instruction.
Default: on
"},{"location":"configuration/theme/#highlight-source","title":"highlight-source","text":"Whether to highlight the closest source line.
Default: on
"},{"location":"configuration/theme/#memory-code-color","title":"memory-code-color","text":"Color for executable memory.
Default: 'red'
"},{"location":"configuration/theme/#memory-data-color","title":"memory-data-color","text":"Color for all other writable memory.
Default: 'purple'
"},{"location":"configuration/theme/#memory-guard-color","title":"memory-guard-color","text":"Color added to all guard pages (no perms).
Default: 'cyan'
"},{"location":"configuration/theme/#memory-heap-color","title":"memory-heap-color","text":"Color for heap memory.
Default: 'blue'
"},{"location":"configuration/theme/#memory-rodata-color","title":"memory-rodata-color","text":"Color for all read only memory.
Default: 'normal'
"},{"location":"configuration/theme/#memory-stack-color","title":"memory-stack-color","text":"Color for stack memory.
Default: 'yellow'
"},{"location":"configuration/theme/#memory-wx-color","title":"memory-wx-color","text":"Color added to all WX memory.
Default: 'underline'
"},{"location":"configuration/theme/#message-breakpoint-color","title":"message-breakpoint-color","text":"Color of breakpoint messages.
Default: 'yellow'
"},{"location":"configuration/theme/#message-debug-color","title":"message-debug-color","text":"Color of debug messages.
Default: 'blue'
"},{"location":"configuration/theme/#message-error-color","title":"message-error-color","text":"Color of error messages.
Default: 'red'
"},{"location":"configuration/theme/#message-exit-color","title":"message-exit-color","text":"Color of exit messages.
Default: 'red'
"},{"location":"configuration/theme/#message-hint-color","title":"message-hint-color","text":"Color of hint and marker messages.
Default: 'yellow'
"},{"location":"configuration/theme/#message-info-color","title":"message-info-color","text":"Color of info messages.
Default: 'white'
"},{"location":"configuration/theme/#message-notice-color","title":"message-notice-color","text":"Color of notice messages.
Default: 'purple'
"},{"location":"configuration/theme/#message-signal-color","title":"message-signal-color","text":"Color of signal messages.
Default: 'bold,red'
"},{"location":"configuration/theme/#message-status-off-color","title":"message-status-off-color","text":"Color of off status messages.
Default: 'red'
"},{"location":"configuration/theme/#message-status-on-color","title":"message-status-on-color","text":"Color of on status messages.
Default: 'green'
"},{"location":"configuration/theme/#message-success-color","title":"message-success-color","text":"Color of success messages.
Default: 'green'
"},{"location":"configuration/theme/#message-system-color","title":"message-system-color","text":"Color of system messages.
Default: 'light-red'
"},{"location":"configuration/theme/#message-warning-color","title":"message-warning-color","text":"Color of warning messages.
Default: 'yellow'
"},{"location":"configuration/theme/#nearpc-address-color","title":"nearpc-address-color","text":"Color for nearpc command (address).
Default: 'normal'
"},{"location":"configuration/theme/#nearpc-argument-color","title":"nearpc-argument-color","text":"Color for nearpc command (target argument).
Default: 'bold'
"},{"location":"configuration/theme/#nearpc-branch-marker","title":"nearpc-branch-marker","text":"Branch marker line for nearpc command.
Default: ' \u2193'
"},{"location":"configuration/theme/#nearpc-branch-marker-color","title":"nearpc-branch-marker-color","text":"Color for nearpc command (branch marker line).
Default: 'normal'
"},{"location":"configuration/theme/#nearpc-branch-marker-contiguous","title":"nearpc-branch-marker-contiguous","text":"Contiguous branch marker line for nearpc command.
Default: ' '
"},{"location":"configuration/theme/#nearpc-breakpoint-color","title":"nearpc-breakpoint-color","text":"Color for nearpc command (breakpoint marker).
Default: 'red'
"},{"location":"configuration/theme/#nearpc-breakpoint-prefix","title":"nearpc-breakpoint-prefix","text":"Breakpoint marker for nearpc command.
Default: 'b+'
"},{"location":"configuration/theme/#nearpc-integration-comments-color","title":"nearpc-integration-comments-color","text":"Color for nearpc command (integration comments).
Default: 'bold'
"},{"location":"configuration/theme/#nearpc-prefix","title":"nearpc-prefix","text":"Prefix marker for nearpc command.
Default: '\u25ba'
"},{"location":"configuration/theme/#nearpc-prefix-color","title":"nearpc-prefix-color","text":"Color for nearpc command (prefix marker).
Default: 'none'
"},{"location":"configuration/theme/#nearpc-symbol-color","title":"nearpc-symbol-color","text":"Color for nearpc command (symbol).
Default: 'normal'
"},{"location":"configuration/theme/#nearpc-syscall-name-color","title":"nearpc-syscall-name-color","text":"Color for nearpc command (resolved syscall name).
Default: 'red'
"},{"location":"configuration/theme/#prompt-alive-color","title":"prompt-alive-color","text":"Prompt alive color.
Default: 'bold,green'
"},{"location":"configuration/theme/#prompt-color","title":"prompt-color","text":"Prompt color.
Default: 'bold,red'
"},{"location":"configuration/theme/#syntax-highlight-style","title":"syntax-highlight-style","text":"Source code / assembly syntax highlight stylename of pygments module.
Default: 'monokai'
"},{"location":"configuration/theme/#telescope-offset-color","title":"telescope-offset-color","text":"Color of the telescope command (offset prefix).
Default: 'normal'
"},{"location":"configuration/theme/#telescope-offset-delimiter","title":"telescope-offset-delimiter","text":"Offset delimiter of the telescope command.
Default: ':'
"},{"location":"configuration/theme/#telescope-offset-delimiter-color","title":"telescope-offset-delimiter-color","text":"Color of the telescope command (offset delimiter).
Default: 'normal'
"},{"location":"configuration/theme/#telescope-offset-separator","title":"telescope-offset-separator","text":"Offset separator of the telescope command.
Default: '\u2502'
"},{"location":"configuration/theme/#telescope-offset-separator-color","title":"telescope-offset-separator-color","text":"Color of the telescope command (offset separator).
Default: 'normal'
"},{"location":"configuration/theme/#telescope-register-color","title":"telescope-register-color","text":"Color of the telescope command (register).
Default: 'bold'
"},{"location":"configuration/theme/#telescope-repeating-marker","title":"telescope-repeating-marker","text":"Repeating values marker of the telescope command.
Default: '... \u2193'
"},{"location":"configuration/theme/#telescope-repeating-marker-color","title":"telescope-repeating-marker-color","text":"Color of the telescope command (repeating values marker).
Default: 'normal'
"},{"location":"contributing/","title":"Contributing Guide","text":""},{"location":"contributing/#contributing-overview","title":"Contributing Overview","text":"Thank you for your interest in contributing to Pwndbg!
Note that while it is recommended that your pull request (PR) links to an issue (which can be used for discussing the bug / feature), you do not need to be assigned to it - just create the PR and it will be reviewed.
To start, install Pwndbg from source and set it up for development. For common tasks see:
- Adding a command
- Adding a configuration option
- Improving annotations
Regardless of the contents of your PR, you will need to lint and test your code so make sure to read those sections. It is also likely you will need to update the documentation.
Read General developer notes to get more familiar with the various systems in place in Pwndbg. If you have any questions don't hesitate to ask us on our discord server!
"},{"location":"contributing/#linting","title":"Linting","text":"The lint.sh script runs isort, ruff, shfmt, and vermin. isort and ruff (mostly) are able to automatically fix any issues they detect. You may apply all available fixes by running
./lint.sh -f\n
Note
You can find the configuration files for these tools in pyproject.toml or by checking the arguments passed inside lint.sh.
When submitting a PR, the continuous integration (CI) job defined in .github/workflows/lint.yml will verify that running ./lint.sh succeeds, otherwise the job will fail and we won't be able to merge your PR.
It is recommended to enable the pre-push git hook to run the lint if you haven't already done so. You may re-run ./setup-dev.sh to set it.
"},{"location":"contributing/#running-tests","title":"Running tests","text":"Your PR will not be merged without passing the testing CI. Moreover, it is highly recommended you write a new test or update an existing test whenever adding new functionality to Pwndbg. To see how to do this, check out Writing tests.
To run the tests in the same environment as the testing CI, you can use the following docker commands.
# General (x86_64) test suite\ndocker compose run --rm --build ubuntu24.04-mount ./tests.sh\n# Cross-architecture tests\ndocker compose run --rm --build ubuntu24.04-mount ./crossarch-tests.sh\n# Kernel tests (x86_64 and aarch64)\ndocker compose run --rm --build ubuntu24.04-mount ./kernel-tests.sh\n# Unit tests\ndocker compose run --rm --build ubuntu24.04-mount ./unit-tests.sh\n
This comes in handy particularly for cross-architecture tests because the docker environment has all the cross-compilers installed. The active pwndbg directory is mounted, preventing the need for a full rebuild whenever you update the codebase. Remove the -mount if you want the tests to run from a clean slate (no files are mounted, meaning all binaries are recompiled each time).
If you wish to focus on some failing tests, you can filter the tests to run by providing an argument to the script, such as <docker..> ./tests.sh heap, which will only run tests that contain \"heap\" in the name. See ./tests.sh --help for more information and other options. You can also do this with the cross-arch and kernel tests.
If you want to, you may also run the tests with nix or run them bare.
"},{"location":"contributing/#running-tests-with-nix","title":"Running tests with nix","text":"You will need to build a nix-compatible gdbinit.py file, which you can do with
nix build .#pwndbg-dev\n
Then simply run the test by adding the --nix flag: ./tests.sh --nix [filter]\n
"},{"location":"contributing/#running-without-docker","title":"Running without docker","text":"If you wish to improve Pwndbg support for your distribution (or the testing infrastructure) you may run the testing suite without the docker container.
The commands are analogous to the docker commands.
# General (x86_64) test suite\n./tests.sh\n# Cross-architecture tests\n./crossarch-tests.sh\n# Kernel tests (x86_64 and aarch64)\n./kernel-tests.sh\n# Unit tests\n./unit-tests.sh\n
"},{"location":"contributing/#updating-documentation","title":"Updating Documentation","text":"All the documentation is written in markdown files in the ./docs/ folder. The docs are built into a website using mkdocs (you may see the configuration in ./mkdocs.yml), pushed to the gh-pages branch, and published via github pages. All of this happens in the CI.
In general, for your PR to be accepted you will only need to Update the auto-generated documentation.
"},{"location":"contributing/#update-the-auto-generated-documentation","title":"Update the auto-generated documentation","text":"The ./docs/commands, ./docs/functions, and ./docs/configuration folders are automatically generated1 by extracting the necessary information from the source code. If your changes modify things like a command's description, a configuration's valid values, a convenience function's arguments - i.e. pretty much anything that's user-facing - you must run
./scripts/generate-docs.sh\n
to update the documentation. You need to have a supported version of GDB and LLDB installed for this to work. Commit these changes in a separate commit. If you forget to do that the CI will detect a discrepency between the documentation and source code (using the ./scripts/verify-docs.sh script, which you may also invoke yourself) and prevent your PR from being merged (until you push new changes, re-running the CI).
"},{"location":"contributing/#manual-updates","title":"Manual updates","text":"Of course, if you wish to update some other part of the documentation, you may simply modify the necessary markdown files. All autogenerated files (or parts of files) will have noticable markers written as markdown comments, for instance:
<!-- THIS PART OF THIS FILE IS AUTOGENERATED. DO NOT MODIFY IT. See scripts/generate-docs.sh -->\n
In case you want to add something that cannot be cleanly viewed from the debugger, like a video, screenshot, or long example, every command markdown file also has a dedicated part at the bottom for hand-written text which you can use. The ./scripts/generate-docs.sh script will never delete these hand-written parts, so if you are for instance renaming a command you will have to transfer this part by copy pasting it to the new file. If you wish to preview the documentation locally, you may do so by running:
./scripts/docs-live.sh\n
The build will take some time due to the Source section being built. You may disable this by temporarily commenting these lines - api-autonav:\n modules: ['pwndbg']\n nav_section_title: \"Source\"\n
in the mkdocs.yml file. This will provide much faster build times (but make sure not to commit those changes!). Visit http://127.0.0.1:8000/pwndbg/ to see the docs. Note that the Home section will not be available (it is generated in the CI by copying the README.md), and the site will lack the version selector. -
Actually, the ./docs/configuration/index.md file is hand-written, and the intro text to the ./docs/functions/index.md file is defined in the doc generating file's source code.\u00a0\u21a9
"},{"location":"contributing/adding-a-command/","title":"Adding a Command","text":""},{"location":"contributing/adding-a-command/#command-skeleton","title":"Command skeleton","text":"To add a command to Pwndbg, create a new python file in pwndbg/commands/my_command.py where my_command is the name of the command you want to add. The most basic command looks like this:
import argparse\nimport pwndbg.commands\n\nparser = argparse.ArgumentParser(description=\"Command description.\")\nparser.add_argument(\"arg\", type=str, help=\"An example argument.\")\n\n@pwndbg.commands.Command(parser, category=pwndbg.commands.CommandCategory.MISC)\ndef my_command(arg: str) -> None:\n \"\"\"Print the argument\"\"\"\n print(f\"Argument is {arg}\")\n
Next, import this file in the load_commands function in pwndbg/commands/__init__.py. That's all you need to get it working!
pwndbg> my-command foo\nArgument is foo\n
"},{"location":"contributing/adding-a-command/#getting-started","title":"Getting started","text":"Let's see what arguments the @pwndbg.commands.Command decorator takes. It is defined in pwndbg/commands/__init__.py:
def __init__(\n self,\n parser_or_desc: argparse.ArgumentParser | str,\n *, # All further parameters are not positional\n category: CommandCategory,\n command_name: str | None = None,\n aliases: List[str] = [],\n examples: str = \"\",\n notes: str = \"\",\n only_debuggers: Set[pwndbg.dbg_mod.DebuggerType] = None,\n exclude_debuggers: Set[pwndbg.dbg_mod.DebuggerType] = None,\n ) -> None:\n # ...\n
We will cover the first four arguments now, and come back to the rest later. If your command takes no arguments you can pass the description of the command as the first argument (parser_or_desc) to the constructor. Otherwise you will be passing an argparse.ArgumentParser object there.
The only other required argument is category. The category determines how commands are grouped together in the output of the pwndbg command and in the documentation. Peruse the list of all commands inside a debugger (by running the pwndbg command) and decide in which category your command fits best. The enum of all command categories is defined at the top of the pwndbg/commands/__init__.py file.
"},{"location":"contributing/adding-a-command/#picking-a-command-name","title":"Picking a command name","text":"Next, the command_name argument. It is optional because if it is not specified the command name will be the same as the function you used to define the command (except the underscores are replaced with dashes). As such, it is generally not needed to specify this argument.
That being said, it is important to pick a good name for your command. Ideally your command name should be one to two words that are not delimited by a dash (e.g. errno, libcinfo, buddydump) since that is easiest to remember and type.
If your command is porting behavior from some other debugger or tool, you should consider using the same name they use so users don't need to relearn it when switching.
If the command name contains three or more words, you should use dashes to make it more legible. If that is the case, or if the name is long, consider providing an alias that makes it quicker to type (like vis-heap-chunks [vis]).
You provide aliases to a command by specifying a list of strings to the aliases argument. Again, you may provide aliases to help users transitioning from other tools/debuggers (e.g. nearpc [pdisass, u]).
"},{"location":"contributing/adding-a-command/#the-arguments-your-command-will-take","title":"The arguments your command will take","text":"We are using argparse.ArgumentParser from the python standard library to define command arguments. Take a look at the python documentation to see how it works. Let's take a look at an example from the source (the setflag command):
parser = argparse.ArgumentParser(description=\"Modify the flags register.\")\n\nparser.add_argument(\n \"flag\",\n type=str,\n help=\"Flag for which you want to change the value\"\n )\n\nparser.add_argument(\n \"value\",\n type=int,\n help=\"Value to which you want to set the flag - only valid options are 0 and 1\",\n)\n
For usage inside Pwndbg, to instantiate an argparse.ArgumentParser object, you must pass the description argument and may pass the epilog argument. Everything else, including prog, usage, formatter_class etc. will be set up by Pwndbg (by the @pwndbg.commands.Command decorator). Here we see only the description was provided. Add arguments to your command with parser.add_argument. Again, consult the python documentation for an explanation. One nice thing specific to Pwndbg is that by setting an argument's type to int, it will also accept debugger values and symbols that can resolve to an int. For instance:
pwndbg> setflag ZF (1-1)\nSet flag ZF=0 in flag register eflags (old val=0x206, new val=0x206)\npwndbg> setflag ZF $rdi\nSet flag ZF=1 in flag register eflags (old val=0x246, new val=0x246)\npwndbg> setflag ZF (int)main^(int)main\nSet flag ZF=0 in flag register eflags (old val=0x246, new val=0x206)\n
Be careful when deciding which arguments are positional, and which are optional. Especially take care if you have positional arguments which are not required, think about which of those will be specified more often by users and put them first. Your function signature should match the arguments you defined with argparse (and their order!), unsurprisingly the setflag function has this signature:
def setflag(flag: str, value: int) -> None:\n
You can see the help of your command with my_command -h or help my_command, so for setflag: pwndbg> help setflag\nusage: setflag [-h] flag value\n\nModify the flags register.\n\npositional arguments:\n flag Flag for which you want to change the value\n value Value to which you want to set the flag - only valid options are 0 and 1\n\noptions:\n -h, --help show this help message and exit\n\nExamples:\nOn X86/X64:\n setflag ZF 1 -- set zero flag\n setflag CF 0 -- unset carry flag\n\nOn ARM:\n setflag Z 0 -- unset the Z cpsr/xpsr flag\n\nTo see flags registers:\n info reg eflags -- on x86/x64\n info reg cpsr/xpsr -- on ARM (specific register may vary)\n\nNotes:\nThis command supports flags registers that are defined for architectures in the pwndbg/regs.py file.\n\nAlias: flag\n
Eh? Where is all that extra text coming from? Well the Alias: flag line is being automatically generated by Pwndbg but..."},{"location":"contributing/adding-a-command/#examples-notes-and-debugger-support","title":"Examples, notes, and debugger support","text":"Coming back to the arguments of the pwndbg.commands.Command constructor:
def __init__(\n self,\n parser_or_desc: argparse.ArgumentParser | str,\n *, # All further parameters are not positional\n category: CommandCategory,\n command_name: str | None = None,\n aliases: List[str] = [],\n examples: str = \"\", # <--- we left off here\n notes: str = \"\",\n only_debuggers: Set[pwndbg.dbg_mod.DebuggerType] = None,\n exclude_debuggers: Set[pwndbg.dbg_mod.DebuggerType] = None,\n ) -> None:\n # ...\n
You may supply the examples and notes arguments to add additional text at the end of the command's help. It is defined like so for setflag: @pwndbg.commands.Command(\n parser,\n aliases=[\"flag\"],\n category=CommandCategory.REGISTER,\n examples=\"\"\"\nOn X86/X64:\n setflag ZF 1 -- set zero flag\n setflag CF 0 -- unset carry flag\n\nOn ARM:\n setflag Z 0 -- unset the Z cpsr/xpsr flag\n\nTo see flags registers:\n info reg eflags -- on x86/x64\n info reg cpsr/xpsr -- on ARM (specific register may vary)\n \"\"\",\n notes=\"\"\"\nThis command supports flags registers that are defined for architectures in the pwndbg/regs.py file.\n \"\"\",\n)\n@pwndbg.commands.OnlyWhenRunning\ndef setflag(flag: str, value: int) -> None:\n # ....\n
When writing this (and the command description for that matter), you should consider what it will look like in the documentation after being parsed as markdown. As for only_debuggers and exclude_debuggers, you must use (usually one of) them if your command does not work an all debuggers that Pwndbg supports. For instance, if it uses some features from pwndbg.gdblib (which should be avoided if at all possible). In such a case, you probably also need to conditionally import it in the load_commands function.
"},{"location":"contributing/adding-a-command/#can-your-command-be-invoked-all-the-time","title":"Can your command be invoked all the time?","text":"In most cases a command cannot be legally invoked at every moment in a debugging session, or for every debugging session. For instance, you can't use heap commands if the heap isn't initialized yet, you can't use kernel commands if you're not debugging a kernel.
To make sure these cases are properly handled, Pwndbg provides certain decorators. They are defined in pwndbg/commands/__init__.py. Check the source to see an up-to-date list, but here are some important ones:
OnlyWhenRunning\nOnlyWhenLocal\nOnlyWithFile\nOnlyWhenQemuKernel\nOnlyWhenUserspace\nOnlyWithKernelDebugSyms\nOnlyWhenPagingEnabled\nOnlyWithTcache\nOnlyWhenHeapIsInitialized\nOnlyWithResolvedHeapSyms\n
Feel free to add more of these decorators yourself! Another very important one is OnlyWithArch, defined in pwndbg/aglib/proc.py. Does your command work on all architectures? If not, make sure to specify this decorator and pass in the architectures which you do support.
"},{"location":"contributing/adding-a-command/#actually-implementing-the-command","title":"Actually implementing the command","text":"There is no single right way to do it. You will want to read the source of some similar commands and see how they work. Check out the general developer notes, and feel free to ask a question on the discord server. Good luck!
"},{"location":"contributing/adding-a-parameter/","title":"Adding a Configuration Option","text":"Configuration options are also called \"parameters\" in the source. Let's take a look at an existing parameter gdb-workaround-stop-event defined in pwndbg/gdblib/events.py.
DISABLED = \"disabled\"\nDISABLED_DEADLOCK = \"disabled-deadlock\"\nENABLED = \"enabled\"\n\ngdb_workaround_stop_event = config.add_param(\n \"gdb-workaround-stop-event\",\n DISABLED,\n \"asynchronous stop events to improve 'commands' functionality\",\n help_docstring=f\"\"\"\nNote that this may cause unexpected behavior with Pwndbg or gdb.execute.\n\nValues explained:\n\n+ `{DISABLED}` - Disable the workaround (default).\n+ `{DISABLED_DEADLOCK}` - Disable only deadlock detection; deadlocks may still occur.\n+ `{ENABLED}` - Enable asynchronous stop events; gdb.execute may behave unexpectedly (asynchronously).\n \"\"\",\n param_class=pwndbg.lib.config.PARAM_ENUM,\n enum_sequence=[DISABLED, DISABLED_DEADLOCK, ENABLED],\n)\n
To understand it, let's also look at the signature of the Config.add_param function defined in pwndbg/lib/config.py: def add_param(\n self,\n name: str,\n default: Any,\n set_show_doc: str,\n *,\n help_docstring: str = \"\",\n param_class: int | None = None,\n enum_sequence: Sequence[str] | None = None,\n scope: Scope = Scope.config,\n ) -> Parameter:\n # ...\n
So, the first argument specifies the name by which the parameter will be used inside the debugger. The second argument specifies the default value of the parameter."},{"location":"contributing/adding-a-parameter/#set_show_doc","title":"set_show_doc","text":"The third argument is a very brief description of what the parameter is for. The argument is called set_show_doc due to how it is used in GDB.
pwndbg> set gdb-workaround-stop-event enabled\nSet asynchronous stop events to improve 'commands' functionality to 'enabled'.\n |------------------------------------------------------------|\n
pwndbg> show gdb-workaround-stop-event\nAsynchronous stop events to improve 'commands' functionality is 'enabled'. [...]\n|-----------------------------------------------------------|\n
It is therefore recommended to use a noun phrase rather than describe an action. However, it sometimes may be necessary to break this rule to retain the brevity of the description. The set_show_doc argument should be short because it is displayed with the config family of commands.
pwndbg> config\nName Documentation Value (Default)\n----------------------------------------------------------------------------------------------------------------------------\nai-anthropic-api-key Anthropic API key ''\nai-history-size maximum number of questions and answers to keep in the prompt 3\nai-max-tokens the maximum number of tokens to return in the response 100\nai-model the name of the large language model to query 'gpt-3.5-turbo'\nai-ollama-endpoint Ollama API endpoint ''\nai-openai-api-key OpenAI API key ''\nai-show-usage whether to show how many tokens are used with each OpenAI API call off\nai-stack-depth rows of stack context to include in the prompt for the ai command 16\nai-temperature the temperature specification for the LLM query 0\nattachp-resolution-method how to determine the process to attach when multiple candidates exists 'ask'\nauto-explore-auxv stack exploration for AUXV information; it may be really slow 'warn'\nauto-explore-pages whether to try to infer page permissions when memory maps are missing 'warn'\nauto-explore-stack stack exploration; it may be really slow 'warn'\nauto-save-search automatically pass --save to \"search\" command off\nbn-autosync whether to automatically run bn-sync every step off\n[...]\n
Because of the various contexts in which a parameter can be show, the first letter of the set_show_doc string should be lowercase (unless the first word is a name or an abbreviation) and there should be no punctuation at the end. This way, Pwndbg and GDB can more easily modify the string to fit it into these contexts."},{"location":"contributing/adding-a-parameter/#help_docstring","title":"help_docstring","text":"While help_docstring is not mandatory, it is highly recommended to use it. Put a detailed explanation of what the parameter does here, and explain any caveats. This string does not have a size limit and is shown with the following command in GDB and LLDB:
pwndbg> help set gdb-workaround-stop-event\nSet asynchronous stop events to improve 'commands' functionality.\nNote that this may cause unexpected behavior with Pwndbg or gdb.execute.\n\nValues explained:\n\n+ `disabled` - Disable the workaround (default).\n+ `disabled-deadlock` - Disable only deadlock detection; deadlocks may still occur.\n+ `enabled` - Enable asynchronous stop events; gdb.execute may behave unexpectedly (asynchronously).\n\nDefault: 'disabled'\nValid values: 'disabled', 'disabled-deadlock', 'enabled'\n
Note that the last two lines are automatically generated by Pwndbg. When writing this explanation, it is important to take into account how it will be displayed in the documentation after being parsed as markdown. See what gdb-workaround-stop-event looks like here: https://pwndbg.re/pwndbg/dev/configuration/config/#gdb-workaround-stop-event . If there wasn't an empty line between Values explained: and + `disabled`.. the list wouldn't have rendered properly.
"},{"location":"contributing/adding-a-parameter/#param_class","title":"param_class","text":"This argument describes the type of the parameter. It will be used by GDB to perform input validation when the parameter is being set so it is important to set this to the correct value. The possible values are defined in pwndbg/lib/config.py, use the most restrictive one that fits:
# Boolean value. True or False, same as in Python.\nPARAM_BOOLEAN = 0\n# Boolean value, or 'auto'.\nPARAM_AUTO_BOOLEAN = 1\n# Signed integer value. Disallows zero.\nPARAM_INTEGER = 2\n# Signed integer value.\nPARAM_ZINTEGER = 3\n# Unsigned integer value. Disallows zero.\nPARAM_UINTEGER = 4\n# Unsigned integer value.\nPARAM_ZUINTEGER = 5\n# Unlimited ZUINTEGER.\nPARAM_ZUINTEGER_UNLIMITED = 6\n# String value. Accepts escape sequences.\nPARAM_STRING = 7\n# String value, accepts only one of a number of possible values, specified at\n# parameter creation.\nPARAM_ENUM = 8\n# String value corresponding to the name of a file, if present.\nPARAM_OPTIONAL_FILENAME = 9\n
For more information (for instance about what None or \"unlimited\" mean) see https://sourceware.org/gdb/current/onlinedocs/gdb.html/Parameters-In-Python.html ."},{"location":"contributing/adding-a-parameter/#enum_sequence","title":"enum_sequence","text":"If the param_class is set to pwndbg.lib.config.PARAM_ENUM then the enum_sequence argument must be supplied as well. It should constitute an array of legal values. GDB and (our) LLDB (driver) won't allow setting the parameter to any other value. The legal values will be automatically displayed at the end of help_docstring as previously shown.
If it isn't immediately obvious what the enum values do, explain them in help_docstring using same format that gdb-workaround-stop-event uses.
"},{"location":"contributing/adding-a-parameter/#scope","title":"scope","text":"The scope argument has the default value of pwndbg.lib.config.Scope.config and is used to group parameters. The legal values are:
class Scope(Enum):\n # If you want to add another scope here, don't forget to add\n # a command which prints it!\n config = 1\n theme = 2\n heap = 3\n
The parameters of each scope are printed using a different command. The config scope is printed with config, the heap scope is printed with heap-config and the theme scope is printed with theme. The config and theme scopes also have corresponding configfile and themefile commands which export the values of all the parameters from those scopes."},{"location":"contributing/adding-a-parameter/#the-theme-scope","title":"The theme scope","text":"You should never directly pass this scope to pwndbg.config.add_param. Instead use the pwndbg.color.theme.add_param and pwndbg.color.theme.add_color_param wrapper commands like this:
# pwndbg/aglib/nearpc.py\nnearpc_branch_marker = pwndbg.color.theme.add_param(\n \"nearpc-branch-marker\", \" \u2193\", \"branch marker line for nearpc command\"\n)\n
# pwndbg/color/context.py\nconfig_highlight_color = theme.add_color_param(\n \"highlight-color\", \"green,bold\", \"color added to highlights like source/pc\"\n)\n
"},{"location":"contributing/adding-a-parameter/#using-the-parameter-in-code","title":"Using the parameter in code","text":"Usually when a parameter is defined its value is also set to a variable, for instance gdb_workaround_stop_event = ... in the initial example. This isn't necessary, as all registered parameters are available as pwndbg.config.<parameter_name_except_with_underscores> so in our example, we could also access the gdb-workaround-stop-event parameter as pwndbg.config.gdb_workaround_stop_event.
That being said, defining the variable can reduce code verbosity:
# pwndbg/aglib/godbg.py\nline_width = pwndbg.config.add_param(\n \"go-dump-line-width\", 80, \"the soft line width for go-dump pretty printing\"\n)\n
Since the variable is scoped to the godbg.py file, its name can be short, and we don't have to write pwndbg.config.go_dump_line_width every time."},{"location":"contributing/adding-a-parameter/#using-color-parameters","title":"Using color parameters","text":"Note that the theme.add_color_param() function returns a ColorParameter object instead of a Parameter. The parameter should be used via its color_function() method:
# pwndbg/aglib/godbg.py\ndef fmt_debug(self, val: str, default: str = \"\") -> str:\n if self.debug:\n return debug_color.color_function(val)\n else:\n return default\n
Though you will also see generateColorFunction(debug_color)(val) being used in the code to the same effect."},{"location":"contributing/dev-notes/","title":"Developer Notes","text":""},{"location":"contributing/dev-notes/#random-developer-notes","title":"Random developer notes","text":"Feel free to update the list below!
-
If you want to play with Pwndbg functions under GDB, you can always use GDB's pi which launches python interpreter or just py <some python line>.
-
If you want to do the same in LLDB, you should type lldb, followed by script, which brings up an interactive Python REPL. Don't forget to import pwndbg!
-
Do not access debugger-specific functionality - eg. anything that uses the gdb, lldb, or gdblib modules - from outside the proper module in pwndbg.dbg.
-
Use aglib instead of gdblib, as the latter is in the process of being removed. Both modules should have nearly identical interfaces, so doing this should be a matter of typing pwndbg.aglib.X instead of pwndbg.gdblib.X. Ideally, an issue should be opened if there is any functionality present in gdblib that's missing from aglib.
-
We have our own pwndbg.config.Parameter - read about it in Adding a Configuration Option.
-
The dashboard/display/context we are displaying is done by pwndbg/commands/context.py which is invoked through GDB's and LLDB's prompt hook, which are defined, respectively, in pwndbg/gdblib/prompt.py as prompt_hook_on_stop, and in pwndb/dbg/lldb/hooks.py as prompt_hook.
-
We change a bit GDB settings - this can be seen in pwndbg/dbg/gdb.py under GDB.setup - there are also imports for all Pwndbg submodules.
-
Pwndbg has its own event system, and thanks to it we can set up code to be invoked in response to them. The event types and the conditions in which they occurr are defined and documented in the EventType enum, and functions are registered to be called on events with the @pwndbg.dbg.event_handler decorator. Both the enum and the decorator are documented in pwndbg/dbg/__init__.py.
-
We have a caching mechanism (\"memoization\") which we use through Python's decorators - those are defined in pwndbg/lib/cache.py - just check its usages
-
To block a function before the first prompt was displayed use the pwndbg.decorators.only_after_first_prompt decorator.
-
Memory accesses should be done through pwndbg/aglib/memory.py functions.
-
Process properties can be retrieved thanks to pwndbg/aglib/proc.py - e.g. using pwndbg.aglib.proc.pid will give us current process pid
-
We have a wrapper for handling exceptions that are thrown by commands - defined in pwndbg/exception.py - current approach seems to work fine - by using set exception-verbose on - we get a stacktrace. If we want to debug stuff we can always do set exception-debugger on.
-
Some of Pwndbg's functionality require us to have an instance of pwndbg.dbg.Value - the problem with that is that there is no way to define our own types in either GDB or LLDB - we have to ask the debugger if it detected a particular type in this particular binary (that sucks). We do that in pwndbg/aglib/typeinfo.py and it works most of the time. The known bug with that is that it might not work properly for Golang binaries compiled with debugging symbols.
"},{"location":"contributing/dev-notes/#support-for-multiple-debuggers","title":"Support for Multiple Debuggers","text":"Pwndbg is a tool that supports multiple debuggers, and so using debugger-specific functionality outside of pwndbg.dbg.X is generally discouraged, with one imporant caveat, that we will get into later. When adding code to Pwndbg, one must be careful with the functionality being used.
"},{"location":"contributing/dev-notes/#the-debugger-api","title":"The Debugger API","text":"Our support for multiple debuggers is primarily achieved through use of the Debugger API, found under pwndbg/dbg/, which defines a terse set of debugging primitives that can then be built upon by the rest of Pwndbg. It comprises two parts: the interface, and the implementations. The interface contains the abstract classes and the types that lay out the \"shape\" of the functionality that may be used by the rest of Pwndbg, and the implementations, well, implement the interface on top of each supported debugger.
As a matter of clarity, it makes sense to think of the Debugger API as a debugger-agnostic version of the lldb and gdb Python modules. Compared to both modules, it is much closer in spirit to lldb than to gdb.
It is important to note that a lot of care must be exercised when adding things to the Debugger API, as one must always add implementations for all supported debuggers of whatever new functionality is being added, even if only to properly gate off debuggers in which the functionality is not supported. Additionally, it is important to keep the Debugger API interfaces as terse as possible in order to reduce code duplication. As a rule of thumb, if all the implementations of an interface are expected to share code, that interface is probably better suited for aglib, and it should be further broken down into its primitives, which can then be added to the Debugger API.
Some examples of debugging primitives are memory reads, memory writes, memory map acquisition, symbol lookup, register reads and writes, and execution frames. These are all things that one can find in both the GDB and LLDB APIs.
The entry point for the Debugger API is pwndbg.dbg, though most process-related methods are accessed through a Process object. Unless you really know what you're doing, you're going to want to use the objected yielded by pwndbg.dbg.selected_inferior() for this.
"},{"location":"contributing/dev-notes/#aglib","title":"aglib","text":"Along with the Debugger API, there is also aglib, found under pwndbg/aglib/, in which lives functionality that is both too broad for a single command, and that can be shared between multiple debuggers. Things like QEMU handling, ELF and dynamic section parsing, operating system functionality, disassembly with capstone, heap analysis, and more, all belong in aglib.
In order to facilitate the process of porting Pwndbg to the debugger-agnostic interfaces, and also because of its historical roots, aglib is intended to export the exact same functionality provided by gdblib, but on top of a debugger-agnostic foundation.
If it helps, one may think of aglib like a pwndbglib. It takes the debugging primitives provided by the Debugger API and builds the more complex and interesting bits of functionality found in Pwndbg on top of them.
"},{"location":"contributing/dev-notes/#mappings-from-gdb-and-lldb-to-the-debugger-api","title":"Mappings from GDB and LLDB to the Debugger API","text":"Here are some things one may want to do, along with how they can be achieved in the GDB, LLDB, and Pwndbg Debugger APIs.
GDBLLDBDebugger API Setting a breakpoint at an address:
gdb.Breakpoint(\"*<address>\")\n
Querying for the address of a symbol: int(gdb.lookup_symbol(<name>).value().address)\n
Setting a watchpoint at an address: gdb.Breakpoint(f\"(char[{<size>}])*{<address>}\", gdb.BP_WATCHPOINT)\n
Setting a breakpoint at an address:
lldb.target.BreakpointCreateByAddress(<address>)\n
Querying for the address of a symbol: lldb.target.FindSymbols(<name>).GetContextAtIndex(0).symbol.GetStartAddress().GetLoadAddress(lldb.target)\n
Setting a watchpoint at an address: lldb.target.WatchAddress(<address>, <size>, ...)\n
# Fetch a Process object on which we will operate.\ninf = pwndbg.dbg.selected_inferior()\n
Setting a breakpoint at an address: inf.break_at(BreakpointLocation(<address>))\n
Querying for the address of a symbol: inf.lookup_symbol(<name>)\n
Setting a watchpoint at an address: inf.break_at(WatchpointLocation(<address>, <size>))\n
"},{"location":"contributing/dev-notes/#exception-to-use-of-debugger-agnostic-interfaces","title":"Exception to use of Debugger-agnostic interfaces","text":"Some commands might not make any sense outside the context of a single debugger. For these commands, it is generally okay to talk to the debugger directly. However, they must be properly marked as debugger-specific and their loading must be properly gated off behind the correct debugger. They should ideally be placed in a separate location from the rest of the commands in pwndbg/commands/.
"},{"location":"contributing/dev-notes/#porting-public-tools","title":"Porting public tools","text":"If porting a public tool to Pwndbg, please make a point of crediting the original author. This can be added to CREDITS.md noting the original author/inspiration, and linking to the original tool/article. Also please be sure that the license of the original tool is suitable to porting into Pwndbg, such as MIT.
"},{"location":"contributing/dev-notes/#minimum-supported-versions","title":"Minimum Supported Versions","text":"Our goal is to fully support all Ubuntu LTS releases that have not reached end-of-life, with support for other platforms on a best-effort basis. Currently that means all code should work on Ubuntu 22.04, and 24.04 with GDB 12.1 and later. This means that the minimum supported Python version is 3.10, and we cannot use any newer Python features unless those features are backported to this minimum version.
Note that while all code should run without errors on these supported LTS versions, it's fine if older versions don't support all of the features of newer versions, as long as this is handled correctly and this information is shown to the user. For example, we may make use of some GDB APIs in newer versions that we aren't able to provide alternative implementations for in older versions, and so in these cases we should inform the user that the functionality can't be provided due to the version of GDB.
The lint.sh script described in the previous section runs vermin to ensure that our code does not use any features that aren't supported on Python 3.10.
"},{"location":"contributing/improving-annotations/","title":"Improving Annotations","text":"Alongside the disassembled instructions in the dashboard, Pwndbg also has the ability to display annotations - text that contains relevent information regarding the execution of the instruction. For example, on the x86 MOV instruction, we can display the concrete value that gets placed into the destination register. Likewise, we can indicate the results of mathematical operations and memory accesses. The annotation in question is always dependent on the exact instruction being annotated - we handle it in a case-by-case basis.
The main hurdle in providing annotations is determining what each instruction does, getting the relevent CPU registers and memory that are accessed, and then resolving concrete values of the operands. We call the process of determining this information \"enhancement\", as we enhance the information provided natively by GDB.
The Capstone Engine disassembly framework is used to statically determine information about instructions and their operands. Take the x86 instruction sub rax, rdx. Given the raw bytes of the machine instructions, Capstone creates an object that provides an API that, among many things, exposes the names of the operands and the fact that they are both 8-byte wide registers. It provides all the information necessary to describe each operand. It also tells the general 'group' that a instruction belongs to, like if its a JUMP-like instruction, a RET, or a CALL. These groups are architecture agnostic.
However, the Capstone Engine doesn't fill in concrete values that those registers take on. It has no way of knowing the value in rdx, nor can it actually read from memory.
To determine the actual values that the operands take on, and to determine the results of executing an instruction, we use the Unicorn Engine, a CPU emulator framework. The emulator has its own internal CPU register set and memory pages that mirror that of the host process, and it can execute instructions to mutate its internal state. Note that the Unicorn Engine cannot execute syscalls - it doesn't have knowledge of a kernel.
We have the ability to single-step the emulator - tell it to execute the instruction at the program counter inside the emulator. After doing so, we can inspect the state of the emulator - read from its registers and memory. The Unicorn Engine itself doesn't expose information regarding what each instruction is doing - what is the instruction (is it an add, mov, push?) and what registers/memory locations is it reading to and writing from? - which is why we use the Capstone engine to statically determine this information.
Using what we know about the instruction based on the Capstone engine - such as that it was a sub instruction and rax was written to - we query the emulator after stepping in to determine the results of the instruction.
We also read the program counter from the emulator to determine jumps and so we can display the instructions that will actually be executed, as opposed to displaying the instructions that follow consecutively in memory.
"},{"location":"contributing/improving-annotations/#enhancing","title":"Enhancing","text":"Everytime the inferior process stops (and when the disasm context section is displayed), we display the next handful of assembly instructions in the dashboard so the user can understand where the process is headed. The exact amount is determined by the context-disasm-lines setting.
We will be enhancing the instruction at the current program counter, as well as all the future instructions that are displayed. The end result of enhancement is that we get a list of PwndbgInstruction objects, each encapsulating relevent information regarding the instructions execution.
When the process stops, we instantiate the emulator from scratch. We copy all the registers from the host process into the emulator. For performance purposes, we register a handler to the Unicorn Engine to lazily map memory pages from the host to the emulator when they are accessed (a page fault from within the emulator), instead of immediately copying all the memory from the host to the emulator.
The enhancement is broken into a couple stops:
- First, we resolve the values of all the operands of the instruction before stepping the emulator. This means we read values from registers and dereference memory depending on the operand type. This gives us the values of operands before the instruction executes.
- Then, we step the emulator, executing a single instruction.
- We resolve the values of all operands again, giving us the
after_value of each operand. - Then, we enhance the \"condition\" field of PwndbgInstructions, where we determine if the instruction is conditional (conditional branch or conditional mov are common) and if the action is taken.
- We then determine the
next and target fields of PwndbgInstructions. next is the address that the program counter will take on after using the GDB command nexti, and target indicates the target address of branch/jump/PC-changing instructions. - With all this information determined, we now effectively have a big switch statement, matching on the instruction type, where we set the
annotation string value, which is the text that will be printed alongside the instruction in question.
We go through the enhancement process for the instruction at the program counter and then ensuing handful of instructions that are shown in the dashboard.
"},{"location":"contributing/improving-annotations/#when-to-use-emulation-reasoning-about-process-state","title":"When to use emulation / reasoning about process state","text":"When possible, we code aims to use emulation as little as possible. If there is information that can be determined statically or without the emulator, then we try to avoid emulation. This is so we can display annotations even when the Unicorn Engine is disabled. For example, say we come to a stop, and are faced with enhancing the following three instructions in the dashboard:
1. lea rax, [rip + 0xd55]\n2. > mov rsi, rax # The host process program counter is here\n3. mov rax, rsi\n
Instruction 1, the lea instruction, is already in the past - we pull our enhanced PwndbgInstruction for it from a cache.
Instruction 2, the first mov instruction, is where the host process program counter is at. If we did stepi in GDB, this instruction would be executed. In this case, there is two ways we can determine the value that gets written to rsi.
- After stepping the emulator, read from the emulators
rsi register. - Given the context of the instruction, we know the value in
rsi will come from rax. We can just read the rax register from the host. This avoids emulation.
The decision on which option to take is implemented in the annotation handler for the specific instruction. When possible, we have a preference for the second option, because it makes the annotations work even when emulation is off.
The reason we could do the second option, in this case, is because we could reason about the process state at the time this instruction would execute. This instruction is about to be executed (Program PC == instruction.address). We can safely read from rax from the host, knowing that the value we get is the true value it takes on when the instruction will execute. It must - there are no instructions in-between that could have mutated rax.
However, this will not be the case while enhancing instruction 3 while we are paused at instruction 2. This instruction is in the future, and without emulation, we cannot safely reason about the operands in question. It is reading from rsi, which might be mutated from the current value that rsi has in the stopped process (and in this case, we happen to know that it will be mutated). We must use emulation to determine the before_value of rsi in this case, and can't just read from the host processes register set. This principle applies in general - future instructions must be emulated to be fully annotated. When emulation is disable, the annotations are not as detailed since we can't fully reason about process state for future instructions.
"},{"location":"contributing/improving-annotations/#what-if-the-emulator-fails","title":"What if the emulator fails?","text":"It is possible for the emulator to fail to execute an instruction - either due to a restrictions in the engine itself, or the instruction inside segfaults and cannot continue. If the Unicorn Engine fails, there is no real way we can recover. When this happens, we simply stop emulating for the current step, and we try again the next time the process stops when we instantiate the emulator from scratch again.
"},{"location":"contributing/improving-annotations/#caching-annotations","title":"Caching annotations","text":"When we are stepping through the emulator, we want to remember the annotations of the past couple instructions. We don't want to nexti, and suddenly have the annotation of the previously executed instruction deleted. At the same time, we also never want stale annotations that might result from coming back to point in the program to which we have stepped before, such as the middle of a loop via a breakpoint.
New annotations are only created when the process stops, and we create annotations for next handful of instructions to be executed. If we continue in GDB and stop at a breakpoint, we don't want annotations to appear behind the PC that are from a previous time we were near the location in question. To avoid stale annotations while still remembering them when stepping, we have a simple caching method:
While we are doing our enhancement, we create a list containing the addresses of the future instructions that are displayed.
For example, say we have the following instructions with the first number being the memory address:
0x555555556259 <main+553> lea rax, [rsp + 0x90]\n 0x555555556261 <main+561> mov edi, 1 EDI => 1\n 0x555555556266 <main+566> mov rsi, rax\n 0x555555556269 <main+569> mov qword ptr [rsp + 0x78], rax\n 0x55555555626e <main+574> call qword ptr [rip + 0x6d6c] <fstat64>\n\n \u25ba 0x555555556274 <main+580> mov edx, 5 EDX => 5\n 0x555555556279 <main+585> lea rsi, [rip + 0x3f30] RSI => 0x55555555a1b0 \u25c2\u2014 'standard output'\n 0x555555556280 <main+592> test eax, eax\n 0x555555556282 <main+594> js main+3784 <main+3784>\n\n 0x555555556288 <main+600> mov rsi, qword ptr [rsp + 0xc8]\n 0x555555556290 <main+608> mov edi, dword ptr [rsp + 0xa8]\n
In this case, our next_addresses_cache would be [0x555555556279, 0x555555556280, 0x555555556282, 0x555555556288, 0x555555556290].
Then, the next time our program comes to a stop (after using si, n, or any GDB command that continues the process), we immediately check if the current program counter is in this list. If it is, then we can infer that the annotations are still valid, as the program has only executed a couple instructions. In all other cases, we delete our cache of annotated instructions.
We might think \"why not just check if it's the next address - 0x555555556279 in this case? Why a list of the next couple addresses?\". This is because when source code is available, step and next often skip a couple instructions. It would be jarring to remove the annotations in this case. Likewise, this method has the added benefit that if we stop somewhere, and there happens to be a breakpoint only a couple instructions in front of us that we continue to, then previous couple annotations won't be wiped.
"},{"location":"contributing/improving-annotations/#other-random-annotation-details","title":"Other random annotation details","text":" - We don't emulate through CALL instructions. This is because the function might be very long.
- We resolve symbols during the enhancement stage for operand values.
- The folder
pwndbg/aglib/disasm contains the code for enhancement. It follows an object-oriented model, with arch.py implementing the parent class with shared functionality, and the per-architecture implementations are implemented as subclasses in their own files. pwndbg/aglib/nearpc.py is responsible for getting the list of enhanced PwndbgInstruction objects and converting them to the output seen in the 'disasm' view of the dashboard.
"},{"location":"contributing/improving-annotations/#adding-or-fixing-annotations","title":"Adding or fixing annotations","text":"We annotate on an instruction-by-instruction basis. Effectively, imagine a giant switch statement that selects the correct handler to create an annotation based on the specific instruction. Many instruction types can be grouped and annotated using the same logic, such as load, store, and arithmetic instructions.
See pwndbg/aglib/disasm/aarch64.py as an example. We define sets that group instructions using the unique Capstone ID for each instruction, and inside the constructor of DisassemblyAssistant we have a mapping of instructions to a specific handler. The _set_annotation_string function will match the instruction to the correct handler, which set the instruction.annotation field.
If there is a bug in an annotation, the first order of business is finding its annotation handler. To track down where we are handling the instruction, you can search for its Capstone constant. For example, the RISC-V store byte instruction, sb, is represented as the Capstone constant RISCV_INS_SB. Or, if you are looking for the handler for the AArch64 instruction SUB, you can search the disasm code for _INS_SUB to find where we reference the appropriate Capstone constant for the instruction and following the code to the function that ultimately sets the annotation.
If an annotation is causing a crash, is it most likely due to a handler making an incorrect assumption on the number of operands, leading to a list index out of range error. One possible source of this is that a given instruction has multiple different disassembly representations. Take the RISC-V JALR instruction. It can be represented in 3 ways:
jalr rs1 # return register is implied as ra, and imm is implied as 0\njalr rs1, imm # return register is implied as ra\njalr rd, rs1, imm\n
Capstone will expose the most \"simplified\" one possible, and the underlying list of register operands will change. If the handler doesn't take these different options into account, and rather assumes that jalr always has 3 operands, then an index error can occur if the handler accesses instruction.operands[2].
"},{"location":"contributing/improving-annotations/#bug-root-cause","title":"Bug root cause","text":"When encountering an instruction that is behaving strangely (incorrect annotation, or there is a jump target when one shouldn't exist, or the target is incorrect), there are a couple routine things to check.
1. Use the dev-dump-instruction command to print all the enhancement information. With no arguments, it will dump the info from the instruction at the current address. If given an address, it will pull from the instruction cache at the corresponding location.
If the issue is not related to branches, check the operands and the resolved values for registers and memory accesses. Verify that the values are correct - are the resolved memory locations correct? Step past the instruction and use instructions like telescope and regs to read memory and verify if the claim that the annotation is making is correct. For things like memory operands, you can try to look around the resolved memory location in memory to see the actual value that the instruction dereferenced, and see if the resolved memory location is simply off by a couple bytes.
Example output of dumping a mov instruction:
mov qword ptr [rsp], rsi at 0x55555555706c (size=4) (arch: x86)\n ID: 460, mov\n Raw asm: mov qword ptr [rsp], rsi\n New asm: mov qword ptr [rsp], rsi\n Next: 0x555555557070\n Target: 0x555555557070, Target string=, const=None\n Condition: UNDETERMINED\n Groups: []\n Annotation: [0x7fffffffe000] => 0x7fffffffe248 \u2014\u25b8 0x7fffffffe618 \u25c2\u2014 '/usr/bin/ls'\n Operands: [['[0x7fffffffe000]': Symbol: None, Before: 0x7fffffffe000, After: 0x7fffffffe000, type=CS_OP_MEM, size=8, access=CS_AC_WRITE]] ['RSI': Symbol: None, Before: 0x7fffffffe248, After: 0x7fffffffe248, type=CS_OP_REG, size=8, access=CS_AC_READ]]]\n Conditional jump: False. Taken: False\n Unconditional jump: False\n Declare unconditional: None\n Can change PC: False\n Syscall: N/A\n Causes Delay slot: False\n Split: NO_SPLIT\n Call-like: False\n
2. Use the Capstone disassembler to verify the number of operands the instruction groups.
Taken the raw instruction bytes and pass them to cstool to see the information that we are working with:
cstool -d mips 0x0400000c\n
The number of operands may not match the visual appearance. You might also check the instruction groups, and verify that an instruction that we might consider a call has the Capstone call group. Capstone is not 100% correct in every single case in all architectures, so it's good to verify. Report a bug to Capstone if there appears to be an error, and in the meanwhile we can create a fix in Pwndbg to work around the current behavior.
3. Check the state of the emulator.
Go to pwndbg/emu/emulator.py and uncomment the DEBUG = -1 line. This will enable verbose debug printing. The emulator will print it's current pc at every step, and indicate important events, like memory mappings. Likewise, in pwndbg/aglib/disasm/arch.py you can set DEBUG_ENHANCEMENT = True to print register accesses to verify they are sane values.
Potential bugs:
- A register is 0 (may also be the source of a Unicorn segfault if used as a memory operand) - often means we are not copying the host processes register into the emulator. By default, we map register by name - if in Pwndbg, it's called
rax, then we find the UC constant named U.x86_const.UC_X86_REG_RAX. Sometimes, this default mapping doesn't work, sometimes do to differences in underscores (FSBASE vs FS_BASE). In these cases, we have to manually add the mapping. - Unexpected crash - the instruction at hand might require a 'coprocessor', or some information that is unavailable to Unicorn (it's QEMU under the hood).
- Instructions are just no executing - we've seen this in the case of Arm Thumb instructions. There might be some specific API/way to invoke the emulator that is required for a certain processor state.
"},{"location":"contributing/improving-annotations/#creating-small-cross-architecture-programs","title":"Creating small cross-architecture programs","text":"If you are encountering a strange behavior with a certain instruction or scenario in a non-native-architecture program, you can use some great functions from pwntools to handle the compilation and debugging. This is a great way to create a small reproducible example to isolate an issue.
The following Python program, when run from inside a tmux session, will take some AArch64 assembly, compile it, and run it with GDB attached in a new tmux pane. It will search your system for the appropriate cross compiler for the architecture at hand, and run the compiled binary with QEMU.
from pwn import *\n\ncontext.arch = \"aarch64\"\n\nAARCH64_GRACEFUL_EXIT = \"\"\"\nmov x0, 0\nmov x8, 93\nsvc 0\n\"\"\"\n\nout = make_elf_from_assembly(STORE)\n# Debug info\nprint(out)\ngdb.debug(out)\n\npause()\n
"},{"location":"contributing/making-a-gif/","title":"Making a Pwndbg gif","text":""},{"location":"contributing/making-a-gif/#the-rundown","title":"The rundown","text":"If you wish to make a gif of your terminal while using Pwndbg (usually to add an example of some command/workflow to the website) you should use charmbracelet/vhs. This ensures a consistent look to the gifs throughout the documentation, makes them easily updateable when UI changes are made, and just makes them more easily reproducable and modifiable in general.
Note
Here \"gif\" really means \"a video that loops\", in practice it is better to use .webm with .mp4 as a fallback because they are better optimized file formats.
The workflow to creating a gif is simple. Start a recording:
vhs record > my_thingy.tape\n
Whatever you now do in the terminal will be \"recorded\" to the my_thingy.tape file. Exit the shell to save the recording. The tape probably isn't ready to use as-is. You will want to add some metadata and fixup some lines. Example This is the tape used to generate the gif at https://pwndbg.re/pwndbg/dev/commands/context/context/ :
# https://github.com/charmbracelet/vhs\n\nOutput pwndbg.mp4\nOutput pwndbg.webm\n\nSet FontSize 24\nSet Width 1920\nSet Height 1080\nSet TypingSpeed 100ms\n\nSleep 1s\nType \"pwndbg /bin/sh\"\nEnter\nSleep 2s\nType \"start\"\nEnter\nSleep 3s\nType \"stepsyscall\"\nSleep 3s\nEnter 1\nSleep 3s\nType \"up\"\nSleep 1s\nEnter 1\nSleep 1s\nType \"up\"\nSleep 1s\nEnter 1\nSleep 1s\nType \"up\"\nSleep 1s\nEnter 1\nSleep 1s\nType \"context\"\nSleep 4s\nEnter 1\nSleep 7s\nType \"down\"\nSleep 1s\nEnter 1\nSleep 1s\nType \"ctx\"\nSleep 4s\nEnter 1\nSleep 7s\n
You may now run
vhs my_thingy.tape\n
and it will generate a gif with the filename you specified in the tape (the Output line in the example). Make sure to commit the .tape file along with the gif.
"},{"location":"contributing/making-a-gif/#recording-in-docker","title":"Recording in Docker","text":"If the setup for the gif is not highly involved, you may want to use a Dockerfile to generate the gif to ensure reproducability (or if wish to make sure your environment variables aren't visible during the debugging session). Here is a sample Dockerfile you can modify to your liking:
# https://github.com/charmbracelet/vhs\nFROM ghcr.io/charmbracelet/vhs\n\n# Install Pwndbg\nRUN apt update && apt install -y git \\\n && git clone https://github.com/pwndbg/pwndbg.git /pwndbg \\\n && cd /pwndbg \\\n && ./setup.sh\n\n# Create a pwndbg executable in PATH so we can run with\n# `pwndbg /bin/sh`.\nRUN echo '#!/bin/sh\\ngdb --quiet \"$@\"' > /usr/local/bin/pwndbg \\\n && chmod +x /usr/local/bin/pwndbg\n\n# Make sure uv.lock.hash is created so we don't get\n# a message about updating during the gif.\nRUN gdb /bin/sh --batch\n\n# The ENTRYPOINT and CMD are defined in the vhs docker image.\n
you can use a script like this to run it easily. #!/bin/sh\n\nset -e\n\nIMAGE_NAME=\"vhs-pwndbg\"\n\nrm -f .gdb_history\ndocker build -t \"$IMAGE_NAME\" .\ndocker run --rm -v \"$(pwd)\":/vhs \"$IMAGE_NAME\" my_thingy.tape\n
"},{"location":"contributing/setup-pwndbg-dev/","title":"Setup Pwndbg for Development","text":""},{"location":"contributing/setup-pwndbg-dev/#installing-pwndbg-from-source","title":"Installing Pwndbg from source","text":"Run the following:
git clone https://github.com/pwndbg/pwndbg\ncd pwndbg\n./setup.sh\n
Officially supported is Ubuntu 22.04 and later, but the setup script also supports the following distributions: - Debian-based OSes (via apt-get)
- Fedora and Red Hat (via dnf)
- Clear (via swiped)
- OpenSUSE LEAP (via zypper)
- Arch and Manjaro (via community AUR packages)
- Void (via xbps)
- Gentoo (via emerge)
Tip
If you have an older ubuntu version you may still use Pwndbg:
- for Ubuntu 20.04 use the 2024.08.29 release
- for Ubuntu 18.04 use the 2023.07.17: ubuntu18.04-final release
however if you wish to contribute, it is recommended you upgrade your distribution.
"},{"location":"contributing/setup-pwndbg-dev/#running-with-gdb","title":"Running with GDB","text":"Pwndbg requires GDB 12.1 or later. If the GDB version your distro provides is too old, build GDB from source:
sudo apt install libgmp-dev libmpfr-dev libreadline-dev texinfo # required by build\ngit clone git://sourceware.org/git/binutils-gdb.git\nmkdir gdb-build\ncd gdb-build\n../binutils-gdb/configure --enable-option-checking --disable-nls --disable-werror --with-system-readline --with-python=$(which python3) --with-system-gdbinit=/etc/gdb/gdbinit --enable-targets=all --disable-binutils --disable-ld --disable-gold --disable-gas --disable-sim --disable-gprof\nmake -j $(nproc)\n
Since the ./setup.sh script made it so you source Pwndbg from your ~/.gdbinit, Pwndbg will start up automatically any time you run gdb."},{"location":"contributing/setup-pwndbg-dev/#running-with-lldb","title":"Running with LLDB","text":"Pwndbg requires LLDB 19 or later. You can get it like this on Ubuntu 24.04:
sudo apt install -y lldb-19 liblldb-19-dev\n
but it will be added to your PATH as lldb-19 so you should either alias it or export it in your shell: export PATH=/usr/lib/llvm-19/bin/:$PATH\n
so you can invoke it as lldb. Also export this environment variable: export LLDB_DEBUGSERVER_PATH=/usr/lib/llvm-19/bin/lldb-server\n
Pwndbg doesn't use the lldb driver binary directly, it drives its own REPL and interacts with LLDB through liblldb. You can run Pwndbg with LLDB by running: uv run python pwndbg-lldb.py [binary-to-debug]\n
"},{"location":"contributing/setup-pwndbg-dev/#the-development-environment","title":"The development environment","text":"After installing Pwndbg like described above, there are a few ways to set up the development environment. The simplest one is by running:
./setup-dev.sh\n
but you can also use the docker container or develop using nix. Note
For a proper development environment you must be able to run Pwndbg with both GDB and LLDB, otherwise you won't be able to use some important development features (like doc generation).
"},{"location":"contributing/setup-pwndbg-dev/#development-from-docker","title":"Development from docker","text":"You can create a Docker image with everything already installed for you. You can use docker compose
docker compose run -i main\n
or build and run the container with docker build -t pwndbg .\ndocker run -it --cap-add=SYS_PTRACE --security-opt seccomp=unconfined -v `pwd`:/pwndbg pwndbg bash\n
"},{"location":"contributing/setup-pwndbg-dev/#development-using-nix","title":"Development using Nix","text":"Pwndbg supports development with Nix which installs all the required development dependencies:
- Install Nix with Determinate Nix Installer.
- Enter the development shell with
nix develop or automate this with direnv. - Run local changes with
pwndbg or pwndbg-lldb. Run tests with ./tests.sh.
"},{"location":"contributing/writing-tests/","title":"Writing Tests","text":""},{"location":"contributing/writing-tests/#overview","title":"Overview","text":"Note
This is written under the assumption you already know how to run the tests.
In Pwndbg we have four types of tests: extensive x86_64 GDB tests, cross-architecture tests, linux kernel tests and unit-tests. They are all located in subdirectories of ./tests.
The x86_64 tests encompass most of the Pwndbg testing suite. If your tests do not belong in any of the other categories, they should go here. Since we do not yet perform testing on LLDB, these are run from inside GDB and are located in the ./tests/gdb-tests directory. They can be run with ./tests.sh -t gdb (this is the default option).
The cross-architecture tests are run using qemu-user emulation. They test architecture-specific logic and are located in the ./tests/qemu-tests/tests/user directory. They can be run with ./tests.sh -t cross-arch (this is what ./qemu-tests.sh does).
The linux kernel tests are run using qemu-system emulation. They are located in the ./tests/qemu-tests/tests/system directory and run for a variety kernel configurations and architectures.
The unit tests are not run from within a debugger, but rather directly with pytest. They are located in the ./tests/unit-tests/ directory.
Here are the options supported by ./tests.sh which you can get by running ./tests.sh -h.
usage: tests.py [-h] [-t {gdb,cross-arch}] [-p] [-c] [-v] [-s] [--nix] [--collect-only] [test_name_filter]\n\nRun tests.\n\npositional arguments:\n test_name_filter run only tests that match the regex\n\noptions:\n -h, --help show this help message and exit\n -t, --type {gdb,cross-arch}\n -p, --pdb enable pdb (Python debugger) post mortem debugger on failed tests\n -c, --cov enable codecov\n -v, --verbose display all test output instead of just failing test output\n -s, --serial run tests one at a time instead of in parallel\n --nix run tests using built for nix environment\n --collect-only only show the output of test collection, don't run any tests\n
"},{"location":"contributing/writing-tests/#writing-tests_1","title":"Writing tests","text":"Each test is a Python function that runs inside of an isolated GDB session. Using a pytest fixture at the beginning of each test, GDB will attach to a binary or connect to a QEMU instance. Each test runs some commands and uses Python assert statements to verify correctness. We can access Pwndbg library code like pwndbg.aglib.regs.rsp as well as execute GDB commands with gdb.execute().
We can take a look at tests/gdb-tests/tests/test_symbol.py for an example of a simple test. Looking at a simplified version of the top-level code, we have this:
import gdb\nimport pwndbg\nimport tests\n\nBINARY = tests.binaries.get(\"symbol_1600_and_752.out\")\n
Since these tests run inside GDB, we can import the gdb Python library. We also import the tests module, which makes it easy to get the path to the test binaries located in tests/gdb-tests/tests/binaries. You should be able to reuse the binaries in this folder for most tests, but if not feel free to add a new one.
Here's a small snippet of the actual test:
def test_hexdump(start_binary):\n start_binary(BINARY)\n pwndbg.config.hexdump_group_width.value = -1\n\n gdb.execute(\"set hexdump-byte-separator\")\n stack_addr = pwndbg.aglib.regs.rsp - 0x100\n
pytest will run any function that starts with test_ as a new test, so there is no need to register your new test anywhere. The start_binary argument is a function that will run the binary you give it, and it will set some common options before starting the binary. Using start_binary is recommended if you don't need any additional customization to GDB settings before starting the binary, but if you do it's fine to not use it.
"},{"location":"contributing/writing-tests/#qemu-tests","title":"QEMU Tests","text":"Our gdb-tests run in x86. To debug other architectures, we use QEMU for emulation and attach to its debug port. These tests are located in tests/qemu-tests/tests/user. Test creation is identical to our x86 tests - create a Python function with a Pytest fixture name as the parameter (it matches based on the name), and call the argument to start debugging a binary. The qemu_assembly_run fixture takes in a Python string of assembly code, compiles it in the appropriate architecture, and runs it - no need to create an external file or edit a Makefile.
"},{"location":"functions/","title":"Index","text":""},{"location":"functions/#functions","title":"Functions","text":"Pwndbg provides a set of functions which can be used during expression evaluation to quickly perform common calculations. These can even be passed to other commands as arguments. Currently, they only work in gdb.
To see a list of all functions, including those built into GDB, use help function. To see the help of any given function use help function function_name. Function invocation must include a preceding $ sign and must include brackets. For instance, invoke the environ function like so:
pwndbg> p $environ(\"LANG\")\n$2 = (signed char *) 0x7fffffffe6da \"LANG=en_US.UTF-8\"\n
If the result of the function is being passed to a Pwndbg command, make sure to either escape the function argument's quotes, or put the whole function call in quotes. pwndbg> tele $environ(\"LANG\")\nusage: telescope [-h] [-r] [-f] [-i] [address] [count]\ntelescope: error: argument address: debugger couldn't resolve argument '$environ(LANG)':\n No symbol \"LANG\" in current context.\npwndbg> tele $environ(\\\"LANG\\\")\n00:0000\u2502 0x7fffffffe6cf \u25c2\u2014 'LANG=en_US.UTF-8'\n01:0008\u2502 0x7fffffffe6d7 \u25c2\u2014 'US.UTF-8'\n02:0010\u2502 0x7fffffffe6df \u25c2\u2014 0x4e49475542454400\n[...]\npwndbg> tele '$environ(\"LANG\")'\n00:0000\u2502 0x7fffffffe6cf \u25c2\u2014 'LANG=en_US.UTF-8'\n01:0008\u2502 0x7fffffffe6d7 \u25c2\u2014 'US.UTF-8'\n02:0010\u2502 0x7fffffffe6df \u25c2\u2014 0x4e49475542454400\n[...]\n
"},{"location":"functions/#pwndbg-functions","title":"Pwndbg functions","text":""},{"location":"functions/#argc","title":"argc","text":"argc() -> int\n
Get the number of program arguments. Evaluates to argc.
"},{"location":"functions/#example","title":"Example","text":"pwndbg> p $argc()\n$1 = 2\npwndbg> argv\n00:0000\u2502 0x7fffffffe288 \u2014\u25b8 0x7fffffffe659 \u25c2\u2014 '/usr/bin/cat'\n01:0008\u2502 0x7fffffffe290 \u2014\u25b8 0x7fffffffe666 \u25c2\u2014 'gdbinit.py'\n02:0010\u2502 0x7fffffffe298 \u25c2\u2014 0\n
"},{"location":"functions/#argv","title":"argv","text":"argv(index: gdb.Value) -> gdb.Value\n
Get the n-th program argument. Evaluate argv on the supplied value.
"},{"location":"functions/#example_1","title":"Example","text":"pwndbg> p $argv(0)\n$11 = (signed char *) 0x7fffffffe666 \"/usr/bin/sh\"\npwndbg> argv\n00:0000\u2502 0x7fffffffe2a8 \u2014\u25b8 0x7fffffffe666 \u25c2\u2014 '/usr/bin/sh'\n01:0008\u2502 0x7fffffffe2b0 \u25c2\u2014 0\n
"},{"location":"functions/#base","title":"base","text":"base(name_pattern: gdb.Value | str) -> int\n
Return the base address of the first memory mapping containing the given name.
"},{"location":"functions/#example_2","title":"Example","text":"pwndbg> p/x $base(\"libc\")\n$4 = 0x7ffff7d4b000\npwndbg> vmmap libc\n 0x7ffff7d4a000 0x7ffff7d4b000 rw-p 1000 6e000 /usr/lib/libncursesw.so.6.5\n\u25ba 0x7ffff7d4b000 0x7ffff7d6f000 r--p 24000 0 /usr/lib/libc.so.6\n\u25ba 0x7ffff7d6f000 0x7ffff7ed6000 r-xp 167000 24000 /usr/lib/libc.so.6\n\u25ba 0x7ffff7ed6000 0x7ffff7f2b000 r--p 55000 18b000 /usr/lib/libc.so.6\n\u25ba 0x7ffff7f2b000 0x7ffff7f2f000 r--p 4000 1e0000 /usr/lib/libc.so.6\n\u25ba 0x7ffff7f2f000 0x7ffff7f31000 rw-p 2000 1e4000 /usr/lib/libc.so.6\n 0x7ffff7f31000 0x7ffff7f39000 rw-p 8000 0 [anon_7ffff7f31]\npwndbg> tele $base(\\\"libc\\\")+0x1337\n00:0000\u2502 0x7ffff7d4c337 \u25c2\u2014 0x80480a04214000f0\n01:0008\u2502 0x7ffff7d4c33f \u25c2\u2014 0x8040c02204452040\n02:0010\u2502 0x7ffff7d4c347 \u25c2\u2014 0x20042400000200\n03:0018\u2502 0x7ffff7d4c34f \u25c2\u2014 0x20 /* ' ' */\n[...]\n
Beware of accidentally matching the wrong mapping. For instance, if the loaded executable contained the string \"libc\" anywhere in it's path, it would've been returned.
"},{"location":"functions/#bn_eval","title":"bn_eval","text":"bn_eval(expr: gdb.Value) -> int | None\n
Parse and evaluate a Binary Ninja expression.
Read more about binary ninja expressions here: https://api.binary.ninja/binaryninja.binaryview-module.html#binaryninja.binaryview.BinaryView.parse_expression
All registers in the current register set are available as magic variables (e.g. $rip). The $piebase magic variable is also included, with the computed executable base.
This function cannot see stack local variables.
"},{"location":"functions/#example_3","title":"Example","text":"pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:31337\nSet which provider to use for integration features to 'binja'.\npwndbg> p/x $bn_eval(\"10+20\")\n$6 = 0x30\npwndbg> p/x $bn_eval(\"main\")\n$7 = 0x1645\npwndbg> p/x $rebase($bn_eval(\"main\"))\n$8 = 0x555555555645\npwndbg> p some_global_var\nNo symbol \"some_global_var\" in current context.\npwndbg> p/x $rebase($bn_eval(\"some_global_var+$rax\"))\n$9 = 0x5555555586b8\npwndbg> p $rebase($bn_eval(\"some_global_var+$rax\")) == $bn_sym(\"some_global_var\") + $rax\n$10 = 1\npwndbg> p $bn_eval(\"$piebase+some_global_var+$rax\") == $bn_sym(\"some_global_var\") + $rax\n$11 = 1\n
"},{"location":"functions/#bn_sym","title":"bn_sym","text":"bn_sym(name_val: gdb.Value) -> int | None\n
Lookup a symbol's address by name from Binary Ninja.
This function sees symbols like functions and global variables, but not stack local variables, use bn_var for that.
"},{"location":"functions/#example_4","title":"Example","text":"pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:31337\nSet which provider to use for integration features to 'binja'.\npwndbg> p main\nNo symbol \"main\" in current context.\npwndbg> p/x $bn_sym(\"main\")\n$2 = 0x555555555645\npwndbg> b *($bn_sym(\"main\"))\nBreakpoint 1 at 0x555555555645\n
"},{"location":"functions/#bn_var","title":"bn_var","text":"bn_var(name_val: gdb.Value) -> int | None\n
Lookup a stack variable's address by name from Binary Ninja.
This function doesn't see functions or global variables, use bn_sym for that.
"},{"location":"functions/#example_5","title":"Example","text":"pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:31337\nSet which provider to use for integration features to 'binja'.\npwndbg> p user_choice\nNo symbol \"user_choice\" in current context.\npwndbg> p/x $bn_var(\"user_choice\")\n$4 = 0x7fffffffe118\npwndbg> vmmap $4\n 0x7ffff7ffe000 0x7ffff7fff000 rw-p 1000 0 [anon_7ffff7ffe]\n\u25ba 0x7ffffffde000 0x7ffffffff000 rw-p 21000 0 [stack] +0x20118\npwndbg> p/x $bn_var(\"main\")\nTypeError: Could not convert Python object: None.\nError while executing Python code.\n
"},{"location":"functions/#environ","title":"environ","text":"environ(env_name: gdb.Value) -> gdb.Value\n
Get an environment variable by name. Evaluate getenv() on the supplied value.
"},{"location":"functions/#example_6","title":"Example","text":"pwndbg> p $environ(\"LANG\")\n$2 = (signed char *) 0x7fffffffebfb \"LANG=en_US.UTF-8\"\n
"},{"location":"functions/#envp","title":"envp","text":"envp(index: gdb.Value) -> gdb.Value\n
Get the n-th environment variable. Evaluate envp on the supplied value.
"},{"location":"functions/#example_7","title":"Example","text":"pwndbg> p $envp(0x3F)\n$13 = (signed char *) 0x7fffffffef7d \"LANG=en_US.UTF-8\"\npwndbg> p $envp(0x3F) == $environ(\"LANG\")\n$14 = 1\n
"},{"location":"functions/#fsbase","title":"fsbase","text":"fsbase(offset: gdb.Value = gdb.Value(0)) -> int\n
Get the value of the FS segment register. Only valid on x86(-64).
"},{"location":"functions/#example_8","title":"Example","text":"pwndbg> p/x $fsbase()\n$3 = 0x7ffff7cdab80\npwndbg> p $fs_base == $fsbase()\n$4 = 1\npwndbg> x/gx $fsbase(0x28)\n0x7ffff7cdaba8: 0x4da926e1668e5a00\npwndbg> x/gx $fsbase(0x30)\n0x7ffff7cdabb0: 0x190a86d93bccf0ad\npwndbg> tls\nThread Local Storage (TLS) base: 0x7ffff7cdab80\nTLS is located at:\n 0x7ffff7cda000 0x7ffff7cdc000 rw-p 2000 0 [anon_7ffff7cda]\nDumping the address:\ntcbhead_t @ 0x7ffff7cdab80\n 0x00007ffff7cdab80 +0x0000 tcb : 0x7ffff7cdab80\n 0x00007ffff7cdab88 +0x0008 dtv : 0x7ffff7cdb4f0\n 0x00007ffff7cdab90 +0x0010 self : 0x7ffff7cdab80\n 0x00007ffff7cdab98 +0x0018 multiple_threads : 0x0\n 0x00007ffff7cdab9c +0x001c gscope_flag : 0x0\n 0x00007ffff7cdaba0 +0x0020 sysinfo : 0x0\n 0x00007ffff7cdaba8 +0x0028 stack_guard : 0x4da926e1668e5a00\n 0x00007ffff7cdabb0 +0x0030 pointer_guard : 0x190a86d93bccf0ad\n [...]\npwndbg> canary\n[...]\nCanary = 0x4da926e1668e5a00 (may be incorrect on != glibc)\n[...]\n
FS will usually point to the start of the TLS. If you're not providing an offset, it is usually easier to use GDB's builtin $fs_base variable."},{"location":"functions/#gsbase","title":"gsbase","text":"gsbase(offset: gdb.Value = gdb.Value(0)) -> int\n
Get the value of the GS segment register. Only valid on x86(-64).
"},{"location":"functions/#example_9","title":"Example","text":"pwndbg> p/x $gsbase()\n$1 = 0x0\n
The value of the GS register is more interesting when doing kernel debugging: pwndbg> p/x $gsbase()\n$1 = 0xffff999287a00000\npwndbg> tele $gsbase()\n00:0000\u2502 0xffff999287a00000 \u25c2\u2014 0\n... \u2193 4 skipped\n05:0028\u2502 0xffff999287a00028 \u25c2\u2014 0xd6aa9b336d52a400\n06:0030\u2502 0xffff999287a00030 \u25c2\u2014 0\n07:0038\u2502 0xffff999287a00038 \u25c2\u2014 0\npwndbg> p $gsbase() == $gs_base\n$2 = 1\n
If you're not providing an offset, it is usually easier to use GDB's builtin $gs_base variable."},{"location":"functions/#hex2ptr","title":"hex2ptr","text":"hex2ptr(hex_string: gdb.Value | str) -> int\n
Converts a hex string to a little-endian address and returns the address.
"},{"location":"functions/#example_10","title":"Example","text":"pwndbg> p/x $hex2ptr(\"20 74 ed f7 ff 7f\")\n$1 = 0x7ffff7ed7420\npwndbg> p/x $hex2ptr(\"2074edf7ff7f\")\n$2 = 0x7ffff7ed7420\npwndbg> distance '$base(\"libc\")' '$hex2ptr(\"20 74 ed f7 ff 7f\")'\n0x7ffff7d4b000->0x7ffff7ed7420 is 0x18c420 bytes (0x31884 words)\n
Especially useful for quickly converting pwntools output.
"},{"location":"functions/#ida","title":"ida","text":"ida(name: gdb.Value) -> int\n
Lookup a symbol's address by name from IDA. Evaluate ida.LocByName() on the supplied value.
This functions doesn't see stack local variables.
"},{"location":"functions/#example_11","title":"Example","text":"pwndbg> set integration-provider ida\nPwndbg successfully connected to Ida Pro xmlrpc: http://127.0.0.1:31337\nSet which provider to use for integration features to 'ida'.\npwndbg> p main\nNo symbol \"main\" in current context.\npwndbg> p/x $ida(\"main\")\n$1 = 0x555555555645\npwndbg> b *$ida(\"main\")\nBreakpoint 2 at 0x555555555645\n
"},{"location":"functions/#rebase","title":"rebase","text":"rebase(addr: gdb.Value | int) -> int\n
Return address rebased onto the executable's mappings.
"},{"location":"functions/#example_12","title":"Example","text":"pwndbg> p/x $rebase(0xd9020)\n$1 = 0x55555562d020\npwndbg> vmmap\n0x555555554000 0x55555556f000 r--p 1b000 0 /usr/bin/bash\n0x55555556f000 0x55555562d000 r-xp be000 1b000 /usr/bin/bash\n0x55555562d000 0x55555565e000 r--p 31000 d9000 /usr/bin/bash\n[...]\npwndbg> p $rebase(0xd9020) == 0x555555554000 + 0xd9020\n$2 = 1\npwndbg> tele $rebase(0xd9020)\n00:0000\u2502 0x55555562d020 \u25c2\u2014 0x204900636f6c6c61 /* 'alloc' */\n01:0008\u2502 0x55555562d028 \u25c2\u2014 'have no name!'\n02:0010\u2502 0x55555562d030 \u25c2\u2014 0x65720021656d616e /* 'name!' */\n03:0018\u2502 0x55555562d038 \u25c2\u2014 'adline stdin'\n[...]\n
"},{"location":"tutorials/env-vars/","title":"Env vars","text":""},{"location":"tutorials/env-vars/#environment-variables","title":"Environment Variables","text":"Pwndbg relies on several environment variables to customize its behavior. Below is a list of these variables and their purposes:
PATH: Standard system PATH variable used to locate executables.EDITOR, VISUAL: Used by the cymbol command to open an editor.HOME, XDG_CACHE_HOME: Used by lib.tempfile to determine temporary file locations.PWNDBG_VENV_PATH: Specifies the virtual environment path for Pwndbg. - Set to
PWNDBG_PLEASE_SKIP_VENV if you don't want Pwndbg to use a python virtual environment. You can also get this behaviour by creating a file named .skip-venv in the project root. This effectively disables the use of uv in the project.
PWNDBG_DISABLE_COLORS: Disables colored output in Pwndbg.PWNDBG_LOGLEVEL: Initial log level to use for log messages.OPENAI_API_KEY, ANTHROPIC_API_KEY: Used by the ai command for accessing respective AI APIs.GITHUB_ACTIONS, RUN_FLAKY: Used by tests_commands.py to determine the test environment.PWNDBG_PROFILE: Enables profiling for benchmarking.USE_PDB: Enables Python debugger in tests.PWNDBG_LAUNCH_TEST: Used by tests to configure test launching.PWNDBG_ARCH, PWNDBG_KERNEL_TYPE, PWNDBG_KERNEL_VERSION: Used by gdblib kernel tests to specify kernel parameters.SPHINX: Used by docs/source/conf.py, likely to be removed.PWNLIB_NOTERM=1: Set by Pwndbg to avoid terminal issues with Pwntools.
"},{"location":"tutorials/gdb-lldb-commands/","title":"GDB vs LLDB","text":"For users who are migrating from one debugger to another, here is a table comparison of some of the most common actions and how to do them in GDB and LLDB. Note that both debuggers offer shorthands for typing these commands.
Functionality GDB Command LLDB Command Start Debugging Program gdb ./your-program lldb ./your-program Set a Breakpoint break <function-name> breakpoint set --name <function-name> Set Breakpoint on Address break *<address> breakpoint set --address <address> Set Breakpoint at Line break <filename>:<line-number> breakpoint set --file <filename> --line <line-number> Set Hardware Breakpoint hbreak <function-name> breakpoint set --hardware --name <function-name> Set Hardware Breakpoint at Memory hbreak *<memory-address> breakpoint set --hardware --address <memory-address> List All Breakpoints info breakpoints breakpoint list Delete Breakpoints delete <breakpoint-number> breakpoint delete <breakpoint-number> Set Watchpoint watch <variable> watchpoint set variable <variable> Set Conditional Breakpoint break <function-name> if <condition> breakpoint set --condition \"<condition>\" Continue Execution continue process continue Next Instruction next thread step-over Step into a Function step thread step-in Step out of a Function finish thread step-out Print Threads info threads thread list Select Thread thread <thread-id> thread select <thread-id> Print Register Values info registers register read -a Print a Variable print <variable> print <variable> Display Variable on Every Stop display <variable> expression --watch <variable> Examine Memory (Hex) x/<num>x <memory-address> memory read --format x --count <num> <memory-address> Examine Memory (Integer) x/<num>d <memory-address> memory read --format d --count <num> <memory-address> Inspect Stack Trace backtrace thread backtrace Change Register Value set $<register-name> = <value> register write <register-name> <value> Check Program Status info locals frame variable Check Program Info info functions image lookup --functions Show Disassembly of Function disas <function-name> disassemble <function-name> Memory Dump (Hex) x/<num>xh <memory-address> memory read --format x --count <num> <memory-address> Memory Dump (Bytes) x/<num>bx <memory-address> memory read --format b --count <num> <memory-address> Show Process Information info process process status Quit Debugging quit quit Run Program with Arguments run <arg1> <arg2> ... process launch -- <arg1> <arg2> ... Show Current Function info frame frame info Set Sysroot set sysroot <path-to-sysroot> settings set target.sysroot <path-to-sysroot> Set Source Directory directory <path-to-source-directory> settings set target.source-map <remote-path> <local-path> Set Architecture set architecture <arch> target create --arch <arch> <executable-file> Show Settings show <setting-name> settings show <setting-name> Set File for Debugging file <executable-file> target create <executable-file> Start the Program and Run One Instruction starti process launch --stop-at-entry Enable ASLR set disable-randomization off settings set target.disable-aslr false"},{"location":"tutorials/gdb-tui/","title":"GDB TUI","text":"The context sections are available as native GDB TUI windows named pwndbg_[sectionname]. There are some predefined layouts coming with Pwndbg which you can select using layout pwndbg or layout pwndbg_code.
Use focus cmd to focus the command window and have the arrow keys scroll through the command history again. tui disable to disable TUI mode and go back to CLI mode when running commands with longer output. ctrl-x + a toggles between TUI and CLI mode quickly. Hold shift to ignore the TUI mouse integration and use the mouse normally to select text or copy data.
To create your own layout and selecting it use normal tui new-layout syntax like:
tui new-layout pwndbg_custom {-horizontal { { -horizontal { pwndbg_code 1 pwndbg_disasm 1 } 2 { {-horizontal pwndbg_legend 8 pwndbg_control 2 } 0 pwndbg_regs 1 pwndbg_stack 1 } 3 } 7 cmd 3 } 3 { pwndbg_backtrace 2 pwndbg_threads 1 pwndbg_expressions 2 } 1 } 1 status 1\nlayout pwndbg_custom\n
"},{"location":"tutorials/go-debugging/","title":"Debugging Go with Pwndbg","text":""},{"location":"tutorials/go-debugging/#basics","title":"Basics","text":"The go-dump command can be used to dump Go values during debugging. It takes the form go-dump type address_expression, and supports many different types with the same syntax as Go:
- Integer types:
int, int8, int16, int32, int64, int128, and their uint counterparts - Misc types:
bool, rune, uintptr, string - Floating point types:
float32, float64 - Complex numbers:
complex64, complex128 - Interface types:
any for interface{} (the empty interface), and interface for all non-empty interfaces - Function types:
funcptr for all function types - Pointers:
*ELEM - Slices:
[]ELEM - Arrays:
[LEN]ELEM - Maps:
map[KEY][VAL] (note that maps in Go are actually pointers to the map, whereas this map is the inner map, so you may need to use *map[KEY]VAL to dump a map)
Struct types are also supported, but the syntax is slightly different from Go in order to avoid having to compute offsets (and also to support only having partial field information on structs). Struct types are notated as OFFSET:FIELD_NAME:TYPE triples separated by semicolons then enclosed with struct(SIZE){}, e.g. struct(24){0:foo:string;16:bar:int64} to represent the 24-byte Go struct struct { foo string; bar int64 }.
Example:
pwndbg> go-dump map[string]int 0xc0000b20f0\n{\"a\": 1, \"b\": 2, \"c\": 3}\n\npwndbg> go-dump any 0xc0000ace40\n([]struct { a int; b string }) [struct {a: 1, b: \"first\"}, struct {a: 2, b: \"second\"}]\n\npwndbg> go-dump struct(24){0:a:int;8:b:string} 0xc000108120\nstruct {a: 1, b: \"first\"}\n
Some notable flags include -p to enable pretty printing, -x to display integers in hex, -f DECIMALS to set the number of decimals used to display floats, -d to enable debug printing, which displays memory addresses of everything shown in the dump.
"},{"location":"tutorials/go-debugging/#runtime-type-parsing","title":"Runtime Type Parsing","text":"Go's compiler emits type objects for every single type used by the program. This is what enables dumping interface values with go-dump without having to specify any additional type information, and can also be leveraged to dump non-interface values if the type can be located. A good way to locate types is by finding the type pointer passed into heap allocation functions like runtime.newobject or runtime.makeslice.
After finding the type pointer, the go-type command can be used to inspect a type:
pwndbg> go-type 0x49fbc0\n Name: struct { a int; b string }\n Kind: STRUCT\n Size: 24 (0x18)\nAlign: 8\nParse: struct(24){0:a:int;8:b:string}\nField a:\n Offset: 0 (0x0)\n Type name: int\n Type addr: 0x498ce0\nField b:\n Offset: 8 (0x8)\n Type name: string\n Type addr: 0x498aa0\n
The go-dump command can also take an address to a type instead of the name of a type:
pwndbg> go-dump 0x49fbc0 0xc000108120\nstruct {a: 1, b: \"first\"}\n
"},{"location":"tutorials/pwndbg-users/","title":"Pwndbg in the wild","text":"Here is a non-exhaustive list of Pwndbg mentions found in the wild. Feel free to open a PR to add more if you find them!
"},{"location":"tutorials/pwndbg-users/#talks","title":"Talks","text":" - OffensiveCon24 - Eugene Rodionov, Zi Fan Tan and Gulshan Singh
"},{"location":"tutorials/pwndbg-users/#videos","title":"Videos","text":" - Intro to pwndbg - CTF Cookbook by SloppyJoePirates CTF Writeups
- Intro to Binary Exploitation (Pwn) by CryptoCat
- Bug A Day #8 - pwndbg #2 by Bug-A-Day
"},{"location":"tutorials/pwndbg-users/#scripts","title":"Scripts","text":" - CVE-2022-24834 exploit by ptr-yudai
"},{"location":"tutorials/pycharm-debugging/","title":"Debugging with PyCharm","text":"In order to debug code with PyCharm you need to configure remote debugging.
PyCharm will start a remote debugging server which will listen for connections and Pwndbg will then connect to that server, on startup.
"},{"location":"tutorials/pycharm-debugging/#configuring-the-debugging-server","title":"Configuring the debugging server","text":"Select Run -> Edit Configurations and follow the instructions there :)
- Create a new server with the
+ button. - Put your IP in
IDE host name and select a port number. - Optionally, add a path mapping:
pycharm/pwndbg/dir=machine/pwndbg/dir - Uncheck
suspend after connect
"},{"location":"tutorials/pycharm-debugging/#configuring-pwndbg","title":"Configuring Pwndbg","text":" - Select
Run -> Edit Configurations and install the packages described in that window. pip install pydevd-pycharm~=<your_pycharm_version>- Add the following code somewhere where it will execute on GDB startup:
import pydevd_pycharm\npydevd_pycharm.settrace('<your_IP>', port=<port>, stdoutToServer=True, stderrToServer=True)\n
"},{"location":"tutorials/pycharm-debugging/#debugging","title":"Debugging","text":" - Start the debugging server in PyCharm
- Run Pwndbg
"},{"location":"tutorials/pycharm-debugging/#wsl2","title":"WSL2","text":"In order to debug using WSL2, you need to obtain your Windows IP. The easiest way to do that is to run:
cat /etc/resolv.conf\n
and then to pick the value in the nameserver line. Then use that IP in the IDE host name field, when configuring the server. Afterwards, use the same IP in pydevd_pycharm.settrace(...)"},{"location":"tutorials/splitting-the-context/","title":"Splitting / Layouting Context","text":"i.e. doing this:
In Pwndbg, the context sections can be distributed among different tty by using the contextoutput command. Example:
contextoutput stack /path/to/tty true\n
If you use a terminal or multiplexer that supports scripted pane splitting, you can write a Python script that will create the panes and distribute them to your liking whenever you start Pwndbg.
For instance, for tmux, you could write something like this:
python\nimport atexit\nimport os\nfrom pwndbg.commands.context import contextoutput, output, clear_screen\nbt = os.popen('tmux split-window -P -F \"#{pane_id}:#{pane_tty}\" -d \"cat -\"').read().strip().split(\":\")\nst = os.popen(F'tmux split-window -h -t {bt[0]} -P -F '+'\"#{pane_id}:#{pane_tty}\" -d \"cat -\"').read().strip().split(\":\")\nre = os.popen(F'tmux split-window -h -t {st[0]} -P -F '+'\"#{pane_id}:#{pane_tty}\" -d \"cat -\"').read().strip().split(\":\")\ndi = os.popen('tmux split-window -h -P -F \"#{pane_id}:#{pane_tty}\" -d \"cat -\"').read().strip().split(\":\")\npanes = dict(backtrace=bt, stack=st, regs=re, disasm=di)\nfor sec, p in panes.items():\n contextoutput(sec, p[1], True)\ncontextoutput(\"legend\", di[1], True)\natexit.register(lambda: [os.popen(F\"tmux kill-pane -t {p[0]}\").read() for p in panes.values()])\nend\n
If you're using tmux specifically, you can use pwnmux as a prebuilt layout or splitmind to easily configure the layout you want. Example
The above example uses splitmind and following configuration:
python\nimport splitmind\n(splitmind.Mind()\n .tell_splitter(show_titles=True)\n .tell_splitter(set_title=\"Main\")\n .right(display=\"backtrace\", size=\"25%\")\n .above(of=\"main\", display=\"disasm\", size=\"80%\", banner=\"top\")\n .show(\"code\", on=\"disasm\", banner=\"none\")\n .right(cmd='tty; tail -f /dev/null', size=\"65%\", clearing=False)\n .tell_splitter(set_title='Input / Output')\n .above(display=\"stack\", size=\"75%\")\n .above(display=\"legend\", size=\"25\")\n .show(\"regs\", on=\"legend\")\n .below(of=\"backtrace\", cmd=\"ipython\", size=\"30%\")\n).build(nobanner=True)\nend\n
If you're using kitty, you may check out kittydbg for a prebuilt layout.
"},{"location":"tutorials/decompiler-integration/binja-integration/","title":"Binary Ninja","text":""},{"location":"tutorials/decompiler-integration/binja-integration/#requirements","title":"Requirements","text":"You need at least the personal edition of Binary Ninja (only tested on version 4.0+) that runs at least Python 3.10 for plugins.
"},{"location":"tutorials/decompiler-integration/binja-integration/#setup","title":"Setup","text":"Copy (or symlink) binja_script.py to your plugins directory.
"},{"location":"tutorials/decompiler-integration/binja-integration/#usage","title":"Usage","text":"To start the Binary Ninja integration, open the binary you want to debug in Binary Ninja, then go to Plugins > pwndbg > Start integration on current view. This will start the XMLRPC server that Pwndbg queries for information.
Then, inside GDB, run set integration-provider binja, which will start the integration. You can run set integration-provider none to disable it again.
"},{"location":"tutorials/decompiler-integration/binja-integration/#features","title":"Features","text":"The integration currently syncs symbol names, comments, decompilation, function type signatures, and stack variables.
"},{"location":"tutorials/decompiler-integration/binja-integration/#commands","title":"Commands","text":" bn-sync: Navigate the Binary Ninja view to the current instructiondecomp ADDR NLINES: Displays the decompilation for NLINES lines at address ADDR.
"},{"location":"tutorials/decompiler-integration/binja-integration/#config-options","title":"Config Options","text":" bn-autosync: If set to yes, every step will automatically run bn-syncbn-il-level: Sets the IL level to use for decompilation. Valid values are: disasm, llil, mlil, hlilbn-rpc-host/bn-rpc-port: The host and port to connect to for the XMLRPC serverbn-timeout: The amount, in seconds, to wait for the XMLRPC server to connect
"},{"location":"tutorials/decompiler-integration/ghidra-integration/","title":"Ghidra","text":"With the help of radare2 or rizin it is possible to show the decompiled source code of the ghidra decompiler.
However, this comes with some prerequisites.
- First: you have to have installed radare2 or rizin and it must be found by GDB (within path)
- Second: you have to install the ghidra plugin for radare2 r2ghidra or install the ghidra plugin for rizin rz-ghidra
- Third: r2pipe has to be installed in the python-context GDB is using (or if you are using rizin, install rzpipe instead)
The decompiled source be shown as part of the context by adding ghidra to set context-sections or by calling ctx-ghidra [function] manually.
Be warned, the first call to both radare2/r2ghidra and rizin/rz-ghidra are rather slow! Subsequent requests for decompiled source will be faster. And it does take up some resources as the radare2/rizin instance is kept by r2pipe/rzpipe to enable faster subsequent analysis.
With those performance penalties it is reasonable to not have it launch always. Therefore it includes an option to only start it when required with set context-ghidra:
set context-ghidra always: always trigger the ghidra contextset context-ghidra never: never trigger the ghidra context except when called manuallyset context-ghidra if-no-source: invoke ghidra if no source code is available
Remark: the plugin tries to guess the correct current line and mark it with \"\u2192\", but it might get it wrong.
"},{"location":"tutorials/decompiler-integration/ida-integration/","title":"IDA","text":""},{"location":"tutorials/decompiler-integration/ida-integration/#usage","title":"Usage","text":"Open the same binary with Pwndbg and IDA. Then inside IDA go to File > Script file and select the ida_script.py file from the Pwndbg root folder. This will start the XMLRPC server that Pwndbg queries for information.
Inside the debugger, run set integration-provider ida. This will start the integration, you can run set integration-provider none to disable it.
"},{"location":"tutorials/decompiler-integration/ida-integration/#features","title":"Features","text":"The integration will sync IDA's decompilation and show it in the context. You can query for symbols and stack variables using the ida function.
"},{"location":"tutorials/decompiler-integration/ida-integration/#debugger-control","title":"Debugger Control","text":"To see an up-to-date list of things you can do regarding IDA integration, you may grep for ida like so:
pwndbg> pwndbg ida\nfind-fake-fast Find candidate fake fast or tcache chunks overlapping the specified address.\nsave-ida Save the ida database.\npwndbg> config ida\nattachp-resolution-method how to determine the process to attach when multiple candidates exists 'ask'\nida-rpc-host ida xmlrpc server address '127.0.0.1'\nida-rpc-port ida xmlrpc server port 31337\nida-timeout time to wait for ida xmlrpc in seconds 2\npwndbg> | help function | grep ida\nfunction ida -- Lookup a symbol's address by name from IDA.\n
Note that you will see some false positives. You can use the decomp command to use IDA to decompile at an arbitrary address.
"},{"location":"reference/pwndbg/","title":"pwndbg","text":""},{"location":"reference/pwndbg/#pwndbg","title":"pwndbg","text":"Modules:
-
aglib \u2013 Debugger-agnostic library that provides various functionality.
-
arguments \u2013 Function and syscall argument formatting.
-
auxv \u2013 Performs handling of the linux auxiliary vector.
-
chain \u2013 Dereference and format pointer chains.
-
color \u2013 Text colorizing and theme configuration logic.
-
commands \u2013 Pwndbg command implementations.
-
dbg \u2013 The abstracted debugger interface.
-
decorators \u2013 Project-wide function decorators.
-
emu \u2013 Emulation assistance from Unicorn.
-
enhance \u2013 Attempt to describe the data at a memory address as best as possible.
-
exception \u2013 Common exception handling.
-
gdblib \u2013 Library for handling GDB logic. Being removed in favour of aglib.
-
ghidra \u2013 Ghidra integration.
-
glibc \u2013 Get information about the GLibc
-
hexdump \u2013 Hexdump implementation, ~= stolen from pwntools.
-
integration \u2013 Decompiler integration.
-
lib \u2013 Library for non-debugger-dependant functionality.
-
log \u2013 Logging.
-
profiling \u2013 Pwndbg profiling.
-
radare2 \u2013 Radare2 integration with r2pipe.
-
rizin \u2013 Rizin integration with rzpipe.
-
search \u2013 Search the address space for byte patterns.
-
ui \u2013 A few helpers for making things print pretty-like.
-
wrappers \u2013 Specific command output wrappers.
Attributes:
"},{"location":"reference/pwndbg/#pwndbg.config","title":"config module-attribute","text":"config: Config = Config()\n
The global configuration object.
"},{"location":"reference/pwndbg/#pwndbg.__version__","title":"__version__ module-attribute","text":"__version__ = __version__\n
Pwndbg version.
"},{"location":"reference/pwndbg/#pwndbg.version","title":"version module-attribute","text":"version = __version__\n
Pwndbg version.
"},{"location":"reference/pwndbg/aglib/","title":"pwndbg.aglib","text":""},{"location":"reference/pwndbg/aglib/#pwndbg.aglib","title":"aglib","text":"Debugger-agnostic library that provides various functionality.
Takes the debugging primitives provided by the Debugger API and builds the more complex and interesting bits of functionality found in Pwndbg on top of them.
See https://pwndbg.re/pwndbg/dev/contributing/dev-notes/#aglib for more information.
Modules:
-
arch \u2013 -
argv \u2013 -
ctypes \u2013 On-the-fly endianness switching for ctypes structures.
-
disasm \u2013 -
dt \u2013 Prints structures in a manner similar to WinDbg's \"dt\" command.
-
dynamic \u2013 Dynamic linking interface.
-
elf \u2013 This file declares types and methods useful for enumerating
-
file \u2013 Retrieve files from the debuggee's filesystem. Useful when
-
godbg \u2013 -
heap \u2013 -
kernel \u2013 -
memory \u2013 -
nearpc \u2013 -
next \u2013 Commands for setting temporary breakpoints on the next
-
onegadget \u2013 -
proc \u2013 Provides values which would be available from /proc which
-
qemu \u2013 Determine whether the target is being run under QEMU.
-
regs \u2013 Reading register value from the inferior, and provides a
-
remote \u2013 Information about whether the debuggee is local (under GDB) or remote
-
saved_register_frames \u2013 -
shellcode \u2013 Shellcode
-
stack \u2013 Helpers for finding address mappings which are used as a stack.
-
strings \u2013 Functionality for resolving ASCII printable strings within
-
symbol \u2013 Looking up addresses for function names / symbols, and
-
tls \u2013 Getting Thread Local Storage (TLS) information.
-
typeinfo \u2013 Common types.
-
vmmap \u2013 -
vmmap_custom \u2013
Functions:
-
load_aglib \u2013 -
set_arch \u2013
"},{"location":"reference/pwndbg/aglib/#pwndbg.aglib.load_aglib","title":"load_aglib","text":"load_aglib()\n
"},{"location":"reference/pwndbg/aglib/#pwndbg.aglib.set_arch","title":"set_arch","text":"set_arch(pwndbg_arch: PwndbgArchitecture)\n
"},{"location":"reference/pwndbg/aglib/arch/","title":"pwndbg.aglib.arch","text":""},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch","title":"arch","text":"Classes:
Functions:
-
register_arch \u2013 -
get_pwndbg_architecture \u2013 -
get_thumb_mode_string \u2013 -
update \u2013
Attributes:
-
EndianType \u2013 -
FMT_LITTLE_ENDIAN \u2013 -
FMT_BIG_ENDIAN \u2013 -
registered_architectures (dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, PwndbgArchitecture]) \u2013 -
all_arches \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.EndianType","title":"EndianType module-attribute","text":"EndianType = Literal['little', 'big']\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.FMT_LITTLE_ENDIAN","title":"FMT_LITTLE_ENDIAN module-attribute","text":"FMT_LITTLE_ENDIAN = {1: 'B', 2: '<H', 4: '<I', 8: '<Q'}\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.FMT_BIG_ENDIAN","title":"FMT_BIG_ENDIAN module-attribute","text":"FMT_BIG_ENDIAN = {1: 'B', 2: '>H', 4: '>I', 8: '>Q'}\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.registered_architectures","title":"registered_architectures module-attribute","text":"registered_architectures: dict[\n PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, PwndbgArchitecture\n] = {}\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.all_arches","title":"all_arches module-attribute","text":"all_arches = [\n AMD64Arch(),\n i386Arch(),\n i8086Arch(),\n ArmArch(),\n ArmCortexArch(),\n AArch64Arch(),\n PowerPCArch(),\n SparcArch(),\n RISCV32Arch(),\n RISCV64Arch(),\n MipsArch(),\n Loongarch64Arch(),\n S390xArch(),\n]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture","title":"PwndbgArchitecture","text":"PwndbgArchitecture(name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)\n
Bases: ArchDefinition
This class defines the context of the currently debugged architecture as well as other related information of the platform.
This includes the following information: - Capstone/Unicorn constants - ABI information
Methods:
-
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
get_capstone_constants \u2013 Return tuple of (CAPSTONE ARCH, CAPSTONE MODE) used to instantiate the Capstone disassembler for this architecture.
-
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size (int) \u2013 -
endian (EndianType) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.max_instruction_size","title":"max_instruction_size instance-attribute","text":"max_instruction_size: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int] | None\n
Return tuple of (CAPSTONE ARCH, CAPSTONE MODE) used to instantiate the Capstone disassembler for this architecture.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PwndbgArchitecture.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch","title":"AMD64Arch","text":"AMD64Arch()\n
Bases: PwndbgArchitecture
Methods:
-
get_capstone_constants \u2013 -
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 16\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AMD64Arch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch","title":"i386Arch","text":"i386Arch()\n
Bases: PwndbgArchitecture
32-bit mode x86
Methods:
-
get_capstone_constants \u2013 -
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 16\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i386Arch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch","title":"i8086Arch","text":"i8086Arch()\n
Bases: PwndbgArchitecture
16-bit mode x86
Methods:
-
get_capstone_constants \u2013 -
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 16\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.i8086Arch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch","title":"ArmArch","text":"ArmArch()\n
Bases: PwndbgArchitecture
Methods:
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmArch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch","title":"ArmCortexArch","text":"ArmCortexArch()\n
Bases: PwndbgArchitecture
Cortex-M processors run the M-profile Arm architecture. This architecture is prevalent in bare-metal/embedded systems that lack operating systems. Only Thumb-2 instructions are supported, and the Thumb bit is always 1.
Methods:
-
get_capstone_constants \u2013 -
read_thumb_bit \u2013 On Cortex-M processors, the Thumb bit is architecturally defined to be 1.
-
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1]\n
On Cortex-M processors, the Thumb bit is architecturally defined to be 1.
This is the (xpsr >> 24) & 1, which is always 1.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.ArmCortexArch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch","title":"AArch64Arch","text":"AArch64Arch()\n
Bases: PwndbgArchitecture
Methods:
-
get_capstone_constants \u2013 -
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.AArch64Arch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch","title":"PowerPCArch","text":"PowerPCArch()\n
Bases: PwndbgArchitecture
Methods:
-
get_capstone_constants \u2013 -
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.PowerPCArch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch","title":"SparcArch","text":"SparcArch()\n
Bases: PwndbgArchitecture
Methods:
-
get_capstone_constants \u2013 -
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.SparcArch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch","title":"RISCV32Arch","text":"RISCV32Arch()\n
Bases: PwndbgArchitecture
Methods:
-
get_capstone_constants \u2013 -
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 22\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV32Arch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch","title":"RISCV64Arch","text":"RISCV64Arch()\n
Bases: PwndbgArchitecture
Methods:
-
get_capstone_constants \u2013 -
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 22\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.RISCV64Arch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch","title":"MipsArch","text":"MipsArch()\n
Bases: PwndbgArchitecture
Methods:
-
get_capstone_constants \u2013 -
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 8\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.MipsArch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch","title":"Loongarch64Arch","text":"Loongarch64Arch()\n
Bases: PwndbgArchitecture
Methods:
-
get_capstone_constants \u2013 -
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 4\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.Loongarch64Arch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch","title":"S390xArch","text":"S390xArch()\n
Bases: PwndbgArchitecture
Methods:
-
get_capstone_constants \u2013 -
update \u2013 While debugging a process, certain aspects of the architecture can change.
-
pack \u2013 -
unpack \u2013 -
pack_size \u2013 -
unpack_size \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Attributes:
-
max_instruction_size \u2013 -
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (EndianType) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013 -
ptrbits (int) \u2013 Pointer size in bits
-
ptrmask (int) \u2013 -
function_abi (ABI | None) \u2013 -
syscall_abi (SyscallABI | None) \u2013 -
sigreturn_abi (SyscallABI | None) \u2013 -
fmts (dict[int, str]) \u2013 -
fmt (str) \u2013
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.max_instruction_size","title":"max_instruction_size class-attribute instance-attribute","text":"max_instruction_size = 6\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = name\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.endian","title":"endian instance-attribute","text":"endian: EndianType\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.attributes","title":"attributes instance-attribute","text":"attributes: list[ArchAttribute]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.ptrbits","title":"ptrbits instance-attribute","text":"ptrbits: int\n
Pointer size in bits
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.ptrmask","title":"ptrmask instance-attribute","text":"ptrmask: int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.function_abi","title":"function_abi instance-attribute","text":"function_abi: ABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.syscall_abi","title":"syscall_abi instance-attribute","text":"syscall_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.sigreturn_abi","title":"sigreturn_abi instance-attribute","text":"sigreturn_abi: SyscallABI | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.fmts","title":"fmts instance-attribute","text":"fmts: dict[int, str]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.fmt","title":"fmt instance-attribute","text":"fmt: str\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.get_capstone_constants","title":"get_capstone_constants","text":"get_capstone_constants(address: int) -> tuple[int, int]\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.update","title":"update","text":"update(arch_definition: ArchDefinition) -> None\n
While debugging a process, certain aspects of the architecture can change.
For example: - Some architectures can change endianness dynamically.
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.pack","title":"pack","text":"pack(integer: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.unpack","title":"unpack","text":"unpack(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.pack_size","title":"pack_size","text":"pack_size(integer: int, size: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.unpack_size","title":"unpack_size","text":"unpack_size(data: bytes, size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.S390xArch.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> Literal[0, 1, None]\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
Return None if the Thumb bit is not relevent to the current architecture
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.register_arch","title":"register_arch","text":"register_arch(arch: PwndbgArchitecture)\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.get_pwndbg_architecture","title":"get_pwndbg_architecture","text":"get_pwndbg_architecture(\n name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE,\n) -> PwndbgArchitecture | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.get_thumb_mode_string","title":"get_thumb_mode_string","text":"get_thumb_mode_string() -> Literal['arm', 'thumb'] | None\n
"},{"location":"reference/pwndbg/aglib/arch/#pwndbg.aglib.arch.update","title":"update","text":"update() -> None\n
"},{"location":"reference/pwndbg/aglib/argv/","title":"pwndbg.aglib.argv","text":""},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv","title":"argv","text":"Functions:
-
update \u2013 -
update_state \u2013 -
argc \u2013 -
argv \u2013 -
envc \u2013 -
envp \u2013 -
environ \u2013
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.update","title":"update","text":"update() -> None\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.update_state","title":"update_state","text":"update_state() -> None\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.argc","title":"argc","text":"argc() -> int\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.argv","title":"argv","text":"argv(number: int) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.envc","title":"envc","text":"envc() -> int\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.envp","title":"envp","text":"envp(number: int) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/argv/#pwndbg.aglib.argv.environ","title":"environ","text":"environ(name: str) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/ctypes/","title":"pwndbg.aglib.ctypes","text":""},{"location":"reference/pwndbg/aglib/ctypes/#pwndbg.aglib.ctypes","title":"ctypes","text":"On-the-fly endianness switching for ctypes structures.
We cannot make use of ctypes.LittleEndianStructure and ctypes.BigEndianStructure, since these use metaclass hooks to catch fields being set when the class is declared.
We need to catch on the fly. We do this by swapping out the base classes of the Structure type, and incurring a performance penalty for foreign-endianness targets.
Functions:
Attributes:
-
module \u2013 -
Structure \u2013
"},{"location":"reference/pwndbg/aglib/ctypes/#pwndbg.aglib.ctypes.module","title":"module module-attribute","text":"module = modules[__name__]\n
"},{"location":"reference/pwndbg/aglib/ctypes/#pwndbg.aglib.ctypes.Structure","title":"Structure module-attribute","text":"Structure = LittleEndianStructure\n
"},{"location":"reference/pwndbg/aglib/ctypes/#pwndbg.aglib.ctypes.update","title":"update","text":"update() -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/","title":"pwndbg.aglib.disasm","text":""},{"location":"reference/pwndbg/aglib/disasm/#pwndbg.aglib.disasm","title":"disasm","text":"Modules:
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/","title":"pwndbg.aglib.disasm.aarch64","text":""},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64","title":"aarch64","text":"Classes:
-
AArch64DisassemblyAssistant \u2013
Functions:
Attributes:
-
AARCH64_SINGLE_LOAD_INSTRUCTIONS (dict[int, int | None]) \u2013 -
AARCH64_SINGLE_STORE_INSTRUCTIONS (dict[int, int | None]) \u2013 -
AARCH64_EXCLUSIVE_STORE_INSTRUCTIONS \u2013 -
CONDITIONAL_SELECT_INSTRUCTIONS \u2013 -
AARCH64_EMULATED_ANNOTATIONS \u2013 -
AARCH64_CONSTANT_SHIFTS \u2013 -
AARCH64_BIT_SHIFT_MAP (dict[int, Callable[[int, int, int], int]]) \u2013 -
AARCH64_EXTEND_MAP (dict[int, Callable[[int], int]]) \u2013 -
AARCH64_MATH_INSTRUCTIONS \u2013 -
AARCH64_SHIFT_INSTRUCTIONS \u2013
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_SINGLE_LOAD_INSTRUCTIONS","title":"AARCH64_SINGLE_LOAD_INSTRUCTIONS module-attribute","text":"AARCH64_SINGLE_LOAD_INSTRUCTIONS: dict[int, int | None] = {\n AARCH64_INS_LDRB: 1,\n AARCH64_INS_ALIAS_LDRB: 1,\n AARCH64_INS_LDURB: 1,\n AARCH64_INS_ALIAS_LDURB: 1,\n AARCH64_INS_LDRSB: -1,\n AARCH64_INS_ALIAS_LDRSB: -1,\n AARCH64_INS_LDURSB: -1,\n AARCH64_INS_ALIAS_LDURSB: -1,\n AARCH64_INS_LDRH: 2,\n AARCH64_INS_ALIAS_LDRH: 2,\n AARCH64_INS_LDURH: 2,\n AARCH64_INS_ALIAS_LDURH: 2,\n AARCH64_INS_LDRSH: -2,\n AARCH64_INS_ALIAS_LDRSH: -2,\n AARCH64_INS_LDURSH: -2,\n AARCH64_INS_ALIAS_LDURSH: -2,\n AARCH64_INS_LDURSW: -4,\n AARCH64_INS_ALIAS_LDURSW: -4,\n AARCH64_INS_LDRSW: -4,\n AARCH64_INS_ALIAS_LDRSW: -4,\n AARCH64_INS_LDUR: None,\n AARCH64_INS_ALIAS_LDUR: None,\n AARCH64_INS_LDR: None,\n AARCH64_INS_ALIAS_LDR: None,\n AARCH64_INS_LDTRB: 1,\n AARCH64_INS_LDTRSB: -1,\n AARCH64_INS_LDTRH: 2,\n AARCH64_INS_LDTRSH: -2,\n AARCH64_INS_LDTRSW: -4,\n AARCH64_INS_LDTR: None,\n AARCH64_INS_ALIAS_LDTR: None,\n AARCH64_INS_LDXRB: 1,\n AARCH64_INS_LDXRH: 2,\n AARCH64_INS_LDXR: None,\n AARCH64_INS_LDARB: 1,\n AARCH64_INS_LDARH: 2,\n AARCH64_INS_LDAR: None,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_SINGLE_STORE_INSTRUCTIONS","title":"AARCH64_SINGLE_STORE_INSTRUCTIONS module-attribute","text":"AARCH64_SINGLE_STORE_INSTRUCTIONS: dict[int, int | None] = {\n AARCH64_INS_STRB: 1,\n AARCH64_INS_ALIAS_STRB: 1,\n AARCH64_INS_STURB: 1,\n AARCH64_INS_ALIAS_STURB: 1,\n AARCH64_INS_STRH: 2,\n AARCH64_INS_ALIAS_STRH: 2,\n AARCH64_INS_STURH: 2,\n AARCH64_INS_ALIAS_STURH: 2,\n AARCH64_INS_STUR: None,\n AARCH64_INS_ALIAS_STUR: None,\n AARCH64_INS_STR: None,\n AARCH64_INS_ALIAS_STR: None,\n AARCH64_INS_STTRB: 1,\n AARCH64_INS_STTRH: 2,\n AARCH64_INS_STTR: None,\n AARCH64_INS_STLRB: 1,\n AARCH64_INS_STLRH: 2,\n AARCH64_INS_STLR: None,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_EXCLUSIVE_STORE_INSTRUCTIONS","title":"AARCH64_EXCLUSIVE_STORE_INSTRUCTIONS module-attribute","text":"AARCH64_EXCLUSIVE_STORE_INSTRUCTIONS = {\n AARCH64_INS_STXRB: 1,\n AARCH64_INS_STXRH: 2,\n AARCH64_INS_STXR: None,\n AARCH64_INS_STLXRB: 1,\n AARCH64_INS_STLXRH: 2,\n AARCH64_INS_STLXR: None,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.CONDITIONAL_SELECT_INSTRUCTIONS","title":"CONDITIONAL_SELECT_INSTRUCTIONS module-attribute","text":"CONDITIONAL_SELECT_INSTRUCTIONS = {\n AARCH64_INS_CSEL,\n AARCH64_INS_CSINC,\n AARCH64_INS_CSINV,\n AARCH64_INS_CSNEG,\n AARCH64_INS_ALIAS_CSET,\n AARCH64_INS_ALIAS_CSETM,\n AARCH64_INS_ALIAS_CINC,\n AARCH64_INS_ALIAS_CINV,\n AARCH64_INS_ALIAS_CNEG,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_EMULATED_ANNOTATIONS","title":"AARCH64_EMULATED_ANNOTATIONS module-attribute","text":"AARCH64_EMULATED_ANNOTATIONS = CONDITIONAL_SELECT_INSTRUCTIONS | {\n AARCH64_INS_SXTB,\n AARCH64_INS_SXTH,\n AARCH64_INS_SXTW,\n AARCH64_INS_UXTB,\n AARCH64_INS_UXTH,\n AARCH64_INS_UXTW,\n AARCH64_INS_RBIT,\n AARCH64_INS_CLS,\n AARCH64_INS_CLZ,\n AARCH64_INS_ALIAS_BFXIL,\n AARCH64_INS_ALIAS_UBFIZ,\n AARCH64_INS_UBFM,\n AARCH64_INS_ALIAS_UBFX,\n AARCH64_INS_ALIAS_SBFIZ,\n AARCH64_INS_SBFM,\n AARCH64_INS_ALIAS_SBFX,\n AARCH64_INS_ALIAS_BFI,\n AARCH64_INS_NEG,\n AARCH64_INS_ALIAS_NEGS,\n AARCH64_INS_REV,\n AARCH64_INS_BIC,\n AARCH64_INS_BICS,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_CONSTANT_SHIFTS","title":"AARCH64_CONSTANT_SHIFTS module-attribute","text":"AARCH64_CONSTANT_SHIFTS = {\n AARCH64_SFT_LSL,\n AARCH64_SFT_LSR,\n AARCH64_SFT_ASR,\n AARCH64_SFT_ROR,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_BIT_SHIFT_MAP","title":"AARCH64_BIT_SHIFT_MAP module-attribute","text":"AARCH64_BIT_SHIFT_MAP: dict[int, Callable[[int, int, int], int]] = {\n AARCH64_SFT_LSL: logical_shift_left,\n AARCH64_SFT_LSR: logical_shift_right,\n AARCH64_SFT_ASR: arithmetic_shift_right,\n AARCH64_SFT_ROR: rotate_right,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_EXTEND_MAP","title":"AARCH64_EXTEND_MAP module-attribute","text":"AARCH64_EXTEND_MAP: dict[int, Callable[[int], int]] = {\n AARCH64_EXT_UXTB: lambda x: x & 1 << 8 - 1,\n AARCH64_EXT_UXTH: lambda x: x & 1 << 16 - 1,\n AARCH64_EXT_UXTW: lambda x: x & 1 << 32 - 1,\n AARCH64_EXT_UXTX: lambda x: x,\n AARCH64_EXT_SXTB: lambda x: to_signed(x, 8),\n AARCH64_EXT_SXTH: lambda x: to_signed(x, 16),\n AARCH64_EXT_SXTW: lambda x: to_signed(x, 32),\n AARCH64_EXT_SXTX: lambda x: to_signed(x, 64),\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_MATH_INSTRUCTIONS","title":"AARCH64_MATH_INSTRUCTIONS module-attribute","text":"AARCH64_MATH_INSTRUCTIONS = {\n AARCH64_INS_ADD: \"+\",\n AARCH64_INS_ALIAS_ADD: \"+\",\n AARCH64_INS_ADDS: \"+\",\n AARCH64_INS_ALIAS_ADDS: \"+\",\n AARCH64_INS_SUB: \"-\",\n AARCH64_INS_ALIAS_SUB: \"-\",\n AARCH64_INS_SUBS: \"-\",\n AARCH64_INS_ALIAS_SUBS: \"-\",\n AARCH64_INS_AND: \"&\",\n AARCH64_INS_ALIAS_AND: \"&\",\n AARCH64_INS_ANDS: \"&\",\n AARCH64_INS_ALIAS_ANDS: \"&\",\n AARCH64_INS_ORR: \"|\",\n AARCH64_INS_ALIAS_ORR: \"|\",\n AARCH64_INS_EOR: \"^\",\n AARCH64_INS_ALIAS_EOR: \"^\",\n AARCH64_INS_UDIV: \"/\",\n AARCH64_INS_SDIV: \"/\",\n AARCH64_INS_SMULH: \"*\",\n AARCH64_INS_SMULL: \"*\",\n AARCH64_INS_ALIAS_SMULL: \"*\",\n AARCH64_INS_UMULH: \"*\",\n AARCH64_INS_UMULL: \"*\",\n AARCH64_INS_ALIAS_UMULL: \"*\",\n AARCH64_INS_MUL: \"*\",\n AARCH64_INS_ALIAS_MUL: \"*\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AARCH64_SHIFT_INSTRUCTIONS","title":"AARCH64_SHIFT_INSTRUCTIONS module-attribute","text":"AARCH64_SHIFT_INSTRUCTIONS = {\n AARCH64_INS_LSL: \"<<\",\n AARCH64_INS_ALIAS_LSL: \"<<\",\n AARCH64_INS_LSR: \">>\",\n AARCH64_INS_ALIAS_LSR: \">>\",\n AARCH64_INS_ASR: \">>s\",\n AARCH64_INS_ALIAS_ASR: \">>s\",\n AARCH64_INS_ROR: \">>r\",\n AARCH64_INS_ALIAS_ROR: \">>r\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant","title":"AArch64DisassemblyAssistant","text":"AArch64DisassemblyAssistant(architecture)\n
Bases: DisassemblyAssistant
Methods:
-
enhance \u2013 Enhance the instruction - resolving branch targets, conditionals, and adding annotations
-
can_reason_about_process_state \u2013 Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump \u2013 Debug-only method.
Attributes:
-
annotation_handlers (dict[int, Callable[[PwndbgInstruction, Emulator], None]]) \u2013 -
architecture (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
op_handlers (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.annotation_handlers","title":"annotation_handlers instance-attribute","text":"annotation_handlers: dict[\n int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n AARCH64_INS_MOV: _common_move_annotator,\n AARCH64_INS_ALIAS_MOV: _common_move_annotator,\n AARCH64_INS_MOVZ: _common_move_annotator,\n AARCH64_INS_MOVK: _common_generic_register_destination,\n AARCH64_INS_ADR: _common_generic_register_destination,\n AARCH64_INS_ADRP: _handle_adrp,\n AARCH64_INS_ALIAS_CMP: _common_cmp_annotator_builder(\"cpsr\", \"-\"),\n AARCH64_INS_ALIAS_CMN: _common_cmp_annotator_builder(\"cpsr\", \"+\"),\n AARCH64_INS_ALIAS_TST: _common_cmp_annotator_builder(\"cpsr\", \"&\"),\n AARCH64_INS_CCMP: _common_cmp_annotator_builder(\"cpsr\", \"\"),\n AARCH64_INS_CCMN: _common_cmp_annotator_builder(\"cpsr\", \"\"),\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.architecture","title":"architecture instance-attribute","text":"architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.op_handlers","title":"op_handlers instance-attribute","text":"op_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.op_names","title":"op_names instance-attribute","text":"op_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.enhance","title":"enhance","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.AArch64DisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\n
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/aarch64/#pwndbg.aglib.disasm.aarch64.resolve_condition","title":"resolve_condition","text":"resolve_condition(condition: int, cpsr: int) -> InstructionCondition\n
Given a condition and the NZCV flag bits, determine when the condition is satisfied
The condition is a Capstone constant
"},{"location":"reference/pwndbg/aglib/disasm/arch/","title":"pwndbg.aglib.disasm.arch","text":""},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch","title":"arch","text":"Classes:
-
DisassemblyAssistant \u2013
Functions:
Attributes:
-
DEBUG_ENHANCEMENT \u2013 -
groups \u2013 -
ops \u2013 -
access \u2013 -
DO_NOT_EMULATE \u2013
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DEBUG_ENHANCEMENT","title":"DEBUG_ENHANCEMENT module-attribute","text":"DEBUG_ENHANCEMENT = False\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.groups","title":"groups module-attribute","text":"groups = {v: _Sfor (k, v) in items() if startswith('CS_GRP_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.ops","title":"ops module-attribute","text":"ops = {v: _afor (k, v) in items() if startswith('CS_OP_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.access","title":"access module-attribute","text":"access = {v: _xfor (k, v) in items() if startswith('CS_AC_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DO_NOT_EMULATE","title":"DO_NOT_EMULATE module-attribute","text":"DO_NOT_EMULATE = {CS_GRP_INT, CS_GRP_INVALID, CS_GRP_IRET}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant","title":"DisassemblyAssistant","text":"DisassemblyAssistant(architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE)\n
Methods:
-
enhance \u2013 Enhance the instruction - resolving branch targets, conditionals, and adding annotations
-
can_reason_about_process_state \u2013 Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump \u2013 Debug-only method.
Attributes:
-
architecture (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
op_handlers (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.architecture","title":"architecture instance-attribute","text":"architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.op_handlers","title":"op_handlers instance-attribute","text":"op_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.op_names","title":"op_names instance-attribute","text":"op_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.enhance","title":"enhance","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.DisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\n
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.syntax_highlight","title":"syntax_highlight","text":"syntax_highlight(ins)\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.register_assign","title":"register_assign","text":"register_assign(left: str, right: str) -> str\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.memory_assign","title":"memory_assign","text":"memory_assign(left: str, right: str) -> str\n
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.memory_or_register_assign","title":"memory_or_register_assign","text":"memory_or_register_assign(left: str, right: str, mem_assign: bool) -> str\n
Used when we don't know until runtime whether a codepath will annotate a register or memory location.
"},{"location":"reference/pwndbg/aglib/disasm/arch/#pwndbg.aglib.disasm.arch.basic_enhance","title":"basic_enhance","text":"basic_enhance(ins: PwndbgInstruction) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/","title":"pwndbg.aglib.disasm.arm","text":""},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm","title":"arm","text":"Classes:
-
ArmDisassemblyAssistant \u2013
Functions:
Attributes:
-
ARM_BIT_SHIFT_MAP (dict[int, Callable[[int, int, int], int]]) \u2013 -
ARM_SINGLE_LOAD_INSTRUCTIONS \u2013 -
ARM_SINGLE_STORE_INSTRUCTIONS \u2013 -
ARM_EXCLUSIVE_STORE_INSTRUCTIONS \u2013 -
ARM_MATH_INSTRUCTIONS \u2013 -
ARM_SHIFT_INSTRUCTIONS \u2013 -
ARM_CAN_WRITE_TO_PC_INSTRUCTIONS \u2013
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_BIT_SHIFT_MAP","title":"ARM_BIT_SHIFT_MAP module-attribute","text":"ARM_BIT_SHIFT_MAP: dict[int, Callable[[int, int, int], int]] = {\n ARM_SFT_ASR: arithmetic_shift_right,\n ARM_SFT_LSL: logical_shift_left,\n ARM_SFT_LSR: logical_shift_right,\n ARM_SFT_ROR: rotate_right,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_SINGLE_LOAD_INSTRUCTIONS","title":"ARM_SINGLE_LOAD_INSTRUCTIONS module-attribute","text":"ARM_SINGLE_LOAD_INSTRUCTIONS = {\n ARM_INS_LDRB: 1,\n ARM_INS_LDRSB: -1,\n ARM_INS_LDRH: 2,\n ARM_INS_LDRSH: -2,\n ARM_INS_LDR: 4,\n ARM_INS_LDRBT: 1,\n ARM_INS_LDRSBT: -1,\n ARM_INS_LDRHT: 2,\n ARM_INS_LDRSHT: -2,\n ARM_INS_LDRT: 4,\n ARM_INS_LDREXB: 1,\n ARM_INS_LDREXH: 2,\n ARM_INS_LDREX: 4,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_SINGLE_STORE_INSTRUCTIONS","title":"ARM_SINGLE_STORE_INSTRUCTIONS module-attribute","text":"ARM_SINGLE_STORE_INSTRUCTIONS = {\n ARM_INS_STRB: 1,\n ARM_INS_STRH: 2,\n ARM_INS_STR: 4,\n ARM_INS_STRBT: 1,\n ARM_INS_STRHT: 2,\n ARM_INS_STRT: 4,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_EXCLUSIVE_STORE_INSTRUCTIONS","title":"ARM_EXCLUSIVE_STORE_INSTRUCTIONS module-attribute","text":"ARM_EXCLUSIVE_STORE_INSTRUCTIONS = {\n ARM_INS_STREXB: 1,\n ARM_INS_STREXH: 2,\n ARM_INS_STREX: 4,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_MATH_INSTRUCTIONS","title":"ARM_MATH_INSTRUCTIONS module-attribute","text":"ARM_MATH_INSTRUCTIONS = {\n ARM_INS_ADD: \"+\",\n ARM_INS_ADDW: \"+\",\n ARM_INS_SUB: \"-\",\n ARM_INS_ORR: \"|\",\n ARM_INS_AND: \"&\",\n ARM_INS_EOR: \"^\",\n ARM_INS_UDIV: \"/\",\n ARM_INS_SDIV: \"/\",\n ARM_INS_MUL: \"*\",\n ARM_INS_UMULL: \"*\",\n ARM_INS_SMULL: \"*\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_SHIFT_INSTRUCTIONS","title":"ARM_SHIFT_INSTRUCTIONS module-attribute","text":"ARM_SHIFT_INSTRUCTIONS = {\n ARM_INS_ASR: \">>s\",\n ARM_INS_ALIAS_ASR: \">>s\",\n ARM_INS_LSR: \">>\",\n ARM_INS_ALIAS_LSR: \">>\",\n ARM_INS_LSL: \"<<\",\n ARM_INS_ALIAS_LSL: \"<<\",\n ARM_INS_ROR: \">>r\",\n ARM_INS_ALIAS_ROR: \">>r\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ARM_CAN_WRITE_TO_PC_INSTRUCTIONS","title":"ARM_CAN_WRITE_TO_PC_INSTRUCTIONS module-attribute","text":"ARM_CAN_WRITE_TO_PC_INSTRUCTIONS = {\n ARM_INS_LDM,\n ARM_INS_ALIAS_LDM,\n ARM_INS_POP,\n ARM_INS_ALIAS_POP,\n ARM_INS_LDR,\n ARM_INS_ADC,\n ARM_INS_ADD,\n ARM_INS_ADR,\n ARM_INS_AND,\n ARM_INS_ASR,\n ARM_INS_ALIAS_ASR,\n ARM_INS_BIC,\n ARM_INS_EOR,\n ARM_INS_LSL,\n ARM_INS_ALIAS_LSL,\n ARM_INS_LSR,\n ARM_INS_ALIAS_LSR,\n ARM_INS_MOV,\n ARM_INS_MVN,\n ARM_INS_ORR,\n ARM_INS_ROR,\n ARM_INS_ALIAS_ROR,\n ARM_INS_RRX,\n ARM_INS_ALIAS_RRX,\n ARM_INS_RSB,\n ARM_INS_RSC,\n ARM_INS_SBC,\n ARM_INS_SUB,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant","title":"ArmDisassemblyAssistant","text":"ArmDisassemblyAssistant(architecture, flags_reg: Literal['cpsr', 'xpsr'])\n
Bases: DisassemblyAssistant
Methods:
-
read_thumb_bit \u2013 -
enhance \u2013 Enhance the instruction - resolving branch targets, conditionals, and adding annotations
-
can_reason_about_process_state \u2013 Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump \u2013 Debug-only method.
Attributes:
-
flags_reg \u2013 -
annotation_handlers (dict[int, Callable[[PwndbgInstruction, Emulator], None]]) \u2013 -
architecture (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
op_handlers (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.flags_reg","title":"flags_reg instance-attribute","text":"flags_reg = flags_reg\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.annotation_handlers","title":"annotation_handlers instance-attribute","text":"annotation_handlers: dict[\n int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n ARM_INS_MOV: _common_move_annotator,\n ARM_INS_MOVW: _common_move_annotator,\n ARM_INS_MOVT: _common_generic_register_destination,\n ARM_INS_MVN: _common_generic_register_destination,\n ARM_INS_CMP: _common_cmp_annotator_builder(flags_reg, \"-\"),\n ARM_INS_CMN: _common_cmp_annotator_builder(flags_reg, \"+\"),\n ARM_INS_TST: _common_cmp_annotator_builder(flags_reg, \"&\"),\n ARM_INS_TEQ: _common_cmp_annotator_builder(flags_reg, \"^\"),\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.architecture","title":"architecture instance-attribute","text":"architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.op_handlers","title":"op_handlers instance-attribute","text":"op_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.op_names","title":"op_names instance-attribute","text":"op_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit(instruction: PwndbgInstruction, emu: Emulator) -> int | None\n
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.enhance","title":"enhance","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.ArmDisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\n
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/arm/#pwndbg.aglib.disasm.arm.itstate_from_cpsr","title":"itstate_from_cpsr","text":"itstate_from_cpsr(cpsr_value: int) -> int\n
ITSTATE == If-Then execution state bits for the Thumb IT instruction The ITSTATE bits are spread across 3 sections of Arm flags register to a total of 8 bits. This function extracts them and reorders the bits into their logical order - https://developer.arm.com/documentation/ddi0403/d/System-Level-Architecture/System-Level-Programmers--Model/Registers/The-special-purpose-program-status-registers--xPSR#:~:text=shows%20the%20assignment%20of%20the%20ICI/IT%20bits.
Bits of the flags register: EPSR[26:25] EPSR[15:12] EPSR[11:10] Bits of ITSTATE: IT[1:0] IT[7:4] IT[3:2]
The lower 5 bits has information that indicates the number of instructions in the IT Block. The top 3 bits indicate the base condition of the block. - https://developer.arm.com/documentation/ddi0406/cb/Application-Level-Architecture/Application-Level-Programmers--Model/Execution-state-registers/IT-block-state-register--ITSTATE?lang=en
If the value is zero, it means we are not in an IT block.
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/","title":"pwndbg.aglib.disasm.disassembly","text":""},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly","title":"disassembly","text":"Functionality for disassmebling code at an address, or at an address \u00b1 a few instructions.
Functions:
-
enhance_cache_listener \u2013 -
clear_on_reg_mem_change \u2013 -
get_disassembler \u2013 -
get_one_instruction \u2013 If passed an emulator, this will pass it to the DisassemblyAssistant which will
-
one \u2013 -
one_raw \u2013 -
get \u2013 -
can_run_first_emulate \u2013 Disable the emulate config variable if we don't have enough memory to use it
-
no_emulate_one \u2013 -
emulate_one \u2013 -
one_with_config \u2013 Returns a single Pwndbg Instruction at the current PC.
-
near \u2013 Disasms instructions near given address. Passing emulate makes use of
-
get_disassembly_assistant_for_current_arch \u2013 -
arch_has_disassembly_assistant \u2013
Attributes:
-
CapstoneEndian \u2013 -
CapstoneSyntax \u2013 -
next_addresses_cache (set[int]) \u2013 -
backward_cache (DefaultDict[int, int]) \u2013 -
computed_instruction_cache (DefaultDict[int, PwndbgInstruction]) \u2013 -
emulated_arm_mode_cache (DefaultDict[int, int | None]) \u2013 -
first_time_emulate \u2013 -
ALL_DISASSEMBLY_ASSISTANTS (dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, Callable[[], DisassemblyAssistant]]) \u2013
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.CapstoneEndian","title":"CapstoneEndian module-attribute","text":"CapstoneEndian = {'little': CS_MODE_LITTLE_ENDIAN, 'big': CS_MODE_BIG_ENDIAN}\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.CapstoneSyntax","title":"CapstoneSyntax module-attribute","text":"CapstoneSyntax = {'intel': CS_OPT_SYNTAX_INTEL, 'att': CS_OPT_SYNTAX_ATT}\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.next_addresses_cache","title":"next_addresses_cache module-attribute","text":"next_addresses_cache: set[int] = set()\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.backward_cache","title":"backward_cache module-attribute","text":"backward_cache: DefaultDict[int, int] = defaultdict(lambda: None)\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.computed_instruction_cache","title":"computed_instruction_cache module-attribute","text":"computed_instruction_cache: DefaultDict[int, PwndbgInstruction] = defaultdict(\n lambda: None\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.emulated_arm_mode_cache","title":"emulated_arm_mode_cache module-attribute","text":"emulated_arm_mode_cache: DefaultDict[int, int | None] = defaultdict(\n lambda: None\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.first_time_emulate","title":"first_time_emulate module-attribute","text":"first_time_emulate = True\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.ALL_DISASSEMBLY_ASSISTANTS","title":"ALL_DISASSEMBLY_ASSISTANTS module-attribute","text":"ALL_DISASSEMBLY_ASSISTANTS: dict[\n PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, Callable[[], DisassemblyAssistant]\n] = {\n \"aarch64\": lambda: AArch64DisassemblyAssistant(\"aarch64\"),\n \"i386\": lambda: X86DisassemblyAssistant(\"i386\"),\n \"x86-64\": lambda: X86DisassemblyAssistant(\"x86-64\"),\n \"arm\": lambda: ArmDisassemblyAssistant(\"arm\", \"cpsr\"),\n \"armcm\": lambda: ArmDisassemblyAssistant(\"armcm\", \"xpsr\"),\n \"mips\": lambda: MipsDisassemblyAssistant(\"mips\"),\n \"rv32\": lambda: RISCVDisassemblyAssistant(\"rv32\"),\n \"rv64\": lambda: RISCVDisassemblyAssistant(\"rv64\"),\n \"loongarch64\": lambda: Loong64DisassemblyAssistant(\"loongarch64\"),\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.enhance_cache_listener","title":"enhance_cache_listener","text":"enhance_cache_listener() -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.clear_on_reg_mem_change","title":"clear_on_reg_mem_change","text":"clear_on_reg_mem_change() -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.get_disassembler","title":"get_disassembler","text":"get_disassembler(cs_info: tuple[int, int])\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.get_one_instruction","title":"get_one_instruction","text":"get_one_instruction(\n address,\n emu: Emulator = None,\n enhance=True,\n from_cache=False,\n put_cache=False,\n assistant: DisassemblyAssistant = None,\n) -> PwndbgInstruction\n
If passed an emulator, this will pass it to the DisassemblyAssistant which will single_step the emulator to determine the operand values before and after the instruction executes.
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.one","title":"one","text":"one(\n address=None,\n emu: Emulator = None,\n enhance=True,\n from_cache=False,\n put_cache=False,\n put_backward_cache=True,\n assistant: DisassemblyAssistant = None,\n) -> PwndbgInstruction | None\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.one_raw","title":"one_raw","text":"one_raw(address=None) -> PwndbgInstruction | None\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.get","title":"get","text":"get(\n address,\n instructions=1,\n emu: Emulator = None,\n enhance=True,\n from_cache=False,\n put_cache=False,\n assistant: DisassemblyAssistant = None,\n) -> list[PwndbgInstruction]\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.can_run_first_emulate","title":"can_run_first_emulate","text":"can_run_first_emulate() -> bool\n
Disable the emulate config variable if we don't have enough memory to use it See #1534 And unicorn-engine/unicorn!1743
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.no_emulate_one","title":"no_emulate_one","text":"no_emulate_one()\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.emulate_one","title":"emulate_one","text":"emulate_one()\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.one_with_config","title":"one_with_config","text":"one_with_config()\n
Returns a single Pwndbg Instruction at the current PC.
Emulation determined by the pwndbg.config.emulate setting.
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.near","title":"near","text":"near(\n address,\n instructions=1,\n emulate=False,\n show_prev_insns=True,\n use_cache=False,\n linear=False,\n) -> tuple[list[PwndbgInstruction], int]\n
Disasms instructions near given address. Passing emulate makes use of unicorn engine to emulate instructions to predict branches that will be taken. show_prev_insns makes this show previously cached instructions (this is mostly used by context's disasm display, so user see what was previously)
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.get_disassembly_assistant_for_current_arch","title":"get_disassembly_assistant_for_current_arch","text":"get_disassembly_assistant_for_current_arch() -> DisassemblyAssistant\n
"},{"location":"reference/pwndbg/aglib/disasm/disassembly/#pwndbg.aglib.disasm.disassembly.arch_has_disassembly_assistant","title":"arch_has_disassembly_assistant","text":"arch_has_disassembly_assistant(\n arch: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE | None = None,\n) -> bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/","title":"pwndbg.aglib.disasm.instruction","text":""},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction","title":"instruction","text":"Classes:
-
InstructionCondition \u2013 -
SplitType \u2013 -
PwndbgInstruction \u2013 -
PwndbgInstructionImpl \u2013 -
EnhancedOperand \u2013 -
ManualPwndbgInstruction \u2013
Functions:
-
boolean_to_instruction_condition \u2013
Attributes:
-
UNCONDITIONAL_JUMP_INSTRUCTIONS (dict[int, set[int]]) \u2013 -
BRANCH_AND_LINK_INSTRUCTIONS (dict[int, set[int]]) \u2013 -
GENERIC_UNCONDITIONAL_JUMP_GROUPS \u2013 -
GENERIC_JUMP_GROUPS \u2013 -
ALL_JUMP_GROUPS \u2013 -
FORWARD_JUMP_GROUP \u2013 -
CAPSTONE_ARCH_MAPPING_STRING \u2013
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.UNCONDITIONAL_JUMP_INSTRUCTIONS","title":"UNCONDITIONAL_JUMP_INSTRUCTIONS module-attribute","text":"UNCONDITIONAL_JUMP_INSTRUCTIONS: dict[int, set[int]] = {\n CS_ARCH_X86: {X86_INS_CALL, X86_INS_JMP},\n CS_ARCH_MIPS: {\n MIPS_INS_J,\n MIPS_INS_JR,\n MIPS_INS_JAL,\n MIPS_INS_JALR,\n MIPS_INS_JALR_HB,\n MIPS_INS_BAL,\n MIPS_INS_ALIAS_BAL,\n MIPS_INS_B,\n MIPS_INS_ALIAS_B,\n },\n CS_ARCH_SPARC: {SPARC_INS_JMP, SPARC_INS_JMPL},\n CS_ARCH_ARM: {ARM_INS_TBB, ARM_INS_TBH},\n CS_ARCH_AARCH64: {AARCH64_INS_BL, AARCH64_INS_BLR, AARCH64_INS_BR},\n CS_ARCH_RISCV: {\n RISCV_INS_JAL,\n RISCV_INS_JALR,\n RISCV_INS_C_JAL,\n RISCV_INS_C_JALR,\n RISCV_INS_C_J,\n RISCV_INS_C_JR,\n },\n CS_ARCH_PPC: {PPC_INS_B, PPC_INS_BA, PPC_INS_BL, PPC_INS_BLA},\n CS_ARCH_SYSTEMZ: {SYSTEMZ_INS_B, SYSTEMZ_INS_BAL, SYSTEMZ_INS_BALR},\n CS_ARCH_LOONGARCH: {\n LOONGARCH_INS_B,\n LOONGARCH_INS_BL,\n LOONGARCH_INS_JIRL,\n LOONGARCH_INS_ALIAS_JR,\n },\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.BRANCH_AND_LINK_INSTRUCTIONS","title":"BRANCH_AND_LINK_INSTRUCTIONS module-attribute","text":"BRANCH_AND_LINK_INSTRUCTIONS: dict[int, set[int]] = defaultdict(set)\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.GENERIC_UNCONDITIONAL_JUMP_GROUPS","title":"GENERIC_UNCONDITIONAL_JUMP_GROUPS module-attribute","text":"GENERIC_UNCONDITIONAL_JUMP_GROUPS = {CS_GRP_CALL, CS_GRP_RET, CS_GRP_IRET}\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.GENERIC_JUMP_GROUPS","title":"GENERIC_JUMP_GROUPS module-attribute","text":"GENERIC_JUMP_GROUPS = {CS_GRP_JUMP, CS_GRP_BRANCH_RELATIVE}\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ALL_JUMP_GROUPS","title":"ALL_JUMP_GROUPS module-attribute","text":"ALL_JUMP_GROUPS = GENERIC_JUMP_GROUPS | GENERIC_UNCONDITIONAL_JUMP_GROUPS\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.FORWARD_JUMP_GROUP","title":"FORWARD_JUMP_GROUP module-attribute","text":"FORWARD_JUMP_GROUP = {CS_GRP_CALL} | GENERIC_JUMP_GROUPS\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.CAPSTONE_ARCH_MAPPING_STRING","title":"CAPSTONE_ARCH_MAPPING_STRING module-attribute","text":"CAPSTONE_ARCH_MAPPING_STRING = {\n CS_ARCH_ARM: \"arm\",\n CS_ARCH_AARCH64: \"aarch64\",\n CS_ARCH_X86: \"x86\",\n CS_ARCH_PPC: \"powerpc\",\n CS_ARCH_MIPS: \"mips\",\n CS_ARCH_SPARC: \"sparc\",\n CS_ARCH_RISCV: \"RISCV\",\n CS_ARCH_SYSTEMZ: \"s390x\",\n CS_ARCH_LOONGARCH: \"loongarch\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.InstructionCondition","title":"InstructionCondition","text":" Bases: Enum
Attributes:
-
TRUE \u2013 -
FALSE \u2013 -
UNDETERMINED \u2013
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.InstructionCondition.TRUE","title":"TRUE class-attribute instance-attribute","text":"TRUE = 1\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.InstructionCondition.FALSE","title":"FALSE class-attribute instance-attribute","text":"FALSE = 2\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.InstructionCondition.UNDETERMINED","title":"UNDETERMINED class-attribute instance-attribute","text":"UNDETERMINED = 3\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.SplitType","title":"SplitType","text":" Bases: Enum
Attributes:
-
NO_SPLIT \u2013 -
BRANCH_TAKEN \u2013 -
BRANCH_NOT_TAKEN \u2013
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.SplitType.NO_SPLIT","title":"NO_SPLIT class-attribute instance-attribute","text":"NO_SPLIT = 1\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.SplitType.BRANCH_TAKEN","title":"BRANCH_TAKEN class-attribute instance-attribute","text":"BRANCH_TAKEN = 2\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.SplitType.BRANCH_NOT_TAKEN","title":"BRANCH_NOT_TAKEN class-attribute instance-attribute","text":"BRANCH_NOT_TAKEN = 3\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction","title":"PwndbgInstruction","text":" Bases: Protocol
Methods:
-
op_find \u2013 -
op_count \u2013
Attributes:
-
cs_insn (CsInsn) \u2013 -
address (int) \u2013 -
size (int) \u2013 -
mnemonic (str) \u2013 -
op_str (str) \u2013 -
groups (set[int]) \u2013 -
id (int) \u2013 -
operands (list[EnhancedOperand]) \u2013 -
asm_string (str) \u2013 -
next (int) \u2013 -
target (int) \u2013 -
target_string (str | None) \u2013 -
target_const (bool | None) \u2013 -
condition (InstructionCondition) \u2013 -
declare_conditional (bool | None) \u2013 -
declare_is_unconditional_jump (bool) \u2013 -
force_unconditional_jump_target (bool) \u2013 -
annotation (str | None) \u2013 -
annotation_padding (int | None) \u2013 -
syscall (int | None) \u2013 -
syscall_name (str | None) \u2013 -
causes_branch_delay (bool) \u2013 -
split (SplitType) \u2013 -
emulated (bool) \u2013 -
call_like (bool) \u2013 -
jump_like (bool) \u2013 -
has_jump_target (bool) \u2013 -
is_conditional_jump (bool) \u2013 -
is_unconditional_jump (bool) \u2013 -
is_conditional_jump_taken (bool) \u2013 -
bytes (bytearray) \u2013
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.cs_insn","title":"cs_insn instance-attribute","text":"cs_insn: CsInsn\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.address","title":"address instance-attribute","text":"address: int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.size","title":"size instance-attribute","text":"size: int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.mnemonic","title":"mnemonic instance-attribute","text":"mnemonic: str\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.op_str","title":"op_str instance-attribute","text":"op_str: str\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.groups","title":"groups instance-attribute","text":"groups: set[int]\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.id","title":"id instance-attribute","text":"id: int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.operands","title":"operands instance-attribute","text":"operands: list[EnhancedOperand]\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.asm_string","title":"asm_string instance-attribute","text":"asm_string: str\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.next","title":"next instance-attribute","text":"next: int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.target","title":"target instance-attribute","text":"target: int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.target_string","title":"target_string instance-attribute","text":"target_string: str | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.target_const","title":"target_const instance-attribute","text":"target_const: bool | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.condition","title":"condition instance-attribute","text":"condition: InstructionCondition\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.declare_conditional","title":"declare_conditional instance-attribute","text":"declare_conditional: bool | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.declare_is_unconditional_jump","title":"declare_is_unconditional_jump instance-attribute","text":"declare_is_unconditional_jump: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.force_unconditional_jump_target","title":"force_unconditional_jump_target instance-attribute","text":"force_unconditional_jump_target: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.annotation","title":"annotation instance-attribute","text":"annotation: str | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.annotation_padding","title":"annotation_padding instance-attribute","text":"annotation_padding: int | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.syscall","title":"syscall instance-attribute","text":"syscall: int | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.syscall_name","title":"syscall_name instance-attribute","text":"syscall_name: str | None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.causes_branch_delay","title":"causes_branch_delay instance-attribute","text":"causes_branch_delay: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.split","title":"split instance-attribute","text":"split: SplitType\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.emulated","title":"emulated instance-attribute","text":"emulated: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.call_like","title":"call_like property","text":"call_like: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.jump_like","title":"jump_like property","text":"jump_like: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.has_jump_target","title":"has_jump_target property","text":"has_jump_target: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.is_conditional_jump","title":"is_conditional_jump property","text":"is_conditional_jump: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.is_unconditional_jump","title":"is_unconditional_jump property","text":"is_unconditional_jump: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.is_conditional_jump_taken","title":"is_conditional_jump_taken property","text":"is_conditional_jump_taken: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.bytes","title":"bytes property","text":"bytes: bytearray\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.op_find","title":"op_find","text":"op_find(op_type: int, position: int) -> EnhancedOperand\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstruction.op_count","title":"op_count","text":"op_count(op_type: int) -> int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl","title":"PwndbgInstructionImpl","text":"PwndbgInstructionImpl(cs_insn: CsInsn)\n
Bases: PwndbgInstruction
Methods:
Attributes:
-
cs_insn (CsInsn) \u2013 The underlying Capstone instruction object.
-
address (int) \u2013 -
size (int) \u2013 Length of the instruction
-
mnemonic (str) \u2013 Ex: 'MOV'
-
op_str (str) \u2013 Ex: 'RAX, RDX'
-
groups (set[int]) \u2013 Capstone instruction groups that we belong to.
-
id (int) \u2013 The underlying Capstone ID for the instruction
-
operands (list[EnhancedOperand]) \u2013 -
asm_string (str) \u2013 The full string representing the instruction - mov rdi, rsp with appropriate padding.
-
next (int) \u2013 This is the address that the instruction pointer will be set to after using the \"nexti\" GDB command.
-
target (int) \u2013 This is target of instructions that change the PC, regardless of if it's conditional or not,
-
target_string (str | None) \u2013 String representation of the target address.
-
target_const (bool | None) \u2013 Whether the target is a constant expression
-
condition (InstructionCondition) \u2013 Does the condition that the instruction checks for pass?
-
declare_conditional (bool | None) \u2013 This field is used to declare if the instruction is a conditional instruction.
-
declare_is_unconditional_jump (bool) \u2013 This field is used to declare that this instruction is an unconditional jump.
-
force_unconditional_jump_target (bool) \u2013 This asserts that the .target attribute is the real target of the instruction.
-
annotation (str | None) \u2013 The string is set in the \"DisassemblyAssistant.enhance\" function.
-
annotation_padding (int | None) \u2013 The left adjustment padding that was used to previously print this.
-
syscall (int | None) \u2013 The syscall number for this instruction, if it is a syscall. Otherwise None.
-
syscall_name (str | None) \u2013 The syscall name as a string
-
causes_branch_delay (bool) \u2013 Whether or not this instruction has a single branch delay slot
-
split (SplitType) \u2013 The type of split in the disasm display this instruction causes:
-
emulated (bool) \u2013 If the enhancement successfully used emulation for this instruction
-
call_like (bool) \u2013 True if this is a call-like instruction, meaning either it's a CALL or a branch and link.
-
jump_like (bool) \u2013 True if this instruction is \"jump-like\", such as a JUMP, CALL, or RET.
-
has_jump_target (bool) \u2013 True if we have determined that this instruction can explicitly change the program counter, and
-
is_conditional_jump (bool) \u2013 True if this instruction can change the program counter conditionally.
-
is_unconditional_jump (bool) \u2013 True if we know the instruction can change the program counter, and does so unconditionally.
-
is_conditional_jump_taken (bool) \u2013 True if this is a conditional jump, and we predicted that we will take the jump
-
bytes (bytearray) \u2013 Raw machine instruction bytes
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.cs_insn","title":"cs_insn instance-attribute","text":"cs_insn: CsInsn = cs_insn\n
The underlying Capstone instruction object. Only the enhancement code should access the 'cs_insn' property
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.address","title":"address instance-attribute","text":"address: int = address\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.size","title":"size instance-attribute","text":"size: int = size\n
Length of the instruction
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.mnemonic","title":"mnemonic instance-attribute","text":"mnemonic: str = mnemonic\n
Ex: 'MOV'
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.op_str","title":"op_str instance-attribute","text":"op_str: str = op_str\n
Ex: 'RAX, RDX'
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.groups","title":"groups instance-attribute","text":"groups: set[int] = set(groups)\n
Capstone instruction groups that we belong to. Groups that apply to all architectures: CS_GRP_INVALID | CS_GRP_JUMP | CS_GRP_CALL | CS_GRP_RET | CS_GRP_INT | CS_GRP_IRET | CS_GRP_PRIVILEGE | CS_GRP_BRANCH_RELATIVE
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.id","title":"id instance-attribute","text":"id: int = alias_id if is_alias else id\n
The underlying Capstone ID for the instruction If it's an alias, use the id of the alias
Examples: X86_INS_JMP, X86_INS_CALL, RISCV_INS_C_JAL
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.operands","title":"operands instance-attribute","text":"operands: list[EnhancedOperand] = [EnhancedOperand(op) for op in operands]\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.asm_string","title":"asm_string instance-attribute","text":"asm_string: str = f'{mnemonic} {op_str}'\n
The full string representing the instruction - mov rdi, rsp with appropriate padding.
This is syntax highlighted during enhancement.
This is additionally modified during enhancement for the purposes of replacing immediate values with their corresponding symbols
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.next","title":"next instance-attribute","text":"next: int = address + size\n
This is the address that the instruction pointer will be set to after using the \"nexti\" GDB command. This means it is the address of the next instruction to be executed in all cases except \"call\" instructions.
Typically, it is self.address + self.size (the next instruction in memory)
If it is a jump and we know it is taken, then it is the value of the jump target.
Not set to \"call\" instruction targets, to indicate we will eventually (probably) return to this address
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.target","title":"target instance-attribute","text":"target: int = None\n
This is target of instructions that change the PC, regardless of if it's conditional or not, and whether or not we take the jump. This includes \"call\" and all other instructions that set the PC
If the instruction is not one that changes the PC, target is set to \"next\"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.target_string","title":"target_string instance-attribute","text":"target_string: str | None = None\n
String representation of the target address.
Colorized symbol if a symbol exists at address, else colorized address
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.target_const","title":"target_const instance-attribute","text":"target_const: bool | None = None\n
Whether the target is a constant expression
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.condition","title":"condition instance-attribute","text":"condition: InstructionCondition = UNDETERMINED\n
Does the condition that the instruction checks for pass?
For example, \"JNE\" jumps if Zero Flag is 0, else it does nothing. \"CMOVA\" conditionally performs a move depending on a flag. See 'condition' function in pwndbg.aglib.disasm.x86 for example on setting this.
UNDETERMINED if we cannot reason about the condition, or if the instruction always executes unconditionally (most instructions).
TRUE if the instruction has a conditional action, and we determine it is taken.
FALSE if the instruction has a conditional action, and we know it is not taken.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.declare_conditional","title":"declare_conditional instance-attribute","text":"declare_conditional: bool | None = None\n
This field is used to declare if the instruction is a conditional instruction. In most cases, we can determine this purely based on the instruction ID, and this field is irrelevent. However, in some arches, like Arm, the same instruction can be made conditional by certain instruction attributes. Ex: Arm, bls instruction. This is encoded as a b under the code, with an additional condition code field. In this case, sometimes a b instruction is unconditional (always branches), in other cases it is conditional. We use this field to disambiguate these cases.
True if we manually determine this instruction is a conditional instruction False if it's not a conditional instruction None if we don't have a determination (most cases)
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.declare_is_unconditional_jump","title":"declare_is_unconditional_jump instance-attribute","text":"declare_is_unconditional_jump: bool = False\n
This field is used to declare that this instruction is an unconditional jump. Most of the time, we depend on Capstone groups to check for jump instructions. However, some instructions become branches depending on the operands, such as Arm add, sub, ldr, pop, where PC is the destination register
In these cases, we want to forcefully state that this instruction mutates the PC, so we set this attribute to True.
This helps in two cases: 1. Disassembly splits 2. Instructions like stepuntilasm work better, as they detect these as branches to stop at.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.force_unconditional_jump_target","title":"force_unconditional_jump_target instance-attribute","text":"force_unconditional_jump_target: bool = False\n
This asserts that the .target attribute is the real target of the instruction. This is only relevent in the edge case that the target is the next instruction in memory (address + size). The normal check for \"target\" checks that the target is NOT the next address in memory, and here we can assert that even if that is the case, we know that the jump really does just go to where self.target is.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.annotation","title":"annotation instance-attribute","text":"annotation: str | None = None\n
The string is set in the \"DisassemblyAssistant.enhance\" function. It is used in the disasm print view to add context to the instruction, mostly operand value. This string is not used for all cases - if the instruction is a call or a jump, the 'target'. variables is used instead. See 'pwndbg.color.disasm.instruction()' for specific usage.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.annotation_padding","title":"annotation_padding instance-attribute","text":"annotation_padding: int | None = None\n
The left adjustment padding that was used to previously print this. We retain it so the output is consistent between prints
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.syscall","title":"syscall instance-attribute","text":"syscall: int | None = None\n
The syscall number for this instruction, if it is a syscall. Otherwise None.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.syscall_name","title":"syscall_name instance-attribute","text":"syscall_name: str | None = None\n
The syscall name as a string
Ex: \"openat\", \"read\"
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.causes_branch_delay","title":"causes_branch_delay instance-attribute","text":"causes_branch_delay: bool = False\n
Whether or not this instruction has a single branch delay slot
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.split","title":"split instance-attribute","text":"split: SplitType = NO_SPLIT\n
The type of split in the disasm display this instruction causes:
NO_SPLIT - no extra spacing between this and the next instruction\nBRANCH_TAKEN - a newline with an arrow pointing down\nBRANCH_NOT_TAKEN - an empty newline\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.emulated","title":"emulated instance-attribute","text":"emulated: bool = False\n
If the enhancement successfully used emulation for this instruction
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.call_like","title":"call_like property","text":"call_like: bool\n
True if this is a call-like instruction, meaning either it's a CALL or a branch and link.
Checking for the CS_GRP_CALL is insufficient, as there are many \"branch and link\" instructions that are not labeled as a call
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.jump_like","title":"jump_like property","text":"jump_like: bool\n
True if this instruction is \"jump-like\", such as a JUMP, CALL, or RET. Basically, the PC is set to some target by means of this instruction.
It may still be a conditional jump - this property does not indicate whether the jump is taken or not.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.has_jump_target","title":"has_jump_target property","text":"has_jump_target: bool\n
True if we have determined that this instruction can explicitly change the program counter, and we have determined the jump target.
Edge case - the jump target MAY be the next address in memory - so we check force_unconditional_jump_target
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.is_conditional_jump","title":"is_conditional_jump property","text":"is_conditional_jump: bool\n
True if this instruction can change the program counter conditionally.
This is used, in part, to determine if the instruction deserves a \"checkmark\" in the disasm view.
This does not imply that we have resolved the .target
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.is_unconditional_jump","title":"is_unconditional_jump property","text":"is_unconditional_jump: bool\n
True if we know the instruction can change the program counter, and does so unconditionally.
This includes things like RET, CALL, and JMP (in x86).
This property is used in enhancement to determine certain codepaths when resolving .next for this instruction.
This does not imply that we have resolved the .target
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.is_conditional_jump_taken","title":"is_conditional_jump_taken property","text":"is_conditional_jump_taken: bool\n
True if this is a conditional jump, and we predicted that we will take the jump
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.bytes","title":"bytes property","text":"bytes: bytearray\n
Raw machine instruction bytes
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.op_find","title":"op_find","text":"op_find(op_type: int, position: int) -> EnhancedOperand\n
Get the operand at position @position of all operands having the same type @op_type
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.op_count","title":"op_count","text":"op_count(op_type: int) -> int\n
Return number of operands having same operand Capstone type 'op_type'
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.PwndbgInstructionImpl.__repr__","title":"__repr__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand","title":"EnhancedOperand","text":"EnhancedOperand(cs_op)\n
Methods:
Attributes:
-
cs_op (Any) \u2013 Underlying Capstone operand. Takes on a different value depending on the architecture.
-
before_value (int | None) \u2013 The value of the operand before the instruction executes.
-
after_value (int | None) \u2013 The value of the operand after the instruction executes.
-
before_value_resolved (int | None) \u2013 The 'resolved' value of the operand that is actually used in the instruction logic, before the instruction executes.
-
before_value_no_modifiers (int | None) \u2013 This is a special field used in some architectures that allow operand modifiers, such as shifts and extends in Arm.
-
after_value_resolved (int | None) \u2013 The 'resolved' value of the operand after the instruction executes.
-
str (str | None) \u2013 String representing the operand
-
symbol (str | None) \u2013 Colorized symbol name for this operand, if .before_value is set and symbol exists, else None.
-
type (int) \u2013 CS_OP_REG | CS_OP_MEM | CS_OP_IMM | CS_OP_INVALID | CS_OP_FP
-
reg (int) \u2013 The underlying Capstone ID for the register
-
imm (int) \u2013 The immediate value of the operand (if applicable)
-
mem (Any) \u2013 Return the underlying Capstone mem object (if applicable)
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.cs_op","title":"cs_op instance-attribute","text":"cs_op: Any = cs_op\n
Underlying Capstone operand. Takes on a different value depending on the architecture.
x86 = capstone.x86.X86Op, arm = capstone.arm.ArmOp, mips = capstone.mips.MipsOp
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.before_value","title":"before_value instance-attribute","text":"before_value: int | None = None\n
The value of the operand before the instruction executes. This is set only if the operand value can be reasoned about.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.after_value","title":"after_value instance-attribute","text":"after_value: int | None = None\n
The value of the operand after the instruction executes. Only set when using emulation.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.before_value_resolved","title":"before_value_resolved instance-attribute","text":"before_value_resolved: int | None = None\n
The 'resolved' value of the operand that is actually used in the instruction logic, before the instruction executes. This is the same as before_value if it's not a memory operand, in which cases it's the dereferenced value.
Helpful for cases like cmp byte ptr [rip + 0x166669], 0, where first operand could be a register or a memory value to dereference, and we want the actual value used.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.before_value_no_modifiers","title":"before_value_no_modifiers instance-attribute","text":"before_value_no_modifiers: int | None = None\n
This is a special field used in some architectures that allow operand modifiers, such as shifts and extends in Arm. Capstone bundles the modifier with the operand, and when we are resolving concrete operand values, we apply the modifier. However, in some annotations we need to un-modified raw register value, which is what this field is for.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.after_value_resolved","title":"after_value_resolved instance-attribute","text":"after_value_resolved: int | None = None\n
The 'resolved' value of the operand after the instruction executes.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.str","title":"str instance-attribute","text":"str: str | None = ''\n
String representing the operand
Ex: \"RAX\", or \"[0x7fffffffd9e8]\". None if value cannot be determined.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.symbol","title":"symbol instance-attribute","text":"symbol: str | None = None\n
Colorized symbol name for this operand, if .before_value is set and symbol exists, else None.
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.type","title":"type property","text":"type: int\n
CS_OP_REG | CS_OP_MEM | CS_OP_IMM | CS_OP_INVALID | CS_OP_FP
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.reg","title":"reg property","text":"reg: int\n
The underlying Capstone ID for the register
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.imm","title":"imm property","text":"imm: int\n
The immediate value of the operand (if applicable)
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.mem","title":"mem property","text":"mem: Any\n
Return the underlying Capstone mem object (if applicable)
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.EnhancedOperand.__repr__","title":"__repr__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction","title":"ManualPwndbgInstruction","text":"ManualPwndbgInstruction(address: int)\n
Bases: PwndbgInstruction
GDB/LLDB's built-in disassemblers.
Instances of this class do not go through the 'enhancement' process due to lacking important information provided by Capstone. As a result of this, some of the methods raise NotImplementedError, because if they are called it indicates a bug elsewhere in the codebase.
Methods:
-
op_find \u2013 -
op_count \u2013
Attributes:
-
cs_insn (CsInsn) \u2013 -
address \u2013 -
size \u2013 -
mnemonic \u2013 -
op_str \u2013 -
groups \u2013 -
id \u2013 -
operands \u2013 -
asm_string \u2013 -
next \u2013 -
target \u2013 -
target_string \u2013 -
target_const \u2013 -
condition \u2013 -
declare_conditional \u2013 -
declare_is_unconditional_jump \u2013 -
force_unconditional_jump_target \u2013 -
annotation \u2013 -
annotation_padding \u2013 -
syscall \u2013 -
syscall_name \u2013 -
causes_branch_delay \u2013 -
split \u2013 -
emulated \u2013 -
bytes (bytearray) \u2013 -
call_like (bool) \u2013 -
jump_like (bool) \u2013 -
has_jump_target (bool) \u2013 -
is_conditional_jump (bool) \u2013 -
is_unconditional_jump (bool) \u2013 -
is_conditional_jump_taken (bool) \u2013
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.cs_insn","title":"cs_insn instance-attribute","text":"cs_insn: CsInsn = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.address","title":"address instance-attribute","text":"address = address\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.size","title":"size instance-attribute","text":"size = ins['length']\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.mnemonic","title":"mnemonic instance-attribute","text":"mnemonic = strip()\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.op_str","title":"op_str instance-attribute","text":"op_str = strip() if len(asm) > 1 else ''\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.groups","title":"groups instance-attribute","text":"groups = set()\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.id","title":"id instance-attribute","text":"id = -1\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.operands","title":"operands instance-attribute","text":"operands = []\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.asm_string","title":"asm_string instance-attribute","text":"asm_string = f'{mnemonic} {op_str}'\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.next","title":"next instance-attribute","text":"next = address + size\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.target","title":"target instance-attribute","text":"target = next\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.target_string","title":"target_string instance-attribute","text":"target_string = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.target_const","title":"target_const instance-attribute","text":"target_const = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.condition","title":"condition instance-attribute","text":"condition = UNDETERMINED\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.declare_conditional","title":"declare_conditional instance-attribute","text":"declare_conditional = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.declare_is_unconditional_jump","title":"declare_is_unconditional_jump instance-attribute","text":"declare_is_unconditional_jump = False\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.force_unconditional_jump_target","title":"force_unconditional_jump_target instance-attribute","text":"force_unconditional_jump_target = False\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.annotation","title":"annotation instance-attribute","text":"annotation = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.annotation_padding","title":"annotation_padding instance-attribute","text":"annotation_padding = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.syscall","title":"syscall instance-attribute","text":"syscall = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.syscall_name","title":"syscall_name instance-attribute","text":"syscall_name = None\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.causes_branch_delay","title":"causes_branch_delay instance-attribute","text":"causes_branch_delay = False\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.split","title":"split instance-attribute","text":"split = NO_SPLIT\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.emulated","title":"emulated instance-attribute","text":"emulated = False\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.bytes","title":"bytes property","text":"bytes: bytearray\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.call_like","title":"call_like property","text":"call_like: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.jump_like","title":"jump_like property","text":"jump_like: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.has_jump_target","title":"has_jump_target property","text":"has_jump_target: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.is_conditional_jump","title":"is_conditional_jump property","text":"is_conditional_jump: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.is_unconditional_jump","title":"is_unconditional_jump property","text":"is_unconditional_jump: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.is_conditional_jump_taken","title":"is_conditional_jump_taken property","text":"is_conditional_jump_taken: bool\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.op_find","title":"op_find","text":"op_find(op_type: int, position: int) -> EnhancedOperand\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.ManualPwndbgInstruction.op_count","title":"op_count","text":"op_count(op_type: int) -> int\n
"},{"location":"reference/pwndbg/aglib/disasm/instruction/#pwndbg.aglib.disasm.instruction.boolean_to_instruction_condition","title":"boolean_to_instruction_condition","text":"boolean_to_instruction_condition(condition: bool) -> InstructionCondition\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/","title":"pwndbg.aglib.disasm.loongarch64","text":""},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64","title":"loongarch64","text":"Classes:
-
Loong64DisassemblyAssistant \u2013
Attributes:
-
CONDITION_RESOLVERS (dict[int, Callable[[list[int]], bool]]) \u2013 -
LOONGARCH_LOAD_INSTRUCTIONS (dict[int, int]) \u2013 -
LOONGARCH_STORE_INSTRUCTIONS (dict[int, int]) \u2013 -
LOONGARCH_BINARY_OPERATIONS (dict[int, str]) \u2013
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.CONDITION_RESOLVERS","title":"CONDITION_RESOLVERS module-attribute","text":"CONDITION_RESOLVERS: dict[int, Callable[[list[int]], bool]] = {\n LOONGARCH_INS_BEQZ: lambda ops: ops[0] == 0,\n LOONGARCH_INS_BNEZ: lambda ops: ops[0] != 0,\n LOONGARCH_INS_BEQ: lambda ops: ops[0] == ops[1],\n LOONGARCH_INS_BNE: lambda ops: ops[0] != ops[1],\n LOONGARCH_INS_BGE: lambda ops: to_signed(ops[0], ptrsize * 8)\n >= to_signed(ops[1], ptrsize * 8),\n LOONGARCH_INS_BLT: lambda ops: to_signed(ops[0], ptrsize * 8)\n < to_signed(ops[1], ptrsize * 8),\n LOONGARCH_INS_BLTU: lambda ops: ops[0] < ops[1],\n LOONGARCH_INS_BGEU: lambda ops: ops[0] >= ops[1],\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.LOONGARCH_LOAD_INSTRUCTIONS","title":"LOONGARCH_LOAD_INSTRUCTIONS module-attribute","text":"LOONGARCH_LOAD_INSTRUCTIONS: dict[int, int] = {}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.LOONGARCH_STORE_INSTRUCTIONS","title":"LOONGARCH_STORE_INSTRUCTIONS module-attribute","text":"LOONGARCH_STORE_INSTRUCTIONS: dict[int, int] = {}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.LOONGARCH_BINARY_OPERATIONS","title":"LOONGARCH_BINARY_OPERATIONS module-attribute","text":"LOONGARCH_BINARY_OPERATIONS: dict[int, str] = {}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant","title":"Loong64DisassemblyAssistant","text":"Loong64DisassemblyAssistant(architecture)\n
Bases: DisassemblyAssistant
Methods:
-
enhance \u2013 Enhance the instruction - resolving branch targets, conditionals, and adding annotations
-
can_reason_about_process_state \u2013 Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump \u2013 Debug-only method.
Attributes:
-
annotation_handlers (dict[int, Callable[[PwndbgInstruction, Emulator], None]]) \u2013 -
architecture (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
op_handlers (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.annotation_handlers","title":"annotation_handlers instance-attribute","text":"annotation_handlers: dict[\n int, Callable[[PwndbgInstruction, Emulator], None]\n] = {}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.architecture","title":"architecture instance-attribute","text":"architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.op_handlers","title":"op_handlers instance-attribute","text":"op_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.op_names","title":"op_names instance-attribute","text":"op_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.enhance","title":"enhance","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/loongarch64/#pwndbg.aglib.disasm.loongarch64.Loong64DisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\n
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/mips/","title":"pwndbg.aglib.disasm.mips","text":""},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips","title":"mips","text":"Classes:
-
MipsDisassemblyAssistant \u2013
Attributes:
-
BRANCH_WITHOUT_DELAY_SLOT_INSTRUCTIONS \u2013 -
BRANCH_LIKELY_INSTRUCTIONS \u2013 -
CONDITION_RESOLVERS (dict[int, Callable[[list[int]], bool]]) \u2013 -
MIPS_SIMPLE_DESTINATION_INSTRUCTIONS \u2013 -
MIPS_LOAD_INSTRUCTIONS \u2013 -
MIPS_STORE_INSTRUCTIONS \u2013 -
MIPS_BINARY_OPERATIONS \u2013
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.BRANCH_WITHOUT_DELAY_SLOT_INSTRUCTIONS","title":"BRANCH_WITHOUT_DELAY_SLOT_INSTRUCTIONS module-attribute","text":"BRANCH_WITHOUT_DELAY_SLOT_INSTRUCTIONS = {\n MIPS_INS_BC,\n MIPS_INS_BALC,\n MIPS_INS_JIALC,\n MIPS_INS_JIC,\n MIPS_INS_BLEZALC,\n MIPS_INS_BGEZALC,\n MIPS_INS_BGTZALC,\n MIPS_INS_BLTZALC,\n MIPS_INS_BEQZALC,\n MIPS_INS_BNEZALC,\n MIPS_INS_BLEZC,\n MIPS_INS_BGEZC,\n MIPS_INS_BGEUC,\n MIPS_INS_BGEIC,\n MIPS_INS_BGEUC,\n MIPS_INS_BGEIUC,\n MIPS_INS_BGTZC,\n MIPS_INS_BLTZC,\n MIPS_INS_BEQZC,\n MIPS_INS_ALIAS_BEQZC,\n MIPS_INS_BNEZC,\n MIPS_INS_ALIAS_BNEZC,\n MIPS_INS_BEQC,\n MIPS_INS_ALIAS_BEQC,\n MIPS_INS_BEQIC,\n MIPS_INS_BNEC,\n MIPS_INS_ALIAS_BNEC,\n MIPS_INS_BNEIC,\n MIPS_INS_BLTC,\n MIPS_INS_BLTIC,\n MIPS_INS_BLTUC,\n MIPS_INS_BLTIUC,\n MIPS_INS_BGEC,\n MIPS_INS_BLTUC,\n MIPS_INS_BNVC,\n MIPS_INS_BOVC,\n MIPS_INS_BRSC,\n MIPS_INS_BALRSC,\n MIPS_INS_BBEQZC,\n MIPS_INS_BBNEZC,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.BRANCH_LIKELY_INSTRUCTIONS","title":"BRANCH_LIKELY_INSTRUCTIONS module-attribute","text":"BRANCH_LIKELY_INSTRUCTIONS = {\n MIPS_INS_BC1FL,\n MIPS_INS_ALIAS_BC1FL,\n MIPS_INS_BC1TL,\n MIPS_INS_ALIAS_BC1TL,\n MIPS_INS_BEQL,\n MIPS_INS_BGEZALL,\n MIPS_INS_BGEZL,\n MIPS_INS_BGTZL,\n MIPS_INS_BLEZL,\n MIPS_INS_BLTZALL,\n MIPS_INS_BLTZL,\n MIPS_INS_BNEL,\n MIPS_INS_ALIAS_BNEZL,\n MIPS_INS_ALIAS_BEQZL,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.CONDITION_RESOLVERS","title":"CONDITION_RESOLVERS module-attribute","text":"CONDITION_RESOLVERS: dict[int, Callable[[list[int]], bool]] = {\n MIPS_INS_BEQZ: lambda ops: ops[0] == 0,\n MIPS_INS_BNEZ: lambda ops: ops[0] != 0,\n MIPS_INS_BEQ: lambda ops: ops[0] == ops[1],\n MIPS_INS_BNE: lambda ops: ops[0] != ops[1],\n MIPS_INS_BGEZ: lambda ops: to_signed(ops[0], ptrsize * 8) >= 0,\n MIPS_INS_BGEZAL: lambda ops: to_signed(ops[0], ptrsize * 8) >= 0,\n MIPS_INS_BGTZ: lambda ops: to_signed(ops[0], ptrsize * 8) > 0,\n MIPS_INS_BLEZ: lambda ops: to_signed(ops[0], ptrsize * 8) <= 0,\n MIPS_INS_BLTZAL: lambda ops: to_signed(ops[0], ptrsize * 8) < 0,\n MIPS_INS_BLTZ: lambda ops: to_signed(ops[0], ptrsize * 8) < 0,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_SIMPLE_DESTINATION_INSTRUCTIONS","title":"MIPS_SIMPLE_DESTINATION_INSTRUCTIONS module-attribute","text":"MIPS_SIMPLE_DESTINATION_INSTRUCTIONS = {\n MIPS_INS_CLO,\n MIPS_INS_CLZ,\n MIPS_INS_DCLO,\n MIPS_INS_DCLZ,\n MIPS_INS_LSA,\n MIPS_INS_DLSA,\n MIPS_INS_MFHI,\n MIPS_INS_MFLO,\n MIPS_INS_SEB,\n MIPS_INS_SEH,\n MIPS_INS_WSBH,\n MIPS_INS_SLT,\n MIPS_INS_SLTI,\n MIPS_INS_SLTIU,\n MIPS_INS_SLTU,\n MIPS_INS_MOVN,\n MIPS_INS_LDL,\n MIPS_INS_LDR,\n MIPS_INS_LWL,\n MIPS_INS_LWR,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_LOAD_INSTRUCTIONS","title":"MIPS_LOAD_INSTRUCTIONS module-attribute","text":"MIPS_LOAD_INSTRUCTIONS = {\n MIPS_INS_LB: -1,\n MIPS_INS_LBU: 1,\n MIPS_INS_LH: -2,\n MIPS_INS_LHU: 2,\n MIPS_INS_LW: -4,\n MIPS_INS_LWU: 4,\n MIPS_INS_LWPC: -4,\n MIPS_INS_LWUPC: 4,\n MIPS_INS_LD: -8,\n MIPS_INS_LDPC: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_STORE_INSTRUCTIONS","title":"MIPS_STORE_INSTRUCTIONS module-attribute","text":"MIPS_STORE_INSTRUCTIONS = {\n MIPS_INS_SB: 1,\n MIPS_INS_SH: 2,\n MIPS_INS_SW: 4,\n MIPS_INS_SD: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MIPS_BINARY_OPERATIONS","title":"MIPS_BINARY_OPERATIONS module-attribute","text":"MIPS_BINARY_OPERATIONS = {\n MIPS_INS_ADD: \"+\",\n MIPS_INS_ADDI: \"+\",\n MIPS_INS_ADDIU: \"+\",\n MIPS_INS_ADDU: \"+\",\n MIPS_INS_DADD: \"+\",\n MIPS_INS_DADDI: \"+\",\n MIPS_INS_DADDIU: \"+\",\n MIPS_INS_DADDU: \"+\",\n MIPS_INS_SUB: \"-\",\n MIPS_INS_SUBU: \"-\",\n MIPS_INS_DSUB: \"-\",\n MIPS_INS_DSUBU: \"-\",\n MIPS_INS_ANDI: \"&\",\n MIPS_INS_AND: \"&\",\n MIPS_INS_ORI: \"|\",\n MIPS_INS_OR: \"|\",\n MIPS_INS_XOR: \"^\",\n MIPS_INS_XORI: \"^\",\n MIPS_INS_SLL: \"<<\",\n MIPS_INS_SLLV: \"<<\",\n MIPS_INS_DSLL: \"<<\",\n MIPS_INS_DSLLV: \"<<\",\n MIPS_INS_SRL: \">>\",\n MIPS_INS_SRLV: \">>\",\n MIPS_INS_DSRL: \">>\",\n MIPS_INS_DSRLV: \">>\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant","title":"MipsDisassemblyAssistant","text":"MipsDisassemblyAssistant(architecture)\n
Bases: DisassemblyAssistant
Methods:
-
enhance \u2013 Enhance the instruction - resolving branch targets, conditionals, and adding annotations
-
can_reason_about_process_state \u2013 Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump \u2013 Debug-only method.
Attributes:
-
annotation_handlers (dict[int, Callable[[PwndbgInstruction, Emulator], None]]) \u2013 -
architecture (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
op_handlers (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.annotation_handlers","title":"annotation_handlers instance-attribute","text":"annotation_handlers: dict[\n int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n MIPS_INS_MOVE: _common_move_annotator,\n MIPS_INS_ALIAS_MOVE: _common_move_annotator,\n MIPS_INS_LI: _common_move_annotator,\n MIPS_INS_LUI: _lui_annotator,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.architecture","title":"architecture instance-attribute","text":"architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.op_handlers","title":"op_handlers instance-attribute","text":"op_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.op_names","title":"op_names instance-attribute","text":"op_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.enhance","title":"enhance","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/mips/#pwndbg.aglib.disasm.mips.MipsDisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\n
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/ppc/","title":"pwndbg.aglib.disasm.ppc","text":""},{"location":"reference/pwndbg/aglib/disasm/ppc/#pwndbg.aglib.disasm.ppc","title":"ppc","text":""},{"location":"reference/pwndbg/aglib/disasm/riscv/","title":"pwndbg.aglib.disasm.riscv","text":""},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv","title":"riscv","text":"Classes:
-
RISCVDisassemblyAssistant \u2013
Attributes:
-
RISCV_LOAD_INSTRUCTIONS \u2013 -
RISCV_STORE_INSTRUCTIONS \u2013 -
RISCV_MATH_INSTRUCTIONS \u2013 -
RISCV_EMULATED_ANNOTATIONS \u2013
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_LOAD_INSTRUCTIONS","title":"RISCV_LOAD_INSTRUCTIONS module-attribute","text":"RISCV_LOAD_INSTRUCTIONS = {\n RISCV_INS_LB: -1,\n RISCV_INS_LH: -2,\n RISCV_INS_LW: -4,\n RISCV_INS_LBU: 1,\n RISCV_INS_LHU: 2,\n RISCV_INS_LWU: 4,\n RISCV_INS_LD: 8,\n RISCV_INS_C_LW: -4,\n RISCV_INS_C_LWSP: -4,\n RISCV_INS_C_LD: 8,\n RISCV_INS_C_LDSP: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_STORE_INSTRUCTIONS","title":"RISCV_STORE_INSTRUCTIONS module-attribute","text":"RISCV_STORE_INSTRUCTIONS = {\n RISCV_INS_SB: 1,\n RISCV_INS_SH: 2,\n RISCV_INS_SW: 4,\n RISCV_INS_SD: 8,\n RISCV_INS_C_SW: 4,\n RISCV_INS_C_SWSP: 4,\n RISCV_INS_C_SD: 8,\n RISCV_INS_C_SDSP: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_MATH_INSTRUCTIONS","title":"RISCV_MATH_INSTRUCTIONS module-attribute","text":"RISCV_MATH_INSTRUCTIONS = {\n RISCV_INS_ADDI: \"+\",\n RISCV_INS_ADD: \"+\",\n RISCV_INS_C_ADDI: \"+\",\n RISCV_INS_C_ADD: \"+\",\n RISCV_INS_SUB: \"-\",\n RISCV_INS_C_SUB: \"-\",\n RISCV_INS_XORI: \"^\",\n RISCV_INS_XOR: \"^\",\n RISCV_INS_C_XOR: \"^\",\n RISCV_INS_ORI: \"|\",\n RISCV_INS_OR: \"|\",\n RISCV_INS_C_OR: \"|\",\n RISCV_INS_ANDI: \"&\",\n RISCV_INS_C_ANDI: \"&\",\n RISCV_INS_AND: \"&\",\n RISCV_INS_C_AND: \"&\",\n RISCV_INS_SLLI: \"<<\",\n RISCV_INS_C_SLLI: \"<<\",\n RISCV_INS_SLL: \"<<\",\n RISCV_INS_SRLI: \">>\",\n RISCV_INS_C_SRLI: \">>\",\n RISCV_INS_SRL: \">>\",\n RISCV_INS_SRAI: \">>s\",\n RISCV_INS_C_SRAI: \">>s\",\n RISCV_INS_SRA: \">>s\",\n RISCV_INS_MUL: \"*\",\n RISCV_INS_MULH: \"*\",\n RISCV_INS_MULHSU: \"*\",\n RISCV_INS_MULHU: \"*\",\n RISCV_INS_DIV: \"/\",\n RISCV_INS_DIVU: \"/\",\n RISCV_INS_REM: \"%\",\n RISCV_INS_REMU: \"%\",\n RISCV_INS_C_ADDI4SPN: \"+\",\n RISCV_INS_C_ADDI16SP: \"+\",\n RISCV_INS_ADDIW: \"+\",\n RISCV_INS_ADDW: \"+\",\n RISCV_INS_SUBW: \"-\",\n RISCV_INS_SLLIW: \"<<\",\n RISCV_INS_SLLW: \"<<\",\n RISCV_INS_SRLIW: \">>\",\n RISCV_INS_SRLW: \">>\",\n RISCV_INS_SRAIW: \">>s\",\n RISCV_INS_SRAW: \">>s\",\n RISCV_INS_MULW: \"*\",\n RISCV_INS_DIVW: \"/\",\n RISCV_INS_DIVUW: \"/\",\n RISCV_INS_REMW: \"%\",\n RISCV_INS_REMUW: \"%\",\n RISCV_INS_C_ADDIW: \"+\",\n RISCV_INS_C_ADDW: \"+\",\n RISCV_INS_C_SUBW: \"-\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCV_EMULATED_ANNOTATIONS","title":"RISCV_EMULATED_ANNOTATIONS module-attribute","text":"RISCV_EMULATED_ANNOTATIONS = {\n RISCV_INS_SLT,\n RISCV_INS_SLTU,\n RISCV_INS_SLTI,\n RISCV_INS_SLTIU,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant","title":"RISCVDisassemblyAssistant","text":"RISCVDisassemblyAssistant(architecture)\n
Bases: DisassemblyAssistant
Methods:
-
enhance \u2013 Enhance the instruction - resolving branch targets, conditionals, and adding annotations
-
can_reason_about_process_state \u2013 Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump \u2013 Debug-only method.
Attributes:
-
architecture \u2013 -
annotation_handlers (Dict[int, Callable[[PwndbgInstruction, Emulator], None]]) \u2013 -
op_handlers (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.architecture","title":"architecture instance-attribute","text":"architecture = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.annotation_handlers","title":"annotation_handlers instance-attribute","text":"annotation_handlers: Dict[\n int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n RISCV_INS_AUIPC: _auipc_annotator,\n RISCV_INS_C_MV: _common_move_annotator,\n RISCV_INS_C_LI: _common_move_annotator,\n RISCV_INS_LUI: _lui_annotator,\n RISCV_INS_C_LUI: _lui_annotator,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.op_handlers","title":"op_handlers instance-attribute","text":"op_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.op_names","title":"op_names instance-attribute","text":"op_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.enhance","title":"enhance","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/riscv/#pwndbg.aglib.disasm.riscv.RISCVDisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\n
Debug-only method.
"},{"location":"reference/pwndbg/aglib/disasm/sparc/","title":"pwndbg.aglib.disasm.sparc","text":""},{"location":"reference/pwndbg/aglib/disasm/sparc/#pwndbg.aglib.disasm.sparc","title":"sparc","text":"Attributes:
-
SPARC_LOAD_INSTRUCTIONS \u2013 -
SPARC_STORE_INSTRUCTIONS \u2013
"},{"location":"reference/pwndbg/aglib/disasm/sparc/#pwndbg.aglib.disasm.sparc.SPARC_LOAD_INSTRUCTIONS","title":"SPARC_LOAD_INSTRUCTIONS module-attribute","text":"SPARC_LOAD_INSTRUCTIONS = {\n SPARC_INS_LDUB: 1,\n SPARC_INS_LDSB: 1,\n SPARC_INS_LDUH: 2,\n SPARC_INS_LDSH: 2,\n SPARC_INS_LD: 4,\n SPARC_INS_LDD: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/sparc/#pwndbg.aglib.disasm.sparc.SPARC_STORE_INSTRUCTIONS","title":"SPARC_STORE_INSTRUCTIONS module-attribute","text":"SPARC_STORE_INSTRUCTIONS = {\n SPARC_INS_STB: 1,\n SPARC_INS_STH: 2,\n SPARC_INS_ST: 4,\n SPARC_INS_STD: 8,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/","title":"pwndbg.aglib.disasm.x86","text":""},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86","title":"x86","text":"Classes:
-
X86DisassemblyAssistant \u2013
Attributes:
-
groups \u2013 -
ops \u2013 -
regs \u2013 -
access \u2013 -
X86_MATH_INSTRUCTIONS \u2013
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.groups","title":"groups module-attribute","text":"groups = {v: _0for (k, v) in items() if startswith('X86_GRP_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.ops","title":"ops module-attribute","text":"ops = {v: _Jfor (k, v) in items() if startswith('X86_OP_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.regs","title":"regs module-attribute","text":"regs = {v: _Nfor (k, v) in items() if startswith('X86_REG_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.access","title":"access module-attribute","text":"access = {v: _4for (k, v) in items() if startswith('CS_AC_')}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86_MATH_INSTRUCTIONS","title":"X86_MATH_INSTRUCTIONS module-attribute","text":"X86_MATH_INSTRUCTIONS = {\n X86_INS_ADD: \"+\",\n X86_INS_SUB: \"-\",\n X86_INS_AND: \"&\",\n X86_INS_OR: \"|\",\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant","title":"X86DisassemblyAssistant","text":"X86DisassemblyAssistant(architecture)\n
Bases: DisassemblyAssistant
Methods:
-
handle_mov \u2013 -
handle_vmovaps \u2013 -
handle_lea \u2013 -
handle_xchg \u2013 -
handle_pop \u2013 -
handle_xor \u2013 -
handle_inc \u2013 -
handle_dec \u2013 -
memory_string_with_components_resolved \u2013 -
enhance \u2013 Enhance the instruction - resolving branch targets, conditionals, and adding annotations
-
can_reason_about_process_state \u2013 Determine if the program counter of the process equals the address of the instruction being enhanced.
-
dump \u2013 Debug-only method.
Attributes:
-
annotation_handlers (dict[int, Callable[[PwndbgInstruction, Emulator], None]]) \u2013 -
architecture (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
op_handlers (dict[int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]]) \u2013 -
op_names (dict[int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]]) \u2013
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.annotation_handlers","title":"annotation_handlers instance-attribute","text":"annotation_handlers: dict[\n int, Callable[[PwndbgInstruction, Emulator], None]\n] = {\n X86_INS_MOV: handle_mov,\n X86_INS_MOVABS: handle_mov,\n X86_INS_MOVZX: handle_mov,\n X86_INS_MOVD: handle_mov,\n X86_INS_MOVQ: handle_mov,\n X86_INS_MOVSXD: handle_mov,\n X86_INS_MOVSX: handle_mov,\n X86_INS_MOVAPS: handle_vmovaps,\n X86_INS_VMOVAPS: handle_vmovaps,\n X86_INS_LEA: handle_lea,\n X86_INS_XCHG: handle_xchg,\n X86_INS_POP: handle_pop,\n X86_INS_CMP: _common_cmp_annotator_builder(\"eflags\", \"-\"),\n X86_INS_TEST: _common_cmp_annotator_builder(\"eflags\", \"&\"),\n X86_INS_XOR: handle_xor,\n X86_INS_INC: handle_inc,\n X86_INS_DEC: handle_dec,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.architecture","title":"architecture instance-attribute","text":"architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.op_handlers","title":"op_handlers instance-attribute","text":"op_handlers: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]\n] = {\n CS_OP_IMM: _parse_immediate,\n CS_OP_REG: _parse_register,\n CS_OP_MEM: _parse_memory,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.op_names","title":"op_names instance-attribute","text":"op_names: dict[\n int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]\n] = {\n CS_OP_IMM: _immediate_string,\n CS_OP_REG: _register_string,\n CS_OP_MEM: _memory_string,\n}\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_mov","title":"handle_mov","text":"handle_mov(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_vmovaps","title":"handle_vmovaps","text":"handle_vmovaps(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_lea","title":"handle_lea","text":"handle_lea(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_xchg","title":"handle_xchg","text":"handle_xchg(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_pop","title":"handle_pop","text":"handle_pop(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_xor","title":"handle_xor","text":"handle_xor(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_inc","title":"handle_inc","text":"handle_inc(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.handle_dec","title":"handle_dec","text":"handle_dec(instruction: PwndbgInstruction, emu: Emulator) -> None\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.memory_string_with_components_resolved","title":"memory_string_with_components_resolved","text":"memory_string_with_components_resolved(\n instruction: PwndbgInstruction, op: EnhancedOperand\n)\n
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.enhance","title":"enhance","text":"enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None\n
Enhance the instruction - resolving branch targets, conditionals, and adding annotations
This is the only public method that should be called on this object externally.
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.can_reason_about_process_state","title":"can_reason_about_process_state","text":"can_reason_about_process_state(instruction: PwndbgInstruction) -> bool\n
Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced
"},{"location":"reference/pwndbg/aglib/disasm/x86/#pwndbg.aglib.disasm.x86.X86DisassemblyAssistant.dump","title":"dump","text":"dump(instruction: PwndbgInstruction)\n
Debug-only method.
"},{"location":"reference/pwndbg/aglib/dt/","title":"pwndbg.aglib.dt","text":""},{"location":"reference/pwndbg/aglib/dt/#pwndbg.aglib.dt","title":"dt","text":"Prints structures in a manner similar to WinDbg's \"dt\" command.
Functions:
"},{"location":"reference/pwndbg/aglib/dt/#pwndbg.aglib.dt.dt","title":"dt","text":"dt(\n name: str = \"\", addr: int | Value | None = None, obj: Value | None = None\n) -> str\n
Dump out a structure type WinDbg style.
"},{"location":"reference/pwndbg/aglib/dynamic/","title":"pwndbg.aglib.dynamic","text":""},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic","title":"dynamic","text":"Dynamic linking interface.
This module provides an interface to analyze various aspects of dynamically linked programs.
It also defines a hook that watches for changes to the link map communicated by ld.so, and exposes an event that other parts of pwndbg can tap into, but one that may have a somewhat obtuse beahvior, due to limitations in GDB. See r_debug_install_link_map_changed_hook for more information.
Classes:
-
LinkMapEntry \u2013 An entry in the link map.
-
DynamicSegment \u2013 Parser for the DYNAMIC segment present in a binary image.
-
CStruct \u2013 Utility class for reading fields off of C structs.
Functions:
-
is_dynamic \u2013 Returns whether the current inferior is dynamic.
-
r_debug_link_map_changed_hook \u2013 Hook that gets activated whenever the link map changes.
-
r_debug_install_link_map_changed_hook \u2013 Installs the r_debug-based hook to the change event of the link map.
-
r_debug_link_map_changed_add_listener \u2013 Install a callback to be called whenever r_debug signal of there being a
-
r_debug_link_map_changed_remove_listener \u2013 Removes a listener previously installed with
-
link_map_head \u2013 Acquires a reference to the head entry of the link map.
-
link_map \u2013 Iterator over all the entries in the link map.
-
elf32_r_sym \u2013 Returns the r_sym portion of the r_info relocation field for ELF32.
-
elf32_r_type \u2013 Returns the r_type portion of the r_info relocation field for ELF32.
-
elf64_r_sym \u2013 Returns the r_sym portion of the r_info relocation field for ELF64.
-
elf64_r_type \u2013 Returns the r_type portion of the r_info relocation field for ELF64.
Attributes:
-
R_DEBUG_LINK_MAP_CHANGED_HOOK \u2013 -
R_DEBUG_LINK_MAP_CHANGED_LISTENERS (set[Callable[..., Any]]) \u2013 -
DYNAMIC_SECTION_ALLOW_MULTIPLE \u2013 -
DYNAMIC_SECTION_REQUIRED_TAGS \u2013
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.R_DEBUG_LINK_MAP_CHANGED_HOOK","title":"R_DEBUG_LINK_MAP_CHANGED_HOOK module-attribute","text":"R_DEBUG_LINK_MAP_CHANGED_HOOK = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.R_DEBUG_LINK_MAP_CHANGED_LISTENERS","title":"R_DEBUG_LINK_MAP_CHANGED_LISTENERS module-attribute","text":"R_DEBUG_LINK_MAP_CHANGED_LISTENERS: set[Callable[..., Any]] = set()\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DYNAMIC_SECTION_ALLOW_MULTIPLE","title":"DYNAMIC_SECTION_ALLOW_MULTIPLE module-attribute","text":"DYNAMIC_SECTION_ALLOW_MULTIPLE = {DT_NEEDED}\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DYNAMIC_SECTION_REQUIRED_TAGS","title":"DYNAMIC_SECTION_REQUIRED_TAGS module-attribute","text":"DYNAMIC_SECTION_REQUIRED_TAGS = {DT_STRTAB, DT_STRSZ, DT_SYMTAB, DT_SYMENT}\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry","title":"LinkMapEntry","text":"LinkMapEntry(address)\n
An entry in the link map.
Methods:
-
name \u2013 The name of the binary image this entry describes.
-
dynamic \u2013 The pointer to the memory mapped dynamic segment of the binary image.
-
load_bias \u2013 The difference between the addresses in the data structures of the
-
next \u2013 The next entry in the chain, if any.
-
prev \u2013 The previous entry in the chain, if any.
-
__repr__ \u2013
Attributes:
-
link_map \u2013 -
link_map_address \u2013
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.link_map","title":"link_map instance-attribute","text":"link_map = link_map()\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.link_map_address","title":"link_map_address instance-attribute","text":"link_map_address = address\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.name","title":"name","text":"name()\n
The name of the binary image this entry describes.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.dynamic","title":"dynamic","text":"dynamic()\n
The pointer to the memory mapped dynamic segment of the binary image.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.load_bias","title":"load_bias","text":"load_bias()\n
The difference between the addresses in the data structures of the binary image and the actual location of the data being pointed to by them in the address space of the inferior. This number will never be negative.
Aditionally, for DYN images, such as PIE executables and shared libraries, this value is the same as the base load address of the image.
The term \"load bias\" comes from the ELF binary format loading procedure in the Linux Kernel.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.next","title":"next","text":"next()\n
The next entry in the chain, if any.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.prev","title":"prev","text":"prev()\n
The previous entry in the chain, if any.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.LinkMapEntry.__repr__","title":"__repr__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment","title":"DynamicSegment","text":"DynamicSegment(address, load_bias)\n
Parser for the DYNAMIC segment present in a binary image.
Methods:
-
jmprel_has_addend \u2013 Returns whether the r_addend field is available in entries of JMPREL.
-
rela_read \u2013 Reads the requested field from the entry of the given index in RELA.
-
rel_read \u2013 Reads the requested field from the entry of the given index in REL.
-
jmprel_read \u2013 Reads the requested field from the entry of the given index in JMPREL.
-
rela_entry_count \u2013 Returns the number of RELA entries.
-
rel_entry_count \u2013 Returns the number of REL entries.
-
jmprel_entry_count \u2013 Returns the number of JMPREL entries.
-
string \u2013 Reads the string at index i from the string table.
-
symtab_read \u2013 Reads the requested field from the entry of given index in the symbol
-
dyn_array_read \u2013 Reads the requested field from the entry of given index in the dynamic
-
dyn_array_read_tag_val \u2013 Reads the d_un field from the entry of given tag in the dynamic
Attributes:
-
symtab_elem \u2013 -
jmprel_addr \u2013 -
rela_addr \u2013 -
rel_addr \u2013 -
jmprel_elem \u2013 -
rela_elem \u2013 -
rel_elem \u2013 -
jmprel_r_sym_fn \u2013 -
jmprel_r_info_fn \u2013 -
rela_r_sym_fn \u2013 -
rela_r_info_fn \u2013 -
rel_r_sym_fn \u2013 -
rel_r_info_fn \u2013 -
entries \u2013 -
address \u2013 -
load_bias \u2013 -
elf_dyn \u2013 -
entries_by_tag (dict[Any, Any]) \u2013 -
strtab_addr \u2013 -
strtab_size \u2013 -
symtab_addr \u2013 -
has_jmprel \u2013 -
has_rela \u2013 -
has_rel \u2013 -
rela_r_sym \u2013 -
rela_r_type \u2013 -
rel_r_sym \u2013 -
rel_r_type \u2013 -
jmprel_r_sym \u2013 -
jmprel_r_type \u2013
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.symtab_elem","title":"symtab_elem class-attribute instance-attribute","text":"symtab_elem = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_addr","title":"jmprel_addr class-attribute instance-attribute","text":"jmprel_addr = 0\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_addr","title":"rela_addr class-attribute instance-attribute","text":"rela_addr = 0\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_addr","title":"rel_addr class-attribute instance-attribute","text":"rel_addr = 0\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_elem","title":"jmprel_elem class-attribute instance-attribute","text":"jmprel_elem = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_elem","title":"rela_elem class-attribute instance-attribute","text":"rela_elem = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_elem","title":"rel_elem class-attribute instance-attribute","text":"rel_elem = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_sym_fn","title":"jmprel_r_sym_fn class-attribute instance-attribute","text":"jmprel_r_sym_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_info_fn","title":"jmprel_r_info_fn class-attribute instance-attribute","text":"jmprel_r_info_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_sym_fn","title":"rela_r_sym_fn class-attribute instance-attribute","text":"rela_r_sym_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_info_fn","title":"rela_r_info_fn class-attribute instance-attribute","text":"rela_r_info_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_sym_fn","title":"rel_r_sym_fn class-attribute instance-attribute","text":"rel_r_sym_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_info_fn","title":"rel_r_info_fn class-attribute instance-attribute","text":"rel_r_info_fn = None\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.entries","title":"entries instance-attribute","text":"entries = count\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.address","title":"address instance-attribute","text":"address = address\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.load_bias","title":"load_bias instance-attribute","text":"load_bias = load_bias\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.elf_dyn","title":"elf_dyn instance-attribute","text":"elf_dyn = elf_dyn\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.entries_by_tag","title":"entries_by_tag class-attribute instance-attribute","text":"entries_by_tag: dict[Any, Any] = sections\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.strtab_addr","title":"strtab_addr class-attribute instance-attribute","text":"strtab_addr = dyn_array_read_tag_val(DT_STRTAB)\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.strtab_size","title":"strtab_size class-attribute instance-attribute","text":"strtab_size = dyn_array_read_tag_val(DT_STRSZ)\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.symtab_addr","title":"symtab_addr class-attribute instance-attribute","text":"symtab_addr = dyn_array_read_tag_val(DT_SYMTAB)\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.has_jmprel","title":"has_jmprel class-attribute instance-attribute","text":"has_jmprel = (\n DT_JMPREL in sections and DT_PLTREL in sections and DT_PLTRELSZ in sections\n)\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.has_rela","title":"has_rela class-attribute instance-attribute","text":"has_rela = (\n DT_RELA in sections and DT_RELASZ in sections and DT_RELAENT in sections\n)\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.has_rel","title":"has_rel class-attribute instance-attribute","text":"has_rel = DT_REL in sections and DT_RELSZ in sections and DT_RELENT in sections\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_sym","title":"rela_r_sym instance-attribute","text":"rela_r_sym = elf32_r_sym\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_r_type","title":"rela_r_type instance-attribute","text":"rela_r_type = elf32_r_type\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_sym","title":"rel_r_sym instance-attribute","text":"rel_r_sym = elf32_r_sym\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_r_type","title":"rel_r_type instance-attribute","text":"rel_r_type = elf32_r_type\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_sym","title":"jmprel_r_sym instance-attribute","text":"jmprel_r_sym = elf32_r_sym\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_r_type","title":"jmprel_r_type instance-attribute","text":"jmprel_r_type = elf32_r_type\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_has_addend","title":"jmprel_has_addend","text":"jmprel_has_addend()\n
Returns whether the r_addend field is available in entries of JMPREL.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_read","title":"rela_read","text":"rela_read(i, field)\n
Reads the requested field from the entry of the given index in RELA.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_read","title":"rel_read","text":"rel_read(i, field)\n
Reads the requested field from the entry of the given index in REL.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_read","title":"jmprel_read","text":"jmprel_read(i, field)\n
Reads the requested field from the entry of the given index in JMPREL.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rela_entry_count","title":"rela_entry_count","text":"rela_entry_count()\n
Returns the number of RELA entries.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.rel_entry_count","title":"rel_entry_count","text":"rel_entry_count()\n
Returns the number of REL entries.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.jmprel_entry_count","title":"jmprel_entry_count","text":"jmprel_entry_count()\n
Returns the number of JMPREL entries.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.string","title":"string","text":"string(i)\n
Reads the string at index i from the string table.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.symtab_read","title":"symtab_read","text":"symtab_read(i, field)\n
Reads the requested field from the entry of given index in the symbol table.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.dyn_array_read","title":"dyn_array_read","text":"dyn_array_read(i, field)\n
Reads the requested field from the entry of given index in the dynamic array.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.DynamicSegment.dyn_array_read_tag_val","title":"dyn_array_read_tag_val","text":"dyn_array_read_tag_val(tag)\n
Reads the d_un field from the entry of given tag in the dynamic array. Must not be a tag that allows multiple entries.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct","title":"CStruct","text":"CStruct(fields: list[tuple[str, Type, type]])\n
Utility class for reading fields off of C structs.
Without proper debug information it cannot be guaranteed that the calculated field offsets are correct, therefore, reasonable caution should be exercised when using this class. The assumptions made are: - Padding is added between fields so that all internal members are correctly aligned, as long as the struct itself is correctly aligned. - The alignment of the struct is the same as the alignment of its most strictly aligned member. - Padding is added to the end of the struct so that sequentially laid out instances are always correctly aligned. - Stuct sizes must be greater than or equal to 1 byte.
While these assumptions do not apply in all cases, they should be good enough for the structs in ld.so and in the ELF program images.
Methods:
-
link_map \u2013 Creates a new instance describing the ABI-stable part of the link_map
-
r_debug \u2013 Creates a new instance describing the ABI-stable part of the r_debug
-
elfNN_dyn \u2013 Creates a new instance describing the ElfNN_Dyn structure, suitable for
-
elfNN_rel \u2013 Creates a new instance describing the ElfNN_Rel structure, suitable for
-
elfNN_rela \u2013 Creates a new instance describing the ElfNN_Rela structure, suitable for
-
elf32_sym \u2013 Creates a new instance describing the Elf32_Sym srtucture.
-
elf64_sym \u2013 Creates a new instance describing the Elf64_Sym structure.
-
read \u2013 Reads the field with the given name from the struct instance located at
-
has_field \u2013 Returns whether a field with the given name exists in this struct.
Attributes:
-
types (dict[str, Type]) \u2013 -
offsets (dict[str, int]) \u2013 -
converters (dict[str, type]) \u2013 -
size \u2013 -
align \u2013
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.types","title":"types class-attribute instance-attribute","text":"types: dict[str, Type] = {}\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.offsets","title":"offsets class-attribute instance-attribute","text":"offsets: dict[str, int] = {}\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.converters","title":"converters class-attribute instance-attribute","text":"converters: dict[str, type] = {}\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.size","title":"size class-attribute instance-attribute","text":"size = current_offset\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.align","title":"align class-attribute instance-attribute","text":"align = alignment\n
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.link_map","title":"link_map staticmethod","text":"link_map()\n
Creates a new instance describing the ABI-stable part of the link_map struct.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.r_debug","title":"r_debug staticmethod","text":"r_debug()\n
Creates a new instance describing the ABI-stable part of the r_debug struct.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elfNN_dyn","title":"elfNN_dyn staticmethod","text":"elfNN_dyn()\n
Creates a new instance describing the ElfNN_Dyn structure, suitable for the architecture of the inferior.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elfNN_rel","title":"elfNN_rel staticmethod","text":"elfNN_rel()\n
Creates a new instance describing the ElfNN_Rel structure, suitable for the architecture of the inferior.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elfNN_rela","title":"elfNN_rela staticmethod","text":"elfNN_rela()\n
Creates a new instance describing the ElfNN_Rela structure, suitable for the architecture of the inferior.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elf32_sym","title":"elf32_sym staticmethod","text":"elf32_sym()\n
Creates a new instance describing the Elf32_Sym srtucture.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.elf64_sym","title":"elf64_sym staticmethod","text":"elf64_sym()\n
Creates a new instance describing the Elf64_Sym structure.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.read","title":"read","text":"read(address, name)\n
Reads the field with the given name from the struct instance located at the given address.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.CStruct.has_field","title":"has_field","text":"has_field(name) -> bool\n
Returns whether a field with the given name exists in this struct.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.is_dynamic","title":"is_dynamic","text":"is_dynamic() -> bool\n
Returns whether the current inferior is dynamic.
Not all programs are dynamically linked, or even need the dynamic loader at all. Since this module is entirely reliant on at least the presence of the dynamic loader, and really only makes sense for dynamic programs, it should not be used at all with programs that don't participate in dynamic linkage, or when there is a dynamic linker, but we have no way to talk to it.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_link_map_changed_hook","title":"r_debug_link_map_changed_hook","text":"r_debug_link_map_changed_hook() -> Callable[[StopPoint], bool]\n
Hook that gets activated whenever the link map changes.
The r_debug structure, in addition to having a refence to the head of the link map, also has, in its ABI-stable part, a reference to an address that can have a breakpoint attached to it, such that whenever the contents of the link map change, that breakpoint will be triggered1.
We take advantage of that here, by installing our own breakpoint in that location, and watching for trigger events, so that we can notify other bits of pwndbg that the contents of the link_map() function will be different.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_install_link_map_changed_hook","title":"r_debug_install_link_map_changed_hook","text":"r_debug_install_link_map_changed_hook() -> None\n
Installs the r_debug-based hook to the change event of the link map.
This function is a bit tricky, because ideally we want it to be run as soon as possible, before even the dynamic linker runs, but after both it and the main binary have been mapped into the address space of the inferior. While doing this manually would be trivial - seeing as there is a command in GDB that gives the user control at the exact place we would like -, there does not seem to be a way of easily doing this from inside Python.
Because of this, parts of the code that rely on the hook should try calling this function and firing their own listeners manually at least once.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_link_map_changed_add_listener","title":"r_debug_link_map_changed_add_listener","text":"r_debug_link_map_changed_add_listener(handler: Callable[..., Any]) -> None\n
Install a callback to be called whenever r_debug signal of there being a change in the link map link map is triggered.
Keep in mind this function may be called before the hook that calls the listeners is installed, and, until it is installed, no listener callbacks will actually be triggered. See r_debug_install_link_map_changed_hook.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.r_debug_link_map_changed_remove_listener","title":"r_debug_link_map_changed_remove_listener","text":"r_debug_link_map_changed_remove_listener(handler: Callable[..., Any]) -> None\n
Removes a listener previously installed with r_debug_link_map_changed_add_listener().
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.link_map_head","title":"link_map_head","text":"link_map_head()\n
Acquires a reference to the head entry of the link map.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.link_map","title":"link_map","text":"link_map()\n
Iterator over all the entries in the link map.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf32_r_sym","title":"elf32_r_sym","text":"elf32_r_sym(r_info)\n
Returns the r_sym portion of the r_info relocation field for ELF32.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf32_r_type","title":"elf32_r_type","text":"elf32_r_type(r_info)\n
Returns the r_type portion of the r_info relocation field for ELF32.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf64_r_sym","title":"elf64_r_sym","text":"elf64_r_sym(r_info)\n
Returns the r_sym portion of the r_info relocation field for ELF64.
"},{"location":"reference/pwndbg/aglib/dynamic/#pwndbg.aglib.dynamic.elf64_r_type","title":"elf64_r_type","text":"elf64_r_type(r_info)\n
Returns the r_type portion of the r_info relocation field for ELF64.
"},{"location":"reference/pwndbg/aglib/elf/","title":"pwndbg.aglib.elf","text":""},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf","title":"elf","text":"This file declares types and methods useful for enumerating all of the address spaces and permissions of an ELF file in memory.
This is necessary for when access to /proc is restricted, or when working on a BSD system which simply does not have /proc.
Classes:
Functions:
-
update \u2013 -
read \u2013 -
get_elf_info \u2013 Parse and return ELFInfo.
-
get_elf_info_rebased \u2013 Parse and return ELFInfo with all virtual addresses rebased to vaddr
-
get_containing_segments \u2013 -
get_containing_sections \u2013 -
dump_section_by_name \u2013 Dump the content of a section from an ELF file, return the start address, size and content.
-
dump_relocations_by_section_name \u2013 Dump the relocation entries of a section from an ELF file, return a generator of Relocation objects.
-
exe \u2013 Return a loaded ELF header object pointing to the Ehdr of the
-
entry \u2013 Return the address of the entry point for the main executable.
-
load \u2013 -
reset_ehdr_type_loaded \u2013 -
get_ehdr \u2013 Returns an ehdr object for the ELF pointer points into.
-
get_phdrs \u2013 Returns a tuple containing (phnum, phentsize, gdb.Value),
-
iter_phdrs \u2013 -
map \u2013 Given a pointer into an ELF module, return a list of all loaded
-
map_inner \u2013
Attributes:
-
module \u2013 -
Ehdr \u2013 -
Phdr \u2013 -
T \u2013 -
ehdr_type_loaded \u2013
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.module","title":"module module-attribute","text":"module = modules[__name__]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.Ehdr","title":"Ehdr module-attribute","text":"Ehdr = Union[Elf32_Ehdr, Elf64_Ehdr]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.Phdr","title":"Phdr module-attribute","text":"Phdr = Union[Elf32_Phdr, Elf64_Phdr]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.T","title":"T module-attribute","text":"T = TypeVar('T', Union[Elf32_Ehdr, Elf64_Ehdr], Union[Elf32_Phdr, Elf64_Phdr])\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ehdr_type_loaded","title":"ehdr_type_loaded module-attribute","text":"ehdr_type_loaded = 0\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo","title":"ELFInfo","text":" Bases: NamedTuple
ELF metadata and structures.
Attributes:
-
header (dict[str, int | str]) \u2013 -
sections (list[dict[str, int | str]]) \u2013 -
segments (list[dict[str, int | str]]) \u2013 -
is_pic (bool) \u2013 -
is_pie (bool) \u2013
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.header","title":"header instance-attribute","text":"header: dict[str, int | str]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.sections","title":"sections instance-attribute","text":"sections: list[dict[str, int | str]]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.segments","title":"segments instance-attribute","text":"segments: list[dict[str, int | str]]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.is_pic","title":"is_pic property","text":"is_pic: bool\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.ELFInfo.is_pie","title":"is_pie property","text":"is_pie: bool\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.update","title":"update","text":"update() -> None\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.read","title":"read","text":"read(typ: T, address: int, blob: bytearray | None = None) -> T\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_elf_info","title":"get_elf_info","text":"get_elf_info(filepath: str) -> ELFInfo\n
Parse and return ELFInfo.
Adds various calculated properties to the ELF header, segments and sections. Such added properties are those with prefix 'x_' in the returned dicts.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_elf_info_rebased","title":"get_elf_info_rebased","text":"get_elf_info_rebased(filepath: str, vaddr: int) -> ELFInfo\n
Parse and return ELFInfo with all virtual addresses rebased to vaddr
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_containing_segments","title":"get_containing_segments","text":"get_containing_segments(elf_filepath: str, elf_loadaddr: int, vaddr: int)\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_containing_sections","title":"get_containing_sections","text":"get_containing_sections(elf_filepath: str, elf_loadaddr: int, vaddr: int)\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.dump_section_by_name","title":"dump_section_by_name","text":"dump_section_by_name(\n filepath: str, section_name: str, try_local_path: bool = False\n) -> tuple[int, int, bytes] | None\n
Dump the content of a section from an ELF file, return the start address, size and content.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.dump_relocations_by_section_name","title":"dump_relocations_by_section_name","text":"dump_relocations_by_section_name(\n filepath: str, section_name: str, try_local_path: bool = False\n) -> tuple[Relocation, ...] | None\n
Dump the relocation entries of a section from an ELF file, return a generator of Relocation objects.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.exe","title":"exe","text":"exe() -> Ehdr | None\n
Return a loaded ELF header object pointing to the Ehdr of the main executable.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.entry","title":"entry","text":"entry() -> int\n
Return the address of the entry point for the main executable.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.load","title":"load","text":"load(pointer: int) -> Ehdr | None\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.reset_ehdr_type_loaded","title":"reset_ehdr_type_loaded","text":"reset_ehdr_type_loaded() -> None\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_ehdr","title":"get_ehdr","text":"get_ehdr(pointer: int) -> tuple[int | None, Ehdr | None]\n
Returns an ehdr object for the ELF pointer points into.
We expect the pointer to be an address from the binary.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.get_phdrs","title":"get_phdrs","text":"get_phdrs(pointer: int)\n
Returns a tuple containing (phnum, phentsize, gdb.Value), where the gdb.Value object is an ELF Program Header with the architecture-appropriate structure type.
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.iter_phdrs","title":"iter_phdrs","text":"iter_phdrs(ehdr: Ehdr)\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.map","title":"map","text":"map(pointer: int, objfile: str = '') -> tuple[Page, ...]\n
Given a pointer into an ELF module, return a list of all loaded sections in the ELF.
Returns:
Example:
>>> pwndbg.aglib.elf.load(pwndbg.aglib.regs.pc)\n[Page('400000-4ef000 r-xp 0'),\n Page('6ef000-6f0000 r--p ef000'),\n Page('6f0000-6ff000 rw-p f0000')]\n>>> pwndbg.aglib.elf.load(0x7ffff77a2000)\n[Page('7ffff75e7000-7ffff77a2000 r-xp 0x1bb000 0'),\n Page('7ffff77a2000-7ffff79a2000 ---p 0x200000 1bb000'),\n Page('7ffff79a2000-7ffff79a6000 r--p 0x4000 1bb000'),\n Page('7ffff79a6000-7ffff79ad000 rw-p 0x7000 1bf000')]\n
"},{"location":"reference/pwndbg/aglib/elf/#pwndbg.aglib.elf.map_inner","title":"map_inner","text":"map_inner(ei_class: int, ehdr: Ehdr, objfile: str) -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/file/","title":"pwndbg.aglib.file","text":""},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file","title":"file","text":"Retrieve files from the debuggee's filesystem. Useful when debugging a remote process over SSH or similar, where e.g. /proc/FOO/maps is needed from the remote system.
Functions:
-
reset_remote_files \u2013 -
remote_files_dir \u2013 -
get_proc_exe_file \u2013 Returns the local path to the debugged file name.
-
can_download_remote_file \u2013 -
get_file \u2013 Downloads the specified file from the system where the current process is
-
get \u2013 Retrieves the contents of the specified file on the system
-
readlink \u2013 readlink(path) -> str
-
is_vfile_qemu_user_bug \u2013 -
vfile_readlink \u2013 Reads the target of a symbolic link on the remote system.
-
vfile_readfile \u2013 Reads the entire content of a file on the remote system.
-
vfile_open \u2013 Opens a file on the remote system and returns the file descriptor.
-
gdb_memtox_inverse \u2013 -
vfile_pread \u2013 Reads data from a file descriptor.
-
vfile_close \u2013 Closes a previously opened file descriptor.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.reset_remote_files","title":"reset_remote_files","text":"reset_remote_files() -> None\n
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.remote_files_dir","title":"remote_files_dir","text":"remote_files_dir()\n
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.get_proc_exe_file","title":"get_proc_exe_file","text":"get_proc_exe_file() -> str\n
Returns the local path to the debugged file name.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.can_download_remote_file","title":"can_download_remote_file","text":"can_download_remote_file() -> bool\n
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.get_file","title":"get_file","text":"get_file(path: str, try_local_path: bool = False) -> str\n
Downloads the specified file from the system where the current process is being debugged.
If the path is prefixed with \"target:\" the prefix is stripped (to support remote target paths properly).
If the try_local_path is set to True and the path exists locally and \"target:\" prefix is not present, it will return the local path instead of downloading the file.
Returns:
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.get","title":"get","text":"get(path: str) -> bytes\n
Retrieves the contents of the specified file on the system where the current process is being debugged.
Returns:
-
bytes \u2013 A byte array, or None.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.readlink","title":"readlink","text":"readlink(path: str) -> str\n
readlink(path) -> str
Read the link specified by 'path' on the system being debugged.
Handles local, qemu-usermode, and remote debugging cases.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.is_vfile_qemu_user_bug","title":"is_vfile_qemu_user_bug","text":"is_vfile_qemu_user_bug() -> bool\n
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_readlink","title":"vfile_readlink","text":"vfile_readlink(pathname: str | bytes) -> bytes\n
Reads the target of a symbolic link on the remote system.
:param pathname: The path to the symbolic link (string). :param buffer_size: The size of the buffer to read into (integer). :return: The target of the symbolic link as a string.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_readfile","title":"vfile_readfile","text":"vfile_readfile(filename: str, chunk_size=1000) -> Iterator[bytes]\n
Reads the entire content of a file on the remote system.
:param filename: The path to the file (string). :param chunk_size: The number of bytes to read in each iteration (integer). :return: The complete content of the file as bytes.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_open","title":"vfile_open","text":"vfile_open(filename: str, flags: int, mode: int) -> int\n
Opens a file on the remote system and returns the file descriptor.
:param filename: The path to the file (string). :param flags: Flags passed to the open call (integer, base 16). These correspond to the constant values in the enum OpenOptions from LLDB\u2019s File.h, not the traditional open(2) flags. :param mode: Mode bits for the file (integer, base 16). :return: File descriptor (integer), or raises an exception if an error occurs.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.gdb_memtox_inverse","title":"gdb_memtox_inverse","text":"gdb_memtox_inverse(data: bytes) -> bytes\n
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_pread","title":"vfile_pread","text":"vfile_pread(fd: int, size: int, offset: int) -> tuple[int, bytes]\n
Reads data from a file descriptor.
:param fd: File descriptor (integer). :param size: Number of bytes to read (integer, base 16). :param offset: Offset in the file to start reading from (integer, base 16). :return: Tuple of (bytes_read, data) where bytes_read is an integer and data is the binary data.
"},{"location":"reference/pwndbg/aglib/file/#pwndbg.aglib.file.vfile_close","title":"vfile_close","text":"vfile_close(fd)\n
Closes a previously opened file descriptor.
:param fd: File descriptor (integer). :return: None, or raises an exception if an error occurs.
"},{"location":"reference/pwndbg/aglib/godbg/","title":"pwndbg.aglib.godbg","text":""},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg","title":"godbg","text":"Classes:
-
FormatOpts \u2013 -
Type \u2013 -
GoTypeKind \u2013 -
GoTypeMeta \u2013 -
BackrefType \u2013 A temporary placeholder type used when dumping recursive types, e.g. type a []a
-
BasicType \u2013 A primitive Go type.
-
SliceType \u2013 A slice type in Go, notated as []inner.
-
PointerType \u2013 A pointer type in Go, notated as *inner.
-
ArrayType \u2013 An array type in Go, notated as [count]inner.
-
MapType \u2013 A map type in Go, notated as map[key]val.
-
StructType \u2013 A struct type in Go, notated as struct(SIZE){FIELDS},
-
RuntimeType \u2013 A value of a runtime reflection type in Go, notated as runtime(SIZE)ADDRESS,
Functions:
-
word_size \u2013 Gets the Go word size for the current architecture.
-
compute_offsets \u2013 Given a list of (size, alignment) for struct field types,
-
compute_named_offsets \u2013 Like compute_offsets, but takes in field names and returns a dictionary
-
load_uint \u2013 -
load_int \u2013 -
load_float \u2013 -
emit_warning \u2013 -
get_elf \u2013 -
read_buildversion \u2013 Reads a Go runtime.buildVersion string to extract the version.
-
get_go_version \u2013 Try to determine the Go version used to compile the binary.
-
get_type_start \u2013 Given the address to a type, try to find the moduledata types section containing it.
-
read_varint_str \u2013 Read a length-prefix string encoded with Go's variable length encoding.
-
read_type_name \u2013 Reads a Go type name given the address to the name.
-
decode_runtime_type \u2013 Decodes a runtime reflection type from memory, returning a (meta, type) tuplee.
-
parse_type \u2013
Attributes:
-
line_width \u2013 -
indent_amount \u2013 -
debug_color \u2013 -
hex_digits \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.line_width","title":"line_width module-attribute","text":"line_width = add_param(\n \"go-dump-line-width\", 80, \"the soft line width for go-dump pretty printing\"\n)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.indent_amount","title":"indent_amount module-attribute","text":"indent_amount = add_param(\n \"go-dump-indent-amount\", 4, \"the indent amount for go-dump pretty printing\"\n)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.debug_color","title":"debug_color module-attribute","text":"debug_color = add_color_param(\n \"go-dump-debug\",\n \"blue\",\n \"color for 'go-dump' command's debug info when --debug is specified\",\n)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.hex_digits","title":"hex_digits module-attribute","text":"hex_digits = set('0123456789abcdefABCDEFxX')\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts","title":"FormatOpts dataclass","text":"FormatOpts(\n int_hex: bool = False,\n debug: bool = False,\n pretty: bool = False,\n float_decimals: int | None = None,\n)\n
Methods:
-
fmt_int \u2013 -
fmt_float \u2013 -
fmt_str \u2013 -
fmt_bytes \u2013 -
fmt_debug \u2013 -
fmt_elems \u2013 -
fmt_ptr \u2013
Attributes:
-
int_hex (bool) \u2013 -
debug (bool) \u2013 -
pretty (bool) \u2013 -
float_decimals (int | None) \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.int_hex","title":"int_hex class-attribute instance-attribute","text":"int_hex: bool = False\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.debug","title":"debug class-attribute instance-attribute","text":"debug: bool = False\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.pretty","title":"pretty class-attribute instance-attribute","text":"pretty: bool = False\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.float_decimals","title":"float_decimals class-attribute instance-attribute","text":"float_decimals: int | None = None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_int","title":"fmt_int","text":"fmt_int(val: int) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_float","title":"fmt_float","text":"fmt_float(val: float) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_str","title":"fmt_str","text":"fmt_str(val: str) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_bytes","title":"fmt_bytes","text":"fmt_bytes(val: bytes) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_debug","title":"fmt_debug","text":"fmt_debug(val: str, default: str = '') -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_elems","title":"fmt_elems","text":"fmt_elems(elems: Iterable[str]) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.FormatOpts.fmt_ptr","title":"fmt_ptr","text":"fmt_ptr(val: int) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type","title":"Type dataclass","text":"Type(meta: GoTypeMeta | None)\n
Bases: ABC
Methods:
-
dump \u2013 Dump a type from memory given an address and format.
-
size \u2013 Returns the size of a type in bytes.
-
get_typename \u2013 Returns the typename of a type. Should be reparsable via _parse_ty.
-
is_cyclic \u2013 Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
additional_metadata \u2013 Returns a list of lines of additional metadata to dump from the go-type command.
-
__str__ \u2013
Attributes:
-
meta (GoTypeMeta | None) \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.meta","title":"meta instance-attribute","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.dump","title":"dump abstractmethod","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
Dump a type from memory given an address and format.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.size","title":"size abstractmethod","text":"size() -> int\n
Returns the size of a type in bytes.
Used for computing array and struct layouts.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.get_typename","title":"get_typename abstractmethod","text":"get_typename() -> str\n
Returns the typename of a type. Should be reparsable via _parse_ty.
Also used to get the string representation.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.is_cyclic","title":"is_cyclic","text":"is_cyclic() -> bool\n
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\n
Returns a list of lines of additional metadata to dump from the go-type command.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.Type.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind","title":"GoTypeKind","text":" Bases: IntEnum
Methods:
Attributes:
-
INVALID \u2013 -
BOOL \u2013 -
INT \u2013 -
INT8 \u2013 -
INT16 \u2013 -
INT32 \u2013 -
INT64 \u2013 -
UINT \u2013 -
UINT8 \u2013 -
UINT16 \u2013 -
UINT32 \u2013 -
UINT64 \u2013 -
UINTPTR \u2013 -
FLOAT32 \u2013 -
FLOAT64 \u2013 -
COMPLEX64 \u2013 -
COMPLEX128 \u2013 -
ARRAY \u2013 -
CHAN \u2013 -
FUNC \u2013 -
INTERFACE \u2013 -
MAP \u2013 -
POINTER \u2013 -
SLICE \u2013 -
STRING \u2013 -
STRUCT \u2013 -
UNSAFEPOINTER \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INVALID","title":"INVALID class-attribute instance-attribute","text":"INVALID = 0\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.BOOL","title":"BOOL class-attribute instance-attribute","text":"BOOL = 1\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT","title":"INT class-attribute instance-attribute","text":"INT = 2\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT8","title":"INT8 class-attribute instance-attribute","text":"INT8 = 3\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT16","title":"INT16 class-attribute instance-attribute","text":"INT16 = 4\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT32","title":"INT32 class-attribute instance-attribute","text":"INT32 = 5\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INT64","title":"INT64 class-attribute instance-attribute","text":"INT64 = 6\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT","title":"UINT class-attribute instance-attribute","text":"UINT = 7\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT8","title":"UINT8 class-attribute instance-attribute","text":"UINT8 = 8\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT16","title":"UINT16 class-attribute instance-attribute","text":"UINT16 = 9\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT32","title":"UINT32 class-attribute instance-attribute","text":"UINT32 = 10\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINT64","title":"UINT64 class-attribute instance-attribute","text":"UINT64 = 11\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UINTPTR","title":"UINTPTR class-attribute instance-attribute","text":"UINTPTR = 12\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.FLOAT32","title":"FLOAT32 class-attribute instance-attribute","text":"FLOAT32 = 13\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.FLOAT64","title":"FLOAT64 class-attribute instance-attribute","text":"FLOAT64 = 14\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.COMPLEX64","title":"COMPLEX64 class-attribute instance-attribute","text":"COMPLEX64 = 15\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.COMPLEX128","title":"COMPLEX128 class-attribute instance-attribute","text":"COMPLEX128 = 16\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.ARRAY","title":"ARRAY class-attribute instance-attribute","text":"ARRAY = 17\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.CHAN","title":"CHAN class-attribute instance-attribute","text":"CHAN = 18\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.FUNC","title":"FUNC class-attribute instance-attribute","text":"FUNC = 19\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.INTERFACE","title":"INTERFACE class-attribute instance-attribute","text":"INTERFACE = 20\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.MAP","title":"MAP class-attribute instance-attribute","text":"MAP = 21\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.POINTER","title":"POINTER class-attribute instance-attribute","text":"POINTER = 22\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.SLICE","title":"SLICE class-attribute instance-attribute","text":"SLICE = 23\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.STRING","title":"STRING class-attribute instance-attribute","text":"STRING = 24\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.STRUCT","title":"STRUCT class-attribute instance-attribute","text":"STRUCT = 25\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.UNSAFEPOINTER","title":"UNSAFEPOINTER class-attribute instance-attribute","text":"UNSAFEPOINTER = 26\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeKind.get_simple_name","title":"get_simple_name","text":"get_simple_name() -> str | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta","title":"GoTypeMeta dataclass","text":"GoTypeMeta(\n name: str,\n kind: GoTypeKind,\n addr: int,\n size: int = 0,\n align: int = 1,\n direct_iface: bool = False,\n)\n
Attributes:
-
name (str) \u2013 -
kind (GoTypeKind) \u2013 -
addr (int) \u2013 -
size (int) \u2013 -
align (int) \u2013 -
direct_iface (bool) \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.kind","title":"kind instance-attribute","text":"kind: GoTypeKind\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.addr","title":"addr instance-attribute","text":"addr: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.size","title":"size class-attribute instance-attribute","text":"size: int = 0\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.align","title":"align class-attribute instance-attribute","text":"align: int = 1\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.GoTypeMeta.direct_iface","title":"direct_iface class-attribute instance-attribute","text":"direct_iface: bool = False\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType","title":"BackrefType dataclass","text":"BackrefType(meta: GoTypeMeta | None, key: int)\n
Bases: Type
A temporary placeholder type used when dumping recursive types, e.g. type a []a
Methods:
-
dump \u2013 -
size \u2013 -
get_typename \u2013 -
is_cyclic \u2013 Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
additional_metadata \u2013 Returns a list of lines of additional metadata to dump from the go-type command.
-
__str__ \u2013
Attributes:
-
key (int) \u2013 -
meta (GoTypeMeta | None) \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.key","title":"key instance-attribute","text":"key: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.meta","title":"meta instance-attribute","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.dump","title":"dump","text":"dump(addr: int, fmt: FormatOpts = FormatOpts())\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.size","title":"size","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.get_typename","title":"get_typename","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.is_cyclic","title":"is_cyclic","text":"is_cyclic() -> bool\n
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\n
Returns a list of lines of additional metadata to dump from the go-type command.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BackrefType.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType","title":"BasicType dataclass","text":"BasicType(meta: GoTypeMeta | None, name: str, extra_meta: list[str] = list())\n
Bases: Type
A primitive Go type.
Complex numbers are laid out as a real and imaginary part (both floats). Strings are laid out as a pointer and a length.
Methodless interfaces (the interface{} type) are denoted as any, and interfaces with methods are denoted as interface.
Function pointers are denoted as funcptr.
Methods:
Attributes:
-
name (str) \u2013 -
sz (int) \u2013 -
extra_meta (list[str]) \u2013 -
meta (GoTypeMeta | None) \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.sz","title":"sz class-attribute instance-attribute","text":"sz: int = field(init=False)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.extra_meta","title":"extra_meta class-attribute instance-attribute","text":"extra_meta: list[str] = field(default_factory=list)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.meta","title":"meta instance-attribute","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.dump","title":"dump","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.size","title":"size","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.get_typename","title":"get_typename","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.__post_init__","title":"__post_init__","text":"__post_init__() -> None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.is_cyclic","title":"is_cyclic","text":"is_cyclic() -> bool\n
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.BasicType.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType","title":"SliceType dataclass","text":"SliceType(meta: GoTypeMeta | None, inner: Type)\n
Bases: Type
A slice type in Go, notated as []inner.
Slices are laid out as a pointer, length, and capacity.
Methods:
Attributes:
-
inner (Type) \u2013 -
meta (GoTypeMeta | None) \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.inner","title":"inner instance-attribute","text":"inner: Type\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.meta","title":"meta instance-attribute","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.dump","title":"dump","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.size","title":"size","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.get_typename","title":"get_typename","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.is_cyclic","title":"is_cyclic","text":"is_cyclic() -> bool\n
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.SliceType.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType","title":"PointerType dataclass","text":"PointerType(meta: GoTypeMeta | None, inner: Type)\n
Bases: Type
A pointer type in Go, notated as *inner.
Methods:
Attributes:
-
inner (Type) \u2013 -
meta (GoTypeMeta | None) \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.inner","title":"inner instance-attribute","text":"inner: Type\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.meta","title":"meta instance-attribute","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.dump","title":"dump","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.size","title":"size","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.get_typename","title":"get_typename","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.is_cyclic","title":"is_cyclic","text":"is_cyclic() -> bool\n
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.PointerType.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType","title":"ArrayType dataclass","text":"ArrayType(meta: GoTypeMeta | None, inner: Type, count: int)\n
Bases: Type
An array type in Go, notated as [count]inner.
Arrays are laid out as contiguous data.
Methods:
Attributes:
-
inner (Type) \u2013 -
count (int) \u2013 -
meta (GoTypeMeta | None) \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.inner","title":"inner instance-attribute","text":"inner: Type\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.count","title":"count instance-attribute","text":"count: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.meta","title":"meta instance-attribute","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.dump","title":"dump","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.size","title":"size","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.get_typename","title":"get_typename","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.is_cyclic","title":"is_cyclic","text":"is_cyclic() -> bool\n
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.ArrayType.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType","title":"MapType dataclass","text":"MapType(meta: GoTypeMeta | None, key: Type, val: Type)\n
Bases: Type
A map type in Go, notated as map[key]val.
Note that maps in Go are actually pointers to the inner map, but the map type printer here directly prints the inner map.
Maps don't have a simple layout, and may reasonably change, but the last change was in 2017, so it probably won't.
The layout assumed is as follows (taken from src/runtime/map.go commit 1b4f1dc):
type hmap struct { count int flags uint8 B uint8 noverflow uint16 hash0 uint32 buckets unsafe.Pointer oldbuckets unsafe.Pointer nevacuate uintptr extra *mapextra }
Methods:
Attributes:
-
key (Type) \u2013 -
val (Type) \u2013 -
meta (GoTypeMeta | None) \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.key","title":"key instance-attribute","text":"key: Type\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.val","title":"val instance-attribute","text":"val: Type\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.meta","title":"meta instance-attribute","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.field_offsets","title":"field_offsets staticmethod","text":"field_offsets() -> dict[str, int]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.dump","title":"dump","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.size","title":"size","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.get_typename","title":"get_typename","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.is_cyclic","title":"is_cyclic","text":"is_cyclic() -> bool\n
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.MapType.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType","title":"StructType dataclass","text":"StructType(\n meta: GoTypeMeta | None,\n fields: list[tuple[str, str | Type, int]],\n sz: int,\n name: str | None = None,\n)\n
Bases: Type
A struct type in Go, notated as struct(SIZE){FIELDS}, where SIZE is the size of the struct in bytes, and FIELDS is a semicolon-separated list of OFFSET:NAME:TYPE fields.
Methods:
Attributes:
-
fields (list[tuple[str, str | Type, int]]) \u2013 -
sz (int) \u2013 -
name (str | None) \u2013 -
meta (GoTypeMeta | None) \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.fields","title":"fields instance-attribute","text":"fields: list[tuple[str, str | Type, int]]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.sz","title":"sz instance-attribute","text":"sz: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.name","title":"name class-attribute instance-attribute","text":"name: str | None = None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.meta","title":"meta instance-attribute","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.dump","title":"dump","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.size","title":"size","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.get_typename","title":"get_typename","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.is_cyclic","title":"is_cyclic","text":"is_cyclic() -> bool\n
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.StructType.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType","title":"RuntimeType dataclass","text":"RuntimeType(meta: GoTypeMeta | None, sz: int, addr: int)\n
Bases: Type
A value of a runtime reflection type in Go, notated as runtime(SIZE)ADDRESS, where SIZE is the size of the type's value in bytes, and ADDRESS is the address of the type.
This type is useful for serializing cyclic types.
Methods:
-
dump \u2013 -
size \u2013 -
get_typename \u2013 -
is_cyclic \u2013 Checks if a type is cyclic (contains references to itself), e.g. type a []a
-
additional_metadata \u2013 Returns a list of lines of additional metadata to dump from the go-type command.
-
__str__ \u2013
Attributes:
-
sz (int) \u2013 -
addr (int) \u2013 -
meta (GoTypeMeta | None) \u2013
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.sz","title":"sz instance-attribute","text":"sz: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.addr","title":"addr instance-attribute","text":"addr: int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.meta","title":"meta instance-attribute","text":"meta: GoTypeMeta | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.dump","title":"dump","text":"dump(addr: int, fmt: FormatOpts = FormatOpts()) -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.size","title":"size","text":"size() -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.get_typename","title":"get_typename","text":"get_typename() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.is_cyclic","title":"is_cyclic","text":"is_cyclic() -> bool\n
Checks if a type is cyclic (contains references to itself), e.g. type a []a
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.additional_metadata","title":"additional_metadata","text":"additional_metadata() -> list[str]\n
Returns a list of lines of additional metadata to dump from the go-type command.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.RuntimeType.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.word_size","title":"word_size","text":"word_size() -> int\n
Gets the Go word size for the current architecture.
Values taken from https://github.com/golang/go/blob/20b79fd5775c39061d949569743912ad5e58b0e7/src/go/types/sizes.go#L233-L252
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.compute_offsets","title":"compute_offsets","text":"compute_offsets(fields: Iterable[tuple[int, int]]) -> list[int]\n
Given a list of (size, alignment) for struct field types, returns a list of field offsets for the struct. The last element will be the offset of the struct's end (the struct size).
Layout computation taken from src/go/types/sizes.go commit 1b4f1dc
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.compute_named_offsets","title":"compute_named_offsets","text":"compute_named_offsets(fields: Iterable[tuple[str, int, int]]) -> dict[str, int]\n
Like compute_offsets, but takes in field names and returns a dictionary mapping field name to offset instead.
Also maps in a special $size field with the size of the struct.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.load_uint","title":"load_uint","text":"load_uint(data: bytes, endian: Literal['little', 'big'] | None = None) -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.load_int","title":"load_int","text":"load_int(data: bytes) -> int\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.load_float","title":"load_float","text":"load_float(data: bytes) -> float\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.emit_warning","title":"emit_warning","text":"emit_warning(msg: str)\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.get_elf","title":"get_elf","text":"get_elf() -> ELFInfo | None\n
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.read_buildversion","title":"read_buildversion","text":"read_buildversion(addr: int) -> str\n
Reads a Go runtime.buildVersion string to extract the version.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.get_go_version","title":"get_go_version","text":"get_go_version() -> tuple[int, ...] | None\n
Try to determine the Go version used to compile the binary.
None can be returned if the version couldn't be inferred, at which point it's probably best to assume latest version.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.get_type_start","title":"get_type_start","text":"get_type_start(addr: int | None = None) -> int | None\n
Given the address to a type, try to find the moduledata types section containing it.
Necessary to determine the base address that the type name is offset by.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.read_varint_str","title":"read_varint_str","text":"read_varint_str(addr: int) -> bytes\n
Read a length-prefix string encoded with Go's variable length encoding.
Implementation taken from https://github.com/golang/go/blob/9d33956503c0d96c0c5666d374173f7ac9756d98/src/internal/abi/type.go#L640-L649
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.read_type_name","title":"read_type_name","text":"read_type_name(addr: int) -> bytes\n
Reads a Go type name given the address to the name.
Go type names are stored as a 1 byte bitfield followed by a varint length prefixed string after 1.17.
Prior to 1.17, they were stored as a 1 byte bitfield followed by a 2 byte length prefixed string.
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.decode_runtime_type","title":"decode_runtime_type","text":"decode_runtime_type(\n addr: int, keep_backrefs: bool = False\n) -> tuple[GoTypeMeta, Type | None]\n
Decodes a runtime reflection type from memory, returning a (meta, type) tuplee.
The layout assumed is as follows (taken from src/internal/abi/type.go commit 1b4f1dc):
type Type struct { Size_ uintptr PtrBytes uintptr Hash uint32 TFlag TFlag Align_ uint8 FieldAlign_ uint8 Kind_ Kind Equal func(unsafe.Pointer, unsafe.Pointer) bool GCData *byte Str NameOff PtrToThis TypeOff }
"},{"location":"reference/pwndbg/aglib/godbg/#pwndbg.aglib.godbg.parse_type","title":"parse_type","text":"parse_type(ty: str) -> Type\n
"},{"location":"reference/pwndbg/aglib/heap/","title":"pwndbg.aglib.heap","text":""},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap","title":"heap","text":"Modules:
-
heap \u2013 -
jemalloc \u2013 -
ptmalloc \u2013 -
structs \u2013
Functions:
-
add_heap_param \u2013 -
update \u2013 -
reset \u2013 -
resolve_heap \u2013
Attributes:
-
current (MemoryAllocator | None) \u2013 -
main_arena \u2013 -
thread_arena \u2013 -
mp_ \u2013 -
tcache \u2013 -
global_max_fast \u2013 -
symbol_list \u2013 -
heap_chain_limit \u2013 -
heap_corruption_check_limit \u2013 -
extra_hint_for_gdb \u2013 -
resolve_heap_via_heuristic \u2013
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.current","title":"current module-attribute","text":"current: MemoryAllocator | None = None\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.main_arena","title":"main_arena module-attribute","text":"main_arena = add_heap_param('main-arena', '0', 'the address of main_arena')\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.thread_arena","title":"thread_arena module-attribute","text":"thread_arena = add_heap_param(\n \"thread-arena\", \"0\", \"the address pointed by thread_arena\"\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.mp_","title":"mp_ module-attribute","text":"mp_ = add_heap_param('mp', '0', 'the address of mp_')\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.tcache","title":"tcache module-attribute","text":"tcache = add_heap_param('tcache', '0', 'the address pointed by tcache')\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.global_max_fast","title":"global_max_fast module-attribute","text":"global_max_fast = add_heap_param(\n \"global-max-fast\", \"0\", \"the address of global_max_fast\"\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.symbol_list","title":"symbol_list module-attribute","text":"symbol_list = [main_arena, thread_arena, mp_, tcache, global_max_fast]\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.heap_chain_limit","title":"heap_chain_limit module-attribute","text":"heap_chain_limit = add_heap_param(\n \"heap-dereference-limit\",\n 8,\n \"number of chunks to dereference in each bin\",\n param_class=PARAM_UINTEGER,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.heap_corruption_check_limit","title":"heap_corruption_check_limit module-attribute","text":"heap_corruption_check_limit = add_heap_param(\n \"heap-corruption-check-limit\",\n 64,\n \"amount of chunks to traverse for the bin corruption check\",\n param_class=PARAM_UINTEGER,\n help_docstring=\"\\nThe bins are traversed both forwards and backwards.\\n\",\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.extra_hint_for_gdb","title":"extra_hint_for_gdb module-attribute","text":"extra_hint_for_gdb = \"\\nIn addition, even you have the debug symbols of libc, you might still see the\\nfollowing warning when debugging a multi-threaded program:\\n```\\nwarning: Unable to find libthread_db matching inferior's thread library, thread\\ndebugging will not be available.\\n```\\n\\nYou'll need to ensure that the correct `libthread_db.so` is loaded. To do this,\\nset the search path using:\\n```\\nset libthread-db-search-path <path having correct libthread_db.so>\\n```\\nThen, restart your program to enable proper thread debugging.\\n\"\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.resolve_heap_via_heuristic","title":"resolve_heap_via_heuristic module-attribute","text":"resolve_heap_via_heuristic = add_heap_param(\n \"resolve-heap-via-heuristic\",\n \"auto\",\n \"the strategy to resolve heap via heuristic\",\n help_docstring=\"Values explained:\\n\\n+ `auto` - Pwndbg will try to use heuristics if debug symbols are missing\\n+ `force` - Pwndbg will always try to use heuristics, even if debug symbols are available\\n+ `never` - Pwndbg will never use heuristics to resolve the heap\\n\\nIf the output of the heap related command produces errors with heuristics, you\\ncan try manually setting the libc symbol addresses.\\nFor this, see the `heap_config` command output and set the `main_arena`, `mp_`,\\n`global_max_fast`, `tcache` and `thread_arena` addresses.\\n\\nNote: Pwndbg will generate more reliable results with proper debug symbols.\\nTherefore, when debug symbols are missing, you should try to install them first\\nif you haven't already.\\n\\nThey can probably be installed via the package manager of your choice.\\nSee also: https://sourceware.org/gdb/onlinedocs/gdb/Separate-Debug-Files.html .\\n\\nE.g. on Ubuntu/Debian you might need to do the following steps (for 64-bit and\\n32-bit binaries):\\n```bash\\nsudo apt-get install libc6-dbg\\nsudo dpkg --add-architecture i386\\nsudo apt-get install libc-dbg:i386\\n```\\nIf you used setup.sh on Arch based distro you'll need to do a power cycle or set\\nenvironment variable manually like this:\\n```bash\\nexport DEBUGINFOD_URLS=https://debuginfod.archlinux.org\\n```\\n\"\n + extra_hint_for_gdb,\n param_class=PARAM_ENUM,\n enum_sequence=[\"auto\", \"force\", \"never\"],\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.add_heap_param","title":"add_heap_param","text":"add_heap_param(\n name: str,\n default: Any,\n set_show_doc: str,\n *,\n help_docstring: str = \"\",\n param_class: int | None = None,\n enum_sequence: Sequence[str] | None = None,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.update","title":"update","text":"update() -> None\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.reset","title":"reset","text":"reset() -> None\n
"},{"location":"reference/pwndbg/aglib/heap/#pwndbg.aglib.heap.resolve_heap","title":"resolve_heap","text":"resolve_heap(is_first_run: bool = False) -> None\n
"},{"location":"reference/pwndbg/aglib/heap/heap/","title":"pwndbg.aglib.heap.heap","text":""},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap","title":"heap","text":"Classes:
-
MemoryAllocator \u2013 Heap abstraction layer.
"},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap.MemoryAllocator","title":"MemoryAllocator","text":"Heap abstraction layer.
Methods:
-
summarize \u2013 Returns a textual summary of the specified address.
-
containing \u2013 Returns the address of the allocation which contains 'address'.
-
is_initialized \u2013 Returns whether the allocator is initialized or not.
-
libc_has_debug_syms \u2013 Returns whether the libc has debug symbols or not.
"},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap.MemoryAllocator.summarize","title":"summarize","text":"summarize(address: int, **kwargs: Any) -> str\n
Returns a textual summary of the specified address.
Parameters:
Returns:
"},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap.MemoryAllocator.containing","title":"containing","text":"containing(address: int) -> int\n
Returns the address of the allocation which contains 'address'.
Parameters:
-
address (int) \u2013 Address to look up.
Returns:
"},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap.MemoryAllocator.is_initialized","title":"is_initialized","text":"is_initialized() -> bool\n
Returns whether the allocator is initialized or not.
Returns:
"},{"location":"reference/pwndbg/aglib/heap/heap/#pwndbg.aglib.heap.heap.MemoryAllocator.libc_has_debug_syms","title":"libc_has_debug_syms","text":"libc_has_debug_syms() -> bool\n
Returns whether the libc has debug symbols or not.
Returns:
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/","title":"pwndbg.aglib.heap.jemalloc","text":""},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc","title":"jemalloc","text":"Classes:
Functions:
-
mask \u2013 -
lg_floor_1 \u2013 -
lg_floor_2 \u2013 -
lg_floor_4 \u2013 -
lg_floor_8 \u2013 -
lg_floor_16 \u2013 -
lg_floor_32 \u2013 -
lg_floor_64 \u2013 -
lg_floor \u2013 -
lg_ceil \u2013
Attributes:
-
LG_VADDR \u2013 -
LG_PAGE \u2013 -
MALLOCX_ARENA_BITS \u2013 -
LG_SIZEOF_PTR \u2013 -
RTREE_NHIB \u2013 -
RTREE_NLIB \u2013 -
RTREE_NSB \u2013 -
RTREE_HEIGHT \u2013 -
LG_QUANTUM \u2013 -
SC_LG_TINY_MIN \u2013 -
SC_NTINY \u2013 -
SC_LG_NGROUP \u2013 -
SC_NGROUP \u2013 -
SC_NPSEUDO \u2013 -
SC_PTR_BITS \u2013 -
SC_LG_BASE_MAX \u2013 -
SC_LG_FIRST_REGULAR_BASE \u2013 -
SC_NREGULAR \u2013 -
SC_NSIZES \u2013 -
SC_LG_SLAB_MAXREGS \u2013 -
EDATA_BITS_ARENA_WIDTH \u2013 -
EDATA_BITS_ARENA_SHIFT \u2013 -
EDATA_BITS_ARENA_MASK \u2013 -
EDATA_BITS_SLAB_WIDTH \u2013 -
EDATA_BITS_SLAB_SHIFT \u2013 -
EDATA_BITS_SLAB_MASK \u2013 -
EDATA_BITS_COMMITTED_WIDTH \u2013 -
EDATA_BITS_COMMITTED_SHIFT \u2013 -
EDATA_BITS_COMMITTED_MASK \u2013 -
EDATA_BITS_PAI_WIDTH \u2013 -
EDATA_BITS_PAI_SHIFT \u2013 -
EDATA_BITS_PAI_MASK \u2013 -
EDATA_BITS_ZEROED_WIDTH \u2013 -
EDATA_BITS_ZEROED_SHIFT \u2013 -
EDATA_BITS_ZEROED_MASK \u2013 -
EDATA_BITS_GUARDED_WIDTH \u2013 -
EDATA_BITS_GUARDED_SHIFT \u2013 -
EDATA_BITS_GUARDED_MASK \u2013 -
EDATA_BITS_STATE_WIDTH \u2013 -
EDATA_BITS_STATE_SHIFT \u2013 -
EDATA_BITS_STATE_MASK \u2013 -
EDATA_BITS_SZIND_WIDTH \u2013 -
EDATA_BITS_SZIND_SHIFT \u2013 -
EDATA_BITS_SZIND_MASK \u2013 -
EDATA_BITS_NFREE_WIDTH \u2013 -
EDATA_BITS_NFREE_SHIFT \u2013 -
EDATA_BITS_NFREE_MASK \u2013 -
EDATA_BITS_BINSHARD_WIDTH \u2013 -
EDATA_BITS_BINSHARD_SHIFT \u2013 -
EDATA_BITS_BINSHARD_MASK \u2013 -
EDATA_BITS_IS_HEAD_WIDTH \u2013 -
EDATA_BITS_IS_HEAD_SHIFT \u2013 -
EDATA_BITS_IS_HEAD_MASK \u2013 -
rtree_levels \u2013
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.LG_VADDR","title":"LG_VADDR module-attribute","text":"LG_VADDR = 48\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.LG_PAGE","title":"LG_PAGE module-attribute","text":"LG_PAGE = 12\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.MALLOCX_ARENA_BITS","title":"MALLOCX_ARENA_BITS module-attribute","text":"MALLOCX_ARENA_BITS = 12\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.LG_SIZEOF_PTR","title":"LG_SIZEOF_PTR module-attribute","text":"LG_SIZEOF_PTR = 3\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_NHIB","title":"RTREE_NHIB module-attribute","text":"RTREE_NHIB = 1 << LG_SIZEOF_PTR + 3 - LG_VADDR\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_NLIB","title":"RTREE_NLIB module-attribute","text":"RTREE_NLIB = LG_PAGE\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_NSB","title":"RTREE_NSB module-attribute","text":"RTREE_NSB = LG_VADDR - RTREE_NLIB\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTREE_HEIGHT","title":"RTREE_HEIGHT module-attribute","text":"RTREE_HEIGHT = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.LG_QUANTUM","title":"LG_QUANTUM module-attribute","text":"LG_QUANTUM = 4\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_TINY_MIN","title":"SC_LG_TINY_MIN module-attribute","text":"SC_LG_TINY_MIN = 3\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NTINY","title":"SC_NTINY module-attribute","text":"SC_NTINY = LG_QUANTUM - SC_LG_TINY_MIN\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_NGROUP","title":"SC_LG_NGROUP module-attribute","text":"SC_LG_NGROUP = 2\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NGROUP","title":"SC_NGROUP module-attribute","text":"SC_NGROUP = 1 << SC_LG_NGROUP\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NPSEUDO","title":"SC_NPSEUDO module-attribute","text":"SC_NPSEUDO = SC_NGROUP\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_PTR_BITS","title":"SC_PTR_BITS module-attribute","text":"SC_PTR_BITS = 1 << LG_SIZEOF_PTR * 8\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_BASE_MAX","title":"SC_LG_BASE_MAX module-attribute","text":"SC_LG_BASE_MAX = SC_PTR_BITS - 2\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_FIRST_REGULAR_BASE","title":"SC_LG_FIRST_REGULAR_BASE module-attribute","text":"SC_LG_FIRST_REGULAR_BASE = LG_QUANTUM + SC_LG_NGROUP\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NREGULAR","title":"SC_NREGULAR module-attribute","text":"SC_NREGULAR = SC_NGROUP * SC_LG_BASE_MAX - SC_LG_FIRST_REGULAR_BASE + 1 - 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_NSIZES","title":"SC_NSIZES module-attribute","text":"SC_NSIZES = SC_NTINY + SC_NPSEUDO + SC_NREGULAR\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.SC_LG_SLAB_MAXREGS","title":"SC_LG_SLAB_MAXREGS module-attribute","text":"SC_LG_SLAB_MAXREGS = LG_PAGE - SC_LG_TINY_MIN\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ARENA_WIDTH","title":"EDATA_BITS_ARENA_WIDTH module-attribute","text":"EDATA_BITS_ARENA_WIDTH = MALLOCX_ARENA_BITS\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ARENA_SHIFT","title":"EDATA_BITS_ARENA_SHIFT module-attribute","text":"EDATA_BITS_ARENA_SHIFT = 0\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ARENA_MASK","title":"EDATA_BITS_ARENA_MASK module-attribute","text":"EDATA_BITS_ARENA_MASK = mask(EDATA_BITS_ARENA_WIDTH, EDATA_BITS_ARENA_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SLAB_WIDTH","title":"EDATA_BITS_SLAB_WIDTH module-attribute","text":"EDATA_BITS_SLAB_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SLAB_SHIFT","title":"EDATA_BITS_SLAB_SHIFT module-attribute","text":"EDATA_BITS_SLAB_SHIFT = EDATA_BITS_ARENA_WIDTH + EDATA_BITS_ARENA_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SLAB_MASK","title":"EDATA_BITS_SLAB_MASK module-attribute","text":"EDATA_BITS_SLAB_MASK = mask(EDATA_BITS_SLAB_WIDTH, EDATA_BITS_SLAB_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_COMMITTED_WIDTH","title":"EDATA_BITS_COMMITTED_WIDTH module-attribute","text":"EDATA_BITS_COMMITTED_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_COMMITTED_SHIFT","title":"EDATA_BITS_COMMITTED_SHIFT module-attribute","text":"EDATA_BITS_COMMITTED_SHIFT = EDATA_BITS_SLAB_WIDTH + EDATA_BITS_SLAB_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_COMMITTED_MASK","title":"EDATA_BITS_COMMITTED_MASK module-attribute","text":"EDATA_BITS_COMMITTED_MASK = mask(\n EDATA_BITS_COMMITTED_WIDTH, EDATA_BITS_COMMITTED_SHIFT\n)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_PAI_WIDTH","title":"EDATA_BITS_PAI_WIDTH module-attribute","text":"EDATA_BITS_PAI_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_PAI_SHIFT","title":"EDATA_BITS_PAI_SHIFT module-attribute","text":"EDATA_BITS_PAI_SHIFT = EDATA_BITS_COMMITTED_WIDTH + EDATA_BITS_COMMITTED_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_PAI_MASK","title":"EDATA_BITS_PAI_MASK module-attribute","text":"EDATA_BITS_PAI_MASK = mask(EDATA_BITS_PAI_WIDTH, EDATA_BITS_PAI_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ZEROED_WIDTH","title":"EDATA_BITS_ZEROED_WIDTH module-attribute","text":"EDATA_BITS_ZEROED_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ZEROED_SHIFT","title":"EDATA_BITS_ZEROED_SHIFT module-attribute","text":"EDATA_BITS_ZEROED_SHIFT = EDATA_BITS_PAI_WIDTH + EDATA_BITS_PAI_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_ZEROED_MASK","title":"EDATA_BITS_ZEROED_MASK module-attribute","text":"EDATA_BITS_ZEROED_MASK = mask(EDATA_BITS_ZEROED_WIDTH, EDATA_BITS_ZEROED_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_GUARDED_WIDTH","title":"EDATA_BITS_GUARDED_WIDTH module-attribute","text":"EDATA_BITS_GUARDED_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_GUARDED_SHIFT","title":"EDATA_BITS_GUARDED_SHIFT module-attribute","text":"EDATA_BITS_GUARDED_SHIFT = EDATA_BITS_ZEROED_WIDTH + EDATA_BITS_ZEROED_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_GUARDED_MASK","title":"EDATA_BITS_GUARDED_MASK module-attribute","text":"EDATA_BITS_GUARDED_MASK = mask(\n EDATA_BITS_GUARDED_WIDTH, EDATA_BITS_GUARDED_SHIFT\n)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_STATE_WIDTH","title":"EDATA_BITS_STATE_WIDTH module-attribute","text":"EDATA_BITS_STATE_WIDTH = 3\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_STATE_SHIFT","title":"EDATA_BITS_STATE_SHIFT module-attribute","text":"EDATA_BITS_STATE_SHIFT = EDATA_BITS_GUARDED_WIDTH + EDATA_BITS_GUARDED_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_STATE_MASK","title":"EDATA_BITS_STATE_MASK module-attribute","text":"EDATA_BITS_STATE_MASK = mask(EDATA_BITS_STATE_WIDTH, EDATA_BITS_STATE_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SZIND_WIDTH","title":"EDATA_BITS_SZIND_WIDTH module-attribute","text":"EDATA_BITS_SZIND_WIDTH = lg_ceil(SC_NSIZES)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SZIND_SHIFT","title":"EDATA_BITS_SZIND_SHIFT module-attribute","text":"EDATA_BITS_SZIND_SHIFT = EDATA_BITS_STATE_WIDTH + EDATA_BITS_STATE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_SZIND_MASK","title":"EDATA_BITS_SZIND_MASK module-attribute","text":"EDATA_BITS_SZIND_MASK = mask(EDATA_BITS_SZIND_WIDTH, EDATA_BITS_SZIND_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_NFREE_WIDTH","title":"EDATA_BITS_NFREE_WIDTH module-attribute","text":"EDATA_BITS_NFREE_WIDTH = SC_LG_SLAB_MAXREGS + 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_NFREE_SHIFT","title":"EDATA_BITS_NFREE_SHIFT module-attribute","text":"EDATA_BITS_NFREE_SHIFT = EDATA_BITS_SZIND_WIDTH + EDATA_BITS_SZIND_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_NFREE_MASK","title":"EDATA_BITS_NFREE_MASK module-attribute","text":"EDATA_BITS_NFREE_MASK = mask(EDATA_BITS_NFREE_WIDTH, EDATA_BITS_NFREE_SHIFT)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_BINSHARD_WIDTH","title":"EDATA_BITS_BINSHARD_WIDTH module-attribute","text":"EDATA_BITS_BINSHARD_WIDTH = 6\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_BINSHARD_SHIFT","title":"EDATA_BITS_BINSHARD_SHIFT module-attribute","text":"EDATA_BITS_BINSHARD_SHIFT = EDATA_BITS_NFREE_WIDTH + EDATA_BITS_NFREE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_BINSHARD_MASK","title":"EDATA_BITS_BINSHARD_MASK module-attribute","text":"EDATA_BITS_BINSHARD_MASK = mask(\n EDATA_BITS_BINSHARD_WIDTH, EDATA_BITS_BINSHARD_SHIFT\n)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_IS_HEAD_WIDTH","title":"EDATA_BITS_IS_HEAD_WIDTH module-attribute","text":"EDATA_BITS_IS_HEAD_WIDTH = 1\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_IS_HEAD_SHIFT","title":"EDATA_BITS_IS_HEAD_SHIFT module-attribute","text":"EDATA_BITS_IS_HEAD_SHIFT = EDATA_BITS_BINSHARD_WIDTH + EDATA_BITS_BINSHARD_SHIFT\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.EDATA_BITS_IS_HEAD_MASK","title":"EDATA_BITS_IS_HEAD_MASK module-attribute","text":"EDATA_BITS_IS_HEAD_MASK = mask(\n EDATA_BITS_IS_HEAD_WIDTH, EDATA_BITS_IS_HEAD_SHIFT\n)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.rtree_levels","title":"rtree_levels module-attribute","text":"rtree_levels = [\n [{\"bits\": RTREE_NSB, \"cumbits\": RTREE_NHIB + RTREE_NSB}],\n [\n {\"bits\": RTREE_NSB // 2, \"cumbits\": RTREE_NHIB + RTREE_NSB // 2},\n {\n \"bits\": RTREE_NSB // 2 + RTREE_NSB % 2,\n \"cumbits\": RTREE_NHIB + RTREE_NSB,\n },\n ],\n [\n {\"bits\": RTREE_NSB // 3, \"cumbits\": RTREE_NHIB + RTREE_NSB // 3},\n {\n \"bits\": RTREE_NSB // 3 + RTREE_NSB % 3 // 2,\n \"cumbits\": RTREE_NHIB + RTREE_NSB // 3 * 2 + RTREE_NSB % 3 // 2,\n },\n {\n \"bits\": RTREE_NSB // 3 + RTREE_NSB % 3 - RTREE_NSB % 3 // 2,\n \"cumbits\": RTREE_NHIB + RTREE_NSB,\n },\n ],\n]\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree","title":"RTree","text":"RTree(addr: int)\n
RTree is used by jemalloc to keep track of extents that are allocated by jemalloc. Since extent data is not stored in a doubly linked list, rtree is used to find the extent belonging to a pointer that is being freed. Implementation of rtree is similar to Linux Radix tree: https://lwn.net/Articles/175432/
Methods:
Attributes:
-
root \u2013 -
extents \u2013
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.root","title":"root property","text":"root\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.extents","title":"extents property","text":"extents\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.get_rtree","title":"get_rtree staticmethod","text":"get_rtree() -> RTree\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__rtree_leaf_maskbits","title":"__rtree_leaf_maskbits","text":"__rtree_leaf_maskbits(level)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__rtree_leafkey","title":"__rtree_leafkey","text":"__rtree_leafkey(key: int, level: int) -> int\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__subkey","title":"__subkey","text":"__subkey(key: int, level: int) -> int\n
Return a portion of the key that is used to find the node/leaf in the rtree at a specific level. Source: https://github.com/jemalloc/jemalloc/blob/5b72ac098abce464add567869d082f2097bd59a2/include/jemalloc/internal/rtree.h#L161
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.__alignment_addr2base","title":"__alignment_addr2base staticmethod","text":"__alignment_addr2base(addr, alignment=64)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.RTree.lookup_hard","title":"lookup_hard","text":"lookup_hard(key: int)\n
Lookup the key in the rtree and return the value.
How it works: - Jemalloc stores the extent address in the rtree as a node and to find a specific node we need a address key.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent","title":"Extent","text":"Extent(addr: int)\n
Concept of extent (edata) is similar to chunk in glibc malloc but allocation algorithm differs a lot. - Extents are used to manage memory blocks (including jemalloc metadata) where extents sizes can vary but each block is always a multiple of the page size. - jemalloc will either allocate one large class request or multiple small class request (called slab) depending on request size. - Unlike chunks in glibc malloc, extents are not doubly linked list but are managed using rtree. - This tree is mostly used during deallocation to find the extent belonging to a pointer that is being freed. - Extents are also not stored as a header structure but externally (therefore extent metadata and actually mapped data may be very far apart).
Attributes:
-
size \u2013 May be larger in case of large size class allocation when cache_oblivious is enabled.
-
extent_address (int) \u2013 Address of the extent data structure (not the actual memory).
-
allocated_address (int) \u2013 Starting address of allocated memory
-
bsize (int) \u2013 -
bits (int) \u2013 -
bitfields (dict[str, int]) \u2013 Extract bitfields
-
state_name (str) \u2013 -
has_slab (bool) \u2013 Returns True if the extent is used for small size classes.
-
is_free (bool) \u2013 Returns True if the extent is free.
-
pai (str) \u2013 Page Allocator Interface
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.size","title":"size property","text":"size\n
May be larger in case of large size class allocation when cache_oblivious is enabled.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.extent_address","title":"extent_address property","text":"extent_address: int\n
Address of the extent data structure (not the actual memory).
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.allocated_address","title":"allocated_address property","text":"allocated_address: int\n
Starting address of allocated memory cache-oblivious large allocation alignment: When a large class allocation is made, jemalloc selects the closest size class that can fit the request and allocates that size + 4 KiB (0x1000). However, the pointer returned to user is randomized between the 'base' and 'base + 4 KiB' (0x1000) range. Source code: https://github.com/jemalloc/jemalloc/blob/a25b9b8ba91881964be3083db349991bbbbf1661/include/jemalloc/internal/arena_inlines_b.h#L505
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.bsize","title":"bsize property","text":"bsize: int\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.bits","title":"bits property","text":"bits: int\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.bitfields","title":"bitfields property","text":"bitfields: dict[str, int]\n
Extract bitfields
arena_ind: Arena from which this extent came, or all 1 bits if unassociated. slab: The slab flag indicates whether the extent is used for a slab of small regions. This helps differentiate small size classes, and it indicates whether interior pointers can be looked up via iealloc(). committed: The committed flag indicates whether physical memory is committed to the extent, whether explicitly or implicitly as on a system that overcommits and satisfies physical memory needs on demand via soft page faults. pai: The pai flag is an extent_pai_t. zeroed: The zeroed flag is used by extent recycling code to track whether memory is zero-filled. guarded: The guarded flag is used by the sanitizer to track whether the extent has page guards around it. state: The state flag is an extent_state_t. szind: The szind flag indicates usable size class index for allocations residing in this extent, regardless of whether the extent is a slab. Extent size and usable size often differ even for non-slabs, either due to sz_large_pad or promotion of sampled small regions. nfree: Number of free regions in slab. bin_shard: The shard of the bin from which this extent came.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.state_name","title":"state_name property","text":"state_name: str\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.has_slab","title":"has_slab property","text":"has_slab: bool\n
Returns True if the extent is used for small size classes. Reference for size in Table 1 at https://jemalloc.net/jemalloc.3.html At time of writing, allocations <= 0x3800 are considered as small allocations and has slabs.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.is_free","title":"is_free property","text":"is_free: bool\n
Returns True if the extent is free.
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.Extent.pai","title":"pai property","text":"pai: str\n
Page Allocator Interface
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.mask","title":"mask","text":"mask(current_field_width, current_field_shift)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_1","title":"lg_floor_1","text":"lg_floor_1(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_2","title":"lg_floor_2","text":"lg_floor_2(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_4","title":"lg_floor_4","text":"lg_floor_4(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_8","title":"lg_floor_8","text":"lg_floor_8(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_16","title":"lg_floor_16","text":"lg_floor_16(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_32","title":"lg_floor_32","text":"lg_floor_32(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor_64","title":"lg_floor_64","text":"lg_floor_64(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_floor","title":"lg_floor","text":"lg_floor(x)\n
"},{"location":"reference/pwndbg/aglib/heap/jemalloc/#pwndbg.aglib.heap.jemalloc.lg_ceil","title":"lg_ceil","text":"lg_ceil(x)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/","title":"pwndbg.aglib.heap.ptmalloc","text":""},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc","title":"ptmalloc","text":"Classes:
-
BinType \u2013 -
Bin \u2013 -
Bins \u2013 -
ChunkField \u2013 -
Chunk \u2013 -
Heap \u2013 -
Arena \u2013 -
GlibcMemoryAllocator \u2013 -
DebugSymsHeap \u2013 -
SymbolUnresolvableError \u2013 -
HeuristicHeap \u2013
Functions:
Attributes:
-
PREV_INUSE \u2013 -
IS_MMAPPED \u2013 -
NON_MAIN_ARENA \u2013 -
SIZE_BITS \u2013 -
NONCONTIGUOUS_BIT \u2013 -
TheType \u2013 -
TheValue \u2013 -
HEAP_MAX_SIZE (int) \u2013 -
NBINS \u2013 -
BINMAPSIZE \u2013 -
TCACHE_MAX_BINS \u2013 -
NFASTBINS \u2013 -
NSMALLBINS \u2013
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.PREV_INUSE","title":"PREV_INUSE module-attribute","text":"PREV_INUSE = 1\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.IS_MMAPPED","title":"IS_MMAPPED module-attribute","text":"IS_MMAPPED = 2\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NON_MAIN_ARENA","title":"NON_MAIN_ARENA module-attribute","text":"NON_MAIN_ARENA = 4\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.SIZE_BITS","title":"SIZE_BITS module-attribute","text":"SIZE_BITS = PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NONCONTIGUOUS_BIT","title":"NONCONTIGUOUS_BIT module-attribute","text":"NONCONTIGUOUS_BIT = 2\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.TheType","title":"TheType module-attribute","text":"TheType = TypeVar('TheType', Type, Type[CStruct2GDB])\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.TheValue","title":"TheValue module-attribute","text":"TheValue = TypeVar('TheValue', Value, CStruct2GDB)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HEAP_MAX_SIZE","title":"HEAP_MAX_SIZE module-attribute","text":"HEAP_MAX_SIZE: int = None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NBINS","title":"NBINS module-attribute","text":"NBINS = 128\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BINMAPSIZE","title":"BINMAPSIZE module-attribute","text":"BINMAPSIZE = 4\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.TCACHE_MAX_BINS","title":"TCACHE_MAX_BINS module-attribute","text":"TCACHE_MAX_BINS = 64\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NFASTBINS","title":"NFASTBINS module-attribute","text":"NFASTBINS = 10\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.NSMALLBINS","title":"NSMALLBINS module-attribute","text":"NSMALLBINS = 64\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType","title":"BinType","text":" Bases: str, Enum
Methods:
Attributes:
-
TCACHE \u2013 -
FAST \u2013 -
SMALL \u2013 -
LARGE \u2013 -
UNSORTED \u2013 -
NOT_IN_BIN \u2013
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.TCACHE","title":"TCACHE class-attribute instance-attribute","text":"TCACHE = 'tcachebins'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.FAST","title":"FAST class-attribute instance-attribute","text":"FAST = 'fastbins'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.SMALL","title":"SMALL class-attribute instance-attribute","text":"SMALL = 'smallbins'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.LARGE","title":"LARGE class-attribute instance-attribute","text":"LARGE = 'largebins'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.UNSORTED","title":"UNSORTED class-attribute instance-attribute","text":"UNSORTED = 'unsortedbin'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.NOT_IN_BIN","title":"NOT_IN_BIN class-attribute instance-attribute","text":"NOT_IN_BIN = 'not_in_bin'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.BinType.valid_fields","title":"valid_fields","text":"valid_fields() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin","title":"Bin","text":"Bin(\n fd_chain: list[int],\n bk_chain: list[int] | None = None,\n count: int | None = None,\n is_corrupted: bool = False,\n)\n
Methods:
-
contains_chunk \u2013 -
size_to_display_name \u2013
Attributes:
-
fd_chain \u2013 -
bk_chain \u2013 -
count \u2013 -
is_corrupted \u2013
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.fd_chain","title":"fd_chain instance-attribute","text":"fd_chain = fd_chain\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.bk_chain","title":"bk_chain instance-attribute","text":"bk_chain = bk_chain\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.count","title":"count instance-attribute","text":"count = count\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.is_corrupted","title":"is_corrupted instance-attribute","text":"is_corrupted = is_corrupted\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.contains_chunk","title":"contains_chunk","text":"contains_chunk(chunk: int) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bin.size_to_display_name","title":"size_to_display_name staticmethod","text":"size_to_display_name(size: int | str) -> str\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bins","title":"Bins","text":"Bins(bin_type: BinType)\n
Methods:
Attributes:
-
bins (OrderedDict[int | str, Bin]) \u2013 -
bin_type \u2013
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bins.bins","title":"bins instance-attribute","text":"bins: OrderedDict[int | str, Bin] = OrderedDict()\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bins.bin_type","title":"bin_type instance-attribute","text":"bin_type = bin_type\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Bins.contains_chunk","title":"contains_chunk","text":"contains_chunk(size: int, chunk: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField","title":"ChunkField","text":" Bases: int, Enum
Attributes:
-
PREV_SIZE \u2013 -
SIZE \u2013 -
FD \u2013 -
BK \u2013 -
FD_NEXTSIZE \u2013 -
BK_NEXTSIZE \u2013
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.PREV_SIZE","title":"PREV_SIZE class-attribute instance-attribute","text":"PREV_SIZE = 1\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.SIZE","title":"SIZE class-attribute instance-attribute","text":"SIZE = 2\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.FD","title":"FD class-attribute instance-attribute","text":"FD = 3\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.BK","title":"BK class-attribute instance-attribute","text":"BK = 4\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.FD_NEXTSIZE","title":"FD_NEXTSIZE class-attribute instance-attribute","text":"FD_NEXTSIZE = 5\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.ChunkField.BK_NEXTSIZE","title":"BK_NEXTSIZE class-attribute instance-attribute","text":"BK_NEXTSIZE = 6\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk","title":"Chunk","text":"Chunk(addr: int, heap: Heap | None = None, arena: Arena | None = None)\n
Methods:
Attributes:
-
__slots__ \u2013 -
address \u2013 -
prev_size (int | None) \u2013 -
size (int | None) \u2013 -
real_size (int | None) \u2013 -
flags (dict[str, bool] | None) \u2013 -
non_main_arena (bool | None) \u2013 -
is_mmapped (bool | None) \u2013 -
prev_inuse (bool | None) \u2013 -
fd \u2013 -
bk \u2013 -
fd_nextsize \u2013 -
bk_nextsize \u2013 -
heap (Heap) \u2013 -
arena (Arena | None) \u2013 -
is_top_chunk \u2013
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.__slots__","title":"__slots__ class-attribute instance-attribute","text":"__slots__ = (\n \"_gdbValue\",\n \"address\",\n \"_prev_size\",\n \"_size\",\n \"_real_size\",\n \"_flags\",\n \"_non_main_arena\",\n \"_is_mmapped\",\n \"_prev_inuse\",\n \"_fd\",\n \"_bk\",\n \"_fd_nextsize\",\n \"_bk_nextsize\",\n \"_heap\",\n \"_arena\",\n \"_is_top_chunk\",\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.address","title":"address instance-attribute","text":"address = int(address)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.prev_size","title":"prev_size property","text":"prev_size: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.size","title":"size property","text":"size: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.real_size","title":"real_size property","text":"real_size: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.flags","title":"flags property","text":"flags: dict[str, bool] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.non_main_arena","title":"non_main_arena property","text":"non_main_arena: bool | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.is_mmapped","title":"is_mmapped property","text":"is_mmapped: bool | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.prev_inuse","title":"prev_inuse property","text":"prev_inuse: bool | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.fd","title":"fd property","text":"fd\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.bk","title":"bk property","text":"bk\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.fd_nextsize","title":"fd_nextsize property","text":"fd_nextsize\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.bk_nextsize","title":"bk_nextsize property","text":"bk_nextsize\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.heap","title":"heap property","text":"heap: Heap\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.arena","title":"arena property","text":"arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.is_top_chunk","title":"is_top_chunk property","text":"is_top_chunk\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.__match_renamed_field","title":"__match_renamed_field","text":"__match_renamed_field(field: str)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.next_chunk","title":"next_chunk","text":"next_chunk()\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Chunk.__contains__","title":"__contains__","text":"__contains__(addr: int) -> bool\n
This allow us to avoid extra constructions like 'if start_addr <= ptr < end_addr', etc.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap","title":"Heap","text":"Heap(addr: int, arena: Arena | None = None)\n
1) main_arena - uses the sbrk heap 2) non-main arena - heap starts after its heap_info struct (and possibly an arena) 3) non-contiguous main_arena - just a memory region 4) no arena - for fake/mmapped chunks
Methods:
-
__iter__ \u2013 -
__contains__ \u2013 -
__str__ \u2013
Attributes:
-
__slots__ \u2013 -
arena \u2013 -
start (int) \u2013 -
end (int) \u2013 -
first_chunk \u2013 -
prev \u2013
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.__slots__","title":"__slots__ class-attribute instance-attribute","text":"__slots__ = (\n \"_gdbValue\",\n \"arena\",\n \"_memory_region\",\n \"start\",\n \"end\",\n \"_prev\",\n \"first_chunk\",\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.arena","title":"arena instance-attribute","text":"arena = main_arena if arena is None else arena\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.start","title":"start instance-attribute","text":"start: int = start\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.end","title":"end instance-attribute","text":"end: int = end\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.first_chunk","title":"first_chunk instance-attribute","text":"first_chunk = Chunk(start)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.prev","title":"prev property","text":"prev\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.__iter__","title":"__iter__","text":"__iter__()\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.__contains__","title":"__contains__","text":"__contains__(addr: int) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Heap.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena","title":"Arena","text":"Arena(addr: int)\n
Methods:
-
fastbins \u2013 -
__str__ \u2013
Attributes:
-
__slots__ \u2013 -
address \u2013 -
is_main_arena (bool) \u2013 -
mutex (int | None) \u2013 -
flags (int | None) \u2013 -
non_contiguous (bool | None) \u2013 -
have_fastchunks (int | None) \u2013 -
top (int | None) \u2013 -
fastbinsY (list[int]) \u2013 -
bins (list[int]) \u2013 -
binmap (list[int]) \u2013 -
next (int | None) \u2013 -
next_free (int | None) \u2013 -
system_mem (int | None) \u2013 -
active_heap (Heap) \u2013 -
heaps \u2013
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.__slots__","title":"__slots__ class-attribute instance-attribute","text":"__slots__ = (\n \"_gdbValue\",\n \"address\",\n \"_is_main_arena\",\n \"_top\",\n \"_active_heap\",\n \"_heaps\",\n \"_mutex\",\n \"_flags\",\n \"_non_contiguous\",\n \"_have_fastchunks\",\n \"_fastbinsY\",\n \"_bins\",\n \"_binmap\",\n \"_next\",\n \"_next_free\",\n \"_system_mem\",\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.address","title":"address instance-attribute","text":"address = int(address)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.is_main_arena","title":"is_main_arena property","text":"is_main_arena: bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.mutex","title":"mutex property","text":"mutex: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.flags","title":"flags property","text":"flags: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.non_contiguous","title":"non_contiguous property","text":"non_contiguous: bool | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.have_fastchunks","title":"have_fastchunks property","text":"have_fastchunks: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.top","title":"top property","text":"top: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.fastbinsY","title":"fastbinsY property","text":"fastbinsY: list[int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.bins","title":"bins property","text":"bins: list[int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.binmap","title":"binmap property","text":"binmap: list[int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.next","title":"next property","text":"next: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.next_free","title":"next_free property","text":"next_free: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.system_mem","title":"system_mem property","text":"system_mem: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.active_heap","title":"active_heap property","text":"active_heap: Heap\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.heaps","title":"heaps property","text":"heaps\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.fastbins","title":"fastbins","text":"fastbins() -> Bins\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.Arena.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator","title":"GlibcMemoryAllocator","text":"GlibcMemoryAllocator()\n
Bases: MemoryAllocator, Generic[TheType, TheValue]
Methods:
-
largebin_reverse_lookup \u2013 Pick the appropriate largebin_reverse_lookup_ function for this architecture.
-
largebin_size_range_from_index \u2013 -
can_be_resolved \u2013 -
has_tcache \u2013 -
chunk_flags \u2013 -
chunk_key_offset \u2013 Find the index of a field in the malloc_chunk struct.
-
get_heap \u2013 -
get_tcache \u2013 -
get_sbrk_heap_region \u2013 -
get_region \u2013 Find the memory map containing 'addr'.
-
get_bins \u2013 -
fastbin_index \u2013 -
fastbins \u2013 Returns: chain or None
-
tcachebins \u2013 Returns: tuple(chain, count) or None
-
check_chain_corrupted \u2013 Checks if the doubly linked list (of a {unsorted, small, large} bin)
-
bin_at \u2013 Modeled after glibc's bin_at function - so starts indexing from 1
-
unsortedbin \u2013 -
smallbins \u2013 -
largebins \u2013 -
largebin_index_32 \u2013 Modeled on the GLIBC malloc largebin_index_32 macro.
-
largebin_index_32_big \u2013 Modeled on the GLIBC malloc largebin_index_32_big macro.
-
largebin_index_64 \u2013 Modeled on the GLIBC malloc largebin_index_64 macro.
-
largebin_index \u2013 Pick the appropriate largebin_index_ function for this architecture.
-
is_initialized \u2013 -
is_statically_linked \u2013 -
libc_has_debug_syms \u2013 The struct malloc_chunk comes from debugging symbols and it will not be there
-
summarize \u2013 Returns a textual summary of the specified address.
-
containing \u2013 Returns the address of the allocation which contains 'address'.
Attributes:
-
largebin_reverse_lookup_32 \u2013 -
largebin_reverse_lookup_32_big \u2013 -
largebin_reverse_lookup_64 \u2013 -
main_arena (Arena | None) \u2013 -
arenas (tuple[Arena, ...]) \u2013 Return a tuple of all current arenas.
-
thread_arena (Arena | None) \u2013 -
thread_cache (TheValue | None) \u2013 -
mp (TheValue | None) \u2013 -
global_max_fast (int | None) \u2013 -
heap_info (TheType | None) \u2013 -
malloc_chunk (TheType | None) \u2013 -
malloc_state (TheType | None) \u2013 -
tcache_perthread_struct (TheType | None) \u2013 -
tcache_entry (TheType | None) \u2013 -
mallinfo (TheType | None) \u2013 -
malloc_par (TheType | None) \u2013 -
malloc_alignment (int) \u2013 Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
-
size_sz (int) \u2013 Corresponds to SIZE_SZ in glibc malloc.c
-
malloc_align_mask (int) \u2013 Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
-
minsize (int) \u2013 Corresponds to MINSIZE in glibc malloc.c
-
min_chunk_size (int) \u2013 Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
-
multithreaded (bool) \u2013 Is malloc operating within a multithreaded environment.
-
tcache_next_offset (int) \u2013
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_reverse_lookup_32","title":"largebin_reverse_lookup_32 class-attribute instance-attribute","text":"largebin_reverse_lookup_32 = (\n 512,\n 576,\n 640,\n 704,\n 768,\n 832,\n 896,\n 960,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_reverse_lookup_32_big","title":"largebin_reverse_lookup_32_big class-attribute instance-attribute","text":"largebin_reverse_lookup_32_big = (\n 1008,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 2944,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_reverse_lookup_64","title":"largebin_reverse_lookup_64 class-attribute instance-attribute","text":"largebin_reverse_lookup_64 = (\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 3008,\n 3072,\n 3136,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.main_arena","title":"main_arena property","text":"main_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.arenas","title":"arenas property","text":"arenas: tuple[Arena, ...]\n
Return a tuple of all current arenas.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.thread_arena","title":"thread_arena property","text":"thread_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.thread_cache","title":"thread_cache property","text":"thread_cache: TheValue | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.mp","title":"mp property","text":"mp: TheValue | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.global_max_fast","title":"global_max_fast property","text":"global_max_fast: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.heap_info","title":"heap_info property","text":"heap_info: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_chunk","title":"malloc_chunk property","text":"malloc_chunk: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_state","title":"malloc_state property","text":"malloc_state: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcache_perthread_struct","title":"tcache_perthread_struct property","text":"tcache_perthread_struct: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcache_entry","title":"tcache_entry property","text":"tcache_entry: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.mallinfo","title":"mallinfo property","text":"mallinfo: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_par","title":"malloc_par property","text":"malloc_par: TheType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_alignment","title":"malloc_alignment property","text":"malloc_alignment: int\n
Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.size_sz","title":"size_sz property","text":"size_sz: int\n
Corresponds to SIZE_SZ in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.malloc_align_mask","title":"malloc_align_mask property","text":"malloc_align_mask: int\n
Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.minsize","title":"minsize property","text":"minsize: int\n
Corresponds to MINSIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.min_chunk_size","title":"min_chunk_size property","text":"min_chunk_size: int\n
Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.multithreaded","title":"multithreaded property","text":"multithreaded: bool\n
Is malloc operating within a multithreaded environment.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcache_next_offset","title":"tcache_next_offset property","text":"tcache_next_offset: int\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_reverse_lookup","title":"largebin_reverse_lookup","text":"largebin_reverse_lookup(index: int) -> int\n
Pick the appropriate largebin_reverse_lookup_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_size_range_from_index","title":"largebin_size_range_from_index","text":"largebin_size_range_from_index(index: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.can_be_resolved","title":"can_be_resolved","text":"can_be_resolved() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.has_tcache","title":"has_tcache","text":"has_tcache() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.chunk_flags","title":"chunk_flags","text":"chunk_flags(size: int) -> tuple[int, int, int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.chunk_key_offset","title":"chunk_key_offset","text":"chunk_key_offset(key: str) -> int | None\n
Find the index of a field in the malloc_chunk struct.
64bit example prev_size == 0 size == 8 fd == 16 bk == 24 ...
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_heap","title":"get_heap","text":"get_heap(addr: int) -> TheValue | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_tcache","title":"get_tcache","text":"get_tcache(tcache_addr: int | None = None) -> TheValue | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_sbrk_heap_region","title":"get_sbrk_heap_region","text":"get_sbrk_heap_region() -> Page | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_region","title":"get_region","text":"get_region(addr: int | Value | None) -> Page | None\n
Find the memory map containing 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.get_bins","title":"get_bins","text":"get_bins(bin_type: BinType, addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.fastbin_index","title":"fastbin_index","text":"fastbin_index(size: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.fastbins","title":"fastbins","text":"fastbins(arena_addr: int | None = None) -> Bins | None\n
Returns: chain or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.tcachebins","title":"tcachebins","text":"tcachebins(tcache_addr: int | None = None) -> Bins | None\n
Returns: tuple(chain, count) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.check_chain_corrupted","title":"check_chain_corrupted","text":"check_chain_corrupted(chain_fd: list[int], chain_bk: list[int]) -> bool\n
Checks if the doubly linked list (of a {unsorted, small, large} bin) defined by chain_fd, chain_bk is corrupted.
Even if the chains do not cover the whole bin, they still are expected to be of the same length.
Returns True if the bin is certainly corrupted, otherwise False.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.bin_at","title":"bin_at","text":"bin_at(\n index: int, arena_addr: int | None = None\n) -> tuple[list[int], list[int], bool] | None\n
Modeled after glibc's bin_at function - so starts indexing from 1 https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/eglibc/trusty-security/view/head:/malloc/malloc.c#L1394
bin_at(1) returns the unsorted bin
Bin 1 - Unsorted BiN Bin 2 to 63 - Smallbins Bin 64 to 126 - Largebins
Returns: tuple(chain_from_bin_fd, chain_from_bin_bk, is_chain_corrupted) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.unsortedbin","title":"unsortedbin","text":"unsortedbin(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.smallbins","title":"smallbins","text":"smallbins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebins","title":"largebins","text":"largebins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index_32","title":"largebin_index_32","text":"largebin_index_32(sz: int) -> int\n
Modeled on the GLIBC malloc largebin_index_32 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1414
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index_32_big","title":"largebin_index_32_big","text":"largebin_index_32_big(sz: int) -> int\n
Modeled on the GLIBC malloc largebin_index_32_big macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1422
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index_64","title":"largebin_index_64","text":"largebin_index_64(sz: int) -> int\n
Modeled on the GLIBC malloc largebin_index_64 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1433
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.largebin_index","title":"largebin_index","text":"largebin_index(sz: int)\n
Pick the appropriate largebin_index_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.is_initialized","title":"is_initialized","text":"is_initialized()\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.is_statically_linked","title":"is_statically_linked","text":"is_statically_linked() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.libc_has_debug_syms","title":"libc_has_debug_syms","text":"libc_has_debug_syms() -> bool\n
The struct malloc_chunk comes from debugging symbols and it will not be there for statically linked binaries
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.summarize","title":"summarize","text":"summarize(address: int, **kwargs: Any) -> str\n
Returns a textual summary of the specified address.
Parameters:
Returns:
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.GlibcMemoryAllocator.containing","title":"containing","text":"containing(address: int) -> int\n
Returns the address of the allocation which contains 'address'.
Parameters:
-
address (int) \u2013 Address to look up.
Returns:
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap","title":"DebugSymsHeap","text":"DebugSymsHeap()\n
Bases: GlibcMemoryAllocator[Type, Value]
Methods:
-
can_be_resolved \u2013 -
has_tcache \u2013 -
get_heap \u2013 Find & read the heap_info struct belonging to the chunk at 'addr'.
-
get_tcache \u2013 -
get_sbrk_heap_region \u2013 Return a Page object representing the sbrk heap region.
-
is_initialized \u2013 -
summarize \u2013 Returns a textual summary of the specified address.
-
containing \u2013 Returns the address of the allocation which contains 'address'.
-
libc_has_debug_syms \u2013 The struct malloc_chunk comes from debugging symbols and it will not be there
-
largebin_reverse_lookup \u2013 Pick the appropriate largebin_reverse_lookup_ function for this architecture.
-
largebin_size_range_from_index \u2013 -
chunk_flags \u2013 -
chunk_key_offset \u2013 Find the index of a field in the malloc_chunk struct.
-
get_region \u2013 Find the memory map containing 'addr'.
-
get_bins \u2013 -
fastbin_index \u2013 -
fastbins \u2013 Returns: chain or None
-
tcachebins \u2013 Returns: tuple(chain, count) or None
-
check_chain_corrupted \u2013 Checks if the doubly linked list (of a {unsorted, small, large} bin)
-
bin_at \u2013 Modeled after glibc's bin_at function - so starts indexing from 1
-
unsortedbin \u2013 -
smallbins \u2013 -
largebins \u2013 -
largebin_index_32 \u2013 Modeled on the GLIBC malloc largebin_index_32 macro.
-
largebin_index_32_big \u2013 Modeled on the GLIBC malloc largebin_index_32_big macro.
-
largebin_index_64 \u2013 Modeled on the GLIBC malloc largebin_index_64 macro.
-
largebin_index \u2013 Pick the appropriate largebin_index_ function for this architecture.
-
is_statically_linked \u2013
Attributes:
-
main_arena (Arena | None) \u2013 -
thread_arena (Arena | None) \u2013 -
thread_cache (Value | None) \u2013 Locate a thread's tcache struct. If it doesn't have one, use the main
-
mp (Value | None) \u2013 -
global_max_fast (int | None) \u2013 -
heap_info (Type | None) \u2013 -
malloc_chunk (Type | None) \u2013 -
malloc_state (Type | None) \u2013 -
tcache_perthread_struct (Type | None) \u2013 -
tcache_entry (Type | None) \u2013 -
mallinfo (Type | None) \u2013 -
malloc_par (Type | None) \u2013 -
largebin_reverse_lookup_32 \u2013 -
largebin_reverse_lookup_32_big \u2013 -
largebin_reverse_lookup_64 \u2013 -
arenas (tuple[Arena, ...]) \u2013 Return a tuple of all current arenas.
-
malloc_alignment (int) \u2013 Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
-
size_sz (int) \u2013 Corresponds to SIZE_SZ in glibc malloc.c
-
malloc_align_mask (int) \u2013 Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
-
minsize (int) \u2013 Corresponds to MINSIZE in glibc malloc.c
-
min_chunk_size (int) \u2013 Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
-
multithreaded (bool) \u2013 Is malloc operating within a multithreaded environment.
-
tcache_next_offset (int) \u2013
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.main_arena","title":"main_arena property","text":"main_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.thread_arena","title":"thread_arena property","text":"thread_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.thread_cache","title":"thread_cache property","text":"thread_cache: Value | None\n
Locate a thread's tcache struct. If it doesn't have one, use the main thread's tcache.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.mp","title":"mp property","text":"mp: Value | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.global_max_fast","title":"global_max_fast property","text":"global_max_fast: int | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.heap_info","title":"heap_info property","text":"heap_info: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_chunk","title":"malloc_chunk property","text":"malloc_chunk: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_state","title":"malloc_state property","text":"malloc_state: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcache_perthread_struct","title":"tcache_perthread_struct property","text":"tcache_perthread_struct: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcache_entry","title":"tcache_entry property","text":"tcache_entry: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.mallinfo","title":"mallinfo property","text":"mallinfo: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_par","title":"malloc_par property","text":"malloc_par: Type | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup_32","title":"largebin_reverse_lookup_32 class-attribute instance-attribute","text":"largebin_reverse_lookup_32 = (\n 512,\n 576,\n 640,\n 704,\n 768,\n 832,\n 896,\n 960,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup_32_big","title":"largebin_reverse_lookup_32_big class-attribute instance-attribute","text":"largebin_reverse_lookup_32_big = (\n 1008,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 2944,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup_64","title":"largebin_reverse_lookup_64 class-attribute instance-attribute","text":"largebin_reverse_lookup_64 = (\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 3008,\n 3072,\n 3136,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.arenas","title":"arenas property","text":"arenas: tuple[Arena, ...]\n
Return a tuple of all current arenas.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_alignment","title":"malloc_alignment property","text":"malloc_alignment: int\n
Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.size_sz","title":"size_sz property","text":"size_sz: int\n
Corresponds to SIZE_SZ in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.malloc_align_mask","title":"malloc_align_mask property","text":"malloc_align_mask: int\n
Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.minsize","title":"minsize property","text":"minsize: int\n
Corresponds to MINSIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.min_chunk_size","title":"min_chunk_size property","text":"min_chunk_size: int\n
Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.multithreaded","title":"multithreaded property","text":"multithreaded: bool\n
Is malloc operating within a multithreaded environment.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcache_next_offset","title":"tcache_next_offset property","text":"tcache_next_offset: int\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.can_be_resolved","title":"can_be_resolved","text":"can_be_resolved() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.has_tcache","title":"has_tcache","text":"has_tcache() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_heap","title":"get_heap","text":"get_heap(addr: int) -> Value | None\n
Find & read the heap_info struct belonging to the chunk at 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_tcache","title":"get_tcache","text":"get_tcache(tcache_addr: int | Value | None = None) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_sbrk_heap_region","title":"get_sbrk_heap_region","text":"get_sbrk_heap_region() -> Page | None\n
Return a Page object representing the sbrk heap region. Ensure the region's start address is aligned to SIZE_SZ * 2, which compensates for the presence of GLIBC_TUNABLES.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.is_initialized","title":"is_initialized","text":"is_initialized() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.summarize","title":"summarize","text":"summarize(address: int, **kwargs: Any) -> str\n
Returns a textual summary of the specified address.
Parameters:
Returns:
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.containing","title":"containing","text":"containing(address: int) -> int\n
Returns the address of the allocation which contains 'address'.
Parameters:
-
address (int) \u2013 Address to look up.
Returns:
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.libc_has_debug_syms","title":"libc_has_debug_syms","text":"libc_has_debug_syms() -> bool\n
The struct malloc_chunk comes from debugging symbols and it will not be there for statically linked binaries
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_reverse_lookup","title":"largebin_reverse_lookup","text":"largebin_reverse_lookup(index: int) -> int\n
Pick the appropriate largebin_reverse_lookup_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_size_range_from_index","title":"largebin_size_range_from_index","text":"largebin_size_range_from_index(index: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.chunk_flags","title":"chunk_flags","text":"chunk_flags(size: int) -> tuple[int, int, int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.chunk_key_offset","title":"chunk_key_offset","text":"chunk_key_offset(key: str) -> int | None\n
Find the index of a field in the malloc_chunk struct.
64bit example prev_size == 0 size == 8 fd == 16 bk == 24 ...
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_region","title":"get_region","text":"get_region(addr: int | Value | None) -> Page | None\n
Find the memory map containing 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.get_bins","title":"get_bins","text":"get_bins(bin_type: BinType, addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.fastbin_index","title":"fastbin_index","text":"fastbin_index(size: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.fastbins","title":"fastbins","text":"fastbins(arena_addr: int | None = None) -> Bins | None\n
Returns: chain or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.tcachebins","title":"tcachebins","text":"tcachebins(tcache_addr: int | None = None) -> Bins | None\n
Returns: tuple(chain, count) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.check_chain_corrupted","title":"check_chain_corrupted","text":"check_chain_corrupted(chain_fd: list[int], chain_bk: list[int]) -> bool\n
Checks if the doubly linked list (of a {unsorted, small, large} bin) defined by chain_fd, chain_bk is corrupted.
Even if the chains do not cover the whole bin, they still are expected to be of the same length.
Returns True if the bin is certainly corrupted, otherwise False.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.bin_at","title":"bin_at","text":"bin_at(\n index: int, arena_addr: int | None = None\n) -> tuple[list[int], list[int], bool] | None\n
Modeled after glibc's bin_at function - so starts indexing from 1 https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/eglibc/trusty-security/view/head:/malloc/malloc.c#L1394
bin_at(1) returns the unsorted bin
Bin 1 - Unsorted BiN Bin 2 to 63 - Smallbins Bin 64 to 126 - Largebins
Returns: tuple(chain_from_bin_fd, chain_from_bin_bk, is_chain_corrupted) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.unsortedbin","title":"unsortedbin","text":"unsortedbin(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.smallbins","title":"smallbins","text":"smallbins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebins","title":"largebins","text":"largebins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index_32","title":"largebin_index_32","text":"largebin_index_32(sz: int) -> int\n
Modeled on the GLIBC malloc largebin_index_32 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1414
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index_32_big","title":"largebin_index_32_big","text":"largebin_index_32_big(sz: int) -> int\n
Modeled on the GLIBC malloc largebin_index_32_big macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1422
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index_64","title":"largebin_index_64","text":"largebin_index_64(sz: int) -> int\n
Modeled on the GLIBC malloc largebin_index_64 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1433
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.largebin_index","title":"largebin_index","text":"largebin_index(sz: int)\n
Pick the appropriate largebin_index_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.DebugSymsHeap.is_statically_linked","title":"is_statically_linked","text":"is_statically_linked() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.SymbolUnresolvableError","title":"SymbolUnresolvableError","text":"SymbolUnresolvableError(symbol: str)\n
Bases: Exception
Attributes:
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.SymbolUnresolvableError.symbol","title":"symbol instance-attribute","text":"symbol = symbol\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap","title":"HeuristicHeap","text":"HeuristicHeap()\n
Bases: GlibcMemoryAllocator[Type['pwndbg.aglib.heap.structs.CStruct2GDB'], 'pwndbg.aglib.heap.structs.CStruct2GDB']
Methods:
-
can_be_resolved \u2013 -
has_tcache \u2013 -
prompt_for_brute_force_thread_arena_permission \u2013 Check if the user wants to brute force the thread_arena's value.
-
prompt_for_brute_force_thread_cache_permission \u2013 Check if the user wants to brute force the tcache's value.
-
prompt_for_tls_address \u2013 Check if we can determine the TLS address and return it.
-
brute_force_tls_reference_in_got_section \u2013 Brute force the TLS-reference in the .got section to that can pass the validator.
-
brute_force_thread_local_variable_near_tls_base \u2013 Brute force the thread-local variable near the TLS base address that can pass the validator.
-
get_heap \u2013 Find & read the heap_info struct belonging to the chunk at 'addr'.
-
get_tcache \u2013 -
get_sbrk_heap_region \u2013 Return a Page object representing the sbrk heap region.
-
is_initialized \u2013 -
summarize \u2013 Returns a textual summary of the specified address.
-
containing \u2013 Returns the address of the allocation which contains 'address'.
-
libc_has_debug_syms \u2013 The struct malloc_chunk comes from debugging symbols and it will not be there
-
largebin_reverse_lookup \u2013 Pick the appropriate largebin_reverse_lookup_ function for this architecture.
-
largebin_size_range_from_index \u2013 -
chunk_flags \u2013 -
chunk_key_offset \u2013 Find the index of a field in the malloc_chunk struct.
-
get_region \u2013 Find the memory map containing 'addr'.
-
get_bins \u2013 -
fastbin_index \u2013 -
fastbins \u2013 Returns: chain or None
-
tcachebins \u2013 Returns: tuple(chain, count) or None
-
check_chain_corrupted \u2013 Checks if the doubly linked list (of a {unsorted, small, large} bin)
-
bin_at \u2013 Modeled after glibc's bin_at function - so starts indexing from 1
-
unsortedbin \u2013 -
smallbins \u2013 -
largebins \u2013 -
largebin_index_32 \u2013 Modeled on the GLIBC malloc largebin_index_32 macro.
-
largebin_index_32_big \u2013 Modeled on the GLIBC malloc largebin_index_32_big macro.
-
largebin_index_64 \u2013 Modeled on the GLIBC malloc largebin_index_64 macro.
-
largebin_index \u2013 Pick the appropriate largebin_index_ function for this architecture.
-
is_statically_linked \u2013
Attributes:
-
struct_module (ModuleType | None) \u2013 -
main_arena (Arena | None) \u2013 -
thread_arena (Arena | None) \u2013 -
thread_cache ('pwndbg.aglib.heap.structs.TcachePerthreadStruct' | None) \u2013 Locate a thread's tcache struct. We try to find its address in Thread Local Storage (TLS) first,
-
mp ('pwndbg.aglib.heap.structs.CStruct2GDB') \u2013 -
global_max_fast (int) \u2013 -
heap_info (type['pwndbg.aglib.heap.structs.HeapInfo'] | None) \u2013 -
malloc_chunk (type['pwndbg.aglib.heap.structs.MallocChunk'] | None) \u2013 -
malloc_state (type['pwndbg.aglib.heap.structs.MallocState'] | None) \u2013 -
tcache_perthread_struct (type['pwndbg.aglib.heap.structs.TcachePerthreadStruct'] | None) \u2013 -
tcache_entry (type['pwndbg.aglib.heap.structs.TcacheEntry'] | None) \u2013 -
mallinfo (type['pwndbg.aglib.heap.structs.CStruct2GDB'] | None) \u2013 -
malloc_par (type['pwndbg.aglib.heap.structs.MallocPar'] | None) \u2013 -
largebin_reverse_lookup_32 \u2013 -
largebin_reverse_lookup_32_big \u2013 -
largebin_reverse_lookup_64 \u2013 -
arenas (tuple[Arena, ...]) \u2013 Return a tuple of all current arenas.
-
malloc_alignment (int) \u2013 Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
-
size_sz (int) \u2013 Corresponds to SIZE_SZ in glibc malloc.c
-
malloc_align_mask (int) \u2013 Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
-
minsize (int) \u2013 Corresponds to MINSIZE in glibc malloc.c
-
min_chunk_size (int) \u2013 Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
-
multithreaded (bool) \u2013 Is malloc operating within a multithreaded environment.
-
tcache_next_offset (int) \u2013
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.struct_module","title":"struct_module property","text":"struct_module: ModuleType | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.main_arena","title":"main_arena property","text":"main_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.thread_arena","title":"thread_arena property","text":"thread_arena: Arena | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.thread_cache","title":"thread_cache property","text":"thread_cache: 'pwndbg.aglib.heap.structs.TcachePerthreadStruct' | None\n
Locate a thread's tcache struct. We try to find its address in Thread Local Storage (TLS) first, and if that fails, we guess it's at the first chunk of the heap.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.mp","title":"mp property","text":"mp: 'pwndbg.aglib.heap.structs.CStruct2GDB'\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.global_max_fast","title":"global_max_fast property","text":"global_max_fast: int\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.heap_info","title":"heap_info property","text":"heap_info: type['pwndbg.aglib.heap.structs.HeapInfo'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_chunk","title":"malloc_chunk property","text":"malloc_chunk: type['pwndbg.aglib.heap.structs.MallocChunk'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_state","title":"malloc_state property","text":"malloc_state: type['pwndbg.aglib.heap.structs.MallocState'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcache_perthread_struct","title":"tcache_perthread_struct property","text":"tcache_perthread_struct: (\n type[\"pwndbg.aglib.heap.structs.TcachePerthreadStruct\"] | None\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcache_entry","title":"tcache_entry property","text":"tcache_entry: type['pwndbg.aglib.heap.structs.TcacheEntry'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.mallinfo","title":"mallinfo property","text":"mallinfo: type['pwndbg.aglib.heap.structs.CStruct2GDB'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_par","title":"malloc_par property","text":"malloc_par: type['pwndbg.aglib.heap.structs.MallocPar'] | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup_32","title":"largebin_reverse_lookup_32 class-attribute instance-attribute","text":"largebin_reverse_lookup_32 = (\n 512,\n 576,\n 640,\n 704,\n 768,\n 832,\n 896,\n 960,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup_32_big","title":"largebin_reverse_lookup_32_big class-attribute instance-attribute","text":"largebin_reverse_lookup_32_big = (\n 1008,\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 2944,\n 3072,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup_64","title":"largebin_reverse_lookup_64 class-attribute instance-attribute","text":"largebin_reverse_lookup_64 = (\n 1024,\n 1088,\n 1152,\n 1216,\n 1280,\n 1344,\n 1408,\n 1472,\n 1536,\n 1600,\n 1664,\n 1728,\n 1792,\n 1856,\n 1920,\n 1984,\n 2048,\n 2112,\n 2176,\n 2240,\n 2304,\n 2368,\n 2432,\n 2496,\n 2560,\n 2624,\n 2688,\n 2752,\n 2816,\n 2880,\n 2944,\n 3008,\n 3072,\n 3136,\n 3584,\n 4096,\n 4608,\n 5120,\n 5632,\n 6144,\n 6656,\n 7168,\n 7680,\n 8192,\n 8704,\n 9216,\n 9728,\n 10240,\n 10752,\n 12288,\n 16384,\n 20480,\n 24576,\n 28672,\n 32768,\n 36864,\n 40960,\n 65536,\n 98304,\n 131072,\n 163840,\n 262144,\n 524288,\n)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.arenas","title":"arenas property","text":"arenas: tuple[Arena, ...]\n
Return a tuple of all current arenas.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_alignment","title":"malloc_alignment property","text":"malloc_alignment: int\n
Corresponds to MALLOC_ALIGNMENT in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.size_sz","title":"size_sz property","text":"size_sz: int\n
Corresponds to SIZE_SZ in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.malloc_align_mask","title":"malloc_align_mask property","text":"malloc_align_mask: int\n
Corresponds to MALLOC_ALIGN_MASK in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.minsize","title":"minsize property","text":"minsize: int\n
Corresponds to MINSIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.min_chunk_size","title":"min_chunk_size property","text":"min_chunk_size: int\n
Corresponds to MIN_CHUNK_SIZE in glibc malloc.c
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.multithreaded","title":"multithreaded property","text":"multithreaded: bool\n
Is malloc operating within a multithreaded environment.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcache_next_offset","title":"tcache_next_offset property","text":"tcache_next_offset: int\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.can_be_resolved","title":"can_be_resolved","text":"can_be_resolved() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.has_tcache","title":"has_tcache","text":"has_tcache() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.prompt_for_brute_force_thread_arena_permission","title":"prompt_for_brute_force_thread_arena_permission","text":"prompt_for_brute_force_thread_arena_permission() -> bool\n
Check if the user wants to brute force the thread_arena's value.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.prompt_for_brute_force_thread_cache_permission","title":"prompt_for_brute_force_thread_cache_permission","text":"prompt_for_brute_force_thread_cache_permission() -> bool\n
Check if the user wants to brute force the tcache's value.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.prompt_for_tls_address","title":"prompt_for_tls_address","text":"prompt_for_tls_address() -> int\n
Check if we can determine the TLS address and return it.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.brute_force_tls_reference_in_got_section","title":"brute_force_tls_reference_in_got_section","text":"brute_force_tls_reference_in_got_section(\n tls_address: int, validator: Callable[[int], bool]\n) -> tuple[int, int] | None\n
Brute force the TLS-reference in the .got section to that can pass the validator.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.brute_force_thread_local_variable_near_tls_base","title":"brute_force_thread_local_variable_near_tls_base","text":"brute_force_thread_local_variable_near_tls_base(\n tls_address: int, validator: Callable[[int], bool]\n) -> tuple[int, int] | None\n
Brute force the thread-local variable near the TLS base address that can pass the validator.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_heap","title":"get_heap","text":"get_heap(addr: int) -> 'pwndbg.aglib.heap.structs.HeapInfo' | None\n
Find & read the heap_info struct belonging to the chunk at 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_tcache","title":"get_tcache","text":"get_tcache(\n tcache_addr: int | None = None,\n) -> \"pwndbg.aglib.heap.structs.TcachePerthreadStruct\" | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_sbrk_heap_region","title":"get_sbrk_heap_region","text":"get_sbrk_heap_region() -> Page\n
Return a Page object representing the sbrk heap region. Ensure the region's start address is aligned to SIZE_SZ * 2, which compensates for the presence of GLIBC_TUNABLES. This heuristic version requires some sanity checks and may raise SymbolUnresolvableError if malloc's mp_ struct can't be resolved.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.is_initialized","title":"is_initialized","text":"is_initialized() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.summarize","title":"summarize","text":"summarize(address: int, **kwargs: Any) -> str\n
Returns a textual summary of the specified address.
Parameters:
Returns:
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.containing","title":"containing","text":"containing(address: int) -> int\n
Returns the address of the allocation which contains 'address'.
Parameters:
-
address (int) \u2013 Address to look up.
Returns:
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.libc_has_debug_syms","title":"libc_has_debug_syms","text":"libc_has_debug_syms() -> bool\n
The struct malloc_chunk comes from debugging symbols and it will not be there for statically linked binaries
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_reverse_lookup","title":"largebin_reverse_lookup","text":"largebin_reverse_lookup(index: int) -> int\n
Pick the appropriate largebin_reverse_lookup_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_size_range_from_index","title":"largebin_size_range_from_index","text":"largebin_size_range_from_index(index: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.chunk_flags","title":"chunk_flags","text":"chunk_flags(size: int) -> tuple[int, int, int]\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.chunk_key_offset","title":"chunk_key_offset","text":"chunk_key_offset(key: str) -> int | None\n
Find the index of a field in the malloc_chunk struct.
64bit example prev_size == 0 size == 8 fd == 16 bk == 24 ...
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_region","title":"get_region","text":"get_region(addr: int | Value | None) -> Page | None\n
Find the memory map containing 'addr'.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.get_bins","title":"get_bins","text":"get_bins(bin_type: BinType, addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.fastbin_index","title":"fastbin_index","text":"fastbin_index(size: int)\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.fastbins","title":"fastbins","text":"fastbins(arena_addr: int | None = None) -> Bins | None\n
Returns: chain or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.tcachebins","title":"tcachebins","text":"tcachebins(tcache_addr: int | None = None) -> Bins | None\n
Returns: tuple(chain, count) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.check_chain_corrupted","title":"check_chain_corrupted","text":"check_chain_corrupted(chain_fd: list[int], chain_bk: list[int]) -> bool\n
Checks if the doubly linked list (of a {unsorted, small, large} bin) defined by chain_fd, chain_bk is corrupted.
Even if the chains do not cover the whole bin, they still are expected to be of the same length.
Returns True if the bin is certainly corrupted, otherwise False.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.bin_at","title":"bin_at","text":"bin_at(\n index: int, arena_addr: int | None = None\n) -> tuple[list[int], list[int], bool] | None\n
Modeled after glibc's bin_at function - so starts indexing from 1 https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/eglibc/trusty-security/view/head:/malloc/malloc.c#L1394
bin_at(1) returns the unsorted bin
Bin 1 - Unsorted BiN Bin 2 to 63 - Smallbins Bin 64 to 126 - Largebins
Returns: tuple(chain_from_bin_fd, chain_from_bin_bk, is_chain_corrupted) or None
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.unsortedbin","title":"unsortedbin","text":"unsortedbin(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.smallbins","title":"smallbins","text":"smallbins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebins","title":"largebins","text":"largebins(arena_addr: int | None = None) -> Bins | None\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index_32","title":"largebin_index_32","text":"largebin_index_32(sz: int) -> int\n
Modeled on the GLIBC malloc largebin_index_32 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1414
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index_32_big","title":"largebin_index_32_big","text":"largebin_index_32_big(sz: int) -> int\n
Modeled on the GLIBC malloc largebin_index_32_big macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1422
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index_64","title":"largebin_index_64","text":"largebin_index_64(sz: int) -> int\n
Modeled on the GLIBC malloc largebin_index_64 macro.
https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=f7cd29bc2f93e1082ee77800bd64a4b2a2897055;hb=9ea3686266dca3f004ba874745a4087a89682617#l1433
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.largebin_index","title":"largebin_index","text":"largebin_index(sz: int)\n
Pick the appropriate largebin_index_ function for this architecture.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.HeuristicHeap.is_statically_linked","title":"is_statically_linked","text":"is_statically_linked() -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.heap_for_ptr","title":"heap_for_ptr","text":"heap_for_ptr(ptr: int) -> int\n
Round a pointer to a chunk down to find its corresponding heap_info struct, the pointer must point inside a heap which does not belong to the main arena.
"},{"location":"reference/pwndbg/aglib/heap/ptmalloc/#pwndbg.aglib.heap.ptmalloc.fetch_chunk_metadata","title":"fetch_chunk_metadata","text":"fetch_chunk_metadata(\n address: int, include_only_fields: set[ChunkField] | None = None\n)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/","title":"pwndbg.aglib.heap.structs","text":""},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs","title":"structs","text":"Classes:
-
c_pvoid \u2013 Represents a pointer.
-
c_size_t \u2013 Represents a size_t.
-
FakeGDBField \u2013 Fake gdb.Field for compatibility
-
CStruct2GDB \u2013 -
c_malloc_state_2_26 \u2013 This class represents malloc_state struct for GLIBC < 2.27 as a ctypes struct.
-
c_malloc_state_2_12 \u2013 This class represents malloc_state struct for GLIBC < 2.22 as a ctypes struct.
-
c_malloc_state_2_27 \u2013 This class represents malloc_state struct for GLIBC >= 2.27 as a ctypes struct.
-
MallocState \u2013 This class represents malloc_state struct with interface compatible with pwndbg.dbg_mod.Value.
-
c_heap_info \u2013 This class represents heap_info struct as a ctypes struct.
-
HeapInfo \u2013 This class represents heap_info struct with interface compatible with pwndbg.dbg_mod.Value.
-
c_malloc_chunk \u2013 This class represents malloc_chunk struct as a ctypes struct.
-
MallocChunk \u2013 This class represents malloc_chunk struct with interface compatible with pwndbg.dbg_mod.Value.
-
c_tcache_perthread_struct_2_29 \u2013 This class represents tcache_perthread_struct for GLIBC < 2.30 as a ctypes struct.
-
c_tcache_perthread_struct_2_30 \u2013 This class represents the tcache_perthread_struct for GLIBC >= 2.30 as a ctypes struct.
-
TcachePerthreadStruct \u2013 This class represents tcache_perthread_struct with interface compatible with pwndbg.dbg_mod.Value.
-
c_tcache_entry_2_28 \u2013 This class represents the tcache_entry struct for GLIBC < 2.29 as a ctypes struct.
-
c_tcache_entry_2_29 \u2013 This class represents the tcache_entry struct for GLIBC >= 2.29 as a ctypes struct.
-
TcacheEntry \u2013 This class represents the tcache_entry struct with interface compatible with pwndbg.dbg_mod.Value.
-
c_malloc_par_2_23 \u2013 This class represents the malloc_par struct for GLIBC < 2.24 as a ctypes struct.
-
c_malloc_par_2_12 \u2013 This class represents the malloc_par struct for GLIBC < 2.15 as a ctypes struct.
-
c_malloc_par_2_24 \u2013 This class represents the malloc_par struct for GLIBC >= 2.24 as a ctypes struct.
-
c_malloc_par_2_26 \u2013 This class represents the malloc_par struct for GLIBC >= 2.26 as a ctypes struct.
-
c_malloc_par_2_35 \u2013 This class represents the malloc_par struct for GLIBC >= 2.35 as a ctypes struct.
-
MallocPar \u2013 This class represents the malloc_par struct with interface compatible with pwndbg.dbg_mod.Value.
Functions:
-
request2size \u2013 -
fastbin_index \u2013
Attributes:
-
GLIBC_VERSION \u2013 -
SIZE_SZ \u2013 -
MINSIZE \u2013 -
MALLOC_ALIGN \u2013 -
long_double_alignment \u2013 -
MALLOC_ALIGN_MASK \u2013 -
MAX_FAST_SIZE \u2013 -
NBINS \u2013 -
BINMAPSIZE \u2013 -
TCACHE_MAX_BINS \u2013 -
NFASTBINS \u2013 -
PTR \u2013 -
SIZE_T \u2013 -
DEFAULT_TOP_PAD \u2013 -
DEFAULT_MMAP_MAX \u2013 -
DEFAULT_MMAP_THRESHOLD \u2013 -
DEFAULT_TRIM_THRESHOLD \u2013 -
DEFAULT_PAGE_SIZE \u2013 -
TCACHE_FILL_COUNT \u2013 -
C2GDB_MAPPING \u2013 -
DEFAULT_MP_ \u2013
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.GLIBC_VERSION","title":"GLIBC_VERSION module-attribute","text":"GLIBC_VERSION = get_version()\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.SIZE_SZ","title":"SIZE_SZ module-attribute","text":"SIZE_SZ = ptrsize\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MINSIZE","title":"MINSIZE module-attribute","text":"MINSIZE = ptrsize * 4\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MALLOC_ALIGN","title":"MALLOC_ALIGN module-attribute","text":"MALLOC_ALIGN = 16\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.long_double_alignment","title":"long_double_alignment module-attribute","text":"long_double_alignment = alignof\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MALLOC_ALIGN_MASK","title":"MALLOC_ALIGN_MASK module-attribute","text":"MALLOC_ALIGN_MASK = MALLOC_ALIGN - 1\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MAX_FAST_SIZE","title":"MAX_FAST_SIZE module-attribute","text":"MAX_FAST_SIZE = 80 * SIZE_SZ // 4\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.NBINS","title":"NBINS module-attribute","text":"NBINS = 128\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.BINMAPSIZE","title":"BINMAPSIZE module-attribute","text":"BINMAPSIZE = 4\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TCACHE_MAX_BINS","title":"TCACHE_MAX_BINS module-attribute","text":"TCACHE_MAX_BINS = 64\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.NFASTBINS","title":"NFASTBINS module-attribute","text":"NFASTBINS = fastbin_index(request2size(MAX_FAST_SIZE)) + 1\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.PTR","title":"PTR module-attribute","text":"PTR = c_uint32\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.SIZE_T","title":"SIZE_T module-attribute","text":"SIZE_T = c_uint32\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_TOP_PAD","title":"DEFAULT_TOP_PAD module-attribute","text":"DEFAULT_TOP_PAD = 131072\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_MMAP_MAX","title":"DEFAULT_MMAP_MAX module-attribute","text":"DEFAULT_MMAP_MAX = 65536\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_MMAP_THRESHOLD","title":"DEFAULT_MMAP_THRESHOLD module-attribute","text":"DEFAULT_MMAP_THRESHOLD = 128 * 1024\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_TRIM_THRESHOLD","title":"DEFAULT_TRIM_THRESHOLD module-attribute","text":"DEFAULT_TRIM_THRESHOLD = 128 * 1024\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_PAGE_SIZE","title":"DEFAULT_PAGE_SIZE module-attribute","text":"DEFAULT_PAGE_SIZE = 4096\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TCACHE_FILL_COUNT","title":"TCACHE_FILL_COUNT module-attribute","text":"TCACHE_FILL_COUNT = 7\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.C2GDB_MAPPING","title":"C2GDB_MAPPING module-attribute","text":"C2GDB_MAPPING = {\n c_char: char,\n c_int8: int8,\n c_int16: int16,\n c_int32: int32,\n c_int64: int64,\n c_uint8: uint8,\n c_uint16: uint16,\n c_uint32: uint32,\n c_uint64: uint64,\n c_pvoid: pvoid,\n c_size_t: size_t,\n}\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.DEFAULT_MP_","title":"DEFAULT_MP_ module-attribute","text":"DEFAULT_MP_ = _c_struct()\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_pvoid","title":"c_pvoid","text":" Bases: PTR
Represents a pointer.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_size_t","title":"c_size_t","text":" Bases: SIZE_T
Represents a size_t.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField","title":"FakeGDBField","text":"FakeGDBField(\n bitpos: int,\n name: str | None,\n type,\n parent_type,\n enumval: int | None = None,\n artificial: bool = False,\n is_base_class: bool = False,\n bitsize: int = 0,\n)\n
Fake gdb.Field for compatibility
Attributes:
-
bitpos \u2013 -
name \u2013 -
type \u2013 -
parent_type \u2013 -
enumval \u2013 -
artificial \u2013 -
is_base_class \u2013 -
bitsize \u2013
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.bitpos","title":"bitpos instance-attribute","text":"bitpos = bitpos\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.name","title":"name instance-attribute","text":"name = name\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.type","title":"type instance-attribute","text":"type = type\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.parent_type","title":"parent_type instance-attribute","text":"parent_type = parent_type\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.enumval","title":"enumval instance-attribute","text":"enumval = enumval\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.artificial","title":"artificial instance-attribute","text":"artificial = artificial\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.is_base_class","title":"is_base_class instance-attribute","text":"is_base_class = is_base_class\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.FakeGDBField.bitsize","title":"bitsize instance-attribute","text":"bitsize = bitsize\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB","title":"CStruct2GDB","text":"CStruct2GDB(address: int)\n
Methods:
-
__int__ \u2013 Returns the address of the C struct.
-
__getitem__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__getattr__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__eq__ \u2013 -
value_to_human_readable \u2013 Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
-
read_field \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
unqualified \u2013 Returns cls to make it compatible with the gdb.types.has_field() interface.
-
fields \u2013 Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
keys \u2013 Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
get_field_address \u2013 Returns the address of the specified field.
-
get_field_offset \u2013 Returns the offset of the specified field.
-
items \u2013 Returns a tuple of (field name, field value) pairs.
-
has_field \u2013 Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
Attributes:
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.code","title":"code class-attribute instance-attribute","text":"code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.address","title":"address instance-attribute","text":"address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.type","title":"type property","text":"type\n
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__int__","title":"__int__","text":"__int__() -> int\n
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__getattr__","title":"__getattr__","text":"__getattr__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.__eq__","title":"__eq__","text":"__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.value_to_human_readable","title":"value_to_human_readable","text":"value_to_human_readable() -> str\n
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.read_field","title":"read_field","text":"read_field(field: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.unqualified","title":"unqualified classmethod","text":"unqualified()\n
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.fields","title":"fields classmethod","text":"fields() -> list[FakeGDBField]\n
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.keys","title":"keys classmethod","text":"keys() -> list[str]\n
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.get_field_address","title":"get_field_address","text":"get_field_address(field: str) -> int\n
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.get_field_offset","title":"get_field_offset classmethod","text":"get_field_offset(field: str) -> int\n
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\n
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.CStruct2GDB.has_field","title":"has_field classmethod","text":"has_field(field: str) -> bool\n
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_26","title":"c_malloc_state_2_26","text":" Bases: Structure
This class represents malloc_state struct for GLIBC < 2.27 as a ctypes struct.
https://github.com/bminor/glibc/blob/1c9a5c270d8b66f30dcfaf1cb2d6cf39d3e18369/malloc/malloc.c#L1678-L1716
struct malloc_state { /* Serialize access. */ __libc_lock_define (, mutex);
/* Flags (formerly in max_fast). */\nint flags;\n\n/* Fastbins */\nmfastbinptr fastbinsY[NFASTBINS];\n\n/* Base of the topmost chunk -- not otherwise kept in a bin */\nmchunkptr top;\n\n/* The remainder from the most recent split of a small request */\nmchunkptr last_remainder;\n\n/* Normal bins packed as described above */\nmchunkptr bins[NBINS * 2 - 2];\n\n/* Bitmap of bins */\nunsigned int binmap[BINMAPSIZE];\n\n/* Linked list */\nstruct malloc_state *next;\n\n/* Linked list for free arenas. Access to this field is serialized\n by free_list_lock in arena.c. */\nstruct malloc_state *next_free;\n\n/* Number of threads attached to this arena. 0 if the arena is on\n the free list. Access to this field is serialized by\n free_list_lock in arena.c. */\nINTERNAL_SIZE_T attached_threads;\n\n/* Memory allocated from the system in this arena. */\nINTERNAL_SIZE_T system_mem;\nINTERNAL_SIZE_T max_system_mem;\n
};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12","title":"c_malloc_state_2_12","text":" Bases: Structure
This class represents malloc_state struct for GLIBC < 2.22 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.12/malloc/malloc.c#L2362-L2400
struct malloc_state { /* Serialize access. */ mutex_t mutex;
/* Flags (formerly in max_fast). */ int flags;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--if-thread_stats","title":"if THREAD_STATS","text":"/* Statistics for locking. Only used if THREAD_STATS is defined. */ long stat_lock_direct, stat_lock_loop, stat_lock_wait;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--endif","title":"endif","text":"/* Fastbins */ mfastbinptr fastbinsY[NFASTBINS];
/* Base of the topmost chunk -- not otherwise kept in a bin */ mchunkptr top;
/* The remainder from the most recent split of a small request */ mchunkptr last_remainder;
/* Normal bins packed as described above */ mchunkptr bins[NBINS * 2 - 2];
/* Bitmap of bins */ unsigned int binmap[BINMAPSIZE];
/* Linked list */ struct malloc_state *next;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--ifdef-per_thread","title":"ifdef PER_THREAD","text":"/* Linked list for free arenas. */ struct malloc_state *next_free;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_12--endif_1","title":"endif","text":"/* Memory allocated from the system in this arena. */ INTERNAL_SIZE_T system_mem; INTERNAL_SIZE_T max_system_mem; };
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_state_2_27","title":"c_malloc_state_2_27","text":" Bases: Structure
This class represents malloc_state struct for GLIBC >= 2.27 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L1831
struct malloc_state { /* Serialize access. */ __libc_lock_define (, mutex);
/* Flags (formerly in max_fast). */\nint flags;\n\n/* Set if the fastbin chunks contain recently inserted free blocks. */\n/* Note this is a bool but not all targets support atomics on booleans. */\nint have_fastchunks;\n\n/* Fastbins */\nmfastbinptr fastbinsY[NFASTBINS];\n\n/* Base of the topmost chunk -- not otherwise kept in a bin */\nmchunkptr top;\n\n/* The remainder from the most recent split of a small request */\nmchunkptr last_remainder;\n\n/* Normal bins packed as described above */\nmchunkptr bins[NBINS * 2 - 2];\n\n/* Bitmap of bins */\nunsigned int binmap[BINMAPSIZE];\n\n/* Linked list */\nstruct malloc_state *next;\n\n/* Linked list for free arenas. Access to this field is serialized\n by free_list_lock in arena.c. */\nstruct malloc_state *next_free;\n\n/* Number of threads attached to this arena. 0 if the arena is on\n the free list. Access to this field is serialized by\n free_list_lock in arena.c. */\nINTERNAL_SIZE_T attached_threads;\n\n/* Memory allocated from the system in this arena. */\nINTERNAL_SIZE_T system_mem;\nINTERNAL_SIZE_T max_system_mem;\n
};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState","title":"MallocState","text":"MallocState(address: int)\n
Bases: CStruct2GDB
This class represents malloc_state struct with interface compatible with pwndbg.dbg_mod.Value.
Methods:
-
__int__ \u2013 Returns the address of the C struct.
-
__getitem__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__getattr__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__eq__ \u2013 -
value_to_human_readable \u2013 Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
-
read_field \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
unqualified \u2013 Returns cls to make it compatible with the gdb.types.has_field() interface.
-
fields \u2013 Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
keys \u2013 Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
get_field_address \u2013 Returns the address of the specified field.
-
get_field_offset \u2013 Returns the offset of the specified field.
-
items \u2013 Returns a tuple of (field name, field value) pairs.
-
has_field \u2013 Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
Attributes:
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.sizeof","title":"sizeof class-attribute instance-attribute","text":"sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.code","title":"code class-attribute instance-attribute","text":"code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.address","title":"address instance-attribute","text":"address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.type","title":"type property","text":"type\n
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__int__","title":"__int__","text":"__int__() -> int\n
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__getattr__","title":"__getattr__","text":"__getattr__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.__eq__","title":"__eq__","text":"__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.value_to_human_readable","title":"value_to_human_readable","text":"value_to_human_readable() -> str\n
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.read_field","title":"read_field","text":"read_field(field: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.unqualified","title":"unqualified classmethod","text":"unqualified()\n
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.fields","title":"fields classmethod","text":"fields() -> list[FakeGDBField]\n
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.keys","title":"keys classmethod","text":"keys() -> list[str]\n
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.get_field_address","title":"get_field_address","text":"get_field_address(field: str) -> int\n
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.get_field_offset","title":"get_field_offset classmethod","text":"get_field_offset(field: str) -> int\n
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\n
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocState.has_field","title":"has_field classmethod","text":"has_field(field: str) -> bool\n
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_heap_info","title":"c_heap_info","text":" Bases: Structure
This class represents heap_info struct as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/arena.c#L53
typedef struct _heap_info { mstate ar_ptr; /* Arena for this heap. / struct _heap_info *prev; / Previous heap. / size_t size; / Current size in bytes. / size_t mprotect_size; / Size in bytes that has been mprotected PROT_READ|PROT_WRITE. / / Make sure the following data is properly aligned, particularly that sizeof (heap_info) + 2 * SIZE_SZ is a multiple of MALLOC_ALIGNMENT. */ char pad[-6 * SIZE_SZ & MALLOC_ALIGN_MASK]; } heap_info;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo","title":"HeapInfo","text":"HeapInfo(address: int)\n
Bases: CStruct2GDB
This class represents heap_info struct with interface compatible with pwndbg.dbg_mod.Value.
Methods:
-
__int__ \u2013 Returns the address of the C struct.
-
__getitem__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__getattr__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__eq__ \u2013 -
value_to_human_readable \u2013 Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
-
read_field \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
unqualified \u2013 Returns cls to make it compatible with the gdb.types.has_field() interface.
-
fields \u2013 Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
keys \u2013 Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
get_field_address \u2013 Returns the address of the specified field.
-
get_field_offset \u2013 Returns the offset of the specified field.
-
items \u2013 Returns a tuple of (field name, field value) pairs.
-
has_field \u2013 Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
Attributes:
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.sizeof","title":"sizeof class-attribute instance-attribute","text":"sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.code","title":"code class-attribute instance-attribute","text":"code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.address","title":"address instance-attribute","text":"address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.type","title":"type property","text":"type\n
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__int__","title":"__int__","text":"__int__() -> int\n
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__getattr__","title":"__getattr__","text":"__getattr__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.__eq__","title":"__eq__","text":"__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.value_to_human_readable","title":"value_to_human_readable","text":"value_to_human_readable() -> str\n
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.read_field","title":"read_field","text":"read_field(field: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.unqualified","title":"unqualified classmethod","text":"unqualified()\n
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.fields","title":"fields classmethod","text":"fields() -> list[FakeGDBField]\n
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.keys","title":"keys classmethod","text":"keys() -> list[str]\n
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.get_field_address","title":"get_field_address","text":"get_field_address(field: str) -> int\n
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.get_field_offset","title":"get_field_offset classmethod","text":"get_field_offset(field: str) -> int\n
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\n
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.HeapInfo.has_field","title":"has_field classmethod","text":"has_field(field: str) -> bool\n
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_chunk","title":"c_malloc_chunk","text":" Bases: Structure
This class represents malloc_chunk struct as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L1154
struct malloc_chunk {
INTERNAL_SIZE_T mchunk_prev_size; /* Size of previous chunk (if free). */\nINTERNAL_SIZE_T mchunk_size; /* Size in bytes, including overhead. */\n\nstruct malloc_chunk* fd; /* double links -- used only if free. */\nstruct malloc_chunk* bk;\n\n/* Only used for large blocks: pointer to next larger size. */\nstruct malloc_chunk* fd_nextsize; /* double links -- used only if free. */\nstruct malloc_chunk* bk_nextsize;\n
};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk","title":"MallocChunk","text":"MallocChunk(address: int)\n
Bases: CStruct2GDB
This class represents malloc_chunk struct with interface compatible with pwndbg.dbg_mod.Value.
Methods:
-
__int__ \u2013 Returns the address of the C struct.
-
__getitem__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__getattr__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__eq__ \u2013 -
value_to_human_readable \u2013 Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
-
read_field \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
unqualified \u2013 Returns cls to make it compatible with the gdb.types.has_field() interface.
-
fields \u2013 Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
keys \u2013 Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
get_field_address \u2013 Returns the address of the specified field.
-
get_field_offset \u2013 Returns the offset of the specified field.
-
items \u2013 Returns a tuple of (field name, field value) pairs.
-
has_field \u2013 Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
Attributes:
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.sizeof","title":"sizeof class-attribute instance-attribute","text":"sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.code","title":"code class-attribute instance-attribute","text":"code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.address","title":"address instance-attribute","text":"address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.type","title":"type property","text":"type\n
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__int__","title":"__int__","text":"__int__() -> int\n
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__getattr__","title":"__getattr__","text":"__getattr__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.__eq__","title":"__eq__","text":"__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.value_to_human_readable","title":"value_to_human_readable","text":"value_to_human_readable() -> str\n
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.read_field","title":"read_field","text":"read_field(field: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.unqualified","title":"unqualified classmethod","text":"unqualified()\n
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.fields","title":"fields classmethod","text":"fields() -> list[FakeGDBField]\n
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.keys","title":"keys classmethod","text":"keys() -> list[str]\n
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.get_field_address","title":"get_field_address","text":"get_field_address(field: str) -> int\n
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.get_field_offset","title":"get_field_offset classmethod","text":"get_field_offset(field: str) -> int\n
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\n
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocChunk.has_field","title":"has_field classmethod","text":"has_field(field: str) -> bool\n
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_perthread_struct_2_29","title":"c_tcache_perthread_struct_2_29","text":" Bases: Structure
This class represents tcache_perthread_struct for GLIBC < 2.30 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.29/malloc/malloc.c#L2916
typedef struct tcache_perthread_struct { char counts[TCACHE_MAX_BINS]; tcache_entry *entries[TCACHE_MAX_BINS]; } tcache_perthread_struct;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_perthread_struct_2_30","title":"c_tcache_perthread_struct_2_30","text":" Bases: Structure
This class represents the tcache_perthread_struct for GLIBC >= 2.30 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L3025
typedef struct tcache_perthread_struct { uint16_t counts[TCACHE_MAX_BINS]; tcache_entry *entries[TCACHE_MAX_BINS]; } tcache_perthread_struct;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct","title":"TcachePerthreadStruct","text":"TcachePerthreadStruct(address: int)\n
Bases: CStruct2GDB
This class represents tcache_perthread_struct with interface compatible with pwndbg.dbg_mod.Value.
Methods:
-
__int__ \u2013 Returns the address of the C struct.
-
__getitem__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__getattr__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__eq__ \u2013 -
value_to_human_readable \u2013 Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
-
read_field \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
unqualified \u2013 Returns cls to make it compatible with the gdb.types.has_field() interface.
-
fields \u2013 Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
keys \u2013 Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
get_field_address \u2013 Returns the address of the specified field.
-
get_field_offset \u2013 Returns the offset of the specified field.
-
items \u2013 Returns a tuple of (field name, field value) pairs.
-
has_field \u2013 Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
Attributes:
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.sizeof","title":"sizeof class-attribute instance-attribute","text":"sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.code","title":"code class-attribute instance-attribute","text":"code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.address","title":"address instance-attribute","text":"address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.type","title":"type property","text":"type\n
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__int__","title":"__int__","text":"__int__() -> int\n
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__getattr__","title":"__getattr__","text":"__getattr__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.__eq__","title":"__eq__","text":"__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.value_to_human_readable","title":"value_to_human_readable","text":"value_to_human_readable() -> str\n
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.read_field","title":"read_field","text":"read_field(field: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.unqualified","title":"unqualified classmethod","text":"unqualified()\n
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.fields","title":"fields classmethod","text":"fields() -> list[FakeGDBField]\n
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.keys","title":"keys classmethod","text":"keys() -> list[str]\n
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.get_field_address","title":"get_field_address","text":"get_field_address(field: str) -> int\n
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.get_field_offset","title":"get_field_offset classmethod","text":"get_field_offset(field: str) -> int\n
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\n
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcachePerthreadStruct.has_field","title":"has_field classmethod","text":"has_field(field: str) -> bool\n
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_entry_2_28","title":"c_tcache_entry_2_28","text":" Bases: Structure
This class represents the tcache_entry struct for GLIBC < 2.29 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.28/malloc/malloc.c#L2888
typedef struct tcache_entry { struct tcache_entry *next; } tcache_entry;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_tcache_entry_2_29","title":"c_tcache_entry_2_29","text":" Bases: Structure
This class represents the tcache_entry struct for GLIBC >= 2.29 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L3013
typedef struct tcache_entry { struct tcache_entry next; / This field exists to detect double frees. */ uintptr_t key; } tcache_entry;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry","title":"TcacheEntry","text":"TcacheEntry(address: int)\n
Bases: CStruct2GDB
This class represents the tcache_entry struct with interface compatible with pwndbg.dbg_mod.Value.
Methods:
-
__int__ \u2013 Returns the address of the C struct.
-
__getitem__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__getattr__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__eq__ \u2013 -
value_to_human_readable \u2013 Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
-
read_field \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
unqualified \u2013 Returns cls to make it compatible with the gdb.types.has_field() interface.
-
fields \u2013 Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
keys \u2013 Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
get_field_address \u2013 Returns the address of the specified field.
-
get_field_offset \u2013 Returns the offset of the specified field.
-
items \u2013 Returns a tuple of (field name, field value) pairs.
-
has_field \u2013 Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
Attributes:
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.sizeof","title":"sizeof class-attribute instance-attribute","text":"sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.code","title":"code class-attribute instance-attribute","text":"code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.address","title":"address instance-attribute","text":"address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.type","title":"type property","text":"type\n
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__int__","title":"__int__","text":"__int__() -> int\n
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__getattr__","title":"__getattr__","text":"__getattr__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.__eq__","title":"__eq__","text":"__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.value_to_human_readable","title":"value_to_human_readable","text":"value_to_human_readable() -> str\n
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.read_field","title":"read_field","text":"read_field(field: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.unqualified","title":"unqualified classmethod","text":"unqualified()\n
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.fields","title":"fields classmethod","text":"fields() -> list[FakeGDBField]\n
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.keys","title":"keys classmethod","text":"keys() -> list[str]\n
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.get_field_address","title":"get_field_address","text":"get_field_address(field: str) -> int\n
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.get_field_offset","title":"get_field_offset classmethod","text":"get_field_offset(field: str) -> int\n
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\n
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.TcacheEntry.has_field","title":"has_field classmethod","text":"has_field(field: str) -> bool\n
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_23","title":"c_malloc_par_2_23","text":" Bases: Structure
This class represents the malloc_par struct for GLIBC < 2.24 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.23/malloc/malloc.c#L1726
struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold; INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;
/* Memory map support / int n_mmaps; int n_mmaps_max; int max_n_mmaps; / the mmap_threshold is dynamic, until the user sets it manually, at which point we need to disable any dynamic behavior. */ int no_dyn_threshold;
/* Statistics / INTERNAL_SIZE_T mmapped_mem; /*INTERNAL_SIZE_T sbrked_mem;/ /INTERNAL_SIZE_T max_sbrked_mem;/ INTERNAL_SIZE_T max_mmapped_mem; INTERNAL_SIZE_T max_total_mem; /* only kept for NO_THREADS */
/* First address handed out by MORECORE/sbrk. */ char *sbrk_base; };
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_12","title":"c_malloc_par_2_12","text":" Bases: Structure
This class represents the malloc_par struct for GLIBC < 2.15 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.12/malloc/malloc.c#L2402-L2433
struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_12--ifdef-per_thread","title":"ifdef PER_THREAD","text":"INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_12--endif","title":"endif","text":"/* Memory map support / int n_mmaps; int n_mmaps_max; int max_n_mmaps; / the mmap_threshold is dynamic, until the user sets it manually, at which point we need to disable any dynamic behavior. */ int no_dyn_threshold;
/* Cache malloc_getpagesize */ unsigned int pagesize;
/* Statistics / INTERNAL_SIZE_T mmapped_mem; /*INTERNAL_SIZE_T sbrked_mem;/ /INTERNAL_SIZE_T max_sbrked_mem;/ INTERNAL_SIZE_T max_mmapped_mem; INTERNAL_SIZE_T max_total_mem; /* only kept for NO_THREADS */
/* First address handed out by MORECORE/sbrk. / char sbrk_base; };
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_24","title":"c_malloc_par_2_24","text":" Bases: Structure
This class represents the malloc_par struct for GLIBC >= 2.24 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.25/malloc/malloc.c#L1690 https://github.com/bminor/glibc/blob/glibc-2.24/malloc/malloc.c#L1719
struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold; INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;
/* Memory map support */\nint n_mmaps;\nint n_mmaps_max;\nint max_n_mmaps;\n/* the mmap_threshold is dynamic, until the user sets\n it manually, at which point we need to disable any\n dynamic behavior. */\nint no_dyn_threshold;\n\n/* Statistics */\nINTERNAL_SIZE_T mmapped_mem;\nINTERNAL_SIZE_T max_mmapped_mem;\n\n/* First address handed out by MORECORE/sbrk. */\nchar *sbrk_base;\n
};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_26","title":"c_malloc_par_2_26","text":" Bases: Structure
This class represents the malloc_par struct for GLIBC >= 2.26 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L1875
struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold; INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;
/* Memory map support */\nint n_mmaps;\nint n_mmaps_max;\nint max_n_mmaps;\n/* the mmap_threshold is dynamic, until the user sets\n it manually, at which point we need to disable any\n dynamic behavior. */\nint no_dyn_threshold;\n\n/* Statistics */\nINTERNAL_SIZE_T mmapped_mem;\nINTERNAL_SIZE_T max_mmapped_mem;\n\n/* First address handed out by MORECORE/sbrk. */\nchar *sbrk_base;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_26--if-use_tcache","title":"if USE_TCACHE","text":"/* Maximum number of buckets to use. */\nsize_t tcache_bins;\nsize_t tcache_max_bytes;\n/* Maximum number of chunks in each bucket. */\nsize_t tcache_count;\n/* Maximum number of chunks to remove from the unsorted list, which\n aren't used to prefill the cache. */\nsize_t tcache_unsorted_limit;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_26--endif","title":"endif","text":"};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35","title":"c_malloc_par_2_35","text":" Bases: Structure
This class represents the malloc_par struct for GLIBC >= 2.35 as a ctypes struct.
https://github.com/bminor/glibc/blob/glibc-2.35/malloc/malloc.c#L1874
struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold; INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--if-have_tunables","title":"if HAVE_TUNABLES","text":"/* Transparent Large Page support. */\nINTERNAL_SIZE_T thp_pagesize;\n/* A value different than 0 means to align mmap allocation to hp_pagesize\n add hp_flags on flags. */\nINTERNAL_SIZE_T hp_pagesize;\nint hp_flags;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--endif","title":"endif","text":"/* Memory map support */\nint n_mmaps;\nint n_mmaps_max;\nint max_n_mmaps;\n/* the mmap_threshold is dynamic, until the user sets\n it manually, at which point we need to disable any\n dynamic behavior. */\nint no_dyn_threshold;\n\n/* Statistics */\nINTERNAL_SIZE_T mmapped_mem;\nINTERNAL_SIZE_T max_mmapped_mem;\n\n/* First address handed out by MORECORE/sbrk. */\nchar *sbrk_base;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--if-use_tcache","title":"if USE_TCACHE","text":"/* Maximum number of buckets to use. */\nsize_t tcache_bins;\nsize_t tcache_max_bytes;\n/* Maximum number of chunks in each bucket. */\nsize_t tcache_count;\n/* Maximum number of chunks to remove from the unsorted list, which\n aren't used to prefill the cache. */\nsize_t tcache_unsorted_limit;\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.c_malloc_par_2_35--endif_1","title":"endif","text":"};
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar","title":"MallocPar","text":"MallocPar(address: int)\n
Bases: CStruct2GDB
This class represents the malloc_par struct with interface compatible with pwndbg.dbg_mod.Value.
Methods:
-
__int__ \u2013 Returns the address of the C struct.
-
__getitem__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__getattr__ \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
__eq__ \u2013 -
value_to_human_readable \u2013 Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
-
read_field \u2013 Returns the value of the specified field as a pwndbg.dbg_mod.Value.
-
unqualified \u2013 Returns cls to make it compatible with the gdb.types.has_field() interface.
-
fields \u2013 Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
keys \u2013 Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
-
get_field_address \u2013 Returns the address of the specified field.
-
get_field_offset \u2013 Returns the offset of the specified field.
-
items \u2013 Returns a tuple of (field name, field value) pairs.
-
has_field \u2013 Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
Attributes:
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.sizeof","title":"sizeof class-attribute instance-attribute","text":"sizeof = sizeof(_c_struct)\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.code","title":"code class-attribute instance-attribute","text":"code = STRUCT\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.address","title":"address instance-attribute","text":"address = address\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.type","title":"type property","text":"type\n
Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__int__","title":"__int__","text":"__int__() -> int\n
Returns the address of the C struct.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__getitem__","title":"__getitem__","text":"__getitem__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__getattr__","title":"__getattr__","text":"__getattr__(key: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.__eq__","title":"__eq__","text":"__eq__(other: Any) -> bool\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.value_to_human_readable","title":"value_to_human_readable","text":"value_to_human_readable() -> str\n
Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.read_field","title":"read_field","text":"read_field(field: str) -> Value\n
Returns the value of the specified field as a pwndbg.dbg_mod.Value.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.unqualified","title":"unqualified classmethod","text":"unqualified()\n
Returns cls to make it compatible with the gdb.types.has_field() interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.fields","title":"fields classmethod","text":"fields() -> list[FakeGDBField]\n
Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.keys","title":"keys classmethod","text":"keys() -> list[str]\n
Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.get_field_address","title":"get_field_address","text":"get_field_address(field: str) -> int\n
Returns the address of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.get_field_offset","title":"get_field_offset classmethod","text":"get_field_offset(field: str) -> int\n
Returns the offset of the specified field.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.items","title":"items","text":"items() -> tuple[tuple[Any, Any], ...]\n
Returns a tuple of (field name, field value) pairs.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.MallocPar.has_field","title":"has_field classmethod","text":"has_field(field: str) -> bool\n
Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.request2size","title":"request2size","text":"request2size(req: int) -> int\n
"},{"location":"reference/pwndbg/aglib/heap/structs/#pwndbg.aglib.heap.structs.fastbin_index","title":"fastbin_index","text":"fastbin_index(size: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/","title":"pwndbg.aglib.kernel","text":""},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel","title":"kernel","text":"Modules:
-
kallsyms \u2013 -
macros \u2013 -
nftables \u2013 -
paging \u2013 -
rbtree \u2013 -
slab \u2013 -
vmmap \u2013
Classes:
-
ArchOps \u2013 -
x86Ops \u2013 -
i386Ops \u2013 -
x86_64Ops \u2013 -
Aarch64Ops \u2013
Functions:
-
BIT \u2013 -
has_debug_syms \u2013 -
requires_kconfig \u2013 -
requires_debug_syms \u2013 -
nproc \u2013 Returns the number of processing units available, similar to nproc(1)
-
npcplist \u2013 returns NR_PCP_LISTS (https://elixir.bootlin.com/linux/v6.13/source/include/linux/mmzone.h#L671)
-
get_first_kernel_ro \u2013 Returns the first kernel mapping which contains the linux_banner
-
load_kconfig \u2013 -
kconfig \u2013 -
kcmdline \u2013 -
kversion \u2013 -
krelease \u2013 -
is_kaslr_enabled \u2013 -
kbase \u2013 -
get_idt_entries \u2013 Retrieves the IDT entries from memory.
-
arch_ops \u2013 -
page_size \u2013 -
per_cpu \u2013 -
virt_to_phys \u2013 -
phys_to_virt \u2013 -
phys_to_pfn \u2013 -
pfn_to_phys \u2013 -
pfn_to_page \u2013 -
page_to_pfn \u2013 -
phys_to_page \u2013 -
page_to_phys \u2013 -
page_to_physmap \u2013 -
virt_to_page \u2013 -
page_to_virt \u2013 -
pfn_to_virt \u2013 -
virt_to_pfn \u2013 -
paging_enabled \u2013 -
num_numa_nodes \u2013 Returns the number of NUMA nodes that are online on the system
Attributes:
-
P \u2013 -
D \u2013 -
T \u2013
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.D","title":"D module-attribute","text":"D = TypeVar('D')\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps","title":"ArchOps","text":" Bases: ABC
Methods:
-
page_size \u2013 -
per_cpu \u2013 -
virt_to_phys \u2013 -
phys_to_virt \u2013 -
phys_to_pfn \u2013 -
pfn_to_phys \u2013 -
pfn_to_page \u2013 -
page_to_pfn \u2013 -
virt_to_pfn \u2013 -
pfn_to_virt \u2013 -
phys_to_page \u2013 -
page_to_phys \u2013 -
page_to_physmap \u2013 -
virt_to_page \u2013 -
page_to_virt \u2013
Attributes:
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_offset","title":"page_offset property","text":"page_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_size","title":"page_size abstractmethod","text":"page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.per_cpu","title":"per_cpu abstractmethod","text":"per_cpu(addr: Value, cpu=None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.virt_to_phys","title":"virt_to_phys abstractmethod","text":"virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.phys_to_virt","title":"phys_to_virt abstractmethod","text":"phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.phys_to_pfn","title":"phys_to_pfn abstractmethod","text":"phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.pfn_to_phys","title":"pfn_to_phys abstractmethod","text":"pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.pfn_to_page","title":"pfn_to_page abstractmethod","text":"pfn_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_to_pfn","title":"page_to_pfn abstractmethod","text":"page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.virt_to_pfn","title":"virt_to_pfn","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.pfn_to_virt","title":"pfn_to_virt","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.phys_to_page","title":"phys_to_page","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_to_phys","title":"page_to_phys","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_to_physmap","title":"page_to_physmap","text":"page_to_physmap(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.virt_to_page","title":"virt_to_page","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.ArchOps.page_to_virt","title":"page_to_virt","text":"page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops","title":"x86Ops","text":" Bases: ArchOps
Methods:
-
page_size \u2013 -
phys_to_virt \u2013 -
phys_to_pfn \u2013 -
pfn_to_phys \u2013 -
paging_enabled \u2013 -
per_cpu \u2013 -
virt_to_phys \u2013 -
pfn_to_page \u2013 -
page_to_pfn \u2013 -
virt_to_pfn \u2013 -
pfn_to_virt \u2013 -
phys_to_page \u2013 -
page_to_phys \u2013 -
page_to_physmap \u2013 -
virt_to_page \u2013 -
page_to_virt \u2013
Attributes:
-
ptr_size (int) \u2013 -
page_shift (int) \u2013 -
page_offset (int) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.ptr_size","title":"ptr_size abstractmethod property","text":"ptr_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_shift","title":"page_shift abstractmethod property","text":"page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_offset","title":"page_offset abstractmethod property","text":"page_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_size","title":"page_size","text":"page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.phys_to_virt","title":"phys_to_virt","text":"phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.phys_to_pfn","title":"phys_to_pfn","text":"phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.pfn_to_phys","title":"pfn_to_phys","text":"pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.paging_enabled","title":"paging_enabled staticmethod","text":"paging_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.per_cpu","title":"per_cpu abstractmethod","text":"per_cpu(addr: Value, cpu=None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.virt_to_phys","title":"virt_to_phys abstractmethod","text":"virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.pfn_to_page","title":"pfn_to_page abstractmethod","text":"pfn_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_to_pfn","title":"page_to_pfn abstractmethod","text":"page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.virt_to_pfn","title":"virt_to_pfn","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.pfn_to_virt","title":"pfn_to_virt","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.phys_to_page","title":"phys_to_page","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_to_phys","title":"page_to_phys","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_to_physmap","title":"page_to_physmap","text":"page_to_physmap(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.virt_to_page","title":"virt_to_page","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86Ops.page_to_virt","title":"page_to_virt","text":"page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops","title":"i386Ops","text":"i386Ops()\n
Bases: x86Ops
Methods:
-
virt_to_phys \u2013 -
per_cpu \u2013 -
pfn_to_page \u2013 -
page_to_pfn \u2013 -
page_size \u2013 -
phys_to_virt \u2013 -
phys_to_pfn \u2013 -
pfn_to_phys \u2013 -
virt_to_pfn \u2013 -
pfn_to_virt \u2013 -
phys_to_page \u2013 -
page_to_phys \u2013 -
page_to_physmap \u2013 -
virt_to_page \u2013 -
page_to_virt \u2013 -
paging_enabled \u2013
Attributes:
-
START_KERNEL_map \u2013 -
ptr_size (int) \u2013 -
page_offset (int) \u2013 -
page_shift (int) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.START_KERNEL_map","title":"START_KERNEL_map instance-attribute","text":"START_KERNEL_map = _PAGE_OFFSET\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.ptr_size","title":"ptr_size property","text":"ptr_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_offset","title":"page_offset property","text":"page_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_shift","title":"page_shift property","text":"page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.virt_to_phys","title":"virt_to_phys","text":"virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.per_cpu","title":"per_cpu","text":"per_cpu(addr: Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.pfn_to_page","title":"pfn_to_page","text":"pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_to_pfn","title":"page_to_pfn","text":"page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_size","title":"page_size","text":"page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.phys_to_virt","title":"phys_to_virt","text":"phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.phys_to_pfn","title":"phys_to_pfn","text":"phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.pfn_to_phys","title":"pfn_to_phys","text":"pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.virt_to_pfn","title":"virt_to_pfn","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.pfn_to_virt","title":"pfn_to_virt","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.phys_to_page","title":"phys_to_page","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_to_phys","title":"page_to_phys","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_to_physmap","title":"page_to_physmap","text":"page_to_physmap(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.virt_to_page","title":"virt_to_page","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.page_to_virt","title":"page_to_virt","text":"page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.i386Ops.paging_enabled","title":"paging_enabled staticmethod","text":"paging_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops","title":"x86_64Ops","text":"x86_64Ops()\n
Bases: x86Ops
Methods:
-
per_cpu \u2013 -
virt_to_phys \u2013 -
pfn_to_page \u2013 -
page_to_pfn \u2013 -
cpu_feature_capability \u2013 -
uses_5lvl_paging \u2013 -
page_size \u2013 -
phys_to_virt \u2013 -
phys_to_pfn \u2013 -
pfn_to_phys \u2013 -
virt_to_pfn \u2013 -
pfn_to_virt \u2013 -
phys_to_page \u2013 -
page_to_phys \u2013 -
page_to_physmap \u2013 -
virt_to_page \u2013 -
page_to_virt \u2013 -
paging_enabled \u2013
Attributes:
-
STRUCT_PAGE_SIZE \u2013 -
STRUCT_PAGE_SHIFT \u2013 -
phys_base \u2013 -
START_KERNEL_map \u2013 -
VMEMMAP_START \u2013 -
ptr_size (int) \u2013 -
page_offset (int) \u2013 -
page_shift (int) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.STRUCT_PAGE_SIZE","title":"STRUCT_PAGE_SIZE instance-attribute","text":"STRUCT_PAGE_SIZE = sizeof\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFT instance-attribute","text":"STRUCT_PAGE_SHIFT = int(log2(STRUCT_PAGE_SIZE))\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_base","title":"phys_base instance-attribute","text":"phys_base = 16777216\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.START_KERNEL_map","title":"START_KERNEL_map instance-attribute","text":"START_KERNEL_map = kbase()\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.VMEMMAP_START","title":"VMEMMAP_START instance-attribute","text":"VMEMMAP_START = lookup_symbol_value('vmemmap_base')\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.ptr_size","title":"ptr_size property","text":"ptr_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_offset","title":"page_offset property","text":"page_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_shift","title":"page_shift property","text":"page_shift: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.per_cpu","title":"per_cpu","text":"per_cpu(addr: Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.virt_to_phys","title":"virt_to_phys","text":"virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.pfn_to_page","title":"pfn_to_page","text":"pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_to_pfn","title":"page_to_pfn","text":"page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.cpu_feature_capability","title":"cpu_feature_capability staticmethod","text":"cpu_feature_capability(feature: int) -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.uses_5lvl_paging","title":"uses_5lvl_paging staticmethod","text":"uses_5lvl_paging() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_size","title":"page_size","text":"page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_to_virt","title":"phys_to_virt","text":"phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_to_pfn","title":"phys_to_pfn","text":"phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.pfn_to_phys","title":"pfn_to_phys","text":"pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.virt_to_pfn","title":"virt_to_pfn","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.pfn_to_virt","title":"pfn_to_virt","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.phys_to_page","title":"phys_to_page","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_to_phys","title":"page_to_phys","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_to_physmap","title":"page_to_physmap","text":"page_to_physmap(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.virt_to_page","title":"virt_to_page","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.page_to_virt","title":"page_to_virt","text":"page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.x86_64Ops.paging_enabled","title":"paging_enabled staticmethod","text":"paging_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops","title":"Aarch64Ops","text":"Aarch64Ops()\n
Bases: ArchOps
Methods:
-
page_size \u2013 -
per_cpu \u2013 -
virt_to_phys \u2013 -
phys_to_virt \u2013 -
phys_to_pfn \u2013 -
pfn_to_phys \u2013 -
pfn_to_page \u2013 -
page_to_pfn \u2013 -
paging_enabled \u2013 -
virt_to_pfn \u2013 -
pfn_to_virt \u2013 -
phys_to_page \u2013 -
page_to_phys \u2013 -
page_to_physmap \u2013 -
virt_to_page \u2013 -
page_to_virt \u2013
Attributes:
-
STRUCT_PAGE_SIZE \u2013 -
STRUCT_PAGE_SHIFT \u2013 -
VA_BITS \u2013 -
PAGE_SHIFT \u2013 -
PHYS_OFFSET \u2013 -
PAGE_OFFSET \u2013 -
VMEMMAP_SHIFT \u2013 -
VMEMMAP_START \u2013 -
page_offset (int) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.STRUCT_PAGE_SIZE","title":"STRUCT_PAGE_SIZE instance-attribute","text":"STRUCT_PAGE_SIZE = sizeof\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.STRUCT_PAGE_SHIFT","title":"STRUCT_PAGE_SHIFT instance-attribute","text":"STRUCT_PAGE_SHIFT = int(log2(STRUCT_PAGE_SIZE))\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.VA_BITS","title":"VA_BITS instance-attribute","text":"VA_BITS = int(kconfig()['ARM64_VA_BITS'])\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.PAGE_SHIFT","title":"PAGE_SHIFT instance-attribute","text":"PAGE_SHIFT = int(kconfig()['CONFIG_ARM64_PAGE_SHIFT'])\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.PHYS_OFFSET","title":"PHYS_OFFSET instance-attribute","text":"PHYS_OFFSET = u(addr)\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.PAGE_OFFSET","title":"PAGE_OFFSET instance-attribute","text":"PAGE_OFFSET = -1 << VA_BITS + 2 ** 64\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.VMEMMAP_SHIFT","title":"VMEMMAP_SHIFT instance-attribute","text":"VMEMMAP_SHIFT = PAGE_SHIFT - STRUCT_PAGE_SHIFT\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.VMEMMAP_START","title":"VMEMMAP_START instance-attribute","text":"VMEMMAP_START = -1 << VA_BITS - VMEMMAP_SHIFT % 1 << 64\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_offset","title":"page_offset property","text":"page_offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_size","title":"page_size","text":"page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.per_cpu","title":"per_cpu","text":"per_cpu(addr: Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.virt_to_phys","title":"virt_to_phys","text":"virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.phys_to_virt","title":"phys_to_virt","text":"phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.phys_to_pfn","title":"phys_to_pfn","text":"phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.pfn_to_phys","title":"pfn_to_phys","text":"pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.pfn_to_page","title":"pfn_to_page","text":"pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_to_pfn","title":"page_to_pfn","text":"page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.paging_enabled","title":"paging_enabled staticmethod","text":"paging_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.virt_to_pfn","title":"virt_to_pfn","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.pfn_to_virt","title":"pfn_to_virt","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.phys_to_page","title":"phys_to_page","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_to_phys","title":"page_to_phys","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_to_physmap","title":"page_to_physmap","text":"page_to_physmap(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.virt_to_page","title":"virt_to_page","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.Aarch64Ops.page_to_virt","title":"page_to_virt","text":"page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.BIT","title":"BIT","text":"BIT(shift: int)\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.has_debug_syms","title":"has_debug_syms","text":"has_debug_syms() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.requires_kconfig","title":"requires_kconfig","text":"requires_kconfig(\n default: D = None,\n) -> Callable[[Callable[P, T]], Callable[P, T | D]]\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.requires_debug_syms","title":"requires_debug_syms","text":"requires_debug_syms(\n default: D = None,\n) -> Callable[[Callable[P, T]], Callable[P, T | D]]\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.nproc","title":"nproc","text":"nproc() -> int\n
Returns the number of processing units available, similar to nproc(1)
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.npcplist","title":"npcplist","text":"npcplist() -> int\n
returns NR_PCP_LISTS (https://elixir.bootlin.com/linux/v6.13/source/include/linux/mmzone.h#L671)
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.get_first_kernel_ro","title":"get_first_kernel_ro","text":"get_first_kernel_ro() -> Page | None\n
Returns the first kernel mapping which contains the linux_banner
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.load_kconfig","title":"load_kconfig","text":"load_kconfig() -> Kconfig | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kconfig","title":"kconfig","text":"kconfig() -> Kconfig | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kcmdline","title":"kcmdline","text":"kcmdline() -> str\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kversion","title":"kversion","text":"kversion() -> str\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.krelease","title":"krelease","text":"krelease() -> tuple[int, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.is_kaslr_enabled","title":"is_kaslr_enabled","text":"is_kaslr_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.kbase","title":"kbase","text":"kbase() -> int | None\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.get_idt_entries","title":"get_idt_entries","text":"get_idt_entries() -> list[IDTEntry]\n
Retrieves the IDT entries from memory.
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.arch_ops","title":"arch_ops","text":"arch_ops() -> ArchOps\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_size","title":"page_size","text":"page_size() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.per_cpu","title":"per_cpu","text":"per_cpu(addr: Value, cpu: int | None = None) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.virt_to_phys","title":"virt_to_phys","text":"virt_to_phys(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.phys_to_virt","title":"phys_to_virt","text":"phys_to_virt(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.phys_to_pfn","title":"phys_to_pfn","text":"phys_to_pfn(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.pfn_to_phys","title":"pfn_to_phys","text":"pfn_to_phys(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.pfn_to_page","title":"pfn_to_page","text":"pfn_to_page(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_to_pfn","title":"page_to_pfn","text":"page_to_pfn(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.phys_to_page","title":"phys_to_page","text":"phys_to_page(phys: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_to_phys","title":"page_to_phys","text":"page_to_phys(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_to_physmap","title":"page_to_physmap","text":"page_to_physmap(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.virt_to_page","title":"virt_to_page","text":"virt_to_page(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.page_to_virt","title":"page_to_virt","text":"page_to_virt(page: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.pfn_to_virt","title":"pfn_to_virt","text":"pfn_to_virt(pfn: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.virt_to_pfn","title":"virt_to_pfn","text":"virt_to_pfn(virt: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.paging_enabled","title":"paging_enabled","text":"paging_enabled() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/#pwndbg.aglib.kernel.num_numa_nodes","title":"num_numa_nodes","text":"num_numa_nodes() -> int\n
Returns the number of NUMA nodes that are online on the system
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/","title":"pwndbg.aglib.kernel.kallsyms","text":""},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms","title":"kallsyms","text":"Classes:
Functions:
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms","title":"Kallsyms","text":"Kallsyms()\n
- linux_banner >= 6.4
- ... <= 6.4
- kallsyms_offsets
- kallsyms_relative_base
- kallsyms_num_syms
- kallsyms_names
- kallsyms_markers
- kallsyms_token_table
- kallsyms_token_index
- kallsyms_offsets >= 6.4
- kallsyms_relative_base >= 6.4
Methods:
-
find_token_table \u2013 This function searches for the kallsyms_token_table structure in the kernel memory.
-
find_token_index \u2013 This function searches for the kallsyms_token_index structure in the kernel memory
-
find_markers \u2013 This function searches for the kallsyms_markers structure in the kernel memory
-
find_num_syms \u2013 This function searches for the kallsyms_num_syms variable in the kernel memory
-
find_offsets \u2013 This function searches for the kallsyms_offsets/kallsyms_addresses table in the kernel memory
-
find_relative_base \u2013 This function searches for the kallsyms_relative_base variable in the kernel memory.
-
find_names \u2013 -
get_kernel_addresses \u2013 -
parse_symbol_table \u2013 -
get_token_table \u2013 -
find_names_uncompressed \u2013 -
find_markers_uncompressed \u2013 This function searches for the kallsyms_markers structure in the kernel memory
Attributes:
-
kallsyms (dict[str, tuple[int, str]]) \u2013 -
kbase \u2013 -
r_base \u2013 -
kernel_ro_mem \u2013 -
kernel_version \u2013 -
is_offsets \u2013 -
rbase_offset \u2013 -
is_big_endian \u2013 -
token_table \u2013 -
is_uncompressed \u2013 -
markers \u2013 -
token_index \u2013 -
num_syms \u2013 -
offsets \u2013 -
names \u2013 -
kernel_addresses \u2013
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kallsyms","title":"kallsyms instance-attribute","text":"kallsyms: dict[str, tuple[int, str]] = {}\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kbase","title":"kbase instance-attribute","text":"kbase = kbase()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.r_base","title":"r_base instance-attribute","text":"r_base = vaddr\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kernel_ro_mem","title":"kernel_ro_mem instance-attribute","text":"kernel_ro_mem = read(vaddr, memsz)\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kernel_version","title":"kernel_version instance-attribute","text":"kernel_version = krelease()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.is_offsets","title":"is_offsets instance-attribute","text":"is_offsets = False\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.rbase_offset","title":"rbase_offset instance-attribute","text":"rbase_offset = 0\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.is_big_endian","title":"is_big_endian instance-attribute","text":"is_big_endian = None\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.token_table","title":"token_table instance-attribute","text":"token_table = find_token_table()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.is_uncompressed","title":"is_uncompressed instance-attribute","text":"is_uncompressed = False\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.markers","title":"markers instance-attribute","text":"markers = find_markers_uncompressed()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.token_index","title":"token_index instance-attribute","text":"token_index = find_token_index()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.num_syms","title":"num_syms instance-attribute","text":"num_syms = find_num_syms()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.offsets","title":"offsets instance-attribute","text":"offsets = find_offsets()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.names","title":"names instance-attribute","text":"names = find_names()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.kernel_addresses","title":"kernel_addresses instance-attribute","text":"kernel_addresses = get_kernel_addresses()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_token_table","title":"find_token_table","text":"find_token_table() -> int\n
This function searches for the kallsyms_token_table structure in the kernel memory. The kallsyms_token_table contains 256 zero-terminated tokens from which symbol names are built. Example structure: 0xffffffff827b2f00: \"mm\" 0xffffffff827b2f03: \"tim\" 0xffffffff827b2f07: \"bu\" 0xffffffff827b2f0a: \"ode_\" 0xffffffff827b2f0f: \"robestub\" 0xffffffff827b2fdb: \"0\" 0xffffffff827b2fdd: \"1\" 0xffffffff827b2fdf: \"2\" 0xffffffff827b2fe1: \"3\" 0xffffffff827b2fe3: \"4\" 0xffffffff827b2fe5: \"5\" 0xffffffff827b2fe7: \"6\" 0xffffffff827b2fe9: \"7\" 0xffffffff827b2feb: \"8\" 0xffffffff827b2fed: \"9\""},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_token_index","title":"find_token_index","text":"
find_token_index() -> int | None\n
This function searches for the kallsyms_token_index structure in the kernel memory starting at kallsyms_token_table. The token index table provides offsets into the kallsyms_token_table for each 256 byte-valued sub-table. The kallsyms_token_index is typically located immediately after the kallsyms_token_table in the kernel's read-only data section. Example structure: 0xffffffff827b3288: 0x0000 0x0003 0x0007 0x000a 0x000f 0x0018 0x001f 0x0023 0xffffffff827b3298: 0x0027 0x0031 0x0035 0x0038 0x003b 0x0043 0x0047 0x004a 0xffffffff827b32a8: 0x004f 0x0053 0x0056 0x0059 0x005d 0x0061 0x0067 0x006b 0xffffffff827b32b8: 0x006e 0x0071 0x0076 0x007c 0x0080 0x0088 0x008b 0x008f 0xffffffff827b32c8: 0x0094 0x0098 0x009b 0x009f 0x00a3 0x00a8 0x00ab 0x00b0
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_markers","title":"find_markers","text":"find_markers() -> int | None\n
This function searches for the kallsyms_markers structure in the kernel memory starting at kallsyms_token_table and search backwards. The markers table contains offsets to the corresponding symbol name for each kernel symbol. The kallsyms_markers table is typically located immediately before the kallsyms_token_table in the kernel's read-only data section. Example structure: 0xffffffff827b2430: 0x00000000 0x00000b2a 0x00001762 0x000023f6 0xffffffff827b2440: 0x00002fe4 0x00003c9d 0x0000487c 0x000056fd 0xffffffff827b2450: 0x00006597 0x000073b9 0x000081be 0x00008f21 0xffffffff827b2460: 0x00009c94 0x0000a958 0x0000b632 0x0000c193 0xffffffff827b2470: 0x0000ce0b 0x0000db98 0x0000ea3e 0x0000f80a 0xffffffff827b2480: 0x000105be 0x000112d3 0x00011f8c 0x00012d75 0xffffffff827b2490: 0x0001384d 0x0001446e 0x00015138 0x00015d8c
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_num_syms","title":"find_num_syms","text":"find_num_syms()\n
This function searches for the kallsyms_num_syms variable in the kernel memory starting at kallsyms_markers. The kallsyms_num_syms holds the number of kernel symbols in the symbol table. The kallsyms_num_syms variable is typically located before the kallsyms_names table in the kernel's read-only data section. In newer kernel versions the kallsyms_num_syms is immediately behind the linux_banner and in older version its behind kallsyms_base_relative or kallsyms_addresses (it depends on CONFIG_KALLSYMS_BASE_RELATIVE y/n)
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_offsets","title":"find_offsets","text":"find_offsets()\n
This function searches for the kallsyms_offsets/kallsyms_addresses table in the kernel memory starting at kallsyms_token_index. The offsets/addresses table containts offsets / addresses of each symbol in the kernel. The kallsyms_addresses is typically located before the kallsyms_num_syms variable in the kernel's read-only data section. Example structure: 0xffffffff827b3488: 0x00000000 0x00000000 0x00001000 0x00002000 0xffffffff827b3498: 0x00006000 0x0000b000 0x0000c000 0x0000d000 0xffffffff827b34a8: 0x00015000 0x00015008 0x00015010 0x00015018 0xffffffff827b34b8: 0x00015020 0x00015022 0x00015030 0x00015050 0xffffffff827b34c8: 0x00015450 0x00015460 0x00015860 0x00015888 0xffffffff827b34d8: 0x00015890 0x00015898 0x000158a0 0x000159c0
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_relative_base","title":"find_relative_base","text":"find_relative_base()\n
This function searches for the kallsyms_relative_base variable in the kernel memory. The relative base is used to calculate the actual virtual addresses of symbols from their offsets in the kallsyms_offsets table. The kallsyms_relative_base variable is typically located after the kallsyms_offsets table in the kernel's read-only data section.
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_names","title":"find_names","text":"find_names()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.get_kernel_addresses","title":"get_kernel_addresses","text":"get_kernel_addresses()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.parse_symbol_table","title":"parse_symbol_table","text":"parse_symbol_table()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.get_token_table","title":"get_token_table","text":"get_token_table()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_names_uncompressed","title":"find_names_uncompressed","text":"find_names_uncompressed()\n
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.Kallsyms.find_markers_uncompressed","title":"find_markers_uncompressed","text":"find_markers_uncompressed()\n
This function searches for the kallsyms_markers structure in the kernel memory Original Source: https://github.com/marin-m/vmlinux-to-elf/blob/master/vmlinux_to_elf/kallsyms_finder.py
"},{"location":"reference/pwndbg/aglib/kernel/kallsyms/#pwndbg.aglib.kernel.kallsyms.get","title":"get","text":"get() -> dict[str, tuple[int, str]]\n
"},{"location":"reference/pwndbg/aglib/kernel/macros/","title":"pwndbg.aglib.kernel.macros","text":""},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros","title":"macros","text":"Functions:
"},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros.container_of","title":"container_of","text":"container_of(ptr: int, typename: str, fieldname: str) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros.for_each_entry","title":"for_each_entry","text":"for_each_entry(head: Value, typename: str, field: str) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros.swab","title":"swab","text":"swab(x: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/macros/#pwndbg.aglib.kernel.macros.compound_head","title":"compound_head","text":"compound_head(page: Value) -> Value\n
returns the head page of compound pages
"},{"location":"reference/pwndbg/aglib/kernel/nftables/","title":"pwndbg.aglib.kernel.nftables","text":""},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables","title":"nftables","text":"Classes:
-
NftFields \u2013 -
Expr \u2013 -
Rule \u2013 -
ChainHook \u2013 -
Chain \u2013 -
Set \u2013 -
Object \u2013 -
FlowtableHook \u2013 -
Flowtable \u2013 -
Table \u2013 -
Nftables \u2013
Functions:
-
catch_error \u2013 -
get_init_net_namespace \u2013
Attributes:
-
NFPROTO_INET \u2013 -
NFPROTO_IPV4 \u2013 -
NFPROTO_ARP \u2013 -
NFPROTO_NETDEV \u2013 -
NFPROTO_BRIDGE \u2013 -
NFPROTO_IPV6 \u2013 -
nftables_table_family \u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_INET","title":"NFPROTO_INET module-attribute","text":"NFPROTO_INET = 1\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_IPV4","title":"NFPROTO_IPV4 module-attribute","text":"NFPROTO_IPV4 = 2\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_ARP","title":"NFPROTO_ARP module-attribute","text":"NFPROTO_ARP = 3\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_NETDEV","title":"NFPROTO_NETDEV module-attribute","text":"NFPROTO_NETDEV = 5\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_BRIDGE","title":"NFPROTO_BRIDGE module-attribute","text":"NFPROTO_BRIDGE = 7\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NFPROTO_IPV6","title":"NFPROTO_IPV6 module-attribute","text":"NFPROTO_IPV6 = 10\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.nftables_table_family","title":"nftables_table_family module-attribute","text":"nftables_table_family = {\n \"inet\": NFPROTO_INET,\n \"ip\": NFPROTO_IPV4,\n \"arp\": NFPROTO_ARP,\n \"netdev\": NFPROTO_NETDEV,\n \"bridge\": NFPROTO_BRIDGE,\n \"ip6\": NFPROTO_IPV6,\n}\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NftFields","title":"NftFields","text":" Bases: object
Methods:
-
__getattr__ \u2013 -
get_hook_list_dev_names \u2013 -
print_fields \u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NftFields.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NftFields.get_hook_list_dev_names","title":"get_hook_list_dev_names classmethod","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.NftFields.print_fields","title":"print_fields","text":"print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr","title":"Expr","text":"Expr(addr: Value)\n
Methods:
-
print_expr_iptables \u2013 -
print_expr_nftables \u2013 -
print \u2013
Attributes:
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr.expr_name","title":"expr_name property","text":"expr_name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr.print_expr_iptables","title":"print_expr_iptables","text":"print_expr_iptables(expr_name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr.print_expr_nftables","title":"print_expr_nftables","text":"print_expr_nftables(expr_name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Expr.print","title":"print","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule","title":"Rule","text":"Rule(addr: Value, chain: 'Chain')\n
Bases: NftFields
Methods:
-
find \u2013 -
iter_exprs \u2013 -
print \u2013 -
__getattr__ \u2013 -
get_hook_list_dev_names \u2013 -
print_fields \u2013
Attributes:
-
handle (int) \u2013 -
userdata (bytearray) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.handle","title":"handle instance-attribute","text":"handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.userdata","title":"userdata property","text":"userdata: bytearray\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.find","title":"find classmethod","text":"find(\n table_name: str,\n table_family: int,\n chain_name: str,\n rule_id: int,\n nsid: int | None = None,\n) -> Iterator[\"Rule\"]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.iter_exprs","title":"iter_exprs","text":"iter_exprs() -> Iterator[Expr]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.print","title":"print","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.get_hook_list_dev_names","title":"get_hook_list_dev_names classmethod","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Rule.print_fields","title":"print_fields","text":"print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook","title":"ChainHook","text":"ChainHook(parent: 'Chain')\n
Bases: NftFields
Methods:
-
is_netdev \u2013 -
get_netdevs \u2013 -
nested_print \u2013 -
__getattr__ \u2013 -
get_hook_list_dev_names \u2013 -
print_fields \u2013
Attributes:
-
hooknum (int) \u2013 -
priority (int) \u2013 -
dev (str) \u2013 -
devs (list[str]) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.hooknum","title":"hooknum instance-attribute","text":"hooknum: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.priority","title":"priority instance-attribute","text":"priority: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.dev","title":"dev property","text":"dev: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.devs","title":"devs property","text":"devs: list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.is_netdev","title":"is_netdev","text":"is_netdev() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.get_netdevs","title":"get_netdevs","text":"get_netdevs() -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.nested_print","title":"nested_print","text":"nested_print(nested: int = 0)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.get_hook_list_dev_names","title":"get_hook_list_dev_names classmethod","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.ChainHook.print_fields","title":"print_fields","text":"print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain","title":"Chain","text":"Chain(addr: Value)\n
Bases: NftFields
Methods:
-
find \u2013 -
iter_rules \u2013 -
print \u2013 -
__getattr__ \u2013 -
get_hook_list_dev_names \u2013 -
print_fields \u2013
Attributes:
-
bound (int) \u2013 -
genmask (int) \u2013 -
handle (int) \u2013 -
use (int) \u2013 -
flags (int) \u2013 -
name (str) \u2013 -
hook (ChainHook) \u2013 -
userdata (bytearray) \u2013 -
policy (int) \u2013 -
type (str) \u2013 -
table ('Table') \u2013 -
basechain (Value | None) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.bound","title":"bound instance-attribute","text":"bound: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.genmask","title":"genmask instance-attribute","text":"genmask: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.handle","title":"handle instance-attribute","text":"handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.use","title":"use instance-attribute","text":"use: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.flags","title":"flags instance-attribute","text":"flags: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.hook","title":"hook instance-attribute","text":"hook: ChainHook = ChainHook(self)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.userdata","title":"userdata property","text":"userdata: bytearray\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.policy","title":"policy property","text":"policy: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.type","title":"type property","text":"type: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.table","title":"table property","text":"table: 'Table'\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.basechain","title":"basechain property","text":"basechain: Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.find","title":"find classmethod","text":"find(\n table_family: int | None = None,\n table_name: str | None = None,\n chain_name: str | None = None,\n nsid: int | None = None,\n) -> Iterator[\"Chain\"]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.iter_rules","title":"iter_rules","text":"iter_rules() -> Iterator[Rule]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.print","title":"print","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.get_hook_list_dev_names","title":"get_hook_list_dev_names classmethod","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Chain.print_fields","title":"print_fields","text":"print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set","title":"Set","text":"Set(addr: Value)\n
Bases: NftFields
Methods:
-
iter_expr \u2013 -
iter_elems \u2013 -
print \u2013 -
__getattr__ \u2013 -
get_hook_list_dev_names \u2013 -
print_fields \u2013
Attributes:
-
use (int) \u2013 -
dead (int) \u2013 -
genmask (int) \u2013 -
field_count (int) \u2013 -
num_exprs (int) \u2013 -
name (str) \u2013 -
flags (int) \u2013 -
ktype (int) \u2013 -
klen (int) \u2013 -
dtype (int) \u2013 -
dlen (int) \u2013 -
policy (int) \u2013 -
timeout (int) \u2013 -
gc_int (int) \u2013 -
objtype (int) \u2013 -
handle (int) \u2013 -
nelems (int) \u2013 -
desc_size (int) \u2013 -
desc_concat (list[int]) \u2013 -
table ('Table') \u2013 -
userdata (bytearray) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.use","title":"use instance-attribute","text":"use: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.dead","title":"dead instance-attribute","text":"dead: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.genmask","title":"genmask instance-attribute","text":"genmask: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.field_count","title":"field_count instance-attribute","text":"field_count: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.num_exprs","title":"num_exprs instance-attribute","text":"num_exprs: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.flags","title":"flags instance-attribute","text":"flags: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.ktype","title":"ktype instance-attribute","text":"ktype: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.klen","title":"klen instance-attribute","text":"klen: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.dtype","title":"dtype instance-attribute","text":"dtype: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.dlen","title":"dlen instance-attribute","text":"dlen: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.policy","title":"policy instance-attribute","text":"policy: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.timeout","title":"timeout instance-attribute","text":"timeout: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.gc_int","title":"gc_int instance-attribute","text":"gc_int: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.objtype","title":"objtype instance-attribute","text":"objtype: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.handle","title":"handle instance-attribute","text":"handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.nelems","title":"nelems property","text":"nelems: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.desc_size","title":"desc_size property","text":"desc_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.desc_concat","title":"desc_concat property","text":"desc_concat: list[int]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.table","title":"table property","text":"table: 'Table'\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.userdata","title":"userdata property","text":"userdata: bytearray\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.iter_expr","title":"iter_expr","text":"iter_expr() -> Iterator[Expr]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.iter_elems","title":"iter_elems","text":"iter_elems() -> Iterator[None]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.print","title":"print","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.get_hook_list_dev_names","title":"get_hook_list_dev_names classmethod","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Set.print_fields","title":"print_fields","text":"print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object","title":"Object","text":"Object(addr: Value)\n
Bases: NftFields
Methods:
-
iter_data \u2013 -
print \u2013 -
__getattr__ \u2013 -
get_hook_list_dev_names \u2013 -
print_fields \u2013
Attributes:
-
genmask (int) \u2013 -
use (int) \u2013 -
handle (int) \u2013 -
type (int) \u2013 -
name (str) \u2013 -
table ('Table') \u2013 -
userdata (bytearray) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.genmask","title":"genmask instance-attribute","text":"genmask: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.use","title":"use instance-attribute","text":"use: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.handle","title":"handle instance-attribute","text":"handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.type","title":"type property","text":"type: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.name","title":"name property","text":"name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.table","title":"table property","text":"table: 'Table'\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.userdata","title":"userdata property","text":"userdata: bytearray\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.iter_data","title":"iter_data","text":"iter_data() -> Iterator[None]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.print","title":"print","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.get_hook_list_dev_names","title":"get_hook_list_dev_names classmethod","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Object.print_fields","title":"print_fields","text":"print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook","title":"FlowtableHook","text":"FlowtableHook(parent: 'Flowtable')\n
Bases: NftFields
Methods:
-
nested_print \u2013 -
__getattr__ \u2013 -
get_hook_list_dev_names \u2013 -
print_fields \u2013
Attributes:
-
hooknum (int) \u2013 -
priority (int) \u2013 -
devs (list[str]) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.hooknum","title":"hooknum property","text":"hooknum: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.priority","title":"priority property","text":"priority: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.devs","title":"devs property","text":"devs: list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.nested_print","title":"nested_print","text":"nested_print(nested: int = 0)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.get_hook_list_dev_names","title":"get_hook_list_dev_names classmethod","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.FlowtableHook.print_fields","title":"print_fields","text":"print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable","title":"Flowtable","text":"Flowtable(addr: Value)\n
Bases: NftFields
Methods:
-
print \u2013 -
__getattr__ \u2013 -
get_hook_list_dev_names \u2013 -
print_fields \u2013
Attributes:
-
genmask (int) \u2013 -
name (str) \u2013 -
use (int) \u2013 -
handle (int) \u2013 -
hook (FlowtableHook) \u2013 -
table ('Table') \u2013 -
flags (int) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.genmask","title":"genmask instance-attribute","text":"genmask: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.use","title":"use instance-attribute","text":"use: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.handle","title":"handle instance-attribute","text":"handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.hook","title":"hook instance-attribute","text":"hook: FlowtableHook = FlowtableHook(self)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.table","title":"table property","text":"table: 'Table'\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.flags","title":"flags property","text":"flags: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.print","title":"print","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.get_hook_list_dev_names","title":"get_hook_list_dev_names classmethod","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Flowtable.print_fields","title":"print_fields","text":"print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table","title":"Table","text":"Table(addr: Value)\n
Bases: NftFields
Methods:
-
find \u2013 -
iter_chains \u2013 -
iter_sets \u2013 -
iter_flowtables \u2013 -
iter_objects \u2013 -
nested_print \u2013 -
print \u2013 -
__getattr__ \u2013 -
get_hook_list_dev_names \u2013 -
print_fields \u2013
Attributes:
-
family (int) \u2013 -
genmask (int) \u2013 -
name (str) \u2013 -
handle (int) \u2013 -
use (int) \u2013 -
flags (int) \u2013 -
nlpid (int) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.family","title":"family instance-attribute","text":"family: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.genmask","title":"genmask instance-attribute","text":"genmask: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.handle","title":"handle instance-attribute","text":"handle: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.use","title":"use instance-attribute","text":"use: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.flags","title":"flags instance-attribute","text":"flags: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.nlpid","title":"nlpid instance-attribute","text":"nlpid: int\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.find","title":"find classmethod","text":"find(\n table_name: str | None = None,\n table_family: int | None = None,\n nsid: int | None = None,\n) -> Iterator[\"Table\"]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_chains","title":"iter_chains","text":"iter_chains() -> Iterator[Chain]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_sets","title":"iter_sets","text":"iter_sets() -> Iterator[Set]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_flowtables","title":"iter_flowtables","text":"iter_flowtables() -> Iterator[Flowtable]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.iter_objects","title":"iter_objects","text":"iter_objects() -> Iterator[Object]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.nested_print","title":"nested_print","text":"nested_print(nested: int = 0)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.print","title":"print","text":"print(print_nested: bool = True)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.get_hook_list_dev_names","title":"get_hook_list_dev_names classmethod","text":"get_hook_list_dev_names(hook_list: Value) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Table.print_fields","title":"print_fields","text":"print_fields(nested: int = 0, keys: list[str] = None)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Nftables","title":"Nftables","text":"Nftables(addr: Value)\n
Methods:
-
find \u2013 -
iter_tables \u2013 -
print \u2013
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Nftables.find","title":"find classmethod","text":"find(nsid: int | None = None) -> 'Nftables' | None\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Nftables.iter_tables","title":"iter_tables","text":"iter_tables() -> Iterator[Table]\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.Nftables.print","title":"print","text":"print()\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.catch_error","title":"catch_error","text":"catch_error(func)\n
"},{"location":"reference/pwndbg/aglib/kernel/nftables/#pwndbg.aglib.kernel.nftables.get_init_net_namespace","title":"get_init_net_namespace","text":"get_init_net_namespace() -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/","title":"pwndbg.aglib.kernel.paging","text":""},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging","title":"paging","text":"Functions:
-
get_memory_map_raw \u2013 -
find_kbase \u2013 -
uses_5lvl_paging \u2013 -
physmap_base \u2013 -
kbase \u2013 -
pagewalk \u2013
Attributes:
-
ENTRYMASK \u2013 -
guess_physmap \u2013
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.ENTRYMASK","title":"ENTRYMASK module-attribute","text":"ENTRYMASK = ~1 << 12 - 1 & 1 << 51 - 1\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.guess_physmap","title":"guess_physmap module-attribute","text":"guess_physmap = add_param(\n \"guess-physmap\",\n False,\n \"Should guess physmap base address when debug symbols are not present\",\n)\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.get_memory_map_raw","title":"get_memory_map_raw","text":"get_memory_map_raw() -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.find_kbase","title":"find_kbase","text":"find_kbase(pages) -> int | None\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.uses_5lvl_paging","title":"uses_5lvl_paging","text":"uses_5lvl_paging() -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.physmap_base","title":"physmap_base","text":"physmap_base() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.kbase","title":"kbase","text":"kbase()\n
"},{"location":"reference/pwndbg/aglib/kernel/paging/#pwndbg.aglib.kernel.paging.pagewalk","title":"pagewalk","text":"pagewalk(target, entry=None) -> list[tuple[int | None, int | None]]\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/","title":"pwndbg.aglib.kernel.rbtree","text":""},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree","title":"rbtree","text":"Functions:
-
init \u2013 -
for_each_rb_entry \u2013 -
rb_first \u2013 -
rb_last \u2013 -
rb_parent \u2013 -
rb_empty_node \u2013 -
rb_next \u2013 -
rb_prev \u2013
Attributes:
-
rb_root_type (Type) \u2013 -
rb_node_type (Type) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_root_type","title":"rb_root_type module-attribute","text":"rb_root_type: Type = None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_node_type","title":"rb_node_type module-attribute","text":"rb_node_type: Type = None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.init","title":"init","text":"init()\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.for_each_rb_entry","title":"for_each_rb_entry","text":"for_each_rb_entry(\n root: Value, typename: str, fieldname: str\n) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_first","title":"rb_first","text":"rb_first(root: Value) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_last","title":"rb_last","text":"rb_last(root: Value) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_parent","title":"rb_parent","text":"rb_parent(node: Value) -> Value\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_empty_node","title":"rb_empty_node","text":"rb_empty_node(node: Value) -> bool\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_next","title":"rb_next","text":"rb_next(node: Value) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/rbtree/#pwndbg.aglib.kernel.rbtree.rb_prev","title":"rb_prev","text":"rb_prev(node: Value) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/","title":"pwndbg.aglib.kernel.slab","text":""},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab","title":"slab","text":"Classes:
-
Freelist \u2013 -
SlabCache \u2013 -
CpuCache \u2013 -
NodeCache \u2013 -
Slab \u2013
Functions:
Attributes:
-
OO_SHIFT \u2013 -
OO_MASK \u2013
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.OO_SHIFT","title":"OO_SHIFT module-attribute","text":"OO_SHIFT = 16\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.OO_MASK","title":"OO_MASK module-attribute","text":"OO_MASK = 1 << OO_SHIFT - 1\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist","title":"Freelist","text":"Freelist(start_addr: int, offset: int, random: int = 0)\n
Methods:
-
__iter__ \u2013 -
__int__ \u2013 -
__len__ \u2013 -
find_next \u2013
Attributes:
-
start_addr \u2013 -
offset \u2013 -
random \u2013
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.start_addr","title":"start_addr instance-attribute","text":"start_addr = start_addr\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.offset","title":"offset instance-attribute","text":"offset = offset\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.random","title":"random instance-attribute","text":"random = random\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.__iter__","title":"__iter__","text":"__iter__() -> Generator[int, None, None]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.__int__","title":"__int__","text":"__int__() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.__len__","title":"__len__","text":"__len__() -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Freelist.find_next","title":"find_next","text":"find_next(addr: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache","title":"SlabCache","text":"SlabCache(slab_cache: Value)\n
Attributes:
-
address (int) \u2013 -
name (str) \u2013 -
offset (int) \u2013 -
random (int) \u2013 -
size (int) \u2013 -
object_size (int) \u2013 -
align (int) \u2013 -
flags (list[str]) \u2013 -
cpu_cache (CpuCache) \u2013 returns cpu cache associated to current thread
-
cpu_caches (Generator[CpuCache, None, None]) \u2013 returns cpu caches for all cpus
-
node_caches (Generator[NodeCache, None, None]) \u2013 returns node caches for all NUMA nodes
-
cpu_partial (int) \u2013 -
cpu_partial_slabs (int) \u2013 -
min_partial (int) \u2013 -
inuse (int) \u2013 -
useroffset (int) \u2013 -
usersize (int) \u2013 -
oo_order \u2013 -
oo_objects \u2013
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.address","title":"address property","text":"address: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.name","title":"name property","text":"name: str\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.offset","title":"offset property","text":"offset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.random","title":"random property","text":"random: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.size","title":"size property","text":"size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.object_size","title":"object_size property","text":"object_size: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.align","title":"align property","text":"align: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.flags","title":"flags property","text":"flags: list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.cpu_cache","title":"cpu_cache property","text":"cpu_cache: CpuCache\n
returns cpu cache associated to current thread
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.cpu_caches","title":"cpu_caches property","text":"cpu_caches: Generator[CpuCache, None, None]\n
returns cpu caches for all cpus
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.node_caches","title":"node_caches property","text":"node_caches: Generator[NodeCache, None, None]\n
returns node caches for all NUMA nodes
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.cpu_partial","title":"cpu_partial property","text":"cpu_partial: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.cpu_partial_slabs","title":"cpu_partial_slabs property","text":"cpu_partial_slabs: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.min_partial","title":"min_partial property","text":"min_partial: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.inuse","title":"inuse property","text":"inuse: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.useroffset","title":"useroffset property","text":"useroffset: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.usersize","title":"usersize property","text":"usersize: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.__oo_x","title":"__oo_x property","text":"__oo_x: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.oo_order","title":"oo_order property","text":"oo_order\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.SlabCache.oo_objects","title":"oo_objects property","text":"oo_objects\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache","title":"CpuCache","text":"CpuCache(cpu_cache: Value, slab_cache: SlabCache, cpu: int)\n
Attributes:
-
slab_cache \u2013 -
cpu \u2013 -
address (int) \u2013 -
freelist (Freelist) \u2013 -
active_slab (Slab | None) \u2013 -
partial_slabs (list[Slab]) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.slab_cache","title":"slab_cache instance-attribute","text":"slab_cache = slab_cache\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.cpu","title":"cpu instance-attribute","text":"cpu = cpu\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.address","title":"address property","text":"address: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.freelist","title":"freelist property","text":"freelist: Freelist\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.active_slab","title":"active_slab property","text":"active_slab: Slab | None\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.CpuCache.partial_slabs","title":"partial_slabs property","text":"partial_slabs: list[Slab]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache","title":"NodeCache","text":"NodeCache(node_cache: Value, slab_cache: SlabCache, node: int)\n
Attributes:
-
slab_cache \u2013 -
node \u2013 -
address (int) \u2013 -
partial_slabs (list[Slab]) \u2013 -
nr_partial (int) \u2013 -
min_partial (int) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.slab_cache","title":"slab_cache instance-attribute","text":"slab_cache = slab_cache\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.node","title":"node instance-attribute","text":"node = node\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.address","title":"address property","text":"address: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.partial_slabs","title":"partial_slabs property","text":"partial_slabs: list[Slab]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.nr_partial","title":"nr_partial property","text":"nr_partial: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.NodeCache.min_partial","title":"min_partial property","text":"min_partial: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab","title":"Slab","text":"Slab(\n slab: Value,\n cpu_cache: CpuCache | None,\n slab_cache: SlabCache,\n is_partial: bool = False,\n)\n
Attributes:
-
cpu_cache \u2013 -
slab_cache \u2013 -
is_partial \u2013 -
slab_address (int) \u2013 -
virt_address (int) \u2013 -
object_count (int) \u2013 -
objects (Generator[int, None, None]) \u2013 -
frozen (int) \u2013 -
inuse (int) \u2013 -
slabs (int) \u2013 -
pobjects (int) \u2013 -
freelist (Freelist) \u2013 -
freelists (list[Freelist]) \u2013 -
free_objects (set[int]) \u2013
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.cpu_cache","title":"cpu_cache instance-attribute","text":"cpu_cache = cpu_cache\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.slab_cache","title":"slab_cache instance-attribute","text":"slab_cache = slab_cache\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.is_partial","title":"is_partial instance-attribute","text":"is_partial = is_partial\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.slab_address","title":"slab_address property","text":"slab_address: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.virt_address","title":"virt_address property","text":"virt_address: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.object_count","title":"object_count property","text":"object_count: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.objects","title":"objects property","text":"objects: Generator[int, None, None]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.frozen","title":"frozen property","text":"frozen: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.inuse","title":"inuse property","text":"inuse: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.slabs","title":"slabs property","text":"slabs: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.pobjects","title":"pobjects property","text":"pobjects: int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.freelist","title":"freelist property","text":"freelist: Freelist\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.freelists","title":"freelists property","text":"freelists: list[Freelist]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.Slab.free_objects","title":"free_objects property","text":"free_objects: set[int]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.caches","title":"caches","text":"caches() -> Generator[SlabCache, None, None]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.get_cache","title":"get_cache","text":"get_cache(target_name: str) -> SlabCache | None\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.slab_struct_type","title":"slab_struct_type","text":"slab_struct_type() -> str\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.oo_order","title":"oo_order","text":"oo_order(x: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.oo_objects","title":"oo_objects","text":"oo_objects(x: int) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.get_flags_list","title":"get_flags_list","text":"get_flags_list(flags: int) -> list[str]\n
"},{"location":"reference/pwndbg/aglib/kernel/slab/#pwndbg.aglib.kernel.slab.find_containing_slab_cache","title":"find_containing_slab_cache","text":"find_containing_slab_cache(addr: int) -> SlabCache | None\n
Find the slab cache associated with the provided address.
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/","title":"pwndbg.aglib.kernel.vmmap","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap","title":"vmmap","text":"Classes:
-
KernelVmmap \u2013 -
QemuMachine \u2013
Functions:
Attributes:
-
monitor_info_mem_not_warned \u2013 -
kernel_vmmap_mode \u2013
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.monitor_info_mem_not_warned","title":"monitor_info_mem_not_warned module-attribute","text":"monitor_info_mem_not_warned = True\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_mode","title":"kernel_vmmap_mode module-attribute","text":"kernel_vmmap_mode = add_param(\n \"kernel-vmmap\",\n \"page-tables\",\n \"the method to get vmmap information when debugging via QEMU kernel\",\n help_docstring=\"Values explained:\\n\\n+ `page-tables` - read /proc/$qemu-pid/mem to parse kernel page tables to render vmmap\\n+ `monitor` - use QEMU's `monitor info mem` to render vmmap\\n+ `none` - disable vmmap rendering; useful if rendering is particularly slow\\n\\nNote that the page-tables method will require the QEMU kernel process to be on the same machine and within the same PID namespace. Running QEMU kernel and GDB in different Docker containers will not work. Consider running both containers with --pid=host (meaning they will see and so be able to interact with all processes on the machine).\\n\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"page-tables\", \"monitor\", \"none\"],\n)\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap","title":"KernelVmmap","text":"KernelVmmap(pages: tuple[Page, ...])\n
Methods:
-
get_name \u2013 -
adjust \u2013 -
handle_user_pages \u2013 -
handle_kernel_pages \u2013 -
handle_offsets \u2013
Attributes:
-
USERLAND \u2013 -
KERNELLAND \u2013 -
KERNELRO \u2013 -
KERNELBSS \u2013 -
KERNELDRIVER \u2013 -
ESPSTACK \u2013 -
pages \u2013 -
sections \u2013 -
kbase \u2013
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.USERLAND","title":"USERLAND class-attribute instance-attribute","text":"USERLAND = 'userland'\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.KERNELLAND","title":"KERNELLAND class-attribute instance-attribute","text":"KERNELLAND = 'kernel [.text]'\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.KERNELRO","title":"KERNELRO class-attribute instance-attribute","text":"KERNELRO = 'kernel [.rodata]'\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.KERNELBSS","title":"KERNELBSS class-attribute instance-attribute","text":"KERNELBSS = 'kernel [.bss]'\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.KERNELDRIVER","title":"KERNELDRIVER class-attribute instance-attribute","text":"KERNELDRIVER = 'kernel [.driver .bpf]'\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.ESPSTACK","title":"ESPSTACK class-attribute instance-attribute","text":"ESPSTACK = '%esp fixup'\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.pages","title":"pages instance-attribute","text":"pages = pages\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.sections","title":"sections instance-attribute","text":"sections = None\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.kbase","title":"kbase instance-attribute","text":"kbase = find_kbase(pages)\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.get_name","title":"get_name","text":"get_name(addr: int) -> str\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.adjust","title":"adjust","text":"adjust()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.handle_user_pages","title":"handle_user_pages","text":"handle_user_pages(user_idx)\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.handle_kernel_pages","title":"handle_kernel_pages","text":"handle_kernel_pages(kernel_idx)\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.KernelVmmap.handle_offsets","title":"handle_offsets","text":"handle_offsets()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine","title":"QemuMachine","text":"QemuMachine()\n
Bases: Machine
Methods:
-
__del__ \u2013 -
search_pids_for_file \u2013 -
get_qemu_pid \u2013 -
read_physical_memory \u2013 -
read_register \u2013
Attributes:
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.pid","title":"pid instance-attribute","text":"pid = get_qemu_pid()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.file","title":"file instance-attribute","text":"file = open(f'/proc/{pid}/mem', O_RDONLY)\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.__del__","title":"__del__","text":"__del__()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.search_pids_for_file","title":"search_pids_for_file staticmethod","text":"search_pids_for_file(pids: list[str], filename: str) -> str | None\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.get_qemu_pid","title":"get_qemu_pid staticmethod","text":"get_qemu_pid()\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.read_physical_memory","title":"read_physical_memory","text":"read_physical_memory(physical_address: int, length: int) -> bytes\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.QemuMachine.read_register","title":"read_register","text":"read_register(register_name: str) -> int\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_page_tables","title":"kernel_vmmap_via_page_tables","text":"kernel_vmmap_via_page_tables() -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem","title":"kernel_vmmap_via_monitor_info_mem","text":"kernel_vmmap_via_monitor_info_mem() -> tuple[Page, ...]\n
Returns Linux memory maps information by parsing monitor info mem output from QEMU kernel GDB stub. Works only on X86/X64/RISC-V as this is what QEMU supports.
Consider using the kernel_vmmap_via_page_tables method as it is probably more reliable/better.
See also: !685 (TODO: revisit with future QEMU versions)
"},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--example-output-from-the-command","title":"Example output from the command:","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--pwndbg-monitor-info-mem","title":"pwndbg> monitor info mem","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--ffff903580000000-ffff903580099000-0000000000099000-rw","title":"ffff903580000000-ffff903580099000 0000000000099000 -rw","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--ffff903580099000-ffff90358009b000-0000000000002000-r-","title":"ffff903580099000-ffff90358009b000 0000000000002000 -r-","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--ffff90358009b000-ffff903582200000-0000000002165000-rw","title":"ffff90358009b000-ffff903582200000 0000000002165000 -rw","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap_via_monitor_info_mem--ffff903582200000-ffff903582803000-0000000000603000-r-","title":"ffff903582200000-ffff903582803000 0000000000603000 -r-","text":""},{"location":"reference/pwndbg/aglib/kernel/vmmap/#pwndbg.aglib.kernel.vmmap.kernel_vmmap","title":"kernel_vmmap","text":"kernel_vmmap(process_pages=True) -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/memory/","title":"pwndbg.aglib.memory","text":""},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory","title":"memory","text":"Functions:
-
read \u2013 read(addr, count, partial=False) -> bytearray
-
readtype \u2013 readtype(type, addr) -> int
-
write \u2013 write(addr, data)
-
peek \u2013 peek(address) -> bytearray
-
is_readable_address \u2013 is_readable_address(address) -> bool
-
poke \u2013 poke(address)
-
string \u2013 Reads a null-terminated string from memory.
-
byte \u2013 byte(addr) -> int
-
uchar \u2013 uchar(addr) -> int
-
ushort \u2013 ushort(addr) -> int
-
uint \u2013 uint(addr) -> int
-
read_pointer_width \u2013 Read one pointer-width integer at the specified address.
-
u8 \u2013 u8(addr) -> int
-
u16 \u2013 u16(addr) -> int
-
u32 \u2013 u32(addr) -> int
-
u64 \u2013 u64(addr) -> int
-
u \u2013 u(addr, size=None) -> int
-
s8 \u2013 s8(addr) -> int
-
s16 \u2013 s16(addr) -> int
-
s32 \u2013 s32(addr) -> int
-
s64 \u2013 s64(addr) -> int
-
cast_pointer \u2013 Create a Value containing given address and cast it to the pointer of specified type
-
get_typed_pointer \u2013 Look up a type by name if necessary and return a Value of addr cast to that type
-
get_typed_pointer_value \u2013 Read the pointer value of addr cast to type specified by type_name
-
find_upper_boundary \u2013 find_upper_boundary(addr, max_pages=1024) -> int
-
find_lower_boundary \u2013 find_lower_boundary(addr, max_pages=1024) -> int
-
update_min_addr \u2013 -
fetch_struct_as_dictionary \u2013 -
pack_struct_into_dictionary \u2013 -
convert_pwndbg_value_to_python_value \u2013 -
resolve_renamed_struct_field \u2013 -
is_pagefault_supported \u2013 This function should be called before stray memory dereferences to protect against the following situations:
Attributes:
-
GdbDict \u2013 -
MMAP_MIN_ADDR \u2013
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.GdbDict","title":"GdbDict module-attribute","text":"GdbDict = Dict[str, Union['GdbDict', int]]\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.MMAP_MIN_ADDR","title":"MMAP_MIN_ADDR module-attribute","text":"MMAP_MIN_ADDR = 32768\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.read","title":"read","text":"read(addr: int, count: int, partial: bool = False) -> bytearray\n
read(addr, count, partial=False) -> bytearray
Read memory from the program being debugged.
Parameters:
Returns:
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.readtype","title":"readtype","text":"readtype(type: Type, addr: int) -> int\n
readtype(type, addr) -> int
Reads an integer-type (e.g. uint64) and returns a Python native integer representation of the same.
Parameters:
Returns:
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.write","title":"write","text":"write(addr: int, data: str | bytes | bytearray) -> None\n
write(addr, data)
Writes data into the memory of the process being debugged.
Parameters:
-
addr (int) \u2013 Address to write
-
data (str | bytes | bytearray) \u2013 Data to write
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.peek","title":"peek","text":"peek(address: int) -> bytearray | None\n
peek(address) -> bytearray
Read one byte from the specified address.
Parameters:
-
address (int) \u2013 Address to read
Returns:
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.is_readable_address","title":"is_readable_address","text":"is_readable_address(address: int) -> bool\n
is_readable_address(address) -> bool
Check if the address can be read by GDB.
Parameters:
-
address (int) \u2013 Address to read
Returns:
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.poke","title":"poke","text":"poke(address: int) -> bool\n
poke(address)
Checks whether an address is writable.
Parameters:
-
address (int) \u2013 Address to check
Returns:
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.string","title":"string","text":"string(addr: int, max: int = 4096) -> bytearray\n
Reads a null-terminated string from memory.
Parameters:
Returns:
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.byte","title":"byte","text":"byte(addr: int) -> int\n
byte(addr) -> int
Read one byte at the specified address
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.uchar","title":"uchar","text":"uchar(addr: int) -> int\n
uchar(addr) -> int
Read one unsigned char at the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.ushort","title":"ushort","text":"ushort(addr: int) -> int\n
ushort(addr) -> int
Read one unisgned short at the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.uint","title":"uint","text":"uint(addr: int) -> int\n
uint(addr) -> int
Read one unsigned int at the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.read_pointer_width","title":"read_pointer_width","text":"read_pointer_width(addr: int) -> int\n
Read one pointer-width integer at the specified address.
Raises:
-
Error \u2013 if memory read fails.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u8","title":"u8","text":"u8(addr: int) -> int\n
u8(addr) -> int
Read one uint8_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u16","title":"u16","text":"u16(addr: int) -> int\n
u16(addr) -> int
Read one uint16_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u32","title":"u32","text":"u32(addr: int) -> int\n
u32(addr) -> int
Read one uint32_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u64","title":"u64","text":"u64(addr: int) -> int\n
u64(addr) -> int
Read one uint64_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.u","title":"u","text":"u(addr: int, size: int | None = None) -> int\n
u(addr, size=None) -> int
Read one unsigned integer from the specified address, with the bit-width specified by size, which defaults to the pointer width.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s8","title":"s8","text":"s8(addr: int) -> int\n
s8(addr) -> int
Read one int8_t from the specified address
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s16","title":"s16","text":"s16(addr: int) -> int\n
s16(addr) -> int
Read one int16_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s32","title":"s32","text":"s32(addr: int) -> int\n
s32(addr) -> int
Read one int32_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.s64","title":"s64","text":"s64(addr: int) -> int\n
s64(addr) -> int
Read one int64_t from the specified address.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.cast_pointer","title":"cast_pointer","text":"cast_pointer(type: Type, addr: int | Value) -> Value\n
Create a Value containing given address and cast it to the pointer of specified type
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.get_typed_pointer","title":"get_typed_pointer","text":"get_typed_pointer(type: str | Type, addr: int | Value) -> Value\n
Look up a type by name if necessary and return a Value of addr cast to that type
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.get_typed_pointer_value","title":"get_typed_pointer_value","text":"get_typed_pointer_value(type_name: str | Type, addr: int | Value) -> Value\n
Read the pointer value of addr cast to type specified by type_name
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.find_upper_boundary","title":"find_upper_boundary","text":"find_upper_boundary(addr: int, max_pages: int = 1024) -> int\n
find_upper_boundary(addr, max_pages=1024) -> int
Brute-force search the upper boundary of a memory mapping, by reading the first byte of each page, until an unmapped page is found.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.find_lower_boundary","title":"find_lower_boundary","text":"find_lower_boundary(addr: int, max_pages: int = 1024) -> int\n
find_lower_boundary(addr, max_pages=1024) -> int
Brute-force search the lower boundary of a memory mapping, by reading the first byte of each page, until an unmapped page is found.
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.update_min_addr","title":"update_min_addr","text":"update_min_addr() -> None\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.fetch_struct_as_dictionary","title":"fetch_struct_as_dictionary","text":"fetch_struct_as_dictionary(\n struct_name: str,\n struct_address: int | Value,\n include_only_fields: set[str] | None = None,\n exclude_fields: set[str] | None = None,\n) -> GdbDict\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.pack_struct_into_dictionary","title":"pack_struct_into_dictionary","text":"pack_struct_into_dictionary(\n fetched_struct: Value,\n include_only_fields: set[str] | None = None,\n exclude_fields: set[str] | None = None,\n) -> GdbDict\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.convert_pwndbg_value_to_python_value","title":"convert_pwndbg_value_to_python_value","text":"convert_pwndbg_value_to_python_value(dbg_value: Value) -> int | GdbDict\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.resolve_renamed_struct_field","title":"resolve_renamed_struct_field","text":"resolve_renamed_struct_field(\n struct_name: str, possible_field_names: set[str]\n) -> str\n
"},{"location":"reference/pwndbg/aglib/memory/#pwndbg.aglib.memory.is_pagefault_supported","title":"is_pagefault_supported","text":"is_pagefault_supported() -> bool\n
This function should be called before stray memory dereferences to protect against the following situations:
- On embedded systems, it's not uncommon for MMIO regions to exist where memory reads might mutate the hardware/process state.
- On baremetal/embedded, paging doesn't always exist, so all memory is \"valid\" (and often initialized to zero) - this makes every value appear to be a pointer.
As such, we disable dereferencing by default for bare metal targets.
See more discussion here: !385
"},{"location":"reference/pwndbg/aglib/nearpc/","title":"pwndbg.aglib.nearpc","text":""},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc","title":"nearpc","text":"Functions:
Attributes:
-
c \u2013 -
nearpc_branch_marker \u2013 -
nearpc_branch_marker_contiguous \u2013 -
nearpc_lines \u2013 -
show_args \u2013 -
show_comments \u2013 -
show_opcode_bytes \u2013 -
opcode_separator_bytes \u2013
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.c","title":"c module-attribute","text":"c = ColorConfig(\n \"nearpc\",\n [\n ColorParamSpec(\"symbol\", \"normal\", \"color for nearpc command (symbol)\"),\n ColorParamSpec(\n \"address\", \"normal\", \"color for nearpc command (address)\"\n ),\n ColorParamSpec(\n \"prefix\", \"none\", \"color for nearpc command (prefix marker)\"\n ),\n ColorParamSpec(\n \"breakpoint\", \"red\", \"color for nearpc command (breakpoint marker)\"\n ),\n ColorParamSpec(\n \"syscall-name\",\n \"red\",\n \"color for nearpc command (resolved syscall name)\",\n ),\n ColorParamSpec(\n \"argument\", \"bold\", \"color for nearpc command (target argument)\"\n ),\n ColorParamSpec(\n \"integration-comments\",\n \"bold\",\n \"color for nearpc command (integration comments)\",\n ),\n ColorParamSpec(\n \"branch-marker\",\n \"normal\",\n \"color for nearpc command (branch marker line)\",\n ),\n ],\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.nearpc_branch_marker","title":"nearpc_branch_marker module-attribute","text":"nearpc_branch_marker = add_param(\n \"nearpc-branch-marker\", \" \u2193\", \"branch marker line for nearpc command\"\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.nearpc_branch_marker_contiguous","title":"nearpc_branch_marker_contiguous module-attribute","text":"nearpc_branch_marker_contiguous = add_param(\n \"nearpc-branch-marker-contiguous\",\n \" \",\n \"contiguous branch marker line for nearpc command\",\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.nearpc_lines","title":"nearpc_lines module-attribute","text":"nearpc_lines = add_param(\n \"nearpc-lines\",\n 10,\n \"number of additional lines to print for the nearpc command\",\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.show_args","title":"show_args module-attribute","text":"show_args = add_param(\n \"nearpc-show-args\", True, \"whether to show call arguments below instruction\"\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.show_comments","title":"show_comments module-attribute","text":"show_comments = add_param(\n \"nearpc-integration-comments\",\n True,\n \"whether to show comments from integration provider\",\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.show_opcode_bytes","title":"show_opcode_bytes module-attribute","text":"show_opcode_bytes = add_param(\n \"nearpc-num-opcode-bytes\",\n 0,\n \"number of opcode bytes to print for each instruction\",\n param_class=PARAM_ZUINTEGER,\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.opcode_separator_bytes","title":"opcode_separator_bytes module-attribute","text":"opcode_separator_bytes = add_param(\n \"nearpc-opcode-separator-bytes\",\n 1,\n \"number of spaces between opcode bytes\",\n param_class=PARAM_ZUINTEGER,\n)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.ljust_padding","title":"ljust_padding","text":"ljust_padding(lst)\n
"},{"location":"reference/pwndbg/aglib/nearpc/#pwndbg.aglib.nearpc.nearpc","title":"nearpc","text":"nearpc(\n pc: int = None,\n lines: int = None,\n emulate=False,\n repeat=False,\n use_cache=False,\n linear=False,\n) -> list[str]\n
Disassemble near a specified address.
The linear argument specifies if we should disassemble linearly in memory, or take jumps into account
"},{"location":"reference/pwndbg/aglib/next/","title":"pwndbg.aglib.next","text":""},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next","title":"next","text":"Commands for setting temporary breakpoints on the next instruction of some type (call, branch, etc.)
Functions:
-
next_int \u2013 If there is a syscall in the current basic black,
-
next_branch \u2013 Return the next branch instruction that the process will encounter with repeated usage of the \"nexti\" command.
-
next_matching_until_branch \u2013 Finds the next instruction that matches the arguments between the given
-
break_next_branch \u2013 If including_current == True, do not step in case we are currently on a branch
-
break_next_interrupt \u2013 Break at the next interrupt if there is one in the current basic block
-
break_next_call \u2013 -
break_next_ret \u2013 -
break_on_next_matching_instruction \u2013 Breaks on next instuction that matches the arguments.
-
break_on_program_code \u2013 Breaks on next instruction that belongs to process' objfile code
-
break_on_next \u2013
Attributes:
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.interrupts","title":"interrupts module-attribute","text":"interrupts = {CS_GRP_INT}\n
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.next_int","title":"next_int","text":"next_int(address=None, honor_current_branch=False)\n
If there is a syscall in the current basic black, return the instruction of the one closest to $PC.
If honor_current_branch is True, then if the address is already a branch, return None.
If no interrupt exists or a jump is in the way, return None.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.next_branch","title":"next_branch","text":"next_branch(address=None, including_current=False) -> PwndbgInstruction | None\n
Return the next branch instruction that the process will encounter with repeated usage of the \"nexti\" command.
If including_current == True, then if the instruction at the address is already a branch, return it.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.next_matching_until_branch","title":"next_matching_until_branch","text":"next_matching_until_branch(address=None, mnemonic=None, op_str=None)\n
Finds the next instruction that matches the arguments between the given address and the branch closest to it.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_branch","title":"break_next_branch async","text":"break_next_branch(\n ec: ExecutionController, address=None, including_current=False\n)\n
If including_current == True, do not step in case we are currently on a branch
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_interrupt","title":"break_next_interrupt async","text":"break_next_interrupt(\n ec: ExecutionController, address=None, honor_current_branch=False\n) -> PwndbgInstruction | None\n
Break at the next interrupt if there is one in the current basic block and no jumps are between the current instruction and the interrupt.
If no such interrupt exists or a jump is in the way, return None.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_call","title":"break_next_call async","text":"break_next_call(ec: ExecutionController, symbol_regex=None)\n
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_next_ret","title":"break_next_ret async","text":"break_next_ret(ec: ExecutionController, address=None)\n
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_on_next_matching_instruction","title":"break_on_next_matching_instruction async","text":"break_on_next_matching_instruction(\n ec: ExecutionController, mnemonic=None, op_str=None\n) -> bool\n
Breaks on next instuction that matches the arguments.
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_on_program_code","title":"break_on_program_code async","text":"break_on_program_code(ec: ExecutionController) -> bool\n
Breaks on next instruction that belongs to process' objfile code
:return: True for success, False when process ended or when pc is not at the code or if a signal occurred
"},{"location":"reference/pwndbg/aglib/next/#pwndbg.aglib.next.break_on_next","title":"break_on_next async","text":"break_on_next(ec: ExecutionController, address=None) -> None\n
"},{"location":"reference/pwndbg/aglib/onegadget/","title":"pwndbg.aglib.onegadget","text":""},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget","title":"onegadget","text":"Classes:
Functions:
-
colorize_reg \u2013 -
colorize_integer \u2013 -
colorize_psuedo_code \u2013 Colorize the pseudo code of onegadget
-
compute_file_hash \u2013 Compute the MD5 hash of the file, return the hash
-
run_onegadget \u2013 Run onegadget and return the output
-
parse_expression \u2013 Parse expression, return the result, colorized string and error message
-
check_stack_argv \u2013 Check argv that's on the stack, return the result and the message
-
check_non_stack_argv \u2013 Check argv that's not on the stack, return the result and the message
-
check_argv \u2013 Check argv, return the result and the message
-
check_envp \u2013 Check envp, return the result and the message
-
check_constraint \u2013 Parse constraint, return the result and the message
-
check_gadget \u2013 Check status of each gadget, return the gadget's status
-
find_gadgets \u2013 Find gadgets by parsing the output of onegadget, return there's any valid gadget
Attributes:
-
ADDRESS_WRITABLE_PATTERN \u2013 -
WRITABLE_COLON_PATTERN \u2013 -
EQUAL_NULL_PATTERN \u2013 -
VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN \u2013 -
VALID_ARGV_PATTERN \u2013 -
VALID_ENVP_PATTERN \u2013 -
IS_ALIGNED_PATTERN \u2013 -
IS_GOT_ADDRESS_PATTERN \u2013 -
CAST_PATTERN \u2013 -
XMM_SHIFT \u2013 -
CONSTRAINT_SEPARATOR \u2013 -
CAST_DEREF_MAPPING \u2013 -
CAST_MAPPING \u2013 -
ONEGADGET_COLOR \u2013 -
ONEGADGET_CACHEDIR \u2013 -
SAT \u2013 -
UNSAT \u2013 -
UNKNOWN \u2013
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.ADDRESS_WRITABLE_PATTERN","title":"ADDRESS_WRITABLE_PATTERN module-attribute","text":"ADDRESS_WRITABLE_PATTERN = compile('address(?:es)? (.*) (?:is|are) writable')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.WRITABLE_COLON_PATTERN","title":"WRITABLE_COLON_PATTERN module-attribute","text":"WRITABLE_COLON_PATTERN = compile('writable: (.*)')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.EQUAL_NULL_PATTERN","title":"EQUAL_NULL_PATTERN module-attribute","text":"EQUAL_NULL_PATTERN = compile('(.*) == NULL')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN","title":"VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN module-attribute","text":"VALID_POSIX_SPAWN_FILE_ACTIONS_PATTERN = compile('(.*) <= 0')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.VALID_ARGV_PATTERN","title":"VALID_ARGV_PATTERN module-attribute","text":"VALID_ARGV_PATTERN = compile('(.+) is a valid argv')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.VALID_ENVP_PATTERN","title":"VALID_ENVP_PATTERN module-attribute","text":"VALID_ENVP_PATTERN = compile('(.+) is a valid envp')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.IS_ALIGNED_PATTERN","title":"IS_ALIGNED_PATTERN module-attribute","text":"IS_ALIGNED_PATTERN = compile('(.+) & 0xf == (\\\\d+)')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.IS_GOT_ADDRESS_PATTERN","title":"IS_GOT_ADDRESS_PATTERN module-attribute","text":"IS_GOT_ADDRESS_PATTERN = compile('(.+) is the GOT address of libc')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CAST_PATTERN","title":"CAST_PATTERN module-attribute","text":"CAST_PATTERN = compile('^\\\\([s|u]\\\\d+\\\\)')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.XMM_SHIFT","title":"XMM_SHIFT module-attribute","text":"XMM_SHIFT = ' >> '\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CONSTRAINT_SEPARATOR","title":"CONSTRAINT_SEPARATOR module-attribute","text":"CONSTRAINT_SEPARATOR = ' || '\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CAST_DEREF_MAPPING","title":"CAST_DEREF_MAPPING module-attribute","text":"CAST_DEREF_MAPPING = {\n \"(u16)\": u16,\n \"(s16)\": s16,\n \"(u32)\": u32,\n \"(s32)\": s32,\n \"(u64)\": u64,\n \"(s64)\": s64,\n}\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CAST_MAPPING","title":"CAST_MAPPING module-attribute","text":"CAST_MAPPING = {\n \"(u16)\": lambda x: value,\n \"(s16)\": lambda x: value,\n \"(u32)\": lambda x: value,\n \"(s32)\": lambda x: value,\n \"(u64)\": lambda x: value,\n \"(s64)\": lambda x: value,\n}\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.ONEGADGET_COLOR","title":"ONEGADGET_COLOR module-attribute","text":"ONEGADGET_COLOR = {\n \"light_green\": lambda x: colorize(x, \"\\x1b[38;5;82m\"),\n \"light_purple\": lambda x: colorize(x, \"\\x1b[38;5;153m\"),\n}\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.ONEGADGET_CACHEDIR","title":"ONEGADGET_CACHEDIR module-attribute","text":"ONEGADGET_CACHEDIR = cachedir('onegadget')\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.SAT","title":"SAT module-attribute","text":"SAT = SAT\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.UNSAT","title":"UNSAT module-attribute","text":"UNSAT = UNSAT\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.UNKNOWN","title":"UNKNOWN module-attribute","text":"UNKNOWN = UNKNOWN\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult","title":"CheckSatResult","text":" Bases: Enum
Methods:
-
__str__ \u2013 -
__and__ \u2013 -
__or__ \u2013
Attributes:
-
SAT \u2013 -
UNSAT \u2013 -
UNKNOWN \u2013
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.SAT","title":"SAT class-attribute instance-attribute","text":"SAT = 1\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.UNSAT","title":"UNSAT class-attribute instance-attribute","text":"UNSAT = 0\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.UNKNOWN","title":"UNKNOWN class-attribute instance-attribute","text":"UNKNOWN = -1\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.__and__","title":"__and__","text":"__and__(other: CheckSatResult) -> CheckSatResult\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.CheckSatResult.__or__","title":"__or__","text":"__or__(other: CheckSatResult) -> CheckSatResult\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda","title":"Lambda","text":"Lambda(obj: str | Lambda)\n
Modified from onegadget's Lambda class
https://github.com/david942j/one_gadget/blob/65ce1dade70bf89e7496346ccf452ce5b2d139b3/lib/one_gadget/emulators/lambda.rb#L13
Methods:
-
__add__ \u2013 -
__sub__ \u2013 -
__str__ \u2013 -
__repr__ \u2013 -
deref \u2013 -
deref_ \u2013 -
ref \u2013 -
evaluate \u2013 -
parse \u2013 -
mem_obj \u2013
Attributes:
-
immi \u2013 -
obj \u2013 -
deref_count \u2013 -
gdb_expr (str) \u2013 -
color_str (str) \u2013
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.immi","title":"immi instance-attribute","text":"immi = 0\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.obj","title":"obj instance-attribute","text":"obj = obj\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.deref_count","title":"deref_count instance-attribute","text":"deref_count = 0\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.gdb_expr","title":"gdb_expr property","text":"gdb_expr: str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.color_str","title":"color_str property","text":"color_str: str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__add__","title":"__add__","text":"__add__(other: int) -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__sub__","title":"__sub__","text":"__sub__(other: int) -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.__repr__","title":"__repr__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.deref","title":"deref","text":"deref() -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.deref_","title":"deref_","text":"deref_() -> None\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.ref","title":"ref","text":"ref() -> Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.evaluate","title":"evaluate","text":"evaluate(context: dict[Any, Any]) -> int | Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.parse","title":"parse staticmethod","text":"parse(argument: str, predefined: dict[Any, Any] = {}) -> int | Lambda\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.Lambda.mem_obj","title":"mem_obj staticmethod","text":"mem_obj(arg: str) -> tuple[str, int]\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.colorize_reg","title":"colorize_reg","text":"colorize_reg(x: object) -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.colorize_integer","title":"colorize_integer","text":"colorize_integer(x: object) -> str\n
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.colorize_psuedo_code","title":"colorize_psuedo_code","text":"colorize_psuedo_code(code: str) -> str\n
Colorize the pseudo code of onegadget
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.compute_file_hash","title":"compute_file_hash","text":"compute_file_hash(filename: str) -> str\n
Compute the MD5 hash of the file, return the hash
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.run_onegadget","title":"run_onegadget","text":"run_onegadget() -> str\n
Run onegadget and return the output
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.parse_expression","title":"parse_expression","text":"parse_expression(expr: str) -> tuple[int | None, str, str | None]\n
Parse expression, return the result, colorized string and error message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_stack_argv","title":"check_stack_argv","text":"check_stack_argv(expr: str) -> tuple[CheckSatResult, str]\n
Check argv that's on the stack, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_non_stack_argv","title":"check_non_stack_argv","text":"check_non_stack_argv(expr: str) -> tuple[CheckSatResult, str]\n
Check argv that's not on the stack, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_argv","title":"check_argv","text":"check_argv(expr: str) -> tuple[CheckSatResult, str]\n
Check argv, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_envp","title":"check_envp","text":"check_envp(expr: str) -> tuple[bool, str]\n
Check envp, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_constraint","title":"check_constraint","text":"check_constraint(constraint: str) -> tuple[CheckSatResult, str]\n
Parse constraint, return the result and the message
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.check_gadget","title":"check_gadget","text":"check_gadget(\n gadget: str,\n show_unsat: bool = False,\n no_unknown: bool = False,\n verbose: bool = False,\n) -> CheckSatResult\n
Check status of each gadget, return the gadget's status
"},{"location":"reference/pwndbg/aglib/onegadget/#pwndbg.aglib.onegadget.find_gadgets","title":"find_gadgets","text":"find_gadgets(\n show_unsat: bool = False, no_unknown: bool = False, verbose: bool = False\n) -> dict[CheckSatResult, int]\n
Find gadgets by parsing the output of onegadget, return there's any valid gadget
"},{"location":"reference/pwndbg/aglib/proc/","title":"pwndbg.aglib.proc","text":""},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc","title":"proc","text":"Provides values which would be available from /proc which are not fulfilled by other modules and some process/gdb flow related information.
Classes:
Functions:
-
OnlyWhenRunning \u2013 -
OnlyWhenQemuKernel \u2013 -
OnlyWithArch \u2013
Attributes:
-
P \u2013 -
T \u2013 -
pid (int) \u2013 -
tid (int) \u2013 -
thread_id (int) \u2013 -
alive (bool) \u2013 -
stopped_with_signal (bool) \u2013 -
exe (str | None) \u2013 -
binary_base_addr (int) \u2013 -
binary_vmmap (tuple[Page, ...]) \u2013 -
tether \u2013
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.pid","title":"pid module-attribute","text":"pid: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.tid","title":"tid module-attribute","text":"tid: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.thread_id","title":"thread_id module-attribute","text":"thread_id: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.alive","title":"alive module-attribute","text":"alive: bool\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.stopped_with_signal","title":"stopped_with_signal module-attribute","text":"stopped_with_signal: bool\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.exe","title":"exe module-attribute","text":"exe: str | None\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.binary_base_addr","title":"binary_base_addr module-attribute","text":"binary_base_addr: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.binary_vmmap","title":"binary_vmmap module-attribute","text":"binary_vmmap: tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.tether","title":"tether module-attribute","text":"tether = modules[__name__]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module","title":"module","text":" Bases: ModuleType
Methods:
-
dump_elf_data_section \u2013 Dump .data section of current process's ELF file
-
dump_relocations_by_section_name \u2013 Dump relocations of a section by section name of current process's ELF file
-
get_section_address_by_name \u2013 Find section address of current process by section name
-
OnlyWhenRunning \u2013 -
OnlyWhenQemuKernel \u2013 -
OnlyWithArch \u2013 Decorates function to work only with the specified archictectures.
Attributes:
-
pid (int) \u2013 -
tid (int) \u2013 -
thread_id (int) \u2013 -
alive (bool) \u2013 Informs whether the process has a thread. However, note that it will
-
stopped_with_signal (bool) \u2013 Returns whether the program has stopped with a signal
-
exe (str | None) \u2013 Returns the executed file path.
-
binary_base_addr (int) \u2013 -
binary_vmmap (tuple[Page, ...]) \u2013
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.pid","title":"pid property","text":"pid: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.tid","title":"tid property","text":"tid: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.thread_id","title":"thread_id property","text":"thread_id: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.alive","title":"alive property","text":"alive: bool\n
Informs whether the process has a thread. However, note that it will still return True for a segfaulted thread. To detect that, consider using the stopped_with_signal method.
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.stopped_with_signal","title":"stopped_with_signal property","text":"stopped_with_signal: bool\n
Returns whether the program has stopped with a signal
Can be used to detect segfaults (but will also detect other signals)
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.exe","title":"exe property","text":"exe: str | None\n
Returns the executed file path.
On remote targets, this path may not exist locally.
If you need the locally referenced file use gdb.current_process().filename
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.binary_base_addr","title":"binary_base_addr property","text":"binary_base_addr: int\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.binary_vmmap","title":"binary_vmmap property","text":"binary_vmmap: tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.dump_elf_data_section","title":"dump_elf_data_section","text":"dump_elf_data_section() -> tuple[int, int, bytes] | None\n
Dump .data section of current process's ELF file
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.dump_relocations_by_section_name","title":"dump_relocations_by_section_name","text":"dump_relocations_by_section_name(\n section_name: str,\n) -> tuple[Relocation, ...] | None\n
Dump relocations of a section by section name of current process's ELF file
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.get_section_address_by_name","title":"get_section_address_by_name","text":"get_section_address_by_name(section_name: str) -> int\n
Find section address of current process by section name
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.OnlyWhenRunning","title":"OnlyWhenRunning","text":"OnlyWhenRunning(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.OnlyWhenQemuKernel","title":"OnlyWhenQemuKernel","text":"OnlyWhenQemuKernel(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.module.OnlyWithArch","title":"OnlyWithArch","text":"OnlyWithArch(\n arch_names: list[str],\n) -> Callable[[Callable[P, T]], Callable[P, T | None]]\n
Decorates function to work only with the specified archictectures.
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.OnlyWhenRunning","title":"OnlyWhenRunning","text":"OnlyWhenRunning(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.OnlyWhenQemuKernel","title":"OnlyWhenQemuKernel","text":"OnlyWhenQemuKernel(func: Callable[P, T]) -> Callable[P, T]\n
"},{"location":"reference/pwndbg/aglib/proc/#pwndbg.aglib.proc.OnlyWithArch","title":"OnlyWithArch","text":"OnlyWithArch(\n arch_names: list[str],\n) -> Callable[[Callable[..., T]], Callable[..., T | None]]\n
"},{"location":"reference/pwndbg/aglib/qemu/","title":"pwndbg.aglib.qemu","text":""},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu","title":"qemu","text":"Determine whether the target is being run under QEMU.
Functions:
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_qemu","title":"is_qemu","text":"is_qemu() -> bool\n
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_usermode","title":"is_usermode","text":"is_usermode() -> bool\n
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_qemu_usermode","title":"is_qemu_usermode","text":"is_qemu_usermode() -> bool\n
Returns True if the target remote is being run under QEMU usermode emulation.
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_qemu_kernel","title":"is_qemu_kernel","text":"is_qemu_kernel() -> bool\n
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.is_old_qemu_user","title":"is_old_qemu_user","text":"is_old_qemu_user() -> bool\n
"},{"location":"reference/pwndbg/aglib/qemu/#pwndbg.aglib.qemu.exec_file_supported","title":"exec_file_supported","text":"exec_file_supported() -> bool\n
Returns True if the remote target understands the 'qXfer:exec-file:read' packet. A check for this feature is done in vmmap code, to warn against running legacy Qemu versions.
"},{"location":"reference/pwndbg/aglib/regs/","title":"pwndbg.aglib.regs","text":""},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs","title":"regs","text":"Reading register value from the inferior, and provides a standardized interface to registers like \"sp\" and \"pc\".
Classes:
Functions:
-
regs_in_frame \u2013 -
get_register \u2013 -
get_qemu_register \u2013 -
update_last \u2013
Attributes:
-
PTRACE_ARCH_PRCTL \u2013 -
ARCH_GET_FS \u2013 -
ARCH_GET_GS \u2013 -
gpr (tuple[str, ...]) \u2013 -
common (list[str]) \u2013 -
frame (str | None) \u2013 -
retaddr (tuple[str, ...]) \u2013 -
flags (dict[str, BitFlags]) \u2013 -
extra_flags (dict[str, BitFlags]) \u2013 -
stack (str) \u2013 -
retval (str | None) \u2013 -
all (list[str]) \u2013 -
changed (list[str]) \u2013 -
fsbase (int) \u2013 -
gsbase (int) \u2013 -
current (RegisterSet) \u2013 -
fix (Callable[[str], str]) \u2013 -
items (Callable[[], Generator[tuple[str, Any], None, None]]) \u2013 -
previous (dict[str, int]) \u2013 -
last (dict[str, int]) \u2013 -
pc (int | None) \u2013 -
tether \u2013
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.PTRACE_ARCH_PRCTL","title":"PTRACE_ARCH_PRCTL module-attribute","text":"PTRACE_ARCH_PRCTL = 30\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.ARCH_GET_FS","title":"ARCH_GET_FS module-attribute","text":"ARCH_GET_FS = 4099\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.ARCH_GET_GS","title":"ARCH_GET_GS module-attribute","text":"ARCH_GET_GS = 4100\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.gpr","title":"gpr module-attribute","text":"gpr: tuple[str, ...]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.common","title":"common module-attribute","text":"common: list[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.frame","title":"frame module-attribute","text":"frame: str | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.retaddr","title":"retaddr module-attribute","text":"retaddr: tuple[str, ...]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.flags","title":"flags module-attribute","text":"flags: dict[str, BitFlags]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.extra_flags","title":"extra_flags module-attribute","text":"extra_flags: dict[str, BitFlags]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.stack","title":"stack module-attribute","text":"stack: str\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.retval","title":"retval module-attribute","text":"retval: str | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.all","title":"all module-attribute","text":"all: list[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.changed","title":"changed module-attribute","text":"changed: list[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.fsbase","title":"fsbase module-attribute","text":"fsbase: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.gsbase","title":"gsbase module-attribute","text":"gsbase: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.current","title":"current module-attribute","text":"current: RegisterSet\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.fix","title":"fix module-attribute","text":"fix: Callable[[str], str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.items","title":"items module-attribute","text":"items: Callable[[], Generator[tuple[str, Any], None, None]]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.previous","title":"previous module-attribute","text":"previous: dict[str, int]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.last","title":"last module-attribute","text":"last: dict[str, int]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.pc","title":"pc module-attribute","text":"pc: int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.tether","title":"tether module-attribute","text":"tether = modules[__name__]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module","title":"module","text":" Bases: ModuleType
Methods:
-
read_reg \u2013 -
__getattr__ \u2013 -
__setattr__ \u2013 -
__getitem__ \u2013 -
__contains__ \u2013 -
__iter__ \u2013 -
fix \u2013 -
items \u2013 -
__repr__ \u2013
Attributes:
-
previous (dict[str, int]) \u2013 -
last (dict[str, int]) \u2013 -
current (RegisterSet) \u2013 -
gpr (tuple[str, ...]) \u2013 -
common (list[str]) \u2013 -
frame (str | None) \u2013 -
retaddr (tuple[str, ...]) \u2013 -
kernel (KernelRegisterSet) \u2013 -
flags (dict[str, BitFlags]) \u2013 -
extra_flags (dict[str, BitFlags]) \u2013 -
stack (str) \u2013 -
retval (str | None) \u2013 -
all (set[str]) \u2013 -
reg_sets \u2013 -
changed (list[str]) \u2013 -
idt (int) \u2013 -
idt_limit (int) \u2013 -
fsbase (int) \u2013 -
gsbase (int) \u2013
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.previous","title":"previous class-attribute instance-attribute","text":"previous: dict[str, int] = {}\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.last","title":"last class-attribute instance-attribute","text":"last: dict[str, int] = {}\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.current","title":"current property","text":"current: RegisterSet\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.gpr","title":"gpr property","text":"gpr: tuple[str, ...]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.common","title":"common property","text":"common: list[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.frame","title":"frame property","text":"frame: str | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.retaddr","title":"retaddr property","text":"retaddr: tuple[str, ...]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.kernel","title":"kernel property","text":"kernel: KernelRegisterSet\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.flags","title":"flags property","text":"flags: dict[str, BitFlags]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.extra_flags","title":"extra_flags property","text":"extra_flags: dict[str, BitFlags]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.stack","title":"stack property","text":"stack: str\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.retval","title":"retval property","text":"retval: str | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.all","title":"all property","text":"all: set[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.reg_sets","title":"reg_sets class-attribute instance-attribute","text":"reg_sets = reg_sets\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.changed","title":"changed property","text":"changed: list[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.idt","title":"idt property","text":"idt: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.idt_limit","title":"idt_limit property","text":"idt_limit: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.fsbase","title":"fsbase property","text":"fsbase: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.gsbase","title":"gsbase property","text":"gsbase: int\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.read_reg","title":"read_reg","text":"read_reg(reg: str, frame: Frame | None = None) -> int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__getattr__","title":"__getattr__","text":"__getattr__(attr: str) -> int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__setattr__","title":"__setattr__","text":"__setattr__(attr: str, val: Any) -> None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__getitem__","title":"__getitem__","text":"__getitem__(item: Any) -> int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__contains__","title":"__contains__","text":"__contains__(reg: str) -> bool\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__iter__","title":"__iter__","text":"__iter__() -> Iterator[str]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.fix","title":"fix","text":"fix(expression: str) -> str\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.items","title":"items","text":"items() -> Generator[tuple[str, Any], None, None]\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.module.__repr__","title":"__repr__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.regs_in_frame","title":"regs_in_frame","text":"regs_in_frame(frame: Frame) -> Registers\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.get_register","title":"get_register","text":"get_register(name: str, frame: Frame | None = None) -> Value | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.get_qemu_register","title":"get_qemu_register","text":"get_qemu_register(name: str) -> int | None\n
"},{"location":"reference/pwndbg/aglib/regs/#pwndbg.aglib.regs.update_last","title":"update_last","text":"update_last() -> None\n
"},{"location":"reference/pwndbg/aglib/remote/","title":"pwndbg.aglib.remote","text":""},{"location":"reference/pwndbg/aglib/remote/#pwndbg.aglib.remote","title":"remote","text":"Information about whether the debuggee is local (under GDB) or remote (under GDBSERVER or QEMU stub).
Functions:
"},{"location":"reference/pwndbg/aglib/remote/#pwndbg.aglib.remote.is_remote","title":"is_remote","text":"is_remote() -> bool\n
"},{"location":"reference/pwndbg/aglib/saved_register_frames/","title":"pwndbg.aglib.saved_register_frames","text":""},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames","title":"saved_register_frames","text":"Classes:
Attributes:
-
ARM_CORTEX_M_EXCEPTION_STACK_FRAME_OFFSETS \u2013 -
ARM_CORTEX_M_EXCEPTION_STACK \u2013
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.ARM_CORTEX_M_EXCEPTION_STACK_FRAME_OFFSETS","title":"ARM_CORTEX_M_EXCEPTION_STACK_FRAME_OFFSETS module-attribute","text":"ARM_CORTEX_M_EXCEPTION_STACK_FRAME_OFFSETS = {\n \"r0\": 0,\n \"r1\": 4,\n \"r2\": 8,\n \"r3\": 12,\n \"r12\": 16,\n \"lr\": 20,\n \"pc\": 24,\n \"xpsr\": 28,\n}\n
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.ARM_CORTEX_M_EXCEPTION_STACK","title":"ARM_CORTEX_M_EXCEPTION_STACK module-attribute","text":"ARM_CORTEX_M_EXCEPTION_STACK = SavedRegisterFrame(\n ARM_CORTEX_M_EXCEPTION_STACK_FRAME_OFFSETS\n)\n
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.SavedRegisterFrame","title":"SavedRegisterFrame dataclass","text":"SavedRegisterFrame(register_offsets: dict[str, int])\n
A list of registers that have been saved to process memory for later restoration.
For example, on syscall entry, the process registers are saved to the kernel stack.
Methods:
-
read_saved_register \u2013
Attributes:
-
offsets (dict[str, int]) \u2013 -
frame_layout (list[tuple[int, str]]) \u2013
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.SavedRegisterFrame.offsets","title":"offsets instance-attribute","text":"offsets: dict[str, int] = register_offsets\n
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.SavedRegisterFrame.frame_layout","title":"frame_layout instance-attribute","text":"frame_layout: list[tuple[int, str]] = sorted((y, x) for (x, y) in items())\n
"},{"location":"reference/pwndbg/aglib/saved_register_frames/#pwndbg.aglib.saved_register_frames.SavedRegisterFrame.read_saved_register","title":"read_saved_register","text":"read_saved_register(reg: str, sp: int = None) -> int | None\n
"},{"location":"reference/pwndbg/aglib/shellcode/","title":"pwndbg.aglib.shellcode","text":""},{"location":"reference/pwndbg/aglib/shellcode/#pwndbg.aglib.shellcode","title":"shellcode","text":"Shellcode
This module implements functionality that allows for the execution of a small amount of code in the context of the inferior.
Functions:
"},{"location":"reference/pwndbg/aglib/shellcode/#pwndbg.aglib.shellcode.exec_syscall","title":"exec_syscall async","text":"exec_syscall(\n ec: ExecutionController,\n syscall,\n arg0=None,\n arg1=None,\n arg2=None,\n arg3=None,\n arg4=None,\n arg5=None,\n)\n
Tries executing the given syscall in the context of the inferior.
"},{"location":"reference/pwndbg/aglib/shellcode/#pwndbg.aglib.shellcode.exec_shellcode","title":"exec_shellcode async","text":"exec_shellcode(ec: ExecutionController, blob)\n
Tries executing the given blob of machine code in the current context of the inferior, optionally restoring the values of the registers as they were before the shellcode ran, as a means to allow for execution of the inferior to continue uninterrupted. The value of the program counter is always restored.
Additionally, the caller may specify an object to be called before the context is restored, so that information stored in the registers after the shellcode finishes can be retrieved. The return value of that call will be returned by this function.
"},{"location":"reference/pwndbg/aglib/shellcode/#pwndbg.aglib.shellcode.exec_shellcode--safety","title":"Safety","text":"Seeing as this function injects code directly into the inferior and runs it, the caller must be careful to inject code that will (1) terminate and (2) not cause the inferior to misbehave. Otherwise, it is fairly easy to crash or currupt the memory in the inferior.
"},{"location":"reference/pwndbg/aglib/stack/","title":"pwndbg.aglib.stack","text":""},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack","title":"stack","text":"Helpers for finding address mappings which are used as a stack.
Generally not needed, except under qemu-user and for when binaries do things to remap the stack (e.g. pwnies' postit).
Functions:
-
find \u2013 Returns a pwndbg.lib.memory.Page object which corresponds to given address stack
-
find_upper_stack_boundary \u2013 -
get \u2013 For each running thread, return the known address range for its stack
-
current \u2013 Returns the bounds for the stack for the current thread.
-
is_executable \u2013 -
callstack \u2013 Return the address of the return address for the current frame.
Attributes:
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.auto_explore","title":"auto_explore module-attribute","text":"auto_explore = add_param(\n \"auto-explore-stack\",\n \"warn\",\n \"stack exploration; it may be really slow\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"warn\", \"yes\", \"no\"],\n)\n
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.find","title":"find","text":"find(address: int) -> Page | None\n
Returns a pwndbg.lib.memory.Page object which corresponds to given address stack or None if it does not exist
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.find_upper_stack_boundary","title":"find_upper_stack_boundary","text":"find_upper_stack_boundary(stack_ptr: int, max_pages: int = 1024) -> int\n
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.get","title":"get","text":"get() -> dict[int, Page]\n
For each running thread, return the known address range for its stack Returns a dict which should never be modified (since its cached)
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.current","title":"current","text":"current() -> Page | None\n
Returns the bounds for the stack for the current thread.
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.is_executable","title":"is_executable","text":"is_executable() -> bool\n
"},{"location":"reference/pwndbg/aglib/stack/#pwndbg.aglib.stack.callstack","title":"callstack","text":"callstack() -> list[int]\n
Return the address of the return address for the current frame.
"},{"location":"reference/pwndbg/aglib/strings/","title":"pwndbg.aglib.strings","text":""},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings","title":"strings","text":"Functionality for resolving ASCII printable strings within the debuggee's address space.
Functions:
-
update_length \u2013 Unfortunately there's not a better way to get at this info.
-
get \u2013 Returns a printable C-string from address.
-
yield_in_page \u2013 Yields strings of length >= n found in a given vmmap page
Attributes:
"},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings.length","title":"length module-attribute","text":"length = 15\n
"},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings.update_length","title":"update_length","text":"update_length() -> None\n
Unfortunately there's not a better way to get at this info.
gdb.execute('show print elements', from_tty=False, to_string=True) 'Limit on string chars or array elements to print is 21.\\n'
"},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings.get","title":"get","text":"get(\n address: int, maxlen: int | None = None, maxread: int | None = None\n) -> str | None\n
Returns a printable C-string from address.
Returns None if string contains non-printable chars or if the maxlen length data does not end up with a null byte.
"},{"location":"reference/pwndbg/aglib/strings/#pwndbg.aglib.strings.yield_in_page","title":"yield_in_page","text":"yield_in_page(page: Page, n=4) -> Iterator[str]\n
Yields strings of length >= n found in a given vmmap page
"},{"location":"reference/pwndbg/aglib/symbol/","title":"pwndbg.aglib.symbol","text":""},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol","title":"symbol","text":"Looking up addresses for function names / symbols, and vice-versa.
Functions:
-
lookup_symbol_addr \u2013 -
lookup_symbol_value \u2013 -
lookup_symbol \u2013 Returns the address of the given symbol, cast-ed to the appropriate symbol type.
-
lookup_frame_symbol \u2013 Returns the address of the given symbol, cast-ed to the appropriate symbol type.
-
resolve_addr \u2013 Resolves an address to its corresponding symbol name, if available.
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.lookup_symbol_addr","title":"lookup_symbol_addr","text":"lookup_symbol_addr(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> int | None\n
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.lookup_symbol_value","title":"lookup_symbol_value","text":"lookup_symbol_value(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> int | None\n
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.lookup_symbol","title":"lookup_symbol","text":"lookup_symbol(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> Value | None\n
Returns the address of the given symbol, cast-ed to the appropriate symbol type.
This function searches for (SymbolLookupType.ANY): - Function names - Variable names - (gdb only) Typedef names (if you need please use aglib.typeinfo.load) - (gdb only) Enum values (if you need please use aglib.typeinfo.enum_member)
The lookup order is as follows (default): 1. Global scope within the current module 2. Global static scope within the current module 3. Global scope in other modules 4. Global static scope in other modules
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.lookup_frame_symbol","title":"lookup_frame_symbol","text":"lookup_frame_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\n
Returns the address of the given symbol, cast-ed to the appropriate symbol type.
This function searches for (SymbolLookupType.ANY): - Function names - Variable names - (gdb only, please don't use) Typedef names - (gdb only, please don't use) Enum values
The lookup order is as follows: 1. Local scope 2. Global scope within the current module 3. Global static scope within the current module 4. Global scope in other modules 5. Global static scope in other modules
"},{"location":"reference/pwndbg/aglib/symbol/#pwndbg.aglib.symbol.resolve_addr","title":"resolve_addr","text":"resolve_addr(addr: int) -> str | None\n
Resolves an address to its corresponding symbol name, if available.
Note: - This function does not resolve TLS (Thread-Local Storage) addresses or addresses with local scope.
Resolution is performed in the following order: - Global scope symbols.
"},{"location":"reference/pwndbg/aglib/tls/","title":"pwndbg.aglib.tls","text":""},{"location":"reference/pwndbg/aglib/tls/#pwndbg.aglib.tls","title":"tls","text":"Getting Thread Local Storage (TLS) information.
Functions:
"},{"location":"reference/pwndbg/aglib/tls/#pwndbg.aglib.tls.__call_pthread_self","title":"__call_pthread_self","text":"__call_pthread_self() -> int\n
Retrieve the address of the struct pthread_t for the current thread by calling pthread_self(). This address can be used to locate the base address of the Thread Local Storage (TLS).
"},{"location":"reference/pwndbg/aglib/tls/#pwndbg.aglib.tls.find_address_with_pthread_self","title":"find_address_with_pthread_self","text":"find_address_with_pthread_self() -> int\n
Get the base address of the Thread Local Storage (TLS) for the current thread using the pthread_self() function. The returned address points to the struct tcbhead_t, which serves as the header for TLS and thread-specific metadata.
"},{"location":"reference/pwndbg/aglib/tls/#pwndbg.aglib.tls.find_address_with_register","title":"find_address_with_register","text":"find_address_with_register() -> int\n
Get the base address of the Thread Local Storage (TLS) for the current thread using a CPU register. The returned address points to the struct tcbhead_t, which is the entry point for TLS and thread-specific metadata.
"},{"location":"reference/pwndbg/aglib/typeinfo/","title":"pwndbg.aglib.typeinfo","text":""},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo","title":"typeinfo","text":"Common types.
Functions:
Attributes:
-
module \u2013 -
char (Type) \u2013 -
ulong (Type) \u2013 -
long (Type) \u2013 -
uchar (Type) \u2013 -
ushort (Type) \u2013 -
uint (Type) \u2013 -
void (Type) \u2013 -
uint8 (Type) \u2013 -
uint16 (Type) \u2013 -
uint32 (Type) \u2013 -
uint64 (Type) \u2013 -
unsigned (dict[int, Type]) \u2013 -
int8 (Type) \u2013 -
int16 (Type) \u2013 -
int32 (Type) \u2013 -
int64 (Type) \u2013 -
signed (dict[int, Type]) \u2013 -
pvoid (Type) \u2013 -
ppvoid (Type) \u2013 -
pchar (Type) \u2013 -
ptrsize (int) \u2013 -
ptrdiff (Type) \u2013 -
size_t (Type) \u2013 -
ssize_t (Type) \u2013
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.module","title":"module module-attribute","text":"module = modules[__name__]\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.char","title":"char module-attribute","text":"char: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ulong","title":"ulong module-attribute","text":"ulong: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.long","title":"long module-attribute","text":"long: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uchar","title":"uchar module-attribute","text":"uchar: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ushort","title":"ushort module-attribute","text":"ushort: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint","title":"uint module-attribute","text":"uint: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.void","title":"void module-attribute","text":"void: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint8","title":"uint8 module-attribute","text":"uint8: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint16","title":"uint16 module-attribute","text":"uint16: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint32","title":"uint32 module-attribute","text":"uint32: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.uint64","title":"uint64 module-attribute","text":"uint64: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.unsigned","title":"unsigned module-attribute","text":"unsigned: dict[int, Type]\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int8","title":"int8 module-attribute","text":"int8: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int16","title":"int16 module-attribute","text":"int16: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int32","title":"int32 module-attribute","text":"int32: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.int64","title":"int64 module-attribute","text":"int64: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.signed","title":"signed module-attribute","text":"signed: dict[int, Type]\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.pvoid","title":"pvoid module-attribute","text":"pvoid: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ppvoid","title":"ppvoid module-attribute","text":"ppvoid: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.pchar","title":"pchar module-attribute","text":"pchar: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ptrsize","title":"ptrsize module-attribute","text":"ptrsize: int = 4\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ptrdiff","title":"ptrdiff module-attribute","text":"ptrdiff: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.size_t","title":"size_t module-attribute","text":"size_t: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.ssize_t","title":"ssize_t module-attribute","text":"ssize_t: Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.lookup_types","title":"lookup_types","text":"lookup_types(*types: str) -> Type\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.update","title":"update","text":"update() -> None\n
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.load","title":"load","text":"load(name: str) -> Type | None\n
Load a symbol; note that new symbols can be added with add-symbol-file functionality
"},{"location":"reference/pwndbg/aglib/typeinfo/#pwndbg.aglib.typeinfo.get_type","title":"get_type","text":"get_type(size: int) -> Type\n
"},{"location":"reference/pwndbg/aglib/vmmap/","title":"pwndbg.aglib.vmmap","text":""},{"location":"reference/pwndbg/aglib/vmmap/#pwndbg.aglib.vmmap","title":"vmmap","text":"Functions:
-
get_memory_map \u2013 -
get \u2013 -
find \u2013
"},{"location":"reference/pwndbg/aglib/vmmap/#pwndbg.aglib.vmmap.get_memory_map","title":"get_memory_map","text":"get_memory_map() -> MemoryMap\n
"},{"location":"reference/pwndbg/aglib/vmmap/#pwndbg.aglib.vmmap.get","title":"get","text":"get() -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/aglib/vmmap/#pwndbg.aglib.vmmap.find","title":"find","text":"find(address: int | Value | None) -> Page | None\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/","title":"pwndbg.aglib.vmmap_custom","text":""},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom","title":"vmmap_custom","text":"Functions:
-
clear_warn_cache \u2013 -
get_custom_pages \u2013 Returns a tuple of Page objects representing the memory mappings of the
-
add_custom_page \u2013 -
clear_custom_page \u2013 -
explore \u2013 Given a potential address, check to see what permissions it has.
-
get_memory_flags \u2013 -
find_boundaries \u2013 Given a single address, find all contiguous pages
Attributes:
-
explored_pages (list[Page]) \u2013 -
custom_pages (list[Page]) \u2013 -
auto_explore \u2013
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.explored_pages","title":"explored_pages module-attribute","text":"explored_pages: list[Page] = []\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.custom_pages","title":"custom_pages module-attribute","text":"custom_pages: list[Page] = []\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.auto_explore","title":"auto_explore module-attribute","text":"auto_explore = add_param(\n \"auto-explore-pages\",\n \"warn\",\n \"whether to try to infer page permissions when memory maps are missing\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"yes\", \"warn\", \"no\"],\n help_docstring=\"\\nThis command can cause errors.\\n\",\n)\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.clear_warn_cache","title":"clear_warn_cache","text":"clear_warn_cache()\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.get_custom_pages","title":"get_custom_pages","text":"get_custom_pages() -> tuple[Page, ...]\n
Returns a tuple of Page objects representing the memory mappings of the target, sorted by virtual address ascending.
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.add_custom_page","title":"add_custom_page","text":"add_custom_page(page: Page) -> None\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.clear_custom_page","title":"clear_custom_page","text":"clear_custom_page() -> None\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.explore","title":"explore","text":"explore(address_maybe: int) -> Page | None\n
Given a potential address, check to see what permissions it has.
Returns:
-
Page | None \u2013 Page object
Note Adds the Page object to a persistent list of pages which are only reset when the process dies. This means pages which are added this way will not be removed when unmapped.
Also assumes the entire contiguous section has the same permission.
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.get_memory_flags","title":"get_memory_flags","text":"get_memory_flags(address_maybe: int) -> int | None\n
"},{"location":"reference/pwndbg/aglib/vmmap_custom/#pwndbg.aglib.vmmap_custom.find_boundaries","title":"find_boundaries","text":"find_boundaries(addr: int, name: str = '', min: int = 0) -> Page\n
Given a single address, find all contiguous pages which are mapped.
"},{"location":"reference/pwndbg/arguments/","title":"pwndbg.arguments","text":""},{"location":"reference/pwndbg/arguments/#pwndbg.arguments","title":"arguments","text":"Function and syscall argument formatting.
Enumerates arguments which may be passed in a combination of registers and stack values.
Functions:
-
get \u2013 Returns an array containing the arguments to the current function,
-
argname \u2013 -
argument \u2013 Returns the nth argument, as if $pc were a 'call' or 'bl' type
-
arguments \u2013 Yields (arg_name, arg_value) tuples for arguments from a given ABI.
-
format_args \u2013
Attributes:
-
FILE_DESCRIPTOR_ARG_NAMES \u2013
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.FILE_DESCRIPTOR_ARG_NAMES","title":"FILE_DESCRIPTOR_ARG_NAMES module-attribute","text":"FILE_DESCRIPTOR_ARG_NAMES = {\n \"fd\",\n \"in_fd\",\n \"out_fd\",\n \"fdin\",\n \"fdout\",\n \"oldfd\",\n \"fildes\",\n \"newfd\",\n \"epfd\",\n \"dfd\",\n \"dirfd\",\n \"mountdirfd\",\n}\n
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.get","title":"get","text":"get(instruction: PwndbgInstruction) -> list[tuple[Argument, int]]\n
Returns an array containing the arguments to the current function, if $pc is a function call or syscall instruction.
Otherwise, returns None.
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.argname","title":"argname","text":"argname(n: int, abi: ABI) -> str\n
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.argument","title":"argument","text":"argument(n: int, abi: ABI | None = None) -> int\n
Returns the nth argument, as if $pc were a 'call' or 'bl' type instruction. Works only for ABIs that use registers for arguments.
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.arguments","title":"arguments","text":"arguments(abi: ABI | None = None)\n
Yields (arg_name, arg_value) tuples for arguments from a given ABI. Works only for ABIs that use registers for arguments.
"},{"location":"reference/pwndbg/arguments/#pwndbg.arguments.format_args","title":"format_args","text":"format_args(instruction: PwndbgInstruction) -> list[str]\n
"},{"location":"reference/pwndbg/auxv/","title":"pwndbg.auxv","text":""},{"location":"reference/pwndbg/auxv/#pwndbg.auxv","title":"auxv","text":"Performs handling of the linux auxiliary vector.
https://www.man7.org/linux/man-pages/man3/getauxval.3.html https://lwn.net/Articles/519085/
Functions:
-
get \u2013 -
procfs_auxv \u2013 -
use_info_auxv \u2013 -
explore_stack_auxv \u2013 -
walk_stack2 \u2013
Attributes:
-
auto_explore \u2013 -
example_info_auxv_linux \u2013
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.auto_explore","title":"auto_explore module-attribute","text":"auto_explore = add_param(\n \"auto-explore-auxv\",\n \"warn\",\n \"stack exploration for AUXV information; it may be really slow\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"warn\", \"yes\", \"no\"],\n)\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.example_info_auxv_linux","title":"example_info_auxv_linux module-attribute","text":"example_info_auxv_linux = '\\n33 AT_SYSINFO_EHDR System-supplied DSO\\'s ELF header 0x7ffff7ffa000\\n16 AT_HWCAP Machine-dependent CPU capability hints 0xfabfbff\\n6 AT_PAGESZ System page size 4096\\n17 AT_CLKTCK Frequency of times() 100\\n3 AT_PHDR Program headers for program 0x400040\\n4 AT_PHENT Size of program header entry 56\\n5 AT_PHNUM Number of program headers 9\\n7 AT_BASE Base address of interpreter 0x7ffff7dda000\\n8 AT_FLAGS Flags 0x0\\n9 AT_ENTRY Entry point of program 0x42020b\\n11 AT_UID Real user ID 1000\\n12 AT_EUID Effective user ID 1000\\n13 AT_GID Real group ID 1000\\n14 AT_EGID Effective group ID 1000\\n23 AT_SECURE Boolean, was exec setuid-like? 0\\n25 AT_RANDOM Address of 16 random bytes 0x7fffffffdb39\\n31 AT_EXECFN File name of executable 0x7fffffffefee \"/bin/bash\"\\n15 AT_PLATFORM String identifying platform 0x7fffffffdb49 \"x86_64\"\\n0 AT_NULL End of vector 0x0\\n'\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.get","title":"get","text":"get() -> AUXV\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.procfs_auxv","title":"procfs_auxv","text":"procfs_auxv() -> AUXV | None\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.use_info_auxv","title":"use_info_auxv","text":"use_info_auxv() -> AUXV | None\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.explore_stack_auxv","title":"explore_stack_auxv","text":"explore_stack_auxv() -> AUXV | None\n
"},{"location":"reference/pwndbg/auxv/#pwndbg.auxv.walk_stack2","title":"walk_stack2","text":"walk_stack2(offset: int = 0) -> AUXV\n
"},{"location":"reference/pwndbg/chain/","title":"pwndbg.chain","text":""},{"location":"reference/pwndbg/chain/#pwndbg.chain","title":"chain","text":"Dereference and format pointer chains.
Functions:
-
get \u2013 Recursively dereferences an address. For bare metal, it will stop when the address is not in any of vmmap pages to avoid redundant dereference.
-
format \u2013 Recursively dereferences an address into string representation, or convert the list representation
Attributes:
-
LIMIT \u2013 -
c \u2013 -
config_arrow_left \u2013 -
config_arrow_right \u2013 -
config_contiguous \u2013
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.LIMIT","title":"LIMIT module-attribute","text":"LIMIT = add_param(\n \"dereference-limit\", 5, \"max number of pointers to dereference in a chain\"\n)\n
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.c","title":"c module-attribute","text":"c = ColorConfig(\n \"chain\",\n [\n ColorParamSpec(\"arrow\", \"normal\", \"color of chain formatting (arrow)\"),\n ColorParamSpec(\n \"contiguous-marker\",\n \"normal\",\n \"color of chain formatting (contiguous marker)\",\n ),\n ],\n)\n
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.config_arrow_left","title":"config_arrow_left module-attribute","text":"config_arrow_left = add_param(\n \"chain-arrow-left\", \"\u25c2\u2014\", \"left arrow of chain formatting\"\n)\n
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.config_arrow_right","title":"config_arrow_right module-attribute","text":"config_arrow_right = add_param(\n \"chain-arrow-right\", \"\u2014\u25b8\", \"right arrow of chain formatting\"\n)\n
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.config_contiguous","title":"config_contiguous module-attribute","text":"config_contiguous = add_param(\n \"chain-contiguous-marker\", \"...\", \"contiguous marker of chain formatting\"\n)\n
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.get","title":"get","text":"get(\n address: int | None,\n limit: int = LIMIT,\n offset: int = 0,\n hard_stop: int | None = None,\n hard_end: int = 0,\n include_start: bool = True,\n safe_linking: bool = False,\n) -> list[int] | None\n
Recursively dereferences an address. For bare metal, it will stop when the address is not in any of vmmap pages to avoid redundant dereference.
Parameters:
-
address (int | None) \u2013 the first address to begin dereferencing
-
limit (int, default: LIMIT ) \u2013 number of valid pointers
-
offset (int, default: 0 ) \u2013 offset into the address to get the next pointer
-
hard_stop (int | None, default: None ) \u2013 address to stop at
-
hard_end (int, default: 0 ) \u2013 value to append when hard_stop is reached
-
include_start (bool, default: True ) \u2013 whether to include starting address or not
-
safe_linking (bool, default: False ) \u2013 whether this chain use safe-linking
Returns:
"},{"location":"reference/pwndbg/chain/#pwndbg.chain.format","title":"format","text":"format(\n value: int | list[int] | None,\n limit: int = LIMIT,\n code: bool = True,\n offset: int = 0,\n hard_stop: int | None = None,\n hard_end: int = 0,\n safe_linking: bool = False,\n enhance_string_len: int | None = None,\n) -> str\n
Recursively dereferences an address into string representation, or convert the list representation of address dereferences into string representation.
Parameters:
-
value (int | list[int] | None) \u2013 Either the starting address to be sent to get, or the result of get (a list)
-
limit (int, default: LIMIT ) \u2013 Number of valid pointers
-
code (bool, default: True ) \u2013 Hint that indicates the value may be an instruction
-
offset (int, default: 0 ) \u2013 Offset into the address to get the next pointer
-
hard_stop (int | None, default: None ) \u2013 Value to stop on
-
hard_end (int, default: 0 ) \u2013 Value to append when hard_stop is reached: null, value of hard stop, a string.
-
safe_linking (bool, default: False ) \u2013 whether this chain use safe-linking
-
enhance_string_len (int | None, default: None ) \u2013 The length of string to display for enhancement of the last pointer
Returns: A string representing pointers of each address and reference Strings format: 0x0804a10 \u2014\u25b8 0x08061000 \u25c2\u2014 0x41414141
"},{"location":"reference/pwndbg/color/","title":"pwndbg.color","text":""},{"location":"reference/pwndbg/color/#pwndbg.color","title":"color","text":"Text colorizing and theme configuration logic.
Modules:
-
context \u2013 -
disasm \u2013 -
enhance \u2013 -
hexdump \u2013 -
memory \u2013 -
message \u2013 -
syntax_highlight \u2013 -
telescope \u2013 -
theme \u2013
Classes:
-
ColorParamSpec \u2013 -
ColorConfig \u2013
Functions:
-
normal \u2013 -
black \u2013 -
red \u2013 -
green \u2013 -
yellow \u2013 -
blue \u2013 -
purple \u2013 -
cyan \u2013 -
light_gray \u2013 -
foreground \u2013 -
gray \u2013 -
light_red \u2013 -
light_green \u2013 -
light_yellow \u2013 -
light_blue \u2013 -
light_purple \u2013 -
light_cyan \u2013 -
white \u2013 -
bold \u2013 -
underline \u2013 -
colorize \u2013 -
unstylize \u2013 -
generateColorFunctionInner \u2013 -
generateColorFunction \u2013 -
strip \u2013 -
terminateWith \u2013 -
ljust_colored \u2013 -
rjust_colored \u2013
Attributes:
-
NORMAL \u2013 -
BLACK \u2013 -
RED \u2013 -
GREEN \u2013 -
YELLOW \u2013 -
BLUE \u2013 -
PURPLE \u2013 -
CYAN \u2013 -
LIGHT_GREY \u2013 -
LIGHT_GRAY \u2013 -
FOREGROUND \u2013 -
GREY \u2013 -
GRAY \u2013 -
LIGHT_RED \u2013 -
LIGHT_GREEN \u2013 -
LIGHT_YELLOW \u2013 -
LIGHT_BLUE \u2013 -
LIGHT_PURPLE \u2013 -
LIGHT_CYAN \u2013 -
WHITE \u2013 -
BOLD \u2013 -
UNDERLINE \u2013 -
none \u2013 -
ansi_escape_8bit \u2013 -
disable_colors \u2013
"},{"location":"reference/pwndbg/color/#pwndbg.color.NORMAL","title":"NORMAL module-attribute","text":"NORMAL = '\\x1b[0m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.BLACK","title":"BLACK module-attribute","text":"BLACK = '\\x1b[30m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.RED","title":"RED module-attribute","text":"RED = '\\x1b[31m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.GREEN","title":"GREEN module-attribute","text":"GREEN = '\\x1b[32m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.YELLOW","title":"YELLOW module-attribute","text":"YELLOW = '\\x1b[33m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.BLUE","title":"BLUE module-attribute","text":"BLUE = '\\x1b[34m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.PURPLE","title":"PURPLE module-attribute","text":"PURPLE = '\\x1b[35m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.CYAN","title":"CYAN module-attribute","text":"CYAN = '\\x1b[36m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_GREY","title":"LIGHT_GREY module-attribute","text":"LIGHT_GREY = '\\x1b[37m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_GRAY","title":"LIGHT_GRAY module-attribute","text":"LIGHT_GRAY = '\\x1b[37m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.FOREGROUND","title":"FOREGROUND module-attribute","text":"FOREGROUND = '\\x1b[39m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.GREY","title":"GREY module-attribute","text":"GREY = '\\x1b[90m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.GRAY","title":"GRAY module-attribute","text":"GRAY = '\\x1b[90m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_RED","title":"LIGHT_RED module-attribute","text":"LIGHT_RED = '\\x1b[91m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_GREEN","title":"LIGHT_GREEN module-attribute","text":"LIGHT_GREEN = '\\x1b[92m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_YELLOW","title":"LIGHT_YELLOW module-attribute","text":"LIGHT_YELLOW = '\\x1b[93m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_BLUE","title":"LIGHT_BLUE module-attribute","text":"LIGHT_BLUE = '\\x1b[94m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_PURPLE","title":"LIGHT_PURPLE module-attribute","text":"LIGHT_PURPLE = '\\x1b[95m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.LIGHT_CYAN","title":"LIGHT_CYAN module-attribute","text":"LIGHT_CYAN = '\\x1b[96m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.WHITE","title":"WHITE module-attribute","text":"WHITE = '\\x1b[97m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.BOLD","title":"BOLD module-attribute","text":"BOLD = '\\x1b[1m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.UNDERLINE","title":"UNDERLINE module-attribute","text":"UNDERLINE = '\\x1b[4m'\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.none","title":"none module-attribute","text":"none = str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ansi_escape_8bit","title":"ansi_escape_8bit module-attribute","text":"ansi_escape_8bit = compile(\n \"(?:\\\\x1B[@-Z\\\\\\\\-_]|[\\\\x80-\\\\x9A\\\\x9C-\\\\x9F]|(?:\\\\x1B\\\\[|\\\\x9B)[0-?]*[ -/]*[@-~])\"\n)\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.disable_colors","title":"disable_colors module-attribute","text":"disable_colors = add_param(\n \"disable-colors\",\n bool(get(\"PWNDBG_DISABLE_COLORS\")),\n \"whether to color the output or not\",\n)\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorParamSpec","title":"ColorParamSpec","text":" Bases: NamedTuple
Attributes:
-
name (str) \u2013 -
default (str) \u2013 -
doc (str) \u2013
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorParamSpec.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorParamSpec.default","title":"default instance-attribute","text":"default: str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorParamSpec.doc","title":"doc instance-attribute","text":"doc: str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorConfig","title":"ColorConfig","text":"ColorConfig(namespace: str, params: list[ColorParamSpec])\n
Methods:
"},{"location":"reference/pwndbg/color/#pwndbg.color.ColorConfig.__getattr__","title":"__getattr__","text":"__getattr__(attr: str) -> Callable[[str], str]\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.normal","title":"normal","text":"normal(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.black","title":"black","text":"black(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.red","title":"red","text":"red(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.green","title":"green","text":"green(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.yellow","title":"yellow","text":"yellow(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.blue","title":"blue","text":"blue(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.purple","title":"purple","text":"purple(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.cyan","title":"cyan","text":"cyan(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_gray","title":"light_gray","text":"light_gray(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.foreground","title":"foreground","text":"foreground(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.gray","title":"gray","text":"gray(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_red","title":"light_red","text":"light_red(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_green","title":"light_green","text":"light_green(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_yellow","title":"light_yellow","text":"light_yellow(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_blue","title":"light_blue","text":"light_blue(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_purple","title":"light_purple","text":"light_purple(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.light_cyan","title":"light_cyan","text":"light_cyan(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.white","title":"white","text":"white(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.bold","title":"bold","text":"bold(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.underline","title":"underline","text":"underline(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.colorize","title":"colorize","text":"colorize(x: str, color: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.unstylize","title":"unstylize","text":"unstylize(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.generateColorFunctionInner","title":"generateColorFunctionInner","text":"generateColorFunctionInner(\n old: Callable[[object], str], new: Callable[[str], str]\n) -> Callable[[object], str]\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.generateColorFunction","title":"generateColorFunction","text":"generateColorFunction(\n config: str | Parameter,\n _globals: dict[str, Callable[[str], str]] = globals(),\n) -> Callable[[object], str]\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.strip","title":"strip","text":"strip(x: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.terminateWith","title":"terminateWith","text":"terminateWith(x: str, color: str) -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.ljust_colored","title":"ljust_colored","text":"ljust_colored(x: str, length: int, char: str = ' ') -> str\n
"},{"location":"reference/pwndbg/color/#pwndbg.color.rjust_colored","title":"rjust_colored","text":"rjust_colored(x: str, length: int, char: str = ' ')\n
"},{"location":"reference/pwndbg/color/context/","title":"pwndbg.color.context","text":""},{"location":"reference/pwndbg/color/context/#pwndbg.color.context","title":"context","text":"Functions:
-
prefix \u2013 -
highlight \u2013 -
register \u2013 -
register_changed \u2013 -
flag_bracket \u2013 -
flag_value \u2013 -
flag_set \u2013 -
flag_unset \u2013 -
flag_changed \u2013 -
banner \u2013 -
banner_title \u2013 -
comment \u2013 -
format_flags \u2013
Attributes:
-
config_prefix_color \u2013 -
config_highlight_color \u2013 -
config_register_color \u2013 -
config_flag_value_color \u2013 -
config_flag_bracket_color \u2013 -
config_flag_set_color \u2013 -
config_flag_unset_color \u2013 -
config_flag_changed_color \u2013 -
config_banner_color \u2013 -
config_banner_title \u2013 -
config_register_changed_color \u2013 -
config_register_changed_marker \u2013 -
config_comment \u2013
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_prefix_color","title":"config_prefix_color module-attribute","text":"config_prefix_color = add_color_param(\n \"code-prefix-color\",\n \"none\",\n \"color for 'context code' command (prefix marker)\",\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_highlight_color","title":"config_highlight_color module-attribute","text":"config_highlight_color = add_color_param(\n \"highlight-color\", \"green,bold\", \"color added to highlights like source/pc\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_register_color","title":"config_register_color module-attribute","text":"config_register_color = add_color_param(\n \"context-register-color\", \"bold\", \"color for registers label\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_value_color","title":"config_flag_value_color module-attribute","text":"config_flag_value_color = add_color_param(\n \"context-flag-value-color\",\n \"none\",\n \"color for flags register (register value)\",\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_bracket_color","title":"config_flag_bracket_color module-attribute","text":"config_flag_bracket_color = add_color_param(\n \"context-flag-bracket-color\", \"none\", \"color for flags register (bracket)\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_set_color","title":"config_flag_set_color module-attribute","text":"config_flag_set_color = add_color_param(\n \"context-flag-set-color\",\n \"green,bold\",\n \"color for flags register (flag set)\",\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_unset_color","title":"config_flag_unset_color module-attribute","text":"config_flag_unset_color = add_color_param(\n \"context-flag-unset-color\", \"red\", \"color for flags register (flag unset)\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_flag_changed_color","title":"config_flag_changed_color module-attribute","text":"config_flag_changed_color = add_color_param(\n \"context-flag-changed-color\",\n \"underline\",\n \"color for flags register (flag changed)\",\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_banner_color","title":"config_banner_color module-attribute","text":"config_banner_color = add_color_param(\n \"banner-color\", \"blue\", \"color for banner line\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_banner_title","title":"config_banner_title module-attribute","text":"config_banner_title = add_color_param(\n \"banner-title-color\", \"none\", \"color for banner title\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_register_changed_color","title":"config_register_changed_color module-attribute","text":"config_register_changed_color = add_color_param(\n \"context-register-changed-color\",\n \"red\",\n \"color for registers label (change marker)\",\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_register_changed_marker","title":"config_register_changed_marker module-attribute","text":"config_register_changed_marker = add_param(\n \"context-register-changed-marker\", \"*\", \"change marker for registers label\"\n)\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.config_comment","title":"config_comment module-attribute","text":"config_comment = add_color_param('comment-color', 'gray', 'color for comment')\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.prefix","title":"prefix","text":"prefix(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.highlight","title":"highlight","text":"highlight(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.register","title":"register","text":"register(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.register_changed","title":"register_changed","text":"register_changed(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_bracket","title":"flag_bracket","text":"flag_bracket(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_value","title":"flag_value","text":"flag_value(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_set","title":"flag_set","text":"flag_set(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_unset","title":"flag_unset","text":"flag_unset(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.flag_changed","title":"flag_changed","text":"flag_changed(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.banner","title":"banner","text":"banner(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.banner_title","title":"banner_title","text":"banner_title(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.comment","title":"comment","text":"comment(x: object) -> str\n
"},{"location":"reference/pwndbg/color/context/#pwndbg.color.context.format_flags","title":"format_flags","text":"format_flags(value: int | None, flags: BitFlags, last: int | None = None)\n
"},{"location":"reference/pwndbg/color/disasm/","title":"pwndbg.color.disasm","text":""},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm","title":"disasm","text":"Functions:
-
one_instruction \u2013 -
instructions_and_padding \u2013
Attributes:
-
c \u2013 -
MIN_SPACING \u2013 -
WHITESPACE_LIMIT \u2013
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.c","title":"c module-attribute","text":"c = ColorConfig(\n \"disasm\",\n [\n ColorParamSpec(\n \"branch\", \"bold\", \"color for disasm (branch/call instruction)\"\n )\n ],\n)\n
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.MIN_SPACING","title":"MIN_SPACING module-attribute","text":"MIN_SPACING = 5\n
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.WHITESPACE_LIMIT","title":"WHITESPACE_LIMIT module-attribute","text":"WHITESPACE_LIMIT = 20\n
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.one_instruction","title":"one_instruction","text":"one_instruction(ins: PwndbgInstruction) -> str\n
"},{"location":"reference/pwndbg/color/disasm/#pwndbg.color.disasm.instructions_and_padding","title":"instructions_and_padding","text":"instructions_and_padding(instructions: list[PwndbgInstruction]) -> list[str]\n
"},{"location":"reference/pwndbg/color/enhance/","title":"pwndbg.color.enhance","text":""},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance","title":"enhance","text":"Functions:
-
integer \u2013 -
string \u2013 -
comment \u2013 -
unknown \u2013
Attributes:
-
config_integer_color \u2013 -
config_string_color \u2013 -
config_comment_color \u2013 -
config_unknown_color \u2013
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.config_integer_color","title":"config_integer_color module-attribute","text":"config_integer_color = add_color_param(\n \"enhance-integer-value-color\", \"none\", \"color of value enhance (integer)\"\n)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.config_string_color","title":"config_string_color module-attribute","text":"config_string_color = add_color_param(\n \"enhance-string-value-color\", \"none\", \"color of value enhance (string)\"\n)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.config_comment_color","title":"config_comment_color module-attribute","text":"config_comment_color = add_color_param(\n \"enhance-comment-color\", \"none\", \"color of value enhance (comment)\"\n)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.config_unknown_color","title":"config_unknown_color module-attribute","text":"config_unknown_color = add_color_param(\n \"enhance-unknown-color\", \"none\", \"color of value enhance (unknown value)\"\n)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.integer","title":"integer","text":"integer(x)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.string","title":"string","text":"string(x)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.comment","title":"comment","text":"comment(x)\n
"},{"location":"reference/pwndbg/color/enhance/#pwndbg.color.enhance.unknown","title":"unknown","text":"unknown(x)\n
"},{"location":"reference/pwndbg/color/hexdump/","title":"pwndbg.color.hexdump","text":""},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump","title":"hexdump","text":"Functions:
-
normal \u2013 -
printable \u2013 -
zero \u2013 -
special \u2013 -
offset \u2013 -
address \u2013 -
separator \u2013 -
highlight_group_lsb \u2013
Attributes:
-
config_normal \u2013 -
config_printable \u2013 -
config_zero \u2013 -
config_special \u2013 -
config_offset \u2013 -
config_address \u2013 -
config_separator \u2013 -
config_highlight_group_lsb \u2013
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_normal","title":"config_normal module-attribute","text":"config_normal = add_color_param(\n \"hexdump-normal-color\", \"none\", \"color for hexdump command (normal bytes)\"\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_printable","title":"config_printable module-attribute","text":"config_printable = add_color_param(\n \"hexdump-printable-color\",\n \"bold\",\n \"color for hexdump command (printable characters)\",\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_zero","title":"config_zero module-attribute","text":"config_zero = add_color_param(\n \"hexdump-zero-color\", \"red\", \"color for hexdump command (zero bytes)\"\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_special","title":"config_special module-attribute","text":"config_special = add_color_param(\n \"hexdump-special-color\",\n \"yellow\",\n \"color for hexdump command (special bytes)\",\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_offset","title":"config_offset module-attribute","text":"config_offset = add_color_param(\n \"hexdump-offset-color\", \"none\", \"color for hexdump command (offset label)\"\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_address","title":"config_address module-attribute","text":"config_address = add_color_param(\n \"hexdump-address-color\", \"none\", \"color for hexdump command (address label)\"\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_separator","title":"config_separator module-attribute","text":"config_separator = add_color_param(\n \"hexdump-separator-color\",\n \"none\",\n \"color for hexdump command (group separator)\",\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.config_highlight_group_lsb","title":"config_highlight_group_lsb module-attribute","text":"config_highlight_group_lsb = add_param(\n \"hexdump-highlight-group-lsb\",\n \"underline\",\n \"highlight LSB of each group\",\n help_docstring=\"Applies only if hexdump-use-big-endian actually changes byte order.\",\n)\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.normal","title":"normal","text":"normal(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.printable","title":"printable","text":"printable(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.zero","title":"zero","text":"zero(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.special","title":"special","text":"special(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.offset","title":"offset","text":"offset(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.address","title":"address","text":"address(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.separator","title":"separator","text":"separator(x: str) -> str\n
"},{"location":"reference/pwndbg/color/hexdump/#pwndbg.color.hexdump.highlight_group_lsb","title":"highlight_group_lsb","text":"highlight_group_lsb(x: str) -> str\n
"},{"location":"reference/pwndbg/color/memory/","title":"pwndbg.color.memory","text":""},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory","title":"memory","text":"Functions:
-
get_address_and_symbol \u2013 Convert and colorize address 0x7ffff7fcecd0 to string 0x7ffff7fcecd0 (_dl_fini)
-
get_address_or_symbol \u2013 Convert and colorize address to symbol if it can be resolved, else return colorized address
-
attempt_colorized_symbol \u2013 Convert address to colorized symbol (if symbol is there), else None
-
get \u2013 Returns a colorized string representing the provided address.
-
legend \u2013
Attributes:
-
ColorFunction \u2013 -
c \u2013
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.ColorFunction","title":"ColorFunction module-attribute","text":"ColorFunction = Callable[[str], str]\n
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.c","title":"c module-attribute","text":"c = ColorConfig(\n \"memory\",\n [\n ColorParamSpec(\"stack\", \"yellow\", \"color for stack memory\"),\n ColorParamSpec(\"heap\", \"blue\", \"color for heap memory\"),\n ColorParamSpec(\"code\", \"red\", \"color for executable memory\"),\n ColorParamSpec(\"data\", \"purple\", \"color for all other writable memory\"),\n ColorParamSpec(\"rodata\", \"normal\", \"color for all read only memory\"),\n ColorParamSpec(\"wx\", \"underline\", \"color added to all WX memory\"),\n ColorParamSpec(\n \"guard\", \"cyan\", \"color added to all guard pages (no perms)\"\n ),\n ],\n)\n
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.get_address_and_symbol","title":"get_address_and_symbol","text":"get_address_and_symbol(address: int) -> str\n
Convert and colorize address 0x7ffff7fcecd0 to string 0x7ffff7fcecd0 (_dl_fini) If no symbol exists for the address, return colorized address
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.get_address_or_symbol","title":"get_address_or_symbol","text":"get_address_or_symbol(address: int) -> str\n
Convert and colorize address to symbol if it can be resolved, else return colorized address
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.attempt_colorized_symbol","title":"attempt_colorized_symbol","text":"attempt_colorized_symbol(address: int) -> str | None\n
Convert address to colorized symbol (if symbol is there), else None
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.get","title":"get","text":"get(\n address: int | Value | Any,\n text: str | None = None,\n prefix: str | None = None,\n) -> str\n
Returns a colorized string representing the provided address.
Parameters:
"},{"location":"reference/pwndbg/color/memory/#pwndbg.color.memory.legend","title":"legend","text":"legend()\n
"},{"location":"reference/pwndbg/color/message/","title":"pwndbg.color.message","text":""},{"location":"reference/pwndbg/color/message/#pwndbg.color.message","title":"message","text":"Functions:
-
on \u2013 -
off \u2013 -
notice \u2013 -
hint \u2013 -
success \u2013 -
debug \u2013 -
info \u2013 -
warn \u2013 -
error \u2013 -
system \u2013 -
exit \u2013 -
breakpoint \u2013 -
signal \u2013 -
prompt \u2013 -
alive_prompt \u2013 -
readline_escape \u2013
Attributes:
-
config_status_on_color \u2013 -
config_status_off_color \u2013 -
config_notice_color \u2013 -
config_hint_color \u2013 -
config_success_color \u2013 -
config_debug_color \u2013 -
config_info_color \u2013 -
config_warning_color \u2013 -
config_error_color \u2013 -
config_system_color \u2013 -
config_exit_color \u2013 -
config_breakpoint_color \u2013 -
config_signal_color \u2013 -
config_prompt_color \u2013 -
config_prompt_alive_color \u2013
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_status_on_color","title":"config_status_on_color module-attribute","text":"config_status_on_color = add_color_param(\n \"message-status-on-color\", \"green\", \"color of on status messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_status_off_color","title":"config_status_off_color module-attribute","text":"config_status_off_color = add_color_param(\n \"message-status-off-color\", \"red\", \"color of off status messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_notice_color","title":"config_notice_color module-attribute","text":"config_notice_color = add_color_param(\n \"message-notice-color\", \"purple\", \"color of notice messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_hint_color","title":"config_hint_color module-attribute","text":"config_hint_color = add_color_param(\n \"message-hint-color\", \"yellow\", \"color of hint and marker messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_success_color","title":"config_success_color module-attribute","text":"config_success_color = add_color_param(\n \"message-success-color\", \"green\", \"color of success messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_debug_color","title":"config_debug_color module-attribute","text":"config_debug_color = add_color_param(\n \"message-debug-color\", \"blue\", \"color of debug messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_info_color","title":"config_info_color module-attribute","text":"config_info_color = add_color_param(\n \"message-info-color\", \"white\", \"color of info messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_warning_color","title":"config_warning_color module-attribute","text":"config_warning_color = add_color_param(\n \"message-warning-color\", \"yellow\", \"color of warning messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_error_color","title":"config_error_color module-attribute","text":"config_error_color = add_color_param(\n \"message-error-color\", \"red\", \"color of error messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_system_color","title":"config_system_color module-attribute","text":"config_system_color = add_color_param(\n \"message-system-color\", \"light-red\", \"color of system messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_exit_color","title":"config_exit_color module-attribute","text":"config_exit_color = add_color_param(\n \"message-exit-color\", \"red\", \"color of exit messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_breakpoint_color","title":"config_breakpoint_color module-attribute","text":"config_breakpoint_color = add_color_param(\n \"message-breakpoint-color\", \"yellow\", \"color of breakpoint messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_signal_color","title":"config_signal_color module-attribute","text":"config_signal_color = add_color_param(\n \"message-signal-color\", \"bold,red\", \"color of signal messages\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_prompt_color","title":"config_prompt_color module-attribute","text":"config_prompt_color = add_color_param(\n \"prompt-color\", \"bold,red\", \"prompt color\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.config_prompt_alive_color","title":"config_prompt_alive_color module-attribute","text":"config_prompt_alive_color = add_color_param(\n \"prompt-alive-color\", \"bold,green\", \"prompt alive color\"\n)\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.on","title":"on","text":"on(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.off","title":"off","text":"off(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.notice","title":"notice","text":"notice(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.hint","title":"hint","text":"hint(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.success","title":"success","text":"success(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.debug","title":"debug","text":"debug(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.info","title":"info","text":"info(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.warn","title":"warn","text":"warn(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.error","title":"error","text":"error(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.system","title":"system","text":"system(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.exit","title":"exit","text":"exit(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.breakpoint","title":"breakpoint","text":"breakpoint(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.signal","title":"signal","text":"signal(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.prompt","title":"prompt","text":"prompt(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.alive_prompt","title":"alive_prompt","text":"alive_prompt(msg: object) -> str\n
"},{"location":"reference/pwndbg/color/message/#pwndbg.color.message.readline_escape","title":"readline_escape","text":"readline_escape(func_message: Callable[[str], str], text: str) -> str\n
"},{"location":"reference/pwndbg/color/syntax_highlight/","title":"pwndbg.color.syntax_highlight","text":""},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight","title":"syntax_highlight","text":"Functions:
-
check_style \u2013 -
syntax_highlight \u2013
Attributes:
-
style \u2013 -
formatter \u2013 -
pwntools_lexer \u2013 -
lexer_cache (dict[str, Any]) \u2013
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.style","title":"style module-attribute","text":"style = add_param(\n \"syntax-highlight-style\",\n \"monokai\",\n \"source code / assembly syntax highlight stylename of pygments module\",\n)\n
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.formatter","title":"formatter module-attribute","text":"formatter = Terminal256Formatter(style=str(style))\n
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.pwntools_lexer","title":"pwntools_lexer module-attribute","text":"pwntools_lexer = PwntoolsLexer()\n
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.lexer_cache","title":"lexer_cache module-attribute","text":"lexer_cache: dict[str, Any] = {}\n
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.check_style","title":"check_style","text":"check_style() -> None\n
"},{"location":"reference/pwndbg/color/syntax_highlight/#pwndbg.color.syntax_highlight.syntax_highlight","title":"syntax_highlight","text":"syntax_highlight(code: str, filename: str = '.asm') -> str\n
"},{"location":"reference/pwndbg/color/telescope/","title":"pwndbg.color.telescope","text":""},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope","title":"telescope","text":"Functions:
-
offset \u2013 -
register \u2013 -
separator \u2013 -
delimiter \u2013 -
repeating_marker \u2013
Attributes:
-
offset_color \u2013 -
register_color \u2013 -
offset_separator_color \u2013 -
offset_delimiter_color \u2013 -
repeating_marker_color \u2013
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.offset_color","title":"offset_color module-attribute","text":"offset_color = add_color_param(\n \"telescope-offset-color\",\n \"normal\",\n \"color of the telescope command (offset prefix)\",\n)\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.register_color","title":"register_color module-attribute","text":"register_color = add_color_param(\n \"telescope-register-color\",\n \"bold\",\n \"color of the telescope command (register)\",\n)\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.offset_separator_color","title":"offset_separator_color module-attribute","text":"offset_separator_color = add_color_param(\n \"telescope-offset-separator-color\",\n \"normal\",\n \"color of the telescope command (offset separator)\",\n)\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.offset_delimiter_color","title":"offset_delimiter_color module-attribute","text":"offset_delimiter_color = add_color_param(\n \"telescope-offset-delimiter-color\",\n \"normal\",\n \"color of the telescope command (offset delimiter)\",\n)\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.repeating_marker_color","title":"repeating_marker_color module-attribute","text":"repeating_marker_color = add_color_param(\n \"telescope-repeating-marker-color\",\n \"normal\",\n \"color of the telescope command (repeating values marker)\",\n)\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.offset","title":"offset","text":"offset(x: object) -> str\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.register","title":"register","text":"register(x: object) -> str\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.separator","title":"separator","text":"separator(x: object) -> str\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.delimiter","title":"delimiter","text":"delimiter(x: object) -> str\n
"},{"location":"reference/pwndbg/color/telescope/#pwndbg.color.telescope.repeating_marker","title":"repeating_marker","text":"repeating_marker(x: object) -> str\n
"},{"location":"reference/pwndbg/color/theme/","title":"pwndbg.color.theme","text":""},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme","title":"theme","text":"Classes:
Functions:
-
add_param \u2013 -
add_color_param \u2013
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter","title":"ColorParameter","text":"ColorParameter(*args, **kwargs)\n
Bases: Parameter
Methods:
-
update_color_function \u2013 -
add_update_listener \u2013 -
revert_default \u2013 -
attr_name \u2013 Returns the attribute name associated with this config option,
-
__getattr__ \u2013 -
pretty_val \u2013 Convert a value this object could contain to its pretty string representation.
-
pretty \u2013 -
pretty_default \u2013 -
__int__ \u2013 -
__str__ \u2013 -
__bool__ \u2013 -
__eq__ \u2013 -
__lt__ \u2013 -
__add__ \u2013 -
__radd__ \u2013 -
__sub__ \u2013 -
__rsub__ \u2013 -
__mul__ \u2013 -
__rmul__ \u2013 -
__div__ \u2013 -
__floordiv__ \u2013 -
__pow__ \u2013 -
__mod__ \u2013 -
__len__ \u2013
Attributes:
-
color_function (Callable[[object], str]) \u2013 -
name \u2013 -
default \u2013 -
param_class \u2013 -
set_show_doc \u2013 -
help_docstring \u2013 -
enum_sequence \u2013 -
scope \u2013 -
update_listeners (list[Callable[[Any], None]]) \u2013 -
value (Any) \u2013 -
is_changed (bool) \u2013
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.color_function","title":"color_function instance-attribute","text":"color_function: Callable[[object], str]\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.name","title":"name instance-attribute","text":"name = name\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.default","title":"default instance-attribute","text":"default = default\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.param_class","title":"param_class instance-attribute","text":"param_class = param_class or PARAM_CLASSES[type(default)]\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.set_show_doc","title":"set_show_doc instance-attribute","text":"set_show_doc = set_show_doc\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.help_docstring","title":"help_docstring instance-attribute","text":"help_docstring = help_docstring\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.enum_sequence","title":"enum_sequence instance-attribute","text":"enum_sequence = enum_sequence\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.scope","title":"scope instance-attribute","text":"scope = scope\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.update_listeners","title":"update_listeners instance-attribute","text":"update_listeners: list[Callable[[Any], None]] = []\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.value","title":"value property writable","text":"value: Any\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.is_changed","title":"is_changed property","text":"is_changed: bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.update_color_function","title":"update_color_function","text":"update_color_function()\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.add_update_listener","title":"add_update_listener","text":"add_update_listener(listener: Callable[[Any], None]) -> None\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.revert_default","title":"revert_default","text":"revert_default() -> None\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.attr_name","title":"attr_name","text":"attr_name() -> str\n
Returns the attribute name associated with this config option, i.e. my-config has the attribute name my_config
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.pretty_val","title":"pretty_val","text":"pretty_val(val: Any) -> str\n
Convert a value this object could contain to its pretty string representation.
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.pretty","title":"pretty","text":"pretty() -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.pretty_default","title":"pretty_default","text":"pretty_default() -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__int__","title":"__int__","text":"__int__() -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__bool__","title":"__bool__","text":"__bool__() -> bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__eq__","title":"__eq__","text":"__eq__(other: object) -> bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__lt__","title":"__lt__","text":"__lt__(other: object) -> bool\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__add__","title":"__add__","text":"__add__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__radd__","title":"__radd__","text":"__radd__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__sub__","title":"__sub__","text":"__sub__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__rsub__","title":"__rsub__","text":"__rsub__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__mul__","title":"__mul__","text":"__mul__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__rmul__","title":"__rmul__","text":"__rmul__(other: int) -> str\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__div__","title":"__div__","text":"__div__(other: float) -> float\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__floordiv__","title":"__floordiv__","text":"__floordiv__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__pow__","title":"__pow__","text":"__pow__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__mod__","title":"__mod__","text":"__mod__(other: int) -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.ColorParameter.__len__","title":"__len__","text":"__len__() -> int\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.add_param","title":"add_param","text":"add_param(\n name: str,\n default: Any,\n set_show_doc: str,\n *,\n help_docstring: str = \"\",\n param_class: int | None = None,\n enum_sequence: Sequence[str] | None = None,\n) -> Parameter\n
"},{"location":"reference/pwndbg/color/theme/#pwndbg.color.theme.add_color_param","title":"add_color_param","text":"add_color_param(name: str, default: Any, set_show_doc: str) -> ColorParameter\n
"},{"location":"reference/pwndbg/commands/","title":"pwndbg.commands","text":""},{"location":"reference/pwndbg/commands/#pwndbg.commands","title":"commands","text":"Pwndbg command implementations.
As well as various command-handling logic.
Modules:
-
ai \u2013 This command sends information on the current debugging context to OpenAI's
-
argv \u2013 -
aslr \u2013 -
asm \u2013 -
attachp \u2013 -
auxv \u2013 -
binder \u2013 -
binja \u2013 -
binja_functions \u2013 -
branch \u2013 -
buddydump \u2013 -
canary \u2013 -
checksec \u2013 -
comments \u2013 -
config \u2013 Dumps all pwndbg-specific configuration points.
-
context \u2013 -
cpsr \u2013 -
cyclic \u2013 -
cymbol \u2013 Add, load, show, edit, or delete symbols for custom structures.
-
dev \u2013 -
distance \u2013 -
dt \u2013 -
dumpargs \u2013 -
elf \u2013 -
flags \u2013 -
gdt \u2013 -
ghidra \u2013 -
godbg \u2013 -
got \u2013 -
got_tracking \u2013 -
hex2ptr \u2013 -
hexdump \u2013 -
hijack_fd \u2013 -
ida \u2013 -
ignore \u2013 Ignoring a breakpoint
-
integration \u2013 -
ipython_interactive \u2013 Command to start an interactive IPython prompt.
-
jemalloc \u2013 -
kbase \u2013 -
kchecksec \u2013 -
kcmdline \u2013 -
kconfig \u2013 -
killthreads \u2013 -
klookup \u2013 -
knft \u2013 -
kversion \u2013 -
leakfind \u2013 Find a chain of leaks given some starting address.
-
libcinfo \u2013 -
linkmap \u2013 -
memoize \u2013 -
misc \u2013 -
mmap \u2013 -
mprotect \u2013 -
msr \u2013 -
nearpc \u2013 -
next \u2013 Stepping until an event occurs
-
onegadget \u2013 -
p2p \u2013 -
paging \u2013 -
patch \u2013 -
peda \u2013 -
pie \u2013 -
plist \u2013 -
probeleak \u2013 -
procinfo \u2013 -
profiler \u2013 Utilities for profiling pwndbg.
-
ptmalloc2 \u2013 -
ptmalloc2_tracking \u2013 -
radare2 \u2013 -
reload \u2013 -
retaddr \u2013 -
rizin \u2013 -
rop \u2013 -
ropper \u2013 -
saved_register_frames \u2013 -
search \u2013 -
segments \u2013 -
sigreturn \u2013 -
slab \u2013 Commands for dealing with Linux kernel slab allocator. Currently, only SLUB is supported.
-
spray \u2013 -
start \u2013 Launches the target process after setting a breakpoint at a convenient
-
strings \u2013 -
telescope \u2013 Prints out pointer chains starting at some address in memory.
-
tips \u2013 -
tls \u2013 Command to print the information of the current Thread Local Storage (TLS).
-
valist \u2013 -
version \u2013 Implements version and bugreport commands.
-
vmmap \u2013 Command to print the virtual memory map a la /proc/self/maps.
-
windbg \u2013 Compatibility functionality for WinDbg users.
-
xinfo \u2013 -
xor \u2013
Classes:
-
CommandCategory \u2013 -
InvalidDebuggerError \u2013 Raised when a command is called in a debugger for which
-
CommandFormatter \u2013 The formatter_class that is passed to argparse for all
-
CommandObj \u2013 Represents a command that can be invoked from the
-
Command \u2013 Parametrized decorator for functions that serve as pwndbg commands.
Functions:
-
fix \u2013 Fix a single command-line argument coming from the CLI.
-
fix_reraise \u2013 -
fix_reraise_arg \u2013 fix_reraise wrapper for evaluating command arguments
-
fix_int \u2013 -
fix_int_reraise \u2013 -
fix_int_reraise_arg \u2013 fix_int_reraise wrapper for evaluating command arguments
-
func_name \u2013 -
OnlyWhenLocal \u2013 -
OnlyWithFile \u2013 -
OnlyWhenQemuKernel \u2013 -
OnlyWhenUserspace \u2013 -
OnlyWithKernelDebugSyms \u2013 -
OnlyWhenPagingEnabled \u2013 -
OnlyWhenRunning \u2013 -
OnlyWithTcache \u2013 -
OnlyWhenHeapIsInitialized \u2013 -
OnlyWithResolvedHeapSyms \u2013 -
sloppy_gdb_parse \u2013 This function should be used as argparse.ArgumentParser .add_argument method's type helper.
-
AddressExpr \u2013 Parses an address expression. Returns an int.
-
HexOrAddressExpr \u2013 Parses string as hexadecimal int or an address expression. Returns an int.
-
load_commands \u2013
Attributes:
-
log \u2013 -
T \u2013 -
P \u2013 -
commands (list[CommandObj]) \u2013 -
command_names (set[str]) \u2013 -
GDB_BUILTIN_COMMANDS \u2013 -
pwndbg_is_reloading \u2013
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.log","title":"log module-attribute","text":"log = getLogger(__name__)\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.commands","title":"commands module-attribute","text":"commands: list[CommandObj] = []\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.command_names","title":"command_names module-attribute","text":"command_names: set[str] = set()\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.GDB_BUILTIN_COMMANDS","title":"GDB_BUILTIN_COMMANDS module-attribute","text":"GDB_BUILTIN_COMMANDS = commands()\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.pwndbg_is_reloading","title":"pwndbg_is_reloading module-attribute","text":"pwndbg_is_reloading = False\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory","title":"CommandCategory","text":" Bases: str, Enum
Attributes:
-
START \u2013 -
NEXT \u2013 -
CONTEXT \u2013 -
PTMALLOC2 \u2013 -
JEMALLOC \u2013 -
BREAKPOINT \u2013 -
MEMORY \u2013 -
STACK \u2013 -
REGISTER \u2013 -
PROCESS \u2013 -
LINUX \u2013 -
DISASS \u2013 -
MISC \u2013 -
KERNEL \u2013 -
INTEGRATIONS \u2013 -
WINDBG \u2013 -
PWNDBG \u2013 -
SHELL \u2013 -
DEV \u2013
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.START","title":"START class-attribute instance-attribute","text":"START = 'Start'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.NEXT","title":"NEXT class-attribute instance-attribute","text":"NEXT = 'Step/Next/Continue'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.CONTEXT","title":"CONTEXT class-attribute instance-attribute","text":"CONTEXT = 'Context'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.PTMALLOC2","title":"PTMALLOC2 class-attribute instance-attribute","text":"PTMALLOC2 = 'GLibc ptmalloc2 Heap'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.JEMALLOC","title":"JEMALLOC class-attribute instance-attribute","text":"JEMALLOC = 'jemalloc Heap'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.BREAKPOINT","title":"BREAKPOINT class-attribute instance-attribute","text":"BREAKPOINT = 'Breakpoint'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.MEMORY","title":"MEMORY class-attribute instance-attribute","text":"MEMORY = 'Memory'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.STACK","title":"STACK class-attribute instance-attribute","text":"STACK = 'Stack'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.REGISTER","title":"REGISTER class-attribute instance-attribute","text":"REGISTER = 'Register'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.PROCESS","title":"PROCESS class-attribute instance-attribute","text":"PROCESS = 'Process'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.LINUX","title":"LINUX class-attribute instance-attribute","text":"LINUX = 'Linux/libc/ELF'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.DISASS","title":"DISASS class-attribute instance-attribute","text":"DISASS = 'Disassemble'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.MISC","title":"MISC class-attribute instance-attribute","text":"MISC = 'Misc'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.KERNEL","title":"KERNEL class-attribute instance-attribute","text":"KERNEL = 'Kernel'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.INTEGRATIONS","title":"INTEGRATIONS class-attribute instance-attribute","text":"INTEGRATIONS = 'Integrations'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.WINDBG","title":"WINDBG class-attribute instance-attribute","text":"WINDBG = 'WinDbg'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.PWNDBG","title":"PWNDBG class-attribute instance-attribute","text":"PWNDBG = 'Pwndbg'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.SHELL","title":"SHELL class-attribute instance-attribute","text":"SHELL = 'Shell'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandCategory.DEV","title":"DEV class-attribute instance-attribute","text":"DEV = 'Developer'\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.InvalidDebuggerError","title":"InvalidDebuggerError","text":" Bases: Exception
Raised when a command is called in a debugger for which it is disallowed.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandFormatter","title":"CommandFormatter","text":" Bases: RawDescriptionHelpFormatter
The formatter_class that is passed to argparse for all commands.
Subclassing this isn't officially supported, but there isn't a good alternative.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj","title":"CommandObj","text":"CommandObj(\n function: Callable[..., str | None],\n parser: ArgumentParser,\n command_name: str | None,\n category: CommandCategory,\n aliases: list[str],\n examples: str,\n notes: str,\n)\n
Represents a command that can be invoked from the debugger.
Methods:
-
register_command \u2013 Register this object command with the underlying debugger
-
has_notes_string \u2013 -
has_examples_string \u2013 -
initialize_parser \u2013 -
invoke \u2013 Invoke the command with an argument string
-
check_repeated \u2013 Keep a record of all commands which come from the TTY.
-
__call__ \u2013
Attributes:
-
builtin_override_whitelist (set[str]) \u2013 -
history (dict[int, str]) \u2013 -
function \u2013 -
command_name \u2013 -
category \u2013 -
aliases \u2013 -
examples \u2013 -
notes \u2013 -
parser \u2013 -
repeat \u2013
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.builtin_override_whitelist","title":"builtin_override_whitelist class-attribute instance-attribute","text":"builtin_override_whitelist: set[str] = {\n \"up\",\n \"down\",\n \"search\",\n \"pwd\",\n \"start\",\n \"starti\",\n \"ignore\",\n}\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.history","title":"history class-attribute instance-attribute","text":"history: dict[int, str] = {}\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.function","title":"function instance-attribute","text":"function = function\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.command_name","title":"command_name instance-attribute","text":"command_name = command_name\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.category","title":"category instance-attribute","text":"category = category\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.aliases","title":"aliases instance-attribute","text":"aliases = aliases\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.examples","title":"examples instance-attribute","text":"examples = strip()\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.notes","title":"notes instance-attribute","text":"notes = strip()\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.parser","title":"parser instance-attribute","text":"parser = parser\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.repeat","title":"repeat instance-attribute","text":"repeat = False\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.register_command","title":"register_command","text":"register_command()\n
Register this object command with the underlying debugger and update pwndbg global state to know about this command.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.has_notes_string","title":"has_notes_string staticmethod","text":"has_notes_string(text: str) -> bool\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.has_examples_string","title":"has_examples_string staticmethod","text":"has_examples_string(text: str) -> bool\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.initialize_parser","title":"initialize_parser","text":"initialize_parser()\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.invoke","title":"invoke","text":"invoke(argument: str, from_tty: bool) -> None\n
Invoke the command with an argument string
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.check_repeated","title":"check_repeated","text":"check_repeated(argument: str, from_tty: bool) -> bool\n
Keep a record of all commands which come from the TTY.
Returns:
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.CommandObj.__call__","title":"__call__","text":"__call__(*args: Any, **kwargs: Any) -> str | None\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command","title":"Command","text":"Command(\n parser_or_desc: str | ArgumentParser,\n *,\n category: CommandCategory,\n command_name: str | None = None,\n aliases: list[str] = [],\n examples: str = \"\",\n notes: str = \"\",\n only_debuggers: set[DebuggerType] = None,\n exclude_debuggers: set[DebuggerType] = None,\n)\n
Parametrized decorator for functions that serve as pwndbg commands.
Always use this to decorate your commands.
Methods:
Attributes:
-
parser \u2013 -
category \u2013 -
command_name \u2013 -
aliases \u2013 -
examples \u2013 -
notes \u2013 -
only_debuggers \u2013 -
exclude_debuggers \u2013
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.parser","title":"parser instance-attribute","text":"parser = ArgumentParser(description=parser_or_desc)\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.category","title":"category instance-attribute","text":"category = category\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.command_name","title":"command_name instance-attribute","text":"command_name = command_name\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.aliases","title":"aliases instance-attribute","text":"aliases = aliases\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.examples","title":"examples instance-attribute","text":"examples = examples\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.notes","title":"notes instance-attribute","text":"notes = notes\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.only_debuggers","title":"only_debuggers instance-attribute","text":"only_debuggers = only_debuggers\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.exclude_debuggers","title":"exclude_debuggers instance-attribute","text":"exclude_debuggers = exclude_debuggers\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.Command.__call__","title":"__call__","text":"__call__(function: Callable[..., Any]) -> CommandObj\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix","title":"fix","text":"fix(\n arg: str | Value,\n sloppy: bool = False,\n quiet: bool = True,\n reraise: bool = False,\n) -> str | Value | None\n
Fix a single command-line argument coming from the CLI.
Parameters:
-
arg (str | Value) \u2013 Original string representation (e.g. '0', '$rax', '$rax+44')
-
sloppy (bool, default: False ) \u2013 If arg cannot be evaluated, return arg. (default: False)
-
quiet (bool, default: True ) \u2013 If an error occurs, suppress it. (default: True)
-
reraise (bool, default: False ) \u2013 If an error occurs, raise the exception. (default: False)
Returns:
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_reraise","title":"fix_reraise","text":"fix_reraise(*a, **kw) -> str | Value | None\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_reraise_arg","title":"fix_reraise_arg","text":"fix_reraise_arg(arg) -> Value\n
fix_reraise wrapper for evaluating command arguments
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_int","title":"fix_int","text":"fix_int(*a, **kw) -> int\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_int_reraise","title":"fix_int_reraise","text":"fix_int_reraise(*a, **kw) -> int\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.fix_int_reraise_arg","title":"fix_int_reraise_arg","text":"fix_int_reraise_arg(arg) -> int\n
fix_int_reraise wrapper for evaluating command arguments
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.func_name","title":"func_name","text":"func_name(function: Callable[P, T]) -> str\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenLocal","title":"OnlyWhenLocal","text":"OnlyWhenLocal(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithFile","title":"OnlyWithFile","text":"OnlyWithFile(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenQemuKernel","title":"OnlyWhenQemuKernel","text":"OnlyWhenQemuKernel(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenUserspace","title":"OnlyWhenUserspace","text":"OnlyWhenUserspace(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithKernelDebugSyms","title":"OnlyWithKernelDebugSyms","text":"OnlyWithKernelDebugSyms(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenPagingEnabled","title":"OnlyWhenPagingEnabled","text":"OnlyWhenPagingEnabled(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenRunning","title":"OnlyWhenRunning","text":"OnlyWhenRunning(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithTcache","title":"OnlyWithTcache","text":"OnlyWithTcache(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWhenHeapIsInitialized","title":"OnlyWhenHeapIsInitialized","text":"OnlyWhenHeapIsInitialized(\n function: Callable[P, T],\n) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.OnlyWithResolvedHeapSyms","title":"OnlyWithResolvedHeapSyms","text":"OnlyWithResolvedHeapSyms(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.sloppy_gdb_parse","title":"sloppy_gdb_parse","text":"sloppy_gdb_parse(s: str) -> int | str\n
This function should be used as argparse.ArgumentParser .add_argument method's type helper.
This makes the type being parsed as gdb value and if that parsing fails, a string is returned.
:param s: String. :return: Whatever gdb.parse_and_eval returns or string.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.AddressExpr","title":"AddressExpr","text":"AddressExpr(s: str) -> int\n
Parses an address expression. Returns an int.
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.HexOrAddressExpr","title":"HexOrAddressExpr","text":"HexOrAddressExpr(s: str) -> int\n
Parses string as hexadecimal int or an address expression. Returns an int. (e.g. '1234' will return 0x1234)
"},{"location":"reference/pwndbg/commands/#pwndbg.commands.load_commands","title":"load_commands","text":"load_commands() -> None\n
"},{"location":"reference/pwndbg/commands/ai/","title":"pwndbg.commands.ai","text":""},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai","title":"ai","text":"This command sends information on the current debugging context to OpenAI's GPT-3 large language model and asks it a question supplied by the user. It then displays GPT-3's response to that question to the user.
Functions:
-
set_dummy_mode \u2013 -
get_openai_api_key \u2013 -
get_anthropic_api_key \u2013 -
get_ollama_endpoint \u2013 -
build_prompt \u2013 -
flatten_prompt \u2013 -
build_context_prompt_body \u2013 -
build_command_prompt_body \u2013 -
query_openai_chat \u2013 -
query_openai_completions \u2013 -
query \u2013 -
query_anthropic \u2013 -
query_ollama \u2013 -
get_openai_models \u2013 -
ai \u2013
Attributes:
-
last_question (list[str]) \u2013 -
last_answer (list[str]) \u2013 -
last_pc \u2013 -
last_command \u2013 -
dummy \u2013 -
verbosity \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.last_question","title":"last_question module-attribute","text":"last_question: list[str] = []\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.last_answer","title":"last_answer module-attribute","text":"last_answer: list[str] = []\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.last_pc","title":"last_pc module-attribute","text":"last_pc = None\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.last_command","title":"last_command module-attribute","text":"last_command = None\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.dummy","title":"dummy module-attribute","text":"dummy = False\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.verbosity","title":"verbosity module-attribute","text":"verbosity = 0\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Ask GPT-3 a question about the current debugging context.\"\n)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.set_dummy_mode","title":"set_dummy_mode","text":"set_dummy_mode(d=True) -> None\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_openai_api_key","title":"get_openai_api_key","text":"get_openai_api_key()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_anthropic_api_key","title":"get_anthropic_api_key","text":"get_anthropic_api_key()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_ollama_endpoint","title":"get_ollama_endpoint","text":"get_ollama_endpoint()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.build_prompt","title":"build_prompt","text":"build_prompt(question, command=None)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.flatten_prompt","title":"flatten_prompt","text":"flatten_prompt(conversation)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.build_context_prompt_body","title":"build_context_prompt_body","text":"build_context_prompt_body()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.build_command_prompt_body","title":"build_command_prompt_body","text":"build_command_prompt_body(command)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_openai_chat","title":"query_openai_chat","text":"query_openai_chat(\n prompt, model=\"gpt-3.5-turbo\", max_tokens=100, temperature=0.0\n)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_openai_completions","title":"query_openai_completions","text":"query_openai_completions(\n prompt, model=\"text-davinci-003\", max_tokens=100, temperature=0.0\n)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query","title":"query","text":"query(prompt, model='text-davinci-003', max_tokens=100, temperature=0.0)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_anthropic","title":"query_anthropic","text":"query_anthropic(prompt, model='claude-v1', max_tokens=100, temperature=0.0)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.query_ollama","title":"query_ollama","text":"query_ollama(prompt, model='mistral', max_tokens=100, temperature=0.0)\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.get_openai_models","title":"get_openai_models","text":"get_openai_models()\n
"},{"location":"reference/pwndbg/commands/ai/#pwndbg.commands.ai.ai","title":"ai","text":"ai(\n question,\n model,\n temperature,\n max_tokens,\n verbose,\n list_models=False,\n command=None,\n) -> None\n
"},{"location":"reference/pwndbg/commands/argv/","title":"pwndbg.commands.argv","text":""},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv","title":"argv","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Prints out the contents of the environment.\"\n)\n
"},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv.argc","title":"argc","text":"argc() -> None\n
"},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv.argv","title":"argv","text":"argv(i: int = None) -> None\n
"},{"location":"reference/pwndbg/commands/argv/#pwndbg.commands.argv.envp","title":"envp","text":"envp(name: str = None)\n
Prints out the contents of the environment.
"},{"location":"reference/pwndbg/commands/aslr/","title":"pwndbg.commands.aslr","text":""},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr","title":"aslr","text":"Functions:
Attributes:
-
options \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr.options","title":"options module-attribute","text":"options = {'on': 'off', 'off': 'on'}\n
"},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"\\nCheck the current ASLR status, or turn it on/off.\\n\\nDoes not take effect until the program is restarted.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr.check_aslr","title":"check_aslr","text":"check_aslr() -> tuple[bool | None, str]\n
Detects the ASLR status. Returns True, False or None.
None is returned when we can't detect ASLR.
"},{"location":"reference/pwndbg/commands/aslr/#pwndbg.commands.aslr.aslr","title":"aslr","text":"aslr(state=None) -> None\n
"},{"location":"reference/pwndbg/commands/asm/","title":"pwndbg.commands.asm","text":""},{"location":"reference/pwndbg/commands/asm/#pwndbg.commands.asm","title":"asm","text":"Functions:
Attributes:
-
parser \u2013 -
input_group \u2013
"},{"location":"reference/pwndbg/commands/asm/#pwndbg.commands.asm.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Assemble shellcode into bytes')\n
"},{"location":"reference/pwndbg/commands/asm/#pwndbg.commands.asm.input_group","title":"input_group module-attribute","text":"input_group = add_mutually_exclusive_group(required=True)\n
"},{"location":"reference/pwndbg/commands/asm/#pwndbg.commands.asm.asm","title":"asm","text":"asm(shellcode, format, arch, avoid, infile) -> None\n
"},{"location":"reference/pwndbg/commands/attachp/","title":"pwndbg.commands.attachp","text":""},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp","title":"attachp","text":"Functions:
-
find_pids \u2013 -
attachp \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description='Attaches to a given pid, process name, process found with partial argv match or to a device file.\\n\\nThis command wraps the original GDB `attach` command to add the ability\\nto debug a process with a given name or partial name match. In such cases,\\nthe process identifier is fetched via the `pidof <name>` command first. If no\\nmatches are found, then it uses the `ps -eo pid,args` command to search for\\npartial name matches.\\n\\nOriginal GDB attach command help:\\n Attach to a process or file outside of GDB.\\n This command attaches to another target, of the same type as your last\\n \"target\" command (\"info files\" will show your target stack).\\n The command may take as argument a process id or a device file.\\n For a process id, you must have permission to send the process a signal,\\n and it must have the same effective uid as the debugger.\\n When using \"attach\" with a process id, the debugger finds the\\n program running in the process, looking first in the current working\\n directory, or (if not found there) using the source file search path\\n (see the \"directory\" command). You can also use the \"file\" command\\n to specify the program, and to load its symbol table.'\n)\n
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.find_pids","title":"find_pids","text":"find_pids(target, user, exact, all)\n
"},{"location":"reference/pwndbg/commands/attachp/#pwndbg.commands.attachp.attachp","title":"attachp","text":"attachp(target, no_truncate, retry, exact, all, user=None) -> None\n
"},{"location":"reference/pwndbg/commands/auxv/","title":"pwndbg.commands.auxv","text":""},{"location":"reference/pwndbg/commands/auxv/#pwndbg.commands.auxv","title":"auxv","text":"Functions:
-
auxv \u2013 -
auxv_explore \u2013
"},{"location":"reference/pwndbg/commands/auxv/#pwndbg.commands.auxv.auxv","title":"auxv","text":"auxv() -> None\n
"},{"location":"reference/pwndbg/commands/auxv/#pwndbg.commands.auxv.auxv_explore","title":"auxv_explore","text":"auxv_explore() -> None\n
"},{"location":"reference/pwndbg/commands/binder/","title":"pwndbg.commands.binder","text":""},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder","title":"binder","text":"Classes:
-
IndentContextManager \u2013 -
BinderVisitor \u2013
Functions:
-
for_each_transaction \u2013 -
for_each_hlist_entry \u2013 -
binder \u2013
Attributes:
-
log \u2013 -
addrc \u2013 -
fieldnamec \u2013 -
fieldvaluec \u2013 -
typenamec \u2013 -
node_types \u2013 -
entry_field_names \u2013 -
rb_node_field_names \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.log","title":"log module-attribute","text":"log = getLogger(__name__)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.addrc","title":"addrc module-attribute","text":"addrc = green\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.fieldnamec","title":"fieldnamec module-attribute","text":"fieldnamec = blue\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.fieldvaluec","title":"fieldvaluec module-attribute","text":"fieldvaluec = yellow\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.typenamec","title":"typenamec module-attribute","text":"typenamec = red\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.node_types","title":"node_types module-attribute","text":"node_types = {\n \"waiting_threads\": \"struct binder_thread\",\n \"todo\": \"struct binder_work\",\n \"refs\": \"struct binder_ref\",\n \"threads\": \"struct binder_thread\",\n \"nodes\": \"struct binder_node\",\n \"refs_by_node\": \"struct binder_ref\",\n}\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.entry_field_names","title":"entry_field_names module-attribute","text":"entry_field_names = {\n \"waiting_threads\": \"waiting_thread_node\",\n \"todo\": \"entry\",\n \"refs\": \"node_entry\",\n}\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.rb_node_field_names","title":"rb_node_field_names module-attribute","text":"rb_node_field_names = {\n \"threads\": \"rb_node\",\n \"nodes\": \"rb_node\",\n \"refs_by_node\": \"rb_node_node\",\n}\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Show Android Binder information')\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.IndentContextManager","title":"IndentContextManager","text":"IndentContextManager()\n
Methods:
-
__enter__ \u2013 -
__exit__ \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.IndentContextManager.indent","title":"indent instance-attribute","text":"indent = 0\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.IndentContextManager.__enter__","title":"__enter__","text":"__enter__()\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.IndentContextManager.__exit__","title":"__exit__","text":"__exit__(exc_type, exc_value, exc_tb)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor","title":"BinderVisitor","text":"BinderVisitor(procs_addr)\n
Methods:
-
format_rb_tree \u2013 -
format_list \u2013 -
visit \u2013 -
format_proc \u2013 -
format_thread \u2013 -
format_transaction \u2013 -
format_node \u2013 -
format_ref \u2013 -
format_work \u2013 -
print_object \u2013 -
format_spinlock \u2013
Attributes:
-
indent \u2013 -
addr \u2013
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.indent","title":"indent instance-attribute","text":"indent = IndentContextManager()\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.addr","title":"addr instance-attribute","text":"addr = get_typed_pointer_value('struct hlist_head', procs_addr)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_rb_tree","title":"format_rb_tree","text":"format_rb_tree(field: str, value: Value) -> tuple[str, int]\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_list","title":"format_list","text":"format_list(field: str, value: Value, typename: str) -> tuple[str, int]\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.visit","title":"visit","text":"visit()\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_proc","title":"format_proc","text":"format_proc(proc: Value, only_heading=False)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_thread","title":"format_thread","text":"format_thread(thread: Value, only_heading: bool = False) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_transaction","title":"format_transaction","text":"format_transaction(transaction: Value, only_heading: bool = False) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_node","title":"format_node","text":"format_node(node: Value) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_ref","title":"format_ref","text":"format_ref(ref: Value, only_heading: bool = False) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_work","title":"format_work","text":"format_work(work: Value) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.print_object","title":"print_object","text":"print_object(obj: Value)\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.BinderVisitor.format_spinlock","title":"format_spinlock","text":"format_spinlock(lock: Value) -> str\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.for_each_transaction","title":"for_each_transaction","text":"for_each_transaction(addr: Value, field: str) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.for_each_hlist_entry","title":"for_each_hlist_entry","text":"for_each_hlist_entry(head: Value, typename, field) -> Iterator[Value]\n
"},{"location":"reference/pwndbg/commands/binder/#pwndbg.commands.binder.binder","title":"binder","text":"binder()\n
"},{"location":"reference/pwndbg/commands/binja/","title":"pwndbg.commands.binja","text":""},{"location":"reference/pwndbg/commands/binja/#pwndbg.commands.binja","title":"binja","text":"Functions:
"},{"location":"reference/pwndbg/commands/binja/#pwndbg.commands.binja.bn_sync","title":"bn_sync","text":"bn_sync(*args) -> None\n
Synchronize Binary Ninja's cursor with GDB
"},{"location":"reference/pwndbg/commands/binja_functions/","title":"pwndbg.commands.binja_functions","text":""},{"location":"reference/pwndbg/commands/binja_functions/#pwndbg.commands.binja_functions","title":"binja_functions","text":"Functions:
-
bn_sym \u2013 Lookup a symbol's address by name from Binary Ninja.
-
bn_var \u2013 Lookup a stack variable's address by name from Binary Ninja.
-
bn_eval \u2013 Parse and evaluate a Binary Ninja expression.
"},{"location":"reference/pwndbg/commands/binja_functions/#pwndbg.commands.binja_functions.bn_sym","title":"bn_sym","text":"bn_sym(name_val: Value) -> int | None\n
Lookup a symbol's address by name from Binary Ninja.
This function sees symbols like functions and global variables, but not stack local variables, use bn_var for that.
Example:
pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:31337\nSet which provider to use for integration features to 'binja'.\npwndbg> p main\nNo symbol \"main\" in current context.\npwndbg> p/x $bn_sym(\"main\")\n$2 = 0x555555555645\npwndbg> b *($bn_sym(\"main\"))\nBreakpoint 1 at 0x555555555645\n
"},{"location":"reference/pwndbg/commands/binja_functions/#pwndbg.commands.binja_functions.bn_var","title":"bn_var","text":"bn_var(name_val: Value) -> int | None\n
Lookup a stack variable's address by name from Binary Ninja.
This function doesn't see functions or global variables, use bn_sym for that.
Example:
pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:31337\nSet which provider to use for integration features to 'binja'.\npwndbg> p user_choice\nNo symbol \"user_choice\" in current context.\npwndbg> p/x $bn_var(\"user_choice\")\n$4 = 0x7fffffffe118\npwndbg> vmmap $4\n 0x7ffff7ffe000 0x7ffff7fff000 rw-p 1000 0 [anon_7ffff7ffe]\n\u25ba 0x7ffffffde000 0x7ffffffff000 rw-p 21000 0 [stack] +0x20118\npwndbg> p/x $bn_var(\"main\")\nTypeError: Could not convert Python object: None.\nError while executing Python code.\n
"},{"location":"reference/pwndbg/commands/binja_functions/#pwndbg.commands.binja_functions.bn_eval","title":"bn_eval","text":"bn_eval(expr: Value) -> int | None\n
Parse and evaluate a Binary Ninja expression.
Read more about binary ninja expressions here: https://api.binary.ninja/binaryninja.binaryview-module.html#binaryninja.binaryview.BinaryView.parse_expression
All registers in the current register set are available as magic variables (e.g. $rip). The $piebase magic variable is also included, with the computed executable base.
This function cannot see stack local variables.
Example:
pwndbg> set integration-provider binja\nPwndbg successfully connected to Binary Ninja (4.2.6455 Personal) xmlrpc: http://127.0.0.1:31337\nSet which provider to use for integration features to 'binja'.\npwndbg> p/x $bn_eval(\"10+20\")\n$6 = 0x30\npwndbg> p/x $bn_eval(\"main\")\n$7 = 0x1645\npwndbg> p/x $rebase($bn_eval(\"main\"))\n$8 = 0x555555555645\npwndbg> p some_global_var\nNo symbol \"some_global_var\" in current context.\npwndbg> p/x $rebase($bn_eval(\"some_global_var+$rax\"))\n$9 = 0x5555555586b8\npwndbg> p $rebase($bn_eval(\"some_global_var+$rax\")) == $bn_sym(\"some_global_var\") + $rax\n$10 = 1\npwndbg> p $bn_eval(\"$piebase+some_global_var+$rax\") == $bn_sym(\"some_global_var\") + $rax\n$11 = 1\n
"},{"location":"reference/pwndbg/commands/branch/","title":"pwndbg.commands.branch","text":""},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch","title":"branch","text":"Classes:
Functions:
-
break_if_taken \u2013 -
break_if_not_taken \u2013 -
install_breakpoint \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Breaks on a branch if it is not taken.')\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch","title":"BreakOnConditionalBranch","text":"BreakOnConditionalBranch(instruction: PwndbgInstruction, taken: bool)\n
Bases: Breakpoint
A breakpoint that only stops the inferior if a given branch is taken or not taken.
Methods:
-
should_stop \u2013 -
stop \u2013
Attributes:
-
instruction \u2013 -
taken \u2013
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch.instruction","title":"instruction instance-attribute","text":"instruction = instruction\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch.taken","title":"taken instance-attribute","text":"taken = taken\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch.should_stop","title":"should_stop","text":"should_stop()\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.BreakOnConditionalBranch.stop","title":"stop","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.break_if_taken","title":"break_if_taken","text":"break_if_taken(branch) -> None\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.break_if_not_taken","title":"break_if_not_taken","text":"break_if_not_taken(branch) -> None\n
"},{"location":"reference/pwndbg/commands/branch/#pwndbg.commands.branch.install_breakpoint","title":"install_breakpoint","text":"install_breakpoint(branch, taken: bool) -> None\n
"},{"location":"reference/pwndbg/commands/buddydump/","title":"pwndbg.commands.buddydump","text":""},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump","title":"buddydump","text":"Classes:
-
ParsedBuddyArgs \u2013 -
CurrentBuddyParams \u2013
Functions:
-
cpu_limitcheck \u2013 -
static_str_arr \u2013 -
check_find \u2013 -
traverse_pglist \u2013 -
print_section \u2013 -
print_pglist \u2013 -
print_mtypes \u2013 -
print_pcp_set \u2013 -
print_free_area \u2013 -
buddydump \u2013
Attributes:
-
log \u2013 -
MAX_PG_FREE_LIST_STR_RESULT_CNT \u2013 -
MAX_PG_FREE_LIST_CNT \u2013 -
NONE_TUPLE \u2013 -
MIGRATE_PCPTYPES \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.log","title":"log module-attribute","text":"log = getLogger(__name__)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.MAX_PG_FREE_LIST_STR_RESULT_CNT","title":"MAX_PG_FREE_LIST_STR_RESULT_CNT module-attribute","text":"MAX_PG_FREE_LIST_STR_RESULT_CNT = 16\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.MAX_PG_FREE_LIST_CNT","title":"MAX_PG_FREE_LIST_CNT module-attribute","text":"MAX_PG_FREE_LIST_CNT = 4096\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.NONE_TUPLE","title":"NONE_TUPLE module-attribute","text":"NONE_TUPLE = (None, None)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.MIGRATE_PCPTYPES","title":"MIGRATE_PCPTYPES module-attribute","text":"MIGRATE_PCPTYPES = 3\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Displays metadata and freelists of the buddy allocator.\"\n)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs","title":"ParsedBuddyArgs dataclass","text":"ParsedBuddyArgs(\n zone: Value | None,\n order: int | None,\n mtype: str | None,\n cpu: int | None,\n find: int | None,\n)\n
Attributes:
-
zone (Value | None) \u2013 -
order (int | None) \u2013 -
mtype (str | None) \u2013 -
cpu (int | None) \u2013 -
find (int | None) \u2013
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs.zone","title":"zone instance-attribute","text":"zone: Value | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs.order","title":"order instance-attribute","text":"order: int | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs.mtype","title":"mtype instance-attribute","text":"mtype: str | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs.cpu","title":"cpu instance-attribute","text":"cpu: int | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.ParsedBuddyArgs.find","title":"find instance-attribute","text":"find: int | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams","title":"CurrentBuddyParams dataclass","text":"CurrentBuddyParams(\n sections: list[tuple[str, str]],\n indent: IndentContextManager,\n order: int,\n mtype: str | None,\n freelists: Value | None,\n freelist: Value | None,\n nr_types: int | None,\n found: bool,\n)\n
Attributes:
-
sections (list[tuple[str, str]]) \u2013 -
indent (IndentContextManager) \u2013 -
order (int) \u2013 -
mtype (str | None) \u2013 -
freelists (Value | None) \u2013 -
freelist (Value | None) \u2013 -
nr_types (int | None) \u2013 -
found (bool) \u2013
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.sections","title":"sections instance-attribute","text":"sections: list[tuple[str, str]]\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.indent","title":"indent instance-attribute","text":"indent: IndentContextManager\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.order","title":"order instance-attribute","text":"order: int\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.mtype","title":"mtype instance-attribute","text":"mtype: str | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.freelists","title":"freelists instance-attribute","text":"freelists: Value | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.freelist","title":"freelist instance-attribute","text":"freelist: Value | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.nr_types","title":"nr_types instance-attribute","text":"nr_types: int | None\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.CurrentBuddyParams.found","title":"found instance-attribute","text":"found: bool\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.cpu_limitcheck","title":"cpu_limitcheck","text":"cpu_limitcheck(cpu: str)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.static_str_arr","title":"static_str_arr","text":"static_str_arr(name: str) -> list[str]\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.check_find","title":"check_find","text":"check_find(\n counter: int,\n physmap_addr: int,\n pba: ParsedBuddyArgs,\n cbp: CurrentBuddyParams,\n)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.traverse_pglist","title":"traverse_pglist","text":"traverse_pglist(\n pba: ParsedBuddyArgs, cbp: CurrentBuddyParams\n) -> tuple[list[tuple[int, str]], int, list[str]]\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.print_section","title":"print_section","text":"print_section(section: tuple[str, str], indent: IndentContextManager)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.print_pglist","title":"print_pglist","text":"print_pglist(pba: ParsedBuddyArgs, cbp: CurrentBuddyParams)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.print_mtypes","title":"print_mtypes","text":"print_mtypes(pba: ParsedBuddyArgs, cbp: CurrentBuddyParams)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.print_pcp_set","title":"print_pcp_set","text":"print_pcp_set(pba: ParsedBuddyArgs, cbp: CurrentBuddyParams)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.print_free_area","title":"print_free_area","text":"print_free_area(pba: ParsedBuddyArgs, cbp: CurrentBuddyParams)\n
"},{"location":"reference/pwndbg/commands/buddydump/#pwndbg.commands.buddydump.buddydump","title":"buddydump","text":"buddydump(\n zone: str,\n pcp_only: bool,\n order: int,\n mtype: str,\n cpu: int,\n node: int,\n find: int,\n) -> None\n
"},{"location":"reference/pwndbg/commands/canary/","title":"pwndbg.commands.canary","text":""},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary","title":"canary","text":"Functions:
-
canary_value \u2013 Get the global canary value from AT_RANDOM with its last byte masked (as glibc does)
-
find_tls_canary_addr \u2013 Find the address of the canary in the Thread Local Storage (TLS).
-
canary \u2013 Display information about the stack canary, including its location in TLS and any copies found on the stack.
Attributes:
-
DEFAULT_NUM_CANARIES_TO_DISPLAY \u2013 -
TLS_CANARY_OFFSETS \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.DEFAULT_NUM_CANARIES_TO_DISPLAY","title":"DEFAULT_NUM_CANARIES_TO_DISPLAY module-attribute","text":"DEFAULT_NUM_CANARIES_TO_DISPLAY = 1\n
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.TLS_CANARY_OFFSETS","title":"TLS_CANARY_OFFSETS module-attribute","text":"TLS_CANARY_OFFSETS = {'x86-64': 40, 'i386': 20, 'aarch64': 40}\n
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Print out the current stack canary.')\n
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.canary_value","title":"canary_value","text":"canary_value() -> tuple[int | None, int | None]\n
Get the global canary value from AT_RANDOM with its last byte masked (as glibc does)
Returns:
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.find_tls_canary_addr","title":"find_tls_canary_addr","text":"find_tls_canary_addr() -> int | None\n
Find the address of the canary in the Thread Local Storage (TLS).
The canary is stored at a fixed offset from the TLS base, which varies by architecture. The TLS base can be accessed through architecture-specific registers: - x86_64: fs register - i386: gs register - aarch64: tpidr_el0 register
Returns:
"},{"location":"reference/pwndbg/commands/canary/#pwndbg.commands.canary.canary","title":"canary","text":"canary(all) -> None\n
Display information about the stack canary, including its location in TLS and any copies found on the stack.
"},{"location":"reference/pwndbg/commands/checksec/","title":"pwndbg.commands.checksec","text":""},{"location":"reference/pwndbg/commands/checksec/#pwndbg.commands.checksec","title":"checksec","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/checksec/#pwndbg.commands.checksec.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Prints out the binary security settings using `checksec`.\"\n)\n
"},{"location":"reference/pwndbg/commands/checksec/#pwndbg.commands.checksec.checksec","title":"checksec","text":"checksec(file: str) -> None\n
"},{"location":"reference/pwndbg/commands/comments/","title":"pwndbg.commands.comments","text":""},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments","title":"comments","text":"Functions:
Attributes:
-
parser \u2013 -
file_lists (dict[str, dict[str, str]]) \u2013
"},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Put comments in assembly code.')\n
"},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments.file_lists","title":"file_lists module-attribute","text":"file_lists: dict[str, dict[str, str]] = {}\n
"},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments.comm","title":"comm","text":"comm(addr=None, comment=None) -> None\n
"},{"location":"reference/pwndbg/commands/comments/#pwndbg.commands.comments.init","title":"init","text":"init() -> None\n
"},{"location":"reference/pwndbg/commands/config/","title":"pwndbg.commands.config","text":""},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config","title":"config","text":"Dumps all pwndbg-specific configuration points.
Functions:
-
print_row \u2013 -
extend_value_with_default \u2013 -
get_config_parameters \u2013 -
display_config \u2013 -
config \u2013 -
theme \u2013 -
configfile \u2013 -
themefile \u2013 -
heap_config \u2013 -
configfile_print_scope \u2013
Attributes:
-
configfile_parser \u2013 -
themefile_parser \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.configfile_parser","title":"configfile_parser module-attribute","text":"configfile_parser = ArgumentParser(\n description=\"Generates a configuration file for the current Pwndbg options.\"\n)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.themefile_parser","title":"themefile_parser module-attribute","text":"themefile_parser = ArgumentParser(\n description=\"Generates a configuration file for the current Pwndbg theme options.\"\n)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Shows heap related configuration.')\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.print_row","title":"print_row","text":"print_row(\n name: str,\n value: str,\n default: str,\n set_show_doc: str,\n ljust_optname: int,\n ljust_doc: int,\n empty_space: int = 2,\n)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.extend_value_with_default","title":"extend_value_with_default","text":"extend_value_with_default(value, default)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.get_config_parameters","title":"get_config_parameters","text":"get_config_parameters(scope: Scope, filter_pattern: str)\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.display_config","title":"display_config","text":"display_config(\n filter_pattern: str,\n scope: Scope,\n has_file_command: bool = True,\n show_hints: bool = True,\n) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.config","title":"config","text":"config(filter_pattern) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.theme","title":"theme","text":"theme(filter_pattern) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.configfile","title":"configfile","text":"configfile(show_all=False) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.themefile","title":"themefile","text":"themefile(show_all=False) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.heap_config","title":"heap_config","text":"heap_config(filter_pattern: str) -> None\n
"},{"location":"reference/pwndbg/commands/config/#pwndbg.commands.config.configfile_print_scope","title":"configfile_print_scope","text":"configfile_print_scope(scope: Scope, show_all: bool = False) -> None\n
"},{"location":"reference/pwndbg/commands/context/","title":"pwndbg.commands.context","text":""},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context","title":"context","text":"Classes:
-
StdOutput \u2013 A context manager wrapper to give stdout
-
FileOutput \u2013 A context manager wrapper to reopen files on enter
-
CallOutput \u2013 A context manager which calls a function on write
-
RegisterContext \u2013
Functions:
-
clear_screen \u2013 Clear the screen by moving the cursor to top-left corner and
-
reserve_lines_maybe \u2013 Scroll the terminal up a few lines to reduce shaking
-
validate_context_sections \u2013 -
output \u2013 Creates a context manager corresponding to configured context output
-
contextoutput \u2013 -
resetcontextoutput \u2013 -
history_size_changed \u2013 -
serve_context_history \u2013 -
history_handle_unchanged_contents \u2013 -
contextprev \u2013 -
contextnext \u2013 -
contextsearch \u2013 -
contextwatch \u2013 -
contextunwatch \u2013 -
context_expressions \u2013 -
context_ghidra \u2013 Print out the source of the current function decompiled by ghidra.
-
context \u2013 Print out the current register, instruction, and stack context.
-
calculate_padding_to_align \u2013 Calculates the number of spaces to append to reach the next alignment.
-
compact_regs \u2013 -
context_regs \u2013 -
context_heap_tracker \u2013 -
regs \u2013 Print out all registers and enhance the information.
-
get_regs \u2013 -
try_emulate_if_bug_disable \u2013 -
context_disasm \u2013 -
get_highlight_source \u2013 -
get_filename_and_formatted_source \u2013 Returns formatted, lines limited and highlighted source as list
-
context_code \u2013 -
context_stack \u2013 -
context_backtrace \u2013 -
context_args \u2013 -
get_thread_status \u2013 -
context_threads \u2013 -
save_signal \u2013 -
context_last_signal \u2013
Attributes:
-
log \u2013 -
T \u2013 -
P \u2013 -
c \u2013 -
config_reserve_lines \u2013 -
config_clear_screen \u2013 -
config_output \u2013 -
config_context_sections \u2013 -
config_max_threads_display \u2013 -
outputs (dict[str, str]) \u2013 -
output_settings (DefaultDict[str, dict[str, Any]]) \u2013 -
banner_arg \u2013 -
context_history (DefaultDict[str, list[list[str]]]) \u2013 -
selected_history_index (int | None) \u2013 -
context_history_size \u2013 -
expressions \u2013 -
config_context_ghidra \u2013 -
parser \u2013 -
disasm_lines \u2013 -
source_disasm_lines \u2013 -
should_decompile \u2013 -
stack_lines \u2013 -
backtrace_lines \u2013 -
backtrace_frame_label \u2013 -
last_signal (list[str]) \u2013 -
thread_status_messages \u2013 -
context_sections \u2013
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.log","title":"log module-attribute","text":"log = getLogger(__name__)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.c","title":"c module-attribute","text":"c = ColorConfig(\n \"backtrace\",\n [\n ColorParamSpec(\n \"prefix\", \"none\", \"color for prefix of current backtrace label\"\n ),\n ColorParamSpec(\"address\", \"none\", \"color for backtrace (address)\"),\n ColorParamSpec(\"symbol\", \"none\", \"color for backtrace (symbol)\"),\n ColorParamSpec(\n \"frame-label\", \"none\", \"color for backtrace (frame label)\"\n ),\n ],\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_reserve_lines","title":"config_reserve_lines module-attribute","text":"config_reserve_lines = add_param(\n \"context-reserve-lines\",\n \"if-ctx-fits\",\n \"when to reserve lines after the prompt to reduce context shake\",\n help_docstring='\\nThe \"if-ctx-fits\" setting only reserves lines if the whole context would still fit vertically in the current terminal window.\\nIt doesn\\'t take into account line-wrapping due to insufficient terminal width.\\n',\n param_class=PARAM_ENUM,\n enum_sequence=[\"never\", \"if-ctx-fits\", \"always\"],\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_clear_screen","title":"config_clear_screen module-attribute","text":"config_clear_screen = add_param(\n \"context-clear-screen\",\n False,\n \"whether to clear the screen before printing the context\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_output","title":"config_output module-attribute","text":"config_output = add_param(\n \"context-output\",\n \"stdout\",\n 'where Pwndbg should output (\"stdout\" or file/tty)',\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_context_sections","title":"config_context_sections module-attribute","text":"config_context_sections = add_param(\n \"context-sections\",\n \"regs disasm code ghidra stack backtrace expressions threads heap_tracker\",\n \"which context sections are displayed (controls order)\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_max_threads_display","title":"config_max_threads_display module-attribute","text":"config_max_threads_display = add_param(\n \"context-max-threads\",\n 4,\n \"maximum number of threads displayed by the context command\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.outputs","title":"outputs module-attribute","text":"outputs: dict[str, str] = {}\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.output_settings","title":"output_settings module-attribute","text":"output_settings: DefaultDict[str, dict[str, Any]] = defaultdict(dict)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.banner_arg","title":"banner_arg module-attribute","text":"banner_arg = add_argument(\n \"banner\",\n type=str,\n nargs=\"?\",\n default=\"both\",\n help=\"Where a banner should be placed: both, top , bottom, none\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_history","title":"context_history module-attribute","text":"context_history: DefaultDict[str, list[list[str]]] = defaultdict(list)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.selected_history_index","title":"selected_history_index module-attribute","text":"selected_history_index: int | None = None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_history_size","title":"context_history_size module-attribute","text":"context_history_size = add_param(\n \"context-history-size\", 50, \"number of context history entries to store\"\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.expressions","title":"expressions module-attribute","text":"expressions = []\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.config_context_ghidra","title":"config_context_ghidra module-attribute","text":"config_context_ghidra = add_param(\n \"context-ghidra\",\n \"never\",\n \"when to try to decompile the current function with ghidra\",\n help_docstring=\"Doing this is slow and requires radare2/r2pipe or rizin/rzpipe.\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"always\", \"never\", \"if-no-source\"],\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Print out all registers and enhance the information.\"\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.disasm_lines","title":"disasm_lines module-attribute","text":"disasm_lines = add_param(\n \"context-disasm-lines\",\n 10,\n \"number of additional lines to print in the disasm context\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.source_disasm_lines","title":"source_disasm_lines module-attribute","text":"source_disasm_lines = add_param(\n \"context-code-lines\",\n 10,\n \"number of source code lines to print by the context command\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.should_decompile","title":"should_decompile module-attribute","text":"should_decompile = add_param(\n \"context-integration-decompile\",\n True,\n \"whether context should fall back to decompilation with no source code\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.stack_lines","title":"stack_lines module-attribute","text":"stack_lines = add_param(\n \"context-stack-lines\", 8, \"number of lines to print in the stack context\"\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.backtrace_lines","title":"backtrace_lines module-attribute","text":"backtrace_lines = add_param(\n \"context-backtrace-lines\",\n 8,\n \"number of lines to print in the backtrace context\",\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.backtrace_frame_label","title":"backtrace_frame_label module-attribute","text":"backtrace_frame_label = add_param(\n \"backtrace-frame-label\", \"\", \"frame number label for backtrace\"\n)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.last_signal","title":"last_signal module-attribute","text":"last_signal: list[str] = []\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.thread_status_messages","title":"thread_status_messages module-attribute","text":"thread_status_messages = {\n \"running\": light_green(\"running\"),\n \"stopped\": yellow(\"stopped\"),\n \"exited\": gray(\"exited \"),\n}\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_sections","title":"context_sections module-attribute","text":"context_sections = {\n \"a\": context_args,\n \"r\": context_regs,\n \"d\": context_disasm,\n \"s\": context_stack,\n \"b\": context_backtrace,\n \"c\": context_code,\n}\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput","title":"StdOutput","text":"A context manager wrapper to give stdout
Methods:
-
__enter__ \u2013 -
__exit__ \u2013 -
__hash__ \u2013 -
__eq__ \u2013
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput.__enter__","title":"__enter__","text":"__enter__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput.__exit__","title":"__exit__","text":"__exit__(*args, **kwargs) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput.__hash__","title":"__hash__","text":"__hash__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.StdOutput.__eq__","title":"__eq__","text":"__eq__(other) -> bool\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput","title":"FileOutput","text":"FileOutput(*args)\n
A context manager wrapper to reopen files on enter
Methods:
-
__enter__ \u2013 -
__exit__ \u2013 -
__hash__ \u2013 -
__eq__ \u2013
Attributes:
-
args \u2013 -
handle \u2013
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.args","title":"args instance-attribute","text":"args = args\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.handle","title":"handle instance-attribute","text":"handle = None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__enter__","title":"__enter__","text":"__enter__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__exit__","title":"__exit__","text":"__exit__(*args, **kwargs) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__hash__","title":"__hash__","text":"__hash__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.FileOutput.__eq__","title":"__eq__","text":"__eq__(other)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput","title":"CallOutput","text":"CallOutput(func)\n
A context manager which calls a function on write
Methods:
-
__enter__ \u2013 -
__exit__ \u2013 -
__hash__ \u2013 -
__eq__ \u2013 -
write \u2013 -
writelines \u2013 -
flush \u2013 -
isatty \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.func","title":"func instance-attribute","text":"func = func\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__enter__","title":"__enter__","text":"__enter__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__exit__","title":"__exit__","text":"__exit__(*args, **kwargs) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__hash__","title":"__hash__","text":"__hash__()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.__eq__","title":"__eq__","text":"__eq__(other)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.write","title":"write","text":"write(data) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.writelines","title":"writelines","text":"writelines(lines_iterable) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.flush","title":"flush","text":"flush()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.CallOutput.isatty","title":"isatty","text":"isatty()\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext","title":"RegisterContext","text":"RegisterContext()\n
Methods:
-
get_prefix \u2013 -
get_register_value \u2013 -
flag_register_context \u2013 -
segment_registers_context \u2013 -
addressing_register_context \u2013 -
register_context_default \u2013
Attributes:
-
changed (list[str]) \u2013
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.changed","title":"changed instance-attribute","text":"changed: list[str] = changed\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.get_prefix","title":"get_prefix","text":"get_prefix(reg)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.get_register_value","title":"get_register_value","text":"get_register_value(reg)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.flag_register_context","title":"flag_register_context","text":"flag_register_context(reg, bit_flags)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.segment_registers_context","title":"segment_registers_context","text":"segment_registers_context(regs)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.addressing_register_context","title":"addressing_register_context","text":"addressing_register_context(reg, is_virtual)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.RegisterContext.register_context_default","title":"register_context_default","text":"register_context_default(reg)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.clear_screen","title":"clear_screen","text":"clear_screen(out=stdout) -> None\n
Clear the screen by moving the cursor to top-left corner and clearing the content. Different terminals may act differently
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.reserve_lines_maybe","title":"reserve_lines_maybe","text":"reserve_lines_maybe(cmd_lines: int) -> None\n
Scroll the terminal up a few lines to reduce shaking when repeatedly printing the context.
Only do this if the context would still fit on the screen.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.validate_context_sections","title":"validate_context_sections","text":"validate_context_sections() -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.output","title":"output","text":"output(section: str)\n
Creates a context manager corresponding to configured context output
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextoutput","title":"contextoutput","text":"contextoutput(section, path, clearing, banner='both', width: int = None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.resetcontextoutput","title":"resetcontextoutput","text":"resetcontextoutput(section)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.history_size_changed","title":"history_size_changed","text":"history_size_changed() -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.serve_context_history","title":"serve_context_history","text":"serve_context_history(\n function: Callable[P, list[str]],\n) -> Callable[P, list[str]]\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.history_handle_unchanged_contents","title":"history_handle_unchanged_contents","text":"history_handle_unchanged_contents() -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextprev","title":"contextprev","text":"contextprev(count) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextnext","title":"contextnext","text":"contextnext(count) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextsearch","title":"contextsearch","text":"contextsearch(needle, section) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextwatch","title":"contextwatch","text":"contextwatch(expression, cmd) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.contextunwatch","title":"contextunwatch","text":"contextunwatch(num) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_expressions","title":"context_expressions","text":"context_expressions(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_ghidra","title":"context_ghidra","text":"context_ghidra(target=stdout, with_banner=True, width=None)\n
Print out the source of the current function decompiled by ghidra.
The context-ghidra config parameter is used to configure whether to always, never or only show the context if no source is available.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context","title":"context","text":"context(subcontext=None, enabled=None) -> None\n
Print out the current register, instruction, and stack context.
Accepts subcommands 'reg', 'disasm', 'code', 'stack', 'backtrace', 'ghidra', 'args', 'threads', 'heap_tracker', 'expressions', and/or 'last_signal'.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.calculate_padding_to_align","title":"calculate_padding_to_align","text":"calculate_padding_to_align(length, align)\n
Calculates the number of spaces to append to reach the next alignment. The next alignment point is given by \"x * align >= length\".
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.compact_regs","title":"compact_regs","text":"compact_regs(regs, width=None, target=stdout)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_regs","title":"context_regs","text":"context_regs(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_heap_tracker","title":"context_heap_tracker","text":"context_heap_tracker(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.regs","title":"regs","text":"regs(regs=[]) -> None\n
Print out all registers and enhance the information.
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_regs","title":"get_regs","text":"get_regs(regs: list[str] = None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.try_emulate_if_bug_disable","title":"try_emulate_if_bug_disable","text":"try_emulate_if_bug_disable(handler: Callable[[], T]) -> T\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_disasm","title":"context_disasm","text":"context_disasm(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_highlight_source","title":"get_highlight_source","text":"get_highlight_source(filename: str) -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_filename_and_formatted_source","title":"get_filename_and_formatted_source","text":"get_filename_and_formatted_source()\n
Returns formatted, lines limited and highlighted source as list or if it isn't there - an empty list
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_code","title":"context_code","text":"context_code(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_stack","title":"context_stack","text":"context_stack(target=stdout, with_banner=True, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_backtrace","title":"context_backtrace","text":"context_backtrace(with_banner=True, target=stdout, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_args","title":"context_args","text":"context_args(with_banner=True, target=stdout, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.get_thread_status","title":"get_thread_status","text":"get_thread_status(thread)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_threads","title":"context_threads","text":"context_threads(with_banner=True, target=stdout, width=None)\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.save_signal","title":"save_signal","text":"save_signal(signal) -> None\n
"},{"location":"reference/pwndbg/commands/context/#pwndbg.commands.context.context_last_signal","title":"context_last_signal","text":"context_last_signal(with_banner=True, target=stdout, width=None)\n
"},{"location":"reference/pwndbg/commands/cpsr/","title":"pwndbg.commands.cpsr","text":""},{"location":"reference/pwndbg/commands/cpsr/#pwndbg.commands.cpsr","title":"cpsr","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/cpsr/#pwndbg.commands.cpsr.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Print out ARM CPSR or xPSR register.')\n
"},{"location":"reference/pwndbg/commands/cpsr/#pwndbg.commands.cpsr.cpsr","title":"cpsr","text":"cpsr(cpsr_value=None) -> None\n
"},{"location":"reference/pwndbg/commands/cyclic/","title":"pwndbg.commands.cyclic","text":""},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic","title":"cyclic","text":"Functions:
Attributes:
-
parser \u2013 -
group \u2013
"},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Cyclic pattern creator/finder.')\n
"},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic.group","title":"group module-attribute","text":"group = add_mutually_exclusive_group(required=False)\n
"},{"location":"reference/pwndbg/commands/cyclic/#pwndbg.commands.cyclic.cyclic_cmd","title":"cyclic_cmd","text":"cyclic_cmd(\n alphabet, length: int | None, lookup, count=100, filename=\"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/","title":"pwndbg.commands.cymbol","text":""},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol","title":"cymbol","text":"Add, load, show, edit, or delete symbols for custom structures.
For the generation of the symbols g++/gcc is being used under the hood.
In case of remote debugging a binary which is not native to your architecture it is advised to configure the 'gcc-config-path' config parameter to your own cross-platform gnu gcc compiled toolchain for your target architecture.
You are advised to configure the 'cymbol-editor' config parameter to the path of your favorite text editor. Otherwise cymbol exapnds $EDITOR and $VISUAL environment variables to find the path to the default text editor.
Functions:
-
unload_loaded_symbol \u2013 -
OnlyWhenStructFileExists \u2013 -
generate_debug_symbols \u2013 -
add_custom_structure \u2013 -
add_structure_from_header \u2013 -
edit_custom_structure \u2013 -
remove_custom_structure \u2013 -
load_custom_structure \u2013 -
show_custom_structure \u2013 -
cymbol \u2013
Attributes:
-
P \u2013 -
T \u2013 -
gcc_compiler_path \u2013 -
cymbol_editor \u2013 -
loaded_symbols (dict[str, str]) \u2013 -
pwndbg_cachedir \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.gcc_compiler_path","title":"gcc_compiler_path module-attribute","text":"gcc_compiler_path = add_param(\n \"gcc-compiler-path\",\n \"\",\n \"path to the gcc/g++ toolchain for generating imported symbols\",\n param_class=PARAM_OPTIONAL_FILENAME,\n)\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.cymbol_editor","title":"cymbol_editor module-attribute","text":"cymbol_editor = add_param(\n \"cymbol-editor\",\n \"\",\n \"path to the editor for editing custom structures\",\n param_class=PARAM_OPTIONAL_FILENAME,\n)\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.loaded_symbols","title":"loaded_symbols module-attribute","text":"loaded_symbols: dict[str, str] = {}\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.pwndbg_cachedir","title":"pwndbg_cachedir module-attribute","text":"pwndbg_cachedir = cachedir('custom-symbols')\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Add, show, load, edit, or delete custom structures in plain C.\"\n)\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.unload_loaded_symbol","title":"unload_loaded_symbol","text":"unload_loaded_symbol(custom_structure_name: str) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.OnlyWhenStructFileExists","title":"OnlyWhenStructFileExists","text":"OnlyWhenStructFileExists(\n func: _OnlyWhenStructFileExists,\n) -> _OnlyWhenStructFileExists\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.generate_debug_symbols","title":"generate_debug_symbols","text":"generate_debug_symbols(\n custom_structure_path: str,\n pwndbg_debug_symbols_output_file: str | None = None,\n) -> str | None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.add_custom_structure","title":"add_custom_structure","text":"add_custom_structure(custom_structure_name: str) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.add_structure_from_header","title":"add_structure_from_header","text":"add_structure_from_header(\n header_file: str, custom_structure_name: str = None\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.edit_custom_structure","title":"edit_custom_structure","text":"edit_custom_structure(\n custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.remove_custom_structure","title":"remove_custom_structure","text":"remove_custom_structure(\n custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.load_custom_structure","title":"load_custom_structure","text":"load_custom_structure(\n custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.show_custom_structure","title":"show_custom_structure","text":"show_custom_structure(\n custom_structure_name: str, custom_structure_path: str = \"\"\n) -> None\n
"},{"location":"reference/pwndbg/commands/cymbol/#pwndbg.commands.cymbol.cymbol","title":"cymbol","text":"cymbol(\n add: str, file: str, remove: str, edit: str, load: str, show: str\n) -> None\n
"},{"location":"reference/pwndbg/commands/dev/","title":"pwndbg.commands.dev","text":""},{"location":"reference/pwndbg/commands/dev/#pwndbg.commands.dev","title":"dev","text":"Functions:
-
dev_dump_instruction \u2013 -
log_level \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/dev/#pwndbg.commands.dev.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Set the log level.')\n
"},{"location":"reference/pwndbg/commands/dev/#pwndbg.commands.dev.dev_dump_instruction","title":"dev_dump_instruction","text":"dev_dump_instruction(\n address=None, force_emulate=False, no_emulate=False\n) -> None\n
"},{"location":"reference/pwndbg/commands/dev/#pwndbg.commands.dev.log_level","title":"log_level","text":"log_level(level: str) -> None\n
"},{"location":"reference/pwndbg/commands/distance/","title":"pwndbg.commands.distance","text":""},{"location":"reference/pwndbg/commands/distance/#pwndbg.commands.distance","title":"distance","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/distance/#pwndbg.commands.distance.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Print the distance between the two arguments, or print the offset to the address's page base.\"\n)\n
"},{"location":"reference/pwndbg/commands/distance/#pwndbg.commands.distance.distance","title":"distance","text":"distance(a, b) -> None\n
Print the distance between the two arguments
"},{"location":"reference/pwndbg/commands/dt/","title":"pwndbg.commands.dt","text":""},{"location":"reference/pwndbg/commands/dt/#pwndbg.commands.dt","title":"dt","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/dt/#pwndbg.commands.dt.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"\\nDump out information on a type (e.g. ucontext_t).\\n\\nOptionally overlay that information at an address.\"\n)\n
"},{"location":"reference/pwndbg/commands/dt/#pwndbg.commands.dt.dt","title":"dt","text":"dt(typename: str, address: int | None = None) -> None\n
Dump out information on a type (e.g. ucontext_t).
Optionally overlay that information at an address.
"},{"location":"reference/pwndbg/commands/dumpargs/","title":"pwndbg.commands.dumpargs","text":""},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs","title":"dumpargs","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Prints determined arguments for call/syscall instruction.\"\n)\n
"},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs.dumpargs","title":"dumpargs","text":"dumpargs(force: bool = False) -> None\n
"},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs.call_args","title":"call_args","text":"call_args() -> list[str]\n
Returns list of resolved call argument strings for display. Attempts to resolve the target and determine the number of arguments.
Return empty list if PC is not on a call or syscall instruction.
"},{"location":"reference/pwndbg/commands/dumpargs/#pwndbg.commands.dumpargs.all_args","title":"all_args","text":"all_args() -> list[str]\n
Returns list of all argument strings for display.
"},{"location":"reference/pwndbg/commands/elf/","title":"pwndbg.commands.elf","text":""},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf","title":"elf","text":"Functions:
-
elfsections \u2013 -
gotplt \u2013 -
plt \u2013 -
get_section_bounds \u2013 -
print_symbols_in_section \u2013 -
get_symbols_in_region \u2013
Attributes:
-
parser \u2013 -
PLT_SECTION_NAMES \u2013
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Prints the section mappings contained in the ELF header.\\nIf binary not start or use --no-rebase, the section permission based on section flags.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.PLT_SECTION_NAMES","title":"PLT_SECTION_NAMES module-attribute","text":"PLT_SECTION_NAMES = ('.plt', '.plt.sec', '.plt.got', '.plt.bnd')\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.elfsections","title":"elfsections","text":"elfsections(no_rebase: bool) -> None\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.gotplt","title":"gotplt","text":"gotplt() -> None\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.plt","title":"plt","text":"plt() -> None\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.get_section_bounds","title":"get_section_bounds","text":"get_section_bounds(section_name: str)\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.print_symbols_in_section","title":"print_symbols_in_section","text":"print_symbols_in_section(section_name, filter_text='') -> None\n
"},{"location":"reference/pwndbg/commands/elf/#pwndbg.commands.elf.get_symbols_in_region","title":"get_symbols_in_region","text":"get_symbols_in_region(\n start: int, end: int, filter_text=\"\"\n) -> list[tuple[str, int]]\n
"},{"location":"reference/pwndbg/commands/flags/","title":"pwndbg.commands.flags","text":""},{"location":"reference/pwndbg/commands/flags/#pwndbg.commands.flags","title":"flags","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/flags/#pwndbg.commands.flags.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Modify the flags register.')\n
"},{"location":"reference/pwndbg/commands/flags/#pwndbg.commands.flags.setflag","title":"setflag","text":"setflag(flag: str, value: int) -> None\n
"},{"location":"reference/pwndbg/commands/gdt/","title":"pwndbg.commands.gdt","text":""},{"location":"reference/pwndbg/commands/gdt/#pwndbg.commands.gdt","title":"gdt","text":"Functions:
-
gdt \u2013 -
decode_gdt_entry \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/gdt/#pwndbg.commands.gdt.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Decode X86-64 GDT entries at address\\n\\nSee also:\\n\\n* https://wiki.osdev.org/Global_Descriptor_Table\\n* https://wiki.osdev.org/GDT_Tutorial\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/gdt/#pwndbg.commands.gdt.gdt","title":"gdt","text":"gdt(address, count) -> None\n
"},{"location":"reference/pwndbg/commands/gdt/#pwndbg.commands.gdt.decode_gdt_entry","title":"decode_gdt_entry","text":"decode_gdt_entry(value)\n
"},{"location":"reference/pwndbg/commands/ghidra/","title":"pwndbg.commands.ghidra","text":""},{"location":"reference/pwndbg/commands/ghidra/#pwndbg.commands.ghidra","title":"ghidra","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/ghidra/#pwndbg.commands.ghidra.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Decompile a given function using Ghidra.')\n
"},{"location":"reference/pwndbg/commands/ghidra/#pwndbg.commands.ghidra.ghidra","title":"ghidra","text":"ghidra(func) -> None\n
"},{"location":"reference/pwndbg/commands/godbg/","title":"pwndbg.commands.godbg","text":""},{"location":"reference/pwndbg/commands/godbg/#pwndbg.commands.godbg","title":"godbg","text":"Functions:
-
go_dump \u2013 -
go_type \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/godbg/#pwndbg.commands.godbg.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Dumps a Go runtime reflection type at a specified address.\"\n)\n
"},{"location":"reference/pwndbg/commands/godbg/#pwndbg.commands.godbg.go_dump","title":"go_dump","text":"go_dump(\n ty: str,\n address: int,\n hex: bool,\n decimals: int | None,\n debug: bool,\n pretty: bool,\n) -> None\n
"},{"location":"reference/pwndbg/commands/godbg/#pwndbg.commands.godbg.go_type","title":"go_type","text":"go_type(address: int) -> None\n
"},{"location":"reference/pwndbg/commands/got/","title":"pwndbg.commands.got","text":""},{"location":"reference/pwndbg/commands/got/#pwndbg.commands.got","title":"got","text":"Functions:
Attributes:
-
parser \u2013 -
group \u2013
"},{"location":"reference/pwndbg/commands/got/#pwndbg.commands.got.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Show the state of the Global Offset Table.\"\n)\n
"},{"location":"reference/pwndbg/commands/got/#pwndbg.commands.got.group","title":"group module-attribute","text":"group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/got/#pwndbg.commands.got.got","title":"got","text":"got(\n path_filter: str, all_: bool, accept_readonly: bool, symbol_filter: str\n) -> None\n
"},{"location":"reference/pwndbg/commands/got_tracking/","title":"pwndbg.commands.got_tracking","text":""},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking","title":"got_tracking","text":"Functions:
-
columns \u2013 Print data formatted into distinct columns.
-
track_got \u2013 -
got_report \u2013 Prints out a report of the current status of the GOT tracker.
-
got_tracking_status \u2013 Prints out information about a single GOT tracking entry.
Attributes:
-
parser \u2013 -
subparsers \u2013 -
enable \u2013 -
disable \u2013 -
report \u2013 -
status \u2013
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Controls GOT tracking')\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.subparsers","title":"subparsers module-attribute","text":"subparsers = add_subparsers(\n required=True,\n description=\"Used to disable and query information about the tracker\",\n)\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.enable","title":"enable module-attribute","text":"enable = add_parser('enable', help='Enable GOT parsing')\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.disable","title":"disable module-attribute","text":"disable = add_parser('disable', help='Disable GOT tracking')\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.report","title":"report module-attribute","text":"report = add_parser('info', help='Give an overview of the GOT tracker')\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.status","title":"status module-attribute","text":"status = add_parser(\n \"query\",\n help=\"Queries detailed tracking information about a single entry in the GOT\",\n)\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.columns","title":"columns","text":"columns(rows, colors=None) -> None\n
Print data formatted into distinct columns.
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.track_got","title":"track_got","text":"track_got(mode=None, soname=None, writable=False, fnname=None, address=None)\n
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.got_report","title":"got_report","text":"got_report(soname='.*', writable=False, fnname='.*') -> None\n
Prints out a report of the current status of the GOT tracker.
"},{"location":"reference/pwndbg/commands/got_tracking/#pwndbg.commands.got_tracking.got_tracking_status","title":"got_tracking_status","text":"got_tracking_status(address) -> None\n
Prints out information about a single GOT tracking entry.
"},{"location":"reference/pwndbg/commands/hex2ptr/","title":"pwndbg.commands.hex2ptr","text":""},{"location":"reference/pwndbg/commands/hex2ptr/#pwndbg.commands.hex2ptr","title":"hex2ptr","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/hex2ptr/#pwndbg.commands.hex2ptr.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Converts a space-separated hex string to a little-endian address.\"\n)\n
"},{"location":"reference/pwndbg/commands/hex2ptr/#pwndbg.commands.hex2ptr.hex2ptr","title":"hex2ptr","text":"hex2ptr(hex_string) -> None\n
"},{"location":"reference/pwndbg/commands/hexdump/","title":"pwndbg.commands.hexdump","text":""},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump","title":"hexdump","text":"Functions:
-
address_or_module_name \u2013 -
hexdump \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Hexdumps data at the specified address or module name.\"\n)\n
"},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump.address_or_module_name","title":"address_or_module_name","text":"address_or_module_name(s) -> int\n
"},{"location":"reference/pwndbg/commands/hexdump/#pwndbg.commands.hexdump.hexdump","title":"hexdump","text":"hexdump(address, count=hexdump_bytes) -> None\n
"},{"location":"reference/pwndbg/commands/hijack_fd/","title":"pwndbg.commands.hijack_fd","text":""},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd","title":"hijack_fd","text":"Classes:
-
ShellcodeRegs \u2013 -
ParsedSocket \u2013
Functions:
-
get_shellcode_regs \u2013 -
stack_size_alignment \u2013 -
asm_replace_file \u2013 -
asm_replace_socket \u2013 -
exec_shellcode_with_stack \u2013 -
parse_socket \u2013 -
parse_file_or_socket \u2013 -
hijack_fd \u2013
Attributes:
-
parser \u2013 -
PARSED_FILE_ARG \u2013
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Replace a file descriptor of a debugged process.\\n\\nThe new file descriptor can point to:\\n\\n- a file\\n- a pipe\\n- a socket\\n- a device, etc.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.PARSED_FILE_ARG","title":"PARSED_FILE_ARG module-attribute","text":"PARSED_FILE_ARG = Tuple[Optional[ParsedSocket], Optional[str]]\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ShellcodeRegs","title":"ShellcodeRegs","text":" Bases: NamedTuple
Attributes:
-
newfd (str) \u2013 -
syscall_ret (str) \u2013 -
stack (str) \u2013
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ShellcodeRegs.newfd","title":"newfd instance-attribute","text":"newfd: str\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ShellcodeRegs.syscall_ret","title":"syscall_ret instance-attribute","text":"syscall_ret: str\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ShellcodeRegs.stack","title":"stack instance-attribute","text":"stack: str\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket","title":"ParsedSocket","text":" Bases: NamedTuple
Attributes:
-
protocol (Literal['tcp', 'udp']) \u2013 -
ip_version (Literal['ipv4', 'ipv6']) \u2013 -
address (str) \u2013 -
port (int) \u2013
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket.protocol","title":"protocol instance-attribute","text":"protocol: Literal['tcp', 'udp']\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket.ip_version","title":"ip_version instance-attribute","text":"ip_version: Literal['ipv4', 'ipv6']\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket.address","title":"address instance-attribute","text":"address: str\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.ParsedSocket.port","title":"port instance-attribute","text":"port: int\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.get_shellcode_regs","title":"get_shellcode_regs","text":"get_shellcode_regs() -> ShellcodeRegs\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.stack_size_alignment","title":"stack_size_alignment","text":"stack_size_alignment(s: int) -> int\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.asm_replace_file","title":"asm_replace_file","text":"asm_replace_file(replace_fd: int, filename: str) -> tuple[int, str]\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.asm_replace_socket","title":"asm_replace_socket","text":"asm_replace_socket(\n replace_fd: int, socket_data: ParsedSocket\n) -> tuple[int, str]\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.exec_shellcode_with_stack","title":"exec_shellcode_with_stack async","text":"exec_shellcode_with_stack(ec: ExecutionController, blob, stack_size: int)\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.parse_socket","title":"parse_socket","text":"parse_socket(url: str) -> ParsedSocket\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.parse_file_or_socket","title":"parse_file_or_socket","text":"parse_file_or_socket(s: str) -> PARSED_FILE_ARG\n
"},{"location":"reference/pwndbg/commands/hijack_fd/#pwndbg.commands.hijack_fd.hijack_fd","title":"hijack_fd","text":"hijack_fd(fdnum: int, newfile: PARSED_FILE_ARG) -> None\n
"},{"location":"reference/pwndbg/commands/ida/","title":"pwndbg.commands.ida","text":""},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida","title":"ida","text":"Functions:
-
j \u2013 Synchronize IDA's cursor with GDB
-
up \u2013 Select and print stack frame that called this one.
-
down \u2013 Select and print stack frame called by this one.
-
save_ida \u2013 Save the IDA database
-
ida \u2013 Lookup a symbol's address by name from IDA.
Attributes:
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Select and print stack frame called by this one.\"\n)\n
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.j","title":"j","text":"j(*args) -> None\n
Synchronize IDA's cursor with GDB
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.up","title":"up","text":"up(n=1) -> None\n
Select and print stack frame that called this one.
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.down","title":"down","text":"down(n=1) -> None\n
Select and print stack frame called by this one.
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.save_ida","title":"save_ida","text":"save_ida() -> None\n
Save the IDA database
"},{"location":"reference/pwndbg/commands/ida/#pwndbg.commands.ida.ida","title":"ida","text":"ida(name: Value) -> int\n
Lookup a symbol's address by name from IDA. Evaluate ida.LocByName() on the supplied value.
This functions doesn't see stack local variables.
Example:
pwndbg> set integration-provider ida\nPwndbg successfully connected to Ida Pro xmlrpc: http://127.0.0.1:31337\nSet which provider to use for integration features to 'ida'.\npwndbg> p main\nNo symbol \"main\" in current context.\npwndbg> p/x $ida(\"main\")\n$1 = 0x555555555645\npwndbg> b *$ida(\"main\")\nBreakpoint 2 at 0x555555555645\n
"},{"location":"reference/pwndbg/commands/ignore/","title":"pwndbg.commands.ignore","text":""},{"location":"reference/pwndbg/commands/ignore/#pwndbg.commands.ignore","title":"ignore","text":"Ignoring a breakpoint
Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/ignore/#pwndbg.commands.ignore.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Set ignore-count of breakpoint number N to COUNT.\\n\\nWhile the ignore count is positive, execution will not stop on the breakpoint.\\n\\nBy default, if `N' is ommitted, the last breakpoint (i.e. greatest breakpoint number) will be used.\"\n)\n
"},{"location":"reference/pwndbg/commands/ignore/#pwndbg.commands.ignore.ignore","title":"ignore","text":"ignore(bpnum, count) -> None\n
"},{"location":"reference/pwndbg/commands/integration/","title":"pwndbg.commands.integration","text":""},{"location":"reference/pwndbg/commands/integration/#pwndbg.commands.integration","title":"integration","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/integration/#pwndbg.commands.integration.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Use the current integration to decompile code near an address.\"\n)\n
"},{"location":"reference/pwndbg/commands/integration/#pwndbg.commands.integration.decomp","title":"decomp","text":"decomp(addr: int | None, lines: int | None) -> None\n
"},{"location":"reference/pwndbg/commands/ipython_interactive/","title":"pwndbg.commands.ipython_interactive","text":""},{"location":"reference/pwndbg/commands/ipython_interactive/#pwndbg.commands.ipython_interactive","title":"ipython_interactive","text":"Command to start an interactive IPython prompt.
Functions:
"},{"location":"reference/pwndbg/commands/ipython_interactive/#pwndbg.commands.ipython_interactive.switch_to_ipython_env","title":"switch_to_ipython_env","text":"switch_to_ipython_env()\n
We need to change stdout/stderr to the default ones, otherwise we can't use tab or autocomplete
"},{"location":"reference/pwndbg/commands/ipython_interactive/#pwndbg.commands.ipython_interactive.ipi","title":"ipi","text":"ipi() -> None\n
"},{"location":"reference/pwndbg/commands/jemalloc/","title":"pwndbg.commands.jemalloc","text":""},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc","title":"jemalloc","text":"Functions:
-
jemalloc_find_extent \u2013 -
jemalloc_extent_info \u2013 -
jemalloc_heap \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Prints all extents information')\n
"},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc.jemalloc_find_extent","title":"jemalloc_find_extent","text":"jemalloc_find_extent(addr) -> None\n
"},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc.jemalloc_extent_info","title":"jemalloc_extent_info","text":"jemalloc_extent_info(addr, verbose=False, header=True) -> bool\n
"},{"location":"reference/pwndbg/commands/jemalloc/#pwndbg.commands.jemalloc.jemalloc_heap","title":"jemalloc_heap","text":"jemalloc_heap() -> None\n
"},{"location":"reference/pwndbg/commands/kbase/","title":"pwndbg.commands.kbase","text":""},{"location":"reference/pwndbg/commands/kbase/#pwndbg.commands.kbase","title":"kbase","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/kbase/#pwndbg.commands.kbase.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Finds the kernel virtual base address.')\n
"},{"location":"reference/pwndbg/commands/kbase/#pwndbg.commands.kbase.kbase","title":"kbase","text":"kbase(rebase=False) -> None\n
"},{"location":"reference/pwndbg/commands/kchecksec/","title":"pwndbg.commands.kchecksec","text":""},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec","title":"kchecksec","text":"Classes:
Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Checks for kernel hardening configuration options.\"\n)\n
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.Option","title":"Option","text":" Bases: NamedTuple
Attributes:
-
name (str) \u2013 -
desired (bool) \u2013 -
cmdline_option (str) \u2013
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.Option.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.Option.desired","title":"desired class-attribute instance-attribute","text":"desired: bool = True\n
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.Option.cmdline_option","title":"cmdline_option class-attribute instance-attribute","text":"cmdline_option: str = None\n
"},{"location":"reference/pwndbg/commands/kchecksec/#pwndbg.commands.kchecksec.kchecksec","title":"kchecksec","text":"kchecksec() -> None\n
"},{"location":"reference/pwndbg/commands/kcmdline/","title":"pwndbg.commands.kcmdline","text":""},{"location":"reference/pwndbg/commands/kcmdline/#pwndbg.commands.kcmdline","title":"kcmdline","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/kcmdline/#pwndbg.commands.kcmdline.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Return the kernel commandline (/proc/cmdline).\"\n)\n
"},{"location":"reference/pwndbg/commands/kcmdline/#pwndbg.commands.kcmdline.kcmdline","title":"kcmdline","text":"kcmdline() -> None\n
"},{"location":"reference/pwndbg/commands/kconfig/","title":"pwndbg.commands.kconfig","text":""},{"location":"reference/pwndbg/commands/kconfig/#pwndbg.commands.kconfig","title":"kconfig","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/kconfig/#pwndbg.commands.kconfig.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Outputs the kernel config (requires CONFIG_IKCONFIG).\"\n)\n
"},{"location":"reference/pwndbg/commands/kconfig/#pwndbg.commands.kconfig.kconfig","title":"kconfig","text":"kconfig(config_name=None) -> None\n
"},{"location":"reference/pwndbg/commands/killthreads/","title":"pwndbg.commands.killthreads","text":""},{"location":"reference/pwndbg/commands/killthreads/#pwndbg.commands.killthreads","title":"killthreads","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/killthreads/#pwndbg.commands.killthreads.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Kill all or given threads.\\n\\nSwitches to given threads and calls pthread_exit(0) on them.\\nThis is performed with scheduler-locking to prevent other threads from operating at the same time.\\n\\nKilling all other threads may be useful to use GDB checkpoints, e.g., to test given input & restart the execution to the point of interest (checkpoint).\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/killthreads/#pwndbg.commands.killthreads.killthreads","title":"killthreads","text":"killthreads(thread_ids: list[int] | None = None, all: bool = False) -> None\n
"},{"location":"reference/pwndbg/commands/klookup/","title":"pwndbg.commands.klookup","text":""},{"location":"reference/pwndbg/commands/klookup/#pwndbg.commands.klookup","title":"klookup","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/klookup/#pwndbg.commands.klookup.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Lookup kernel symbols')\n
"},{"location":"reference/pwndbg/commands/klookup/#pwndbg.commands.klookup.klookup","title":"klookup","text":"klookup(symbol: str) -> None\n
"},{"location":"reference/pwndbg/commands/knft/","title":"pwndbg.commands.knft","text":""},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft","title":"knft","text":"Functions:
-
parse_nft_family \u2013 -
knft_dump \u2013 -
knft_list_tables \u2013 -
knft_list_chains \u2013 -
knft_list_rules \u2013 -
knft_list_exprs \u2013 -
knft_list_sets \u2013 -
knft_list_objects \u2013 -
knft_list_flowtables \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Dump netfilter flowtables from a specific table\"\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.parse_nft_family","title":"parse_nft_family","text":"parse_nft_family(s: str) -> int\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_dump","title":"knft_dump","text":"knft_dump(nsid: int | None = None)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_tables","title":"knft_list_tables","text":"knft_list_tables(nsid: int | None = None)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_chains","title":"knft_list_chains","text":"knft_list_chains(\n table_family: int | None = None,\n table_name: str | None = None,\n nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_rules","title":"knft_list_rules","text":"knft_list_rules(\n table_family: int | None = None,\n table_name: str | None = None,\n chain_name: str | None = None,\n nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_exprs","title":"knft_list_exprs","text":"knft_list_exprs(\n table_family: int | None = None,\n table_name: str | None = None,\n chain_name: str | None = None,\n rule_id: int | None = None,\n nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_sets","title":"knft_list_sets","text":"knft_list_sets(\n table_family: int | None = None,\n table_name: str | None = None,\n nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_objects","title":"knft_list_objects","text":"knft_list_objects(\n table_family: int | None = None,\n table_name: str | None = None,\n nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/knft/#pwndbg.commands.knft.knft_list_flowtables","title":"knft_list_flowtables","text":"knft_list_flowtables(\n table_family: int | None = None,\n table_name: str | None = None,\n nsid: int | None = None,\n)\n
"},{"location":"reference/pwndbg/commands/kversion/","title":"pwndbg.commands.kversion","text":""},{"location":"reference/pwndbg/commands/kversion/#pwndbg.commands.kversion","title":"kversion","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/kversion/#pwndbg.commands.kversion.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Outputs the kernel version (/proc/version).\"\n)\n
"},{"location":"reference/pwndbg/commands/kversion/#pwndbg.commands.kversion.kversion","title":"kversion","text":"kversion() -> None\n
"},{"location":"reference/pwndbg/commands/leakfind/","title":"pwndbg.commands.leakfind","text":""},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind","title":"leakfind","text":"Find a chain of leaks given some starting address.
Functions:
-
get_rec_addr_string \u2013 -
dbg_print_map \u2013 -
leakfind \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"\\nAttempt to find a leak chain given a starting address.\\n\\nScans memory near the given address, looks for pointers, and continues that process to attempt to find leaks.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind.get_rec_addr_string","title":"get_rec_addr_string","text":"get_rec_addr_string(addr, visited_map)\n
"},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind.dbg_print_map","title":"dbg_print_map","text":"dbg_print_map(maps) -> None\n
"},{"location":"reference/pwndbg/commands/leakfind/#pwndbg.commands.leakfind.leakfind","title":"leakfind","text":"leakfind(\n address=None,\n page_name=None,\n max_offset: int = 64,\n max_depth: int = 4,\n step: int = 1,\n negative_offset: int = 0,\n)\n
"},{"location":"reference/pwndbg/commands/libcinfo/","title":"pwndbg.commands.libcinfo","text":""},{"location":"reference/pwndbg/commands/libcinfo/#pwndbg.commands.libcinfo","title":"libcinfo","text":"Functions:
"},{"location":"reference/pwndbg/commands/libcinfo/#pwndbg.commands.libcinfo.libcinfo","title":"libcinfo","text":"libcinfo()\n
"},{"location":"reference/pwndbg/commands/linkmap/","title":"pwndbg.commands.linkmap","text":""},{"location":"reference/pwndbg/commands/linkmap/#pwndbg.commands.linkmap","title":"linkmap","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/linkmap/#pwndbg.commands.linkmap.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Show the state of the Link Map')\n
"},{"location":"reference/pwndbg/commands/linkmap/#pwndbg.commands.linkmap.linkmap","title":"linkmap","text":"linkmap() -> None\n
"},{"location":"reference/pwndbg/commands/memoize/","title":"pwndbg.commands.memoize","text":""},{"location":"reference/pwndbg/commands/memoize/#pwndbg.commands.memoize","title":"memoize","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/memoize/#pwndbg.commands.memoize.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"\\nToggles memoization (caching).\\n\\nUseful for diagnosing caching-related bugs. Decreases performance.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/memoize/#pwndbg.commands.memoize.memoize","title":"memoize","text":"memoize() -> None\n
"},{"location":"reference/pwndbg/commands/misc/","title":"pwndbg.commands.misc","text":""},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc","title":"misc","text":"Functions:
-
errno_ \u2013 -
pwndbg_ \u2013 -
list_and_filter_commands \u2013
Attributes:
-
parser \u2013 -
cat_group \u2013
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description=\"Prints out a list of all Pwndbg commands.\")\n
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.cat_group","title":"cat_group module-attribute","text":"cat_group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.errno_","title":"errno_","text":"errno_(err) -> None\n
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.pwndbg_","title":"pwndbg_","text":"pwndbg_(filter_pattern, category_, list_categories) -> None\n
"},{"location":"reference/pwndbg/commands/misc/#pwndbg.commands.misc.list_and_filter_commands","title":"list_and_filter_commands","text":"list_and_filter_commands(filter_str)\n
"},{"location":"reference/pwndbg/commands/mmap/","title":"pwndbg.commands.mmap","text":""},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap","title":"mmap","text":"Functions:
-
prot_str_to_val \u2013 Heuristic to convert PROT_EXEC|PROT_WRITE to integer value.
-
flag_str_to_val \u2013 Heuristic to convert MAP_SHARED|MAP_FIXED to integer value.
-
parse_str_or_int \u2013 Try parsing a string with one of the parsers above or by converting it to
-
mmap \u2013
Attributes:
-
parser \u2013 -
prot_dict \u2013 -
flag_dict \u2013
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"\\nCalls the mmap syscall and prints its resulting address.\\n\\nNote that the mmap syscall may fail for various reasons\\n(see `man mmap`) and, in case of failure, its return value\\nwill not be a valid pointer.\\n\\nPROT values: NONE (0), READ (1), WRITE (2), EXEC (4)\\n\\nMAP values: SHARED (1), PRIVATE (2), SHARED_VALIDATE (3), FIXED (0x10),\\n ANONYMOUS (0x20)\\n\\nFlags and protection values can be either a string containing the names of the\\nflags or permissions or a single number corresponding to the bitwise OR of the\\nprotection and flag numbers.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.prot_dict","title":"prot_dict module-attribute","text":"prot_dict = {'PROT_NONE': 0, 'PROT_READ': 1, 'PROT_WRITE': 2, 'PROT_EXEC': 4}\n
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.flag_dict","title":"flag_dict module-attribute","text":"flag_dict = {\n \"MAP_SHARED\": 1,\n \"MAP_PRIVATE\": 2,\n \"MAP_SHARED_VALIDATE\": 3,\n \"MAP_FIXED\": 16,\n \"MAP_ANONYMOUS\": 32,\n}\n
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.prot_str_to_val","title":"prot_str_to_val","text":"prot_str_to_val(protstr)\n
Heuristic to convert PROT_EXEC|PROT_WRITE to integer value.
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.flag_str_to_val","title":"flag_str_to_val","text":"flag_str_to_val(flagstr)\n
Heuristic to convert MAP_SHARED|MAP_FIXED to integer value.
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.parse_str_or_int","title":"parse_str_or_int","text":"parse_str_or_int(val: str | int, parser)\n
Try parsing a string with one of the parsers above or by converting it to an int, or passes the value through if it is already an integer.
"},{"location":"reference/pwndbg/commands/mmap/#pwndbg.commands.mmap.mmap","title":"mmap","text":"mmap(\n addr, length, prot=7, flags=34, fd=-1, offset=0, quiet=False, force=False\n) -> None\n
"},{"location":"reference/pwndbg/commands/mprotect/","title":"pwndbg.commands.mprotect","text":""},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect","title":"mprotect","text":"Functions:
Attributes:
-
parser \u2013 -
SYS_MPROTECT \u2013 -
prot_dict \u2013
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"\\nCalls the mprotect syscall and prints its result value.\\n\\nNote that the mprotect syscall may fail for various reasons\\n(see `man mprotect`) and a non-zero error return value\\ncan be decoded with the `errno <value>` command.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.SYS_MPROTECT","title":"SYS_MPROTECT module-attribute","text":"SYS_MPROTECT = 125\n
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.prot_dict","title":"prot_dict module-attribute","text":"prot_dict = {'PROT_NONE': 0, 'PROT_READ': 1, 'PROT_WRITE': 2, 'PROT_EXEC': 4}\n
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.prot_str_to_val","title":"prot_str_to_val","text":"prot_str_to_val(protstr: str) -> int\n
Converts a protection string to an integer. Formats include: - A positive integer, like 3 - A combination of r, w, and x, like rw - A combination of PROT_READ, PROT_WRITE, and PROT_EXEC, like PROT_READ|PROT_WRITE
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.prot_val_to_str","title":"prot_val_to_str","text":"prot_val_to_str(protval: int) -> str\n
"},{"location":"reference/pwndbg/commands/mprotect/#pwndbg.commands.mprotect.mprotect","title":"mprotect","text":"mprotect(addr, length, prot) -> None\n
"},{"location":"reference/pwndbg/commands/msr/","title":"pwndbg.commands.msr","text":""},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr","title":"msr","text":"Functions:
-
parse_msr \u2013 -
parse_range \u2013 -
x86_msr_read \u2013 -
x86_msr_write \u2013 -
msr_read \u2013 -
msr_write \u2013 -
msr_list \u2013 -
msr \u2013
Attributes:
-
X86_MSRS \u2013 -
COMMON_MSRS \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.X86_MSRS","title":"X86_MSRS module-attribute","text":"X86_MSRS = {\n \"MSR_EFER\": 3221225600,\n \"MSR_STAR\": 3221225601,\n \"MSR_LSTAR\": 3221225602,\n \"MSR_CSTAR\": 3221225603,\n \"MSR_SYSCALL_MASK\": 3221225604,\n \"MSR_FS_BASE\": 3221225728,\n \"MSR_GS_BASE\": 3221225729,\n \"MSR_KERNEL_GS_BASE\": 3221225730,\n \"MSR_TSC_AUX\": 3221225731,\n}\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.COMMON_MSRS","title":"COMMON_MSRS module-attribute","text":"COMMON_MSRS = {'i386': X86_MSRS, 'x86-64': X86_MSRS}\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"\\nRead or write to Model Specific Register (MSR)\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.parse_msr","title":"parse_msr","text":"parse_msr(msr: str, arch: str) -> int | None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.parse_range","title":"parse_range","text":"parse_range(msr_range: str, arch: str) -> tuple[int, int] | None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.x86_msr_read","title":"x86_msr_read","text":"x86_msr_read(msr: int) -> None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.x86_msr_write","title":"x86_msr_write","text":"x86_msr_write(msr: int, write_value: int) -> None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.msr_read","title":"msr_read","text":"msr_read(msr: int) -> None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.msr_write","title":"msr_write","text":"msr_write(msr: int, write_value: int) -> None\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.msr_list","title":"msr_list","text":"msr_list(arch: str)\n
"},{"location":"reference/pwndbg/commands/msr/#pwndbg.commands.msr.msr","title":"msr","text":"msr(\n msr: str | None = None,\n write: int | None = None,\n list_msr=False,\n msr_range: str | None = None,\n) -> None\n
"},{"location":"reference/pwndbg/commands/nearpc/","title":"pwndbg.commands.nearpc","text":""},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc","title":"nearpc","text":"Functions:
-
nearpc \u2013 Disassemble near a specified address.
-
emulate \u2013 Like nearpc, but will emulate instructions from the current $PC forward.
Attributes:
"},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Like nearpc, but will emulate instructions from the current $PC forward.\"\n)\n
"},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc.nearpc","title":"nearpc","text":"nearpc(\n pc=None, lines=None, emulate=False, use_cache=False, linear=True\n) -> None\n
Disassemble near a specified address.
"},{"location":"reference/pwndbg/commands/nearpc/#pwndbg.commands.nearpc.emulate","title":"emulate","text":"emulate(pc=None, lines=None, emulate_=True) -> None\n
Like nearpc, but will emulate instructions from the current $PC forward.
"},{"location":"reference/pwndbg/commands/next/","title":"pwndbg.commands.next","text":""},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next","title":"next","text":"Stepping until an event occurs
Functions:
-
nextjmp \u2013 Breaks at the next jump instruction
-
nextcall \u2013 Breaks at the next call instruction
-
nextret \u2013 Breaks at next return-like instruction
-
stepret \u2013 Breaks at next return-like instruction by 'stepping' to it
-
nextproginstr \u2013 -
stepover \u2013 Sets a breakpoint on the instruction after this one
-
nextsyscall \u2013 Breaks at the next syscall not taking branches.
-
stepsyscall \u2013 Breaks at the next syscall by taking branches.
-
stepuntilasm \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Breaks on the next matching instruction.')\n
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextjmp","title":"nextjmp","text":"nextjmp() -> None\n
Breaks at the next jump instruction
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextcall","title":"nextcall","text":"nextcall(symbol_regex=None) -> None\n
Breaks at the next call instruction
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextret","title":"nextret","text":"nextret() -> None\n
Breaks at next return-like instruction
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepret","title":"stepret","text":"stepret() -> None\n
Breaks at next return-like instruction by 'stepping' to it
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextproginstr","title":"nextproginstr","text":"nextproginstr() -> None\n
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepover","title":"stepover","text":"stepover(addr=None) -> None\n
Sets a breakpoint on the instruction after this one
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.nextsyscall","title":"nextsyscall","text":"nextsyscall() -> None\n
Breaks at the next syscall not taking branches.
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepsyscall","title":"stepsyscall","text":"stepsyscall() -> None\n
Breaks at the next syscall by taking branches.
"},{"location":"reference/pwndbg/commands/next/#pwndbg.commands.next.stepuntilasm","title":"stepuntilasm","text":"stepuntilasm(mnemonic, op_str) -> None\n
"},{"location":"reference/pwndbg/commands/onegadget/","title":"pwndbg.commands.onegadget","text":""},{"location":"reference/pwndbg/commands/onegadget/#pwndbg.commands.onegadget","title":"onegadget","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/onegadget/#pwndbg.commands.onegadget.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"\\nFind gadgets which single-handedly give code execution.\\n\\nUses the onegadget tool by david942j.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/onegadget/#pwndbg.commands.onegadget.onegadget","title":"onegadget","text":"onegadget(\n show_unsat: bool = False, no_unknown: bool = False, verbose: bool = False\n) -> None\n
"},{"location":"reference/pwndbg/commands/p2p/","title":"pwndbg.commands.p2p","text":""},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p","title":"p2p","text":"Classes:
Functions:
-
get_addrrange_any_named \u2013 -
address_range_explicit \u2013 -
address_range \u2013 -
maybe_points_to_ranges \u2013 -
p2p_walk \u2013 -
p2p \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.ts","title":"ts module-attribute","text":"ts = telescope\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Pointer to pointer chain search. Searches given mapping for all pointers that point to specified mapping.\\n\\nAny chain length greater than 0 is valid. If only one mapping is given it just looks for any pointers in that mapping.\"\n)\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.AddrRange","title":"AddrRange","text":"AddrRange(begin: int, end: int)\n
Methods:
Attributes:
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.AddrRange.begin","title":"begin instance-attribute","text":"begin = begin\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.AddrRange.end","title":"end instance-attribute","text":"end = end\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.AddrRange.__repr__","title":"__repr__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.get_addrrange_any_named","title":"get_addrrange_any_named","text":"get_addrrange_any_named() -> list[AddrRange]\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.address_range_explicit","title":"address_range_explicit","text":"address_range_explicit(section: str) -> AddrRange\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.address_range","title":"address_range","text":"address_range(section: str) -> list[AddrRange] | tuple[int, int] | None\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.maybe_points_to_ranges","title":"maybe_points_to_ranges","text":"maybe_points_to_ranges(ptr: int, rs: list[AddrRange])\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.p2p_walk","title":"p2p_walk","text":"p2p_walk(\n addr: int, ranges: list[list[AddrRange]], current_level: int\n) -> int | None\n
"},{"location":"reference/pwndbg/commands/p2p/#pwndbg.commands.p2p.p2p","title":"p2p","text":"p2p(mapping_names: list[list[AddrRange]] | None = None) -> None\n
"},{"location":"reference/pwndbg/commands/paging/","title":"pwndbg.commands.paging","text":""},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging","title":"paging","text":"Functions:
-
print_pagetable_entry \u2013 -
pg_indices \u2013 -
pagewalk \u2013 -
p2v \u2013 -
v2p \u2013
Attributes:
-
parser \u2013 -
pageflags \u2013 -
p2v_parser \u2013 -
v2p_parser \u2013
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Performs pagewalk.')\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.pageflags","title":"pageflags module-attribute","text":"pageflags = BitFlags([('NX', 63), ('PS', 7), ('A', 5), ('W', 1), ('P', 0)])\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.p2v_parser","title":"p2v_parser module-attribute","text":"p2v_parser = ArgumentParser(\n description=\"Translate physical address to its corresponding virtual address.\"\n)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.v2p_parser","title":"v2p_parser module-attribute","text":"v2p_parser = ArgumentParser(\n description=\"Translate virtual address to its corresponding physical address.\"\n)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.print_pagetable_entry","title":"print_pagetable_entry","text":"print_pagetable_entry(name: str, paddr: int | None, vaddr: int)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.pg_indices","title":"pg_indices","text":"pg_indices(vaddr, nr_level)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.pagewalk","title":"pagewalk","text":"pagewalk(vaddr, entry=None)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.p2v","title":"p2v","text":"p2v(paddr)\n
"},{"location":"reference/pwndbg/commands/paging/#pwndbg.commands.paging.v2p","title":"v2p","text":"v2p(vaddr)\n
"},{"location":"reference/pwndbg/commands/patch/","title":"pwndbg.commands.patch","text":""},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch","title":"patch","text":"Functions:
-
patch \u2013 -
patch_revert \u2013 -
patch_list \u2013
Attributes:
-
patches (dict[int, tuple[bytearray, bytearray]]) \u2013 -
parser \u2013 -
parser2 \u2013 -
parser3 \u2013
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.patches","title":"patches module-attribute","text":"patches: dict[int, tuple[bytearray, bytearray]] = {}\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Patches given instruction with given code or bytes.\"\n)\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.parser2","title":"parser2 module-attribute","text":"parser2 = ArgumentParser(description='Revert patch at given address.')\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.parser3","title":"parser3 module-attribute","text":"parser3 = ArgumentParser(description='List all patches.')\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.patch","title":"patch","text":"patch(address: int, ins: str, quiet: bool) -> None\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.patch_revert","title":"patch_revert","text":"patch_revert(address: int) -> None\n
"},{"location":"reference/pwndbg/commands/patch/#pwndbg.commands.patch.patch_list","title":"patch_list","text":"patch_list() -> None\n
"},{"location":"reference/pwndbg/commands/peda/","title":"pwndbg.commands.peda","text":""},{"location":"reference/pwndbg/commands/peda/#pwndbg.commands.peda","title":"peda","text":"Functions:
-
getfile \u2013 -
xuntil \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/peda/#pwndbg.commands.peda.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Continue execution until an address or expression.\"\n)\n
"},{"location":"reference/pwndbg/commands/peda/#pwndbg.commands.peda.getfile","title":"getfile","text":"getfile() -> None\n
"},{"location":"reference/pwndbg/commands/peda/#pwndbg.commands.peda.xuntil","title":"xuntil","text":"xuntil(target) -> None\n
"},{"location":"reference/pwndbg/commands/pie/","title":"pwndbg.commands.pie","text":""},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie","title":"pie","text":"Functions:
-
translate_addr \u2013 -
piebase \u2013 -
breakrva \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Calculate VA of RVA from PIE base.')\n
"},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie.translate_addr","title":"translate_addr","text":"translate_addr(offset, module)\n
"},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie.piebase","title":"piebase","text":"piebase(offset=None, module=None) -> None\n
"},{"location":"reference/pwndbg/commands/pie/#pwndbg.commands.pie.breakrva","title":"breakrva","text":"breakrva(offset=0, module=None) -> None\n
"},{"location":"reference/pwndbg/commands/plist/","title":"pwndbg.commands.plist","text":""},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist","title":"plist","text":"Functions:
-
plist \u2013 -
bit_offset_of_field \u2013 -
get_byte_offset \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Dumps the elements of a linked list.\\n\\nThis command traverses the linked list beginning at a given element, dumping its\\ncontents and the contents of all the elements that come after it in the list.\\nTraversal is configurable and can handle multiple types of linked lists, but will\\nalways stop when a cycle is detected.\\n\\nThe path to the first element can be any GDB expression that evaluates to either\\nthe first element directly, or a to pointer to it. The next element is the name\\nof the field containing the next pointer, in either the structure itself or in\\nthe structure given by --inner.\\n\\nAn address value may be given with --sentinel that signals the end of the list.\\nBy default, the value used is NULL (0).\\n\\nIf only one field inside each node is desired, it can be printed exclusively by\\nspecifying its name with --field.\\n\\nThis command supports traversing three types of linked lists, classified by how\\nthe next pointer can be found in the structure and what type it is:\\n 1 - Next pointer is field of structure, type is the same as structure.\\n 2 - Next pointer is field of inner nested structure, pointed to type is the\\n same as outer structure.\\n 3 - Next pointer is field of inner nested structure, pointed to type is the\\n same as inner structure.\\nTypes 2 and 3 require --inner to be specified.\\n\\nExample 1:\\n\\n```\\nstruct node {\\n int value;\\n struct node *next;\\n};\\nstruct node node_c = { 2, NULL };\\nstruct node node_b = { 1, &node_c };\\nstruct node node_a = { 0, &node_b };\\n```\\n\\npwndbg> plist node_a next\\n0x4000011050 <node_a>: {\\n value = 0,\\n next = 0x4000011040 <node_b>\\n}\\n0x4000011040 <node_b>: {\\n value = 1,\\n next = 0x4000011010 <node_c>\\n}\\n0x4000011010 <node_c>: {\\n value = 2,\\n next = 0x0\\n}\\n\\nExample 2:\\n\\n```\\nstruct node_inner_a {\\n struct node_inner_a *next;\\n};\\nstruct inner_a_node {\\n int value;\\n struct node_inner_a inner;\\n};\\nstruct inner_a_node inner_a_node_c = { 2, { NULL } };\\nstruct inner_a_node inner_a_node_b = { 1, { &inner_a_node_c.inner } };\\nstruct inner_a_node inner_a_node_a = { 0, { &inner_a_node_b.inner } };\\n```\\n\\npwndbg> plist inner_a_node_a -i inner next\\n0x4000011070 <inner_a_node_a>: {\\n value = 0,\\n inner = {\\n next = 0x4000011068 <inner_a_node_b+8>\\n }\\n}\\n0x4000011060 <inner_a_node_b>: {\\n value = 1,\\n inner = {\\n next = 0x4000011028 <inner_a_node_c+8>\\n }\\n}\\n0x4000011020 <inner_a_node_c>: {\\n value = 2,\\n inner = {\\n next = 0x0\\n }\\n}\\n\\nExample 3:\\n\\n```\\nstruct inner_b_node;\\nstruct node_inner_b {\\n struct inner_b_node *next;\\n};\\nstruct inner_b_node {\\n int value;\\n struct node_inner_b inner;\\n};\\nstruct inner_b_node inner_b_node_c = { 2, { NULL } };\\nstruct inner_b_node inner_b_node_b = { 1, { &inner_b_node_c } };\\nstruct inner_b_node inner_b_node_a = { 0, { &inner_b_node_b } };\\n```\\n\\npwndbg> plist inner_b_node_a -i inner next\\n0x4000011090 <inner_b_node_a>: {\\n value = 0,\\n inner = {\\n next = 0x4000011080 <inner_b_node_b>\\n }\\n}\\n0x4000011080 <inner_b_node_b>: {\\n value = 1,\\n inner = {\\n next = 0x4000011030 <inner_b_node_c>\\n }\\n}\\n0x4000011030 <inner_b_node_c>: {\\n value = 2,\\n inner = {\\n next = 0x0\\n }\\n}\\n\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist.plist","title":"plist","text":"plist(\n path: str,\n next: str,\n sentinel: int,\n inner_name: str | None,\n field_name: str | None,\n offset: int,\n count: int | None = None,\n) -> None\n
"},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist.bit_offset_of_field","title":"bit_offset_of_field","text":"bit_offset_of_field(struct, field_name, inner_name=None)\n
"},{"location":"reference/pwndbg/commands/plist/#pwndbg.commands.plist.get_byte_offset","title":"get_byte_offset","text":"get_byte_offset(bit_offset)\n
"},{"location":"reference/pwndbg/commands/probeleak/","title":"pwndbg.commands.probeleak","text":""},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak","title":"probeleak","text":"Functions:
-
find_module \u2013 -
satisfied_flags \u2013 -
flags_str2int \u2013 -
probeleak \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Pointer scan for possible offset leaks.')\n
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.find_module","title":"find_module","text":"find_module(addr, max_distance)\n
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.satisfied_flags","title":"satisfied_flags","text":"satisfied_flags(require_flags, flags)\n
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.flags_str2int","title":"flags_str2int","text":"flags_str2int(flags_s)\n
"},{"location":"reference/pwndbg/commands/probeleak/#pwndbg.commands.probeleak.probeleak","title":"probeleak","text":"probeleak(\n address=None,\n count=64,\n max_distance=0,\n point_to=None,\n max_ptrs=0,\n flags=None,\n) -> None\n
"},{"location":"reference/pwndbg/commands/procinfo/","title":"pwndbg.commands.procinfo","text":""},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo","title":"procinfo","text":"Classes:
Functions:
-
tcp \u2013 It will first list all listening TCP sockets, and next list all established
-
tcp6 \u2013 -
unix \u2013 -
netlink \u2013 -
pid \u2013 -
procinfo \u2013 Display information about the running process.
Attributes:
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.capabilities","title":"capabilities module-attribute","text":"capabilities = {\n 0: \"CAP_CHOWN\",\n 1: \"CAP_DAC_OVERRIDE\",\n 2: \"CAP_DAC_READ_SEARCH\",\n 3: \"CAP_FOWNER\",\n 4: \"CAP_FSETID\",\n 5: \"CAP_KILL\",\n 6: \"CAP_SETGID\",\n 7: \"CAP_SETUID\",\n 8: \"CAP_SETPCAP\",\n 9: \"CAP_LINUX_IMMUTABLE\",\n 10: \"CAP_NET_BIND_SERVICE\",\n 11: \"CAP_NET_BROADCAST\",\n 12: \"CAP_NET_ADMIN\",\n 13: \"CAP_NET_RAW\",\n 14: \"CAP_IPC_LOCK\",\n 15: \"CAP_IPC_OWNER\",\n 16: \"CAP_SYS_MODULE\",\n 17: \"CAP_SYS_RAWIO\",\n 18: \"CAP_SYS_CHROOT\",\n 19: \"CAP_SYS_PTRACE\",\n 20: \"CAP_SYS_PACCT\",\n 21: \"CAP_SYS_ADMIN\",\n 22: \"CAP_SYS_BOOT\",\n 23: \"CAP_SYS_NICE\",\n 24: \"CAP_SYS_RESOURCE\",\n 25: \"CAP_SYS_TIME\",\n 26: \"CAP_SYS_TTY_CONFIG\",\n 27: \"CAP_MKNOD\",\n 28: \"CAP_LEASE\",\n 29: \"CAP_AUDIT_WRITE\",\n 30: \"CAP_AUDIT_CONTROL\",\n 31: \"CAP_SETFCAP\",\n 32: \"CAP_MAC_OVERRIDE\",\n 33: \"CAP_MAC_ADMIN\",\n 34: \"CAP_SYSLOG\",\n 35: \"CAP_WAKE_ALARM\",\n 36: \"CAP_BLOCK_SUSPEND\",\n}\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process","title":"Process","text":"Process(pid=None, tid=None)\n
Attributes:
-
pid \u2013 -
tid \u2013 -
selinux (str) \u2013 -
cmdline \u2013 -
cwd (str) \u2013 -
status \u2013 -
open_files \u2013 -
connections \u2013
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.pid","title":"pid instance-attribute","text":"pid = pid\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.tid","title":"tid instance-attribute","text":"tid = tid\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.selinux","title":"selinux property","text":"selinux: str\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.cmdline","title":"cmdline property","text":"cmdline\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.cwd","title":"cwd property","text":"cwd: str\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.status","title":"status property","text":"status\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.open_files","title":"open_files property","text":"open_files\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.Process.connections","title":"connections property","text":"connections\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.tcp","title":"tcp","text":"tcp(tid: int)\n
It will first list all listening TCP sockets, and next list all established TCP connections. A typical entry of /proc/net/tcp would look like this (split up into 3 parts because of the length of the line):
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.tcp6","title":"tcp6","text":"tcp6(tid: int)\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.unix","title":"unix","text":"unix(tid: int)\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.netlink","title":"netlink","text":"netlink(tid: int)\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.pid","title":"pid","text":"pid() -> None\n
"},{"location":"reference/pwndbg/commands/procinfo/#pwndbg.commands.procinfo.procinfo","title":"procinfo","text":"procinfo() -> None\n
Display information about the running process.
"},{"location":"reference/pwndbg/commands/profiler/","title":"pwndbg.commands.profiler","text":""},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler","title":"profiler","text":"Utilities for profiling pwndbg.
Functions:
Attributes:
-
parser \u2013 -
subparsers \u2013 -
parser_start \u2013 -
parser_stop \u2013
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"\\nUtilities for profiling Pwndbg.\\n\\nCheck out the `./profiling` folder for other useful utilities.\\nUse `./profiling/print_stats.py` to generate a report from a `.pstats` file.\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.subparsers","title":"subparsers module-attribute","text":"subparsers = add_subparsers(dest='command')\n
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.parser_start","title":"parser_start module-attribute","text":"parser_start = add_parser('start', prog='profiler start')\n
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.parser_stop","title":"parser_stop module-attribute","text":"parser_stop = add_parser('stop', prog='profiler stop')\n
"},{"location":"reference/pwndbg/commands/profiler/#pwndbg.commands.profiler.profiler","title":"profiler","text":"profiler(command, file='pwndbg.pstats') -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/","title":"pwndbg.commands.ptmalloc2","text":""},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2","title":"ptmalloc2","text":"Functions:
-
read_chunk \u2013 Read a chunk's metadata.
-
format_bin \u2013 -
print_no_arena_found_error \u2013 -
print_no_tcache_bins_found_error \u2013 -
heap \u2013 Iteratively print chunks on a heap, default to the current thread's
-
hi \u2013 -
arena \u2013 Print the contents of an arena, default to the current thread's arena.
-
arenas \u2013 Lists this process's arenas.
-
tcache \u2013 Print a thread's tcache contents, default to the current thread's
-
mp \u2013 Print the mp_ struct's contents.
-
top_chunk \u2013 Print relevant information about an arena's top chunk, default to the
-
malloc_chunk \u2013 Print a malloc_chunk struct's contents.
-
bins \u2013 Print the contents of all an arena's bins and a thread's tcache,
-
fastbins \u2013 Print the contents of an arena's fastbins, default to the current
-
unsortedbin \u2013 Print the contents of an arena's unsortedbin, default to the current
-
smallbins \u2013 Print the contents of an arena's smallbins, default to the current
-
largebins \u2013 Print the contents of an arena's largebins, default to the current
-
tcachebins \u2013 Print the contents of a tcache, default to the current thread's tcache.
-
find_fake_fast \u2013 Find candidate fake fast chunks overlapping the specified address.
-
vis_heap_chunks \u2013 Visualize chunks on a heap, default to the current arena's active heap.
-
bin_ascii \u2013 -
bin_labels_mapping \u2013 Returns all potential bin labels for all potential addresses
-
try_free \u2013 -
try_unlink \u2013
Attributes:
-
parser \u2013 -
group \u2013 -
VALID_CHARS \u2013 -
try_free_parser \u2013
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Visualize chunks on a heap.\\n\\nDefault to the current arena's active heap.\"\n)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.group","title":"group module-attribute","text":"group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.VALID_CHARS","title":"VALID_CHARS module-attribute","text":"VALID_CHARS = list(map(ord, set(printable) - set('\\t\\r\\n\\x0c\\x0b')))\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.try_free_parser","title":"try_free_parser module-attribute","text":"try_free_parser = ArgumentParser(\n description=\"Check what would happen if free was called with given address.\"\n)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.read_chunk","title":"read_chunk","text":"read_chunk(addr: int) -> dict[str, int]\n
Read a chunk's metadata.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.format_bin","title":"format_bin","text":"format_bin(\n bins: Bins, verbose: bool = False, offset: int | None = None\n) -> list[str]\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.print_no_arena_found_error","title":"print_no_arena_found_error","text":"print_no_arena_found_error(tid=None) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.print_no_tcache_bins_found_error","title":"print_no_tcache_bins_found_error","text":"print_no_tcache_bins_found_error(tid: int | None = None) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.heap","title":"heap","text":"heap(\n addr: int | None = None, verbose: bool = False, simple: bool = False\n) -> None\n
Iteratively print chunks on a heap, default to the current thread's active heap.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.hi","title":"hi","text":"hi(\n addr: int, verbose: bool = False, simple: bool = False, fake: bool = False\n) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.arena","title":"arena","text":"arena(addr: int | None = None) -> None\n
Print the contents of an arena, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.arenas","title":"arenas","text":"arenas() -> None\n
Lists this process's arenas.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.tcache","title":"tcache","text":"tcache(addr: int | None = None) -> None\n
Print a thread's tcache contents, default to the current thread's tcache.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.mp","title":"mp","text":"mp() -> None\n
Print the mp_ struct's contents.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.top_chunk","title":"top_chunk","text":"top_chunk(addr: int | None = None) -> None\n
Print relevant information about an arena's top chunk, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.malloc_chunk","title":"malloc_chunk","text":"malloc_chunk(\n addr: int,\n fake: bool = False,\n verbose: bool = False,\n simple: bool = False,\n next: int = 0,\n dump: bool = False,\n) -> None\n
Print a malloc_chunk struct's contents.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.bins","title":"bins","text":"bins(addr: int | None = None, tcache_addr: int | None = None) -> None\n
Print the contents of all an arena's bins and a thread's tcache, default to the current thread's arena and tcache.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.fastbins","title":"fastbins","text":"fastbins(addr: int | None = None, verbose: bool = False) -> None\n
Print the contents of an arena's fastbins, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.unsortedbin","title":"unsortedbin","text":"unsortedbin(addr: int | None = None, verbose: bool = False) -> None\n
Print the contents of an arena's unsortedbin, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.smallbins","title":"smallbins","text":"smallbins(addr: int | None = None, verbose: bool = False) -> None\n
Print the contents of an arena's smallbins, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.largebins","title":"largebins","text":"largebins(addr: int | None = None, verbose: bool = False) -> None\n
Print the contents of an arena's largebins, default to the current thread's arena.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.tcachebins","title":"tcachebins","text":"tcachebins(addr: int | None = None, verbose: bool = False) -> None\n
Print the contents of a tcache, default to the current thread's tcache.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.find_fake_fast","title":"find_fake_fast","text":"find_fake_fast(\n target_address: int,\n max_candidate_size: int | None = None,\n align: bool = False,\n glibc_fastbin_bug: bool = False,\n partial_overwrite: bool = False,\n) -> None\n
Find candidate fake fast chunks overlapping the specified address.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.vis_heap_chunks","title":"vis_heap_chunks","text":"vis_heap_chunks(\n addr: int | None = None,\n count: int | None = None,\n beyond_top: bool = False,\n no_truncate: bool = False,\n all_chunks: bool = False,\n) -> None\n
Visualize chunks on a heap, default to the current arena's active heap.
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.bin_ascii","title":"bin_ascii","text":"bin_ascii(bs)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.bin_labels_mapping","title":"bin_labels_mapping","text":"bin_labels_mapping(collections)\n
Returns all potential bin labels for all potential addresses We precompute all of them because doing this on demand was too slow and inefficient See #1675 for more details
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.try_free","title":"try_free","text":"try_free(addr: str | int) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2/#pwndbg.commands.ptmalloc2.try_unlink","title":"try_unlink","text":"try_unlink(addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/","title":"pwndbg.commands.ptmalloc2_tracking","text":""},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking","title":"ptmalloc2_tracking","text":"Functions:
Attributes:
-
parser \u2013 -
subparsers \u2013 -
enable \u2013 -
disable \u2013 -
toggle_break \u2013
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Manages the heap tracker.\\n\\nThe heap tracker is a module that tracks usage of the GLibc heap and looks for\\nuser errors such as double frees and use after frees.\\n\\nCurrently, the following errors can be detected:\\n - Use After Free\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.subparsers","title":"subparsers module-attribute","text":"subparsers = add_subparsers(\n required=True,\n description=\"Used to enable, disable and query information about the tracker\",\n)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.enable","title":"enable module-attribute","text":"enable = add_parser('enable', help='Enable heap tracking')\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.disable","title":"disable module-attribute","text":"disable = add_parser('disable', help='Disable heap tracking')\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.toggle_break","title":"toggle_break module-attribute","text":"toggle_break = add_parser(\n \"toggle-break\",\n help=\"Toggles whether possible UAF conditions will pause execution\",\n)\n
"},{"location":"reference/pwndbg/commands/ptmalloc2_tracking/#pwndbg.commands.ptmalloc2_tracking.track_heap","title":"track_heap","text":"track_heap(mode=None, use_hardware_breakpoints=False)\n
"},{"location":"reference/pwndbg/commands/radare2/","title":"pwndbg.commands.radare2","text":""},{"location":"reference/pwndbg/commands/radare2/#pwndbg.commands.radare2","title":"radare2","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/radare2/#pwndbg.commands.radare2.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Execute stateful radare2 commands through r2pipe.\"\n)\n
"},{"location":"reference/pwndbg/commands/radare2/#pwndbg.commands.radare2.r2","title":"r2","text":"r2(arguments, no_seek=False, no_rebase=False) -> None\n
"},{"location":"reference/pwndbg/commands/radare2/#pwndbg.commands.radare2.r2pipe","title":"r2pipe","text":"r2pipe(arguments) -> None\n
"},{"location":"reference/pwndbg/commands/reload/","title":"pwndbg.commands.reload","text":""},{"location":"reference/pwndbg/commands/reload/#pwndbg.commands.reload","title":"reload","text":"Functions:
"},{"location":"reference/pwndbg/commands/reload/#pwndbg.commands.reload.rreload","title":"rreload","text":"rreload(module, _exclude_mods=None) -> None\n
Recursively reload modules. Impl based on https://stackoverflow.com/a/66661311/1508881
"},{"location":"reference/pwndbg/commands/reload/#pwndbg.commands.reload.reload","title":"reload","text":"reload(*a) -> None\n
"},{"location":"reference/pwndbg/commands/reload/#pwndbg.commands.reload.reinit_pwndbg","title":"reinit_pwndbg","text":"reinit_pwndbg() -> None\n
Makes pwndbg reinitialize all state.
"},{"location":"reference/pwndbg/commands/retaddr/","title":"pwndbg.commands.retaddr","text":""},{"location":"reference/pwndbg/commands/retaddr/#pwndbg.commands.retaddr","title":"retaddr","text":"Functions:
-
retaddr \u2013 -
stack_explore \u2013
"},{"location":"reference/pwndbg/commands/retaddr/#pwndbg.commands.retaddr.retaddr","title":"retaddr","text":"retaddr() -> None\n
"},{"location":"reference/pwndbg/commands/retaddr/#pwndbg.commands.retaddr.stack_explore","title":"stack_explore","text":"stack_explore() -> None\n
"},{"location":"reference/pwndbg/commands/rizin/","title":"pwndbg.commands.rizin","text":""},{"location":"reference/pwndbg/commands/rizin/#pwndbg.commands.rizin","title":"rizin","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/rizin/#pwndbg.commands.rizin.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Execute stateful rizin commands through rzpipe.\"\n)\n
"},{"location":"reference/pwndbg/commands/rizin/#pwndbg.commands.rizin.rz","title":"rz","text":"rz(arguments, no_seek=False, no_rebase=False) -> None\n
"},{"location":"reference/pwndbg/commands/rizin/#pwndbg.commands.rizin.rzpipe","title":"rzpipe","text":"rzpipe(arguments) -> None\n
"},{"location":"reference/pwndbg/commands/rop/","title":"pwndbg.commands.rop","text":""},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop","title":"rop","text":"Classes:
Functions:
-
split_range_to_chunks \u2013 -
parse_size \u2013 -
iterate_over_pages \u2013 -
rop \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Dump ROP gadgets with Jon Salwan's ROPgadget tool.\"\n)\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary","title":"RawMemoryBinary","text":"RawMemoryBinary(options, start_addr: int)\n
Bases: object
Methods:
-
getBinary \u2013 -
getFileName \u2013 -
getRawBinary \u2013 -
getEntryPoint \u2013 -
getExecSections \u2013 -
getDataSections \u2013 -
getArch \u2013 -
getArchMode \u2013 -
getEndian \u2013 -
getFormat \u2013
Attributes:
-
start_addr \u2013 -
cs \u2013
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.start_addr","title":"start_addr instance-attribute","text":"start_addr = start_addr\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.__fileName","title":"__fileName instance-attribute","text":"__fileName = binary\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.cs","title":"cs instance-attribute","text":"cs = get_disassembler(get_capstone_constants(pc))\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.__rawBinary","title":"__rawBinary instance-attribute","text":"__rawBinary = read()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getBinary","title":"getBinary","text":"getBinary()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getFileName","title":"getFileName","text":"getFileName()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getRawBinary","title":"getRawBinary","text":"getRawBinary()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getEntryPoint","title":"getEntryPoint","text":"getEntryPoint()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getExecSections","title":"getExecSections","text":"getExecSections()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getDataSections","title":"getDataSections","text":"getDataSections()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getArch","title":"getArch","text":"getArch()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getArchMode","title":"getArchMode","text":"getArchMode()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getEndian","title":"getEndian","text":"getEndian()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.RawMemoryBinary.getFormat","title":"getFormat","text":"getFormat()\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.split_range_to_chunks","title":"split_range_to_chunks","text":"split_range_to_chunks(\n range_start: int, range_end: int, chunk_size: int = 10 * 1024 * 1024\n) -> Iterator[tuple[int, int, int, int]]\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.parse_size","title":"parse_size","text":"parse_size(size_str: str) -> int\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.iterate_over_pages","title":"iterate_over_pages","text":"iterate_over_pages(mem_limit: int) -> Iterator[tuple[str, Page | None]]\n
"},{"location":"reference/pwndbg/commands/rop/#pwndbg.commands.rop.rop","title":"rop","text":"rop(grep: str | None, memlimit: str, argument: list[str]) -> None\n
"},{"location":"reference/pwndbg/commands/ropper/","title":"pwndbg.commands.ropper","text":""},{"location":"reference/pwndbg/commands/ropper/#pwndbg.commands.ropper","title":"ropper","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/ropper/#pwndbg.commands.ropper.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='ROP gadget search with ropper.')\n
"},{"location":"reference/pwndbg/commands/ropper/#pwndbg.commands.ropper.ropper","title":"ropper","text":"ropper(argument) -> None\n
"},{"location":"reference/pwndbg/commands/saved_register_frames/","title":"pwndbg.commands.saved_register_frames","text":""},{"location":"reference/pwndbg/commands/saved_register_frames/#pwndbg.commands.saved_register_frames","title":"saved_register_frames","text":"Functions:
-
print_saved_register_frame \u2013 -
dump_register_frame \u2013
Attributes:
-
VALID_FRAME_TYPES \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/saved_register_frames/#pwndbg.commands.saved_register_frames.VALID_FRAME_TYPES","title":"VALID_FRAME_TYPES module-attribute","text":"VALID_FRAME_TYPES = {\n \"armcm-exception\": ARM_CORTEX_M_EXCEPTION_STACK,\n \"armcm-exception2\": ARM_CORTEX_M_EXCEPTION_STACK,\n}\n
"},{"location":"reference/pwndbg/commands/saved_register_frames/#pwndbg.commands.saved_register_frames.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Display the registers saved to memory for a certain frame type\"\n)\n
"},{"location":"reference/pwndbg/commands/saved_register_frames/#pwndbg.commands.saved_register_frames.print_saved_register_frame","title":"print_saved_register_frame","text":"print_saved_register_frame(\n context: SavedRegisterFrame, address: int = None, print_address=False\n)\n
"},{"location":"reference/pwndbg/commands/saved_register_frames/#pwndbg.commands.saved_register_frames.dump_register_frame","title":"dump_register_frame","text":"dump_register_frame(\n frame_type: str, address: int = None, print_address=False\n) -> None\n
"},{"location":"reference/pwndbg/commands/search/","title":"pwndbg.commands.search","text":""},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search","title":"search","text":"Functions:
Attributes:
-
saved (set[int]) \u2013 -
auto_save \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.saved","title":"saved module-attribute","text":"saved: set[int] = set()\n
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.auto_save","title":"auto_save module-attribute","text":"auto_save = add_param(\n \"auto-save-search\", False, 'automatically pass --save to \"search\" command'\n)\n
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Search memory for byte sequences, strings, pointers, and integer values.\\n\\nBy default search results are cached. If you want to cache all results, but only print a subset, use --trunc-out. If you want to cache only a subset of results, and print the results immediately, use --limit. The latter is specially useful if you're searching a huge section of memory.\\n\\n\"\n)\n
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.print_search_hit","title":"print_search_hit","text":"print_search_hit(address: int) -> None\n
Prints out a single search hit.
Parameters:
-
address (int) \u2013 Address to print
"},{"location":"reference/pwndbg/commands/search/#pwndbg.commands.search.search","title":"search","text":"search(\n type,\n arch,\n asmbp,\n hex,\n executable,\n writable,\n step,\n limit,\n aligned,\n value,\n mapping_name,\n save,\n next,\n trunc_out,\n) -> None\n
"},{"location":"reference/pwndbg/commands/segments/","title":"pwndbg.commands.segments","text":""},{"location":"reference/pwndbg/commands/segments/#pwndbg.commands.segments","title":"segments","text":"Functions:
"},{"location":"reference/pwndbg/commands/segments/#pwndbg.commands.segments.fsbase","title":"fsbase","text":"fsbase() -> None\n
Prints out the FS base address. See also $fsbase.
"},{"location":"reference/pwndbg/commands/segments/#pwndbg.commands.segments.gsbase","title":"gsbase","text":"gsbase() -> None\n
Prints out the GS base address. See also $gsbase.
"},{"location":"reference/pwndbg/commands/sigreturn/","title":"pwndbg.commands.sigreturn","text":""},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn","title":"sigreturn","text":"Functions:
-
sigreturn \u2013 -
print_value \u2013
Attributes:
-
SIGRETURN_FRAME_LAYOUTS (dict[str, list[tuple[int, str]]]) \u2013 -
SIGRETURN_CORE_REGISTER (dict[str, set[str]]) \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.SIGRETURN_FRAME_LAYOUTS","title":"SIGRETURN_FRAME_LAYOUTS module-attribute","text":"SIGRETURN_FRAME_LAYOUTS: dict[str, list[tuple[int, str]]] = {\n \"x86-64\": sorted([(-8, \"&pretcode\")] + list(items())),\n \"i386\": sorted(items()),\n \"aarch64\": sorted(items()),\n \"arm\": sorted(items()),\n}\n
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.SIGRETURN_CORE_REGISTER","title":"SIGRETURN_CORE_REGISTER module-attribute","text":"SIGRETURN_CORE_REGISTER: dict[str, set[str]] = {\n \"x86-64\": {*gpr, frame, stack, pc},\n \"i386\": {*gpr, frame, stack, pc},\n \"aarch64\": {*gpr, \"sp\", \"pc\"},\n \"arm\": {*gpr, \"fp\", \"ip\", \"sp\", \"lr\", \"pc\"},\n}\n
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Display the SigreturnFrame at the specific address\"\n)\n
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.sigreturn","title":"sigreturn","text":"sigreturn(address: int = None, display_all=False, print_address=False) -> None\n
"},{"location":"reference/pwndbg/commands/sigreturn/#pwndbg.commands.sigreturn.print_value","title":"print_value","text":"print_value(string: str, address: int, print_address) -> None\n
"},{"location":"reference/pwndbg/commands/slab/","title":"pwndbg.commands.slab","text":""},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab","title":"slab","text":"Commands for dealing with Linux kernel slab allocator. Currently, only SLUB is supported.
Some of the code here was inspired from NeatMonster/slabdbg Some of the code here was inspired from osandov/drgn
Functions:
Attributes:
-
parser \u2013 -
subparsers \u2013 -
parser_list \u2013 -
parser_info \u2013 -
parser_contains \u2013
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Prints information about the linux kernel's slab allocator SLUB.\"\n)\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.subparsers","title":"subparsers module-attribute","text":"subparsers = add_subparsers(dest='command')\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.parser_list","title":"parser_list module-attribute","text":"parser_list = add_parser('list', prog='slab list')\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.parser_info","title":"parser_info module-attribute","text":"parser_info = add_parser('info', prog='slab info')\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.parser_contains","title":"parser_contains module-attribute","text":"parser_contains = add_parser('contains', prog='slab contains')\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab","title":"slab","text":"slab(\n command,\n filter_=None,\n names=None,\n verbose=False,\n addresses=None,\n cpu=None,\n node=None,\n partial_only=False,\n active_only=False,\n) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.print_slab","title":"print_slab","text":"print_slab(\n slab: Slab, indent, verbose: bool, freelist: Freelist = None\n) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.print_cpu_cache","title":"print_cpu_cache","text":"print_cpu_cache(\n cpu_cache: CpuCache, verbose: bool, active: bool, partial: bool, indent\n) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.print_node_cache","title":"print_node_cache","text":"print_node_cache(node_cache: NodeCache, verbose: bool, indent) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab_info","title":"slab_info","text":"slab_info(\n name: str, verbose: bool, cpu: int, node: int, active: bool, partial: bool\n) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab_list","title":"slab_list","text":"slab_list(filter_) -> None\n
"},{"location":"reference/pwndbg/commands/slab/#pwndbg.commands.slab.slab_contains","title":"slab_contains","text":"slab_contains(address: str) -> None\n
prints the slab_cache associated with the provided address
"},{"location":"reference/pwndbg/commands/spray/","title":"pwndbg.commands.spray","text":""},{"location":"reference/pwndbg/commands/spray/#pwndbg.commands.spray","title":"spray","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/spray/#pwndbg.commands.spray.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Spray memory with cyclic() generated values\"\n)\n
"},{"location":"reference/pwndbg/commands/spray/#pwndbg.commands.spray.spray","title":"spray","text":"spray(addr, length, value, only_funcptrs) -> None\n
"},{"location":"reference/pwndbg/commands/start/","title":"pwndbg.commands.start","text":""},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start","title":"start","text":"Launches the target process after setting a breakpoint at a convenient entry point.
Functions:
-
breakpoint_at_entry \u2013 -
start \u2013 -
entry \u2013 -
sstart \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description='\\nStart the debugged program stopping at its entrypoint address.\\n\\nNote that the entrypoint may not be the first instruction executed\\nby the program. If you want to stop on the first executed instruction,\\nuse the GDB\\'s `starti` command.\\n\\nArgs may include \"*\", or \"[...]\"; they are expanded using the\\nshell that will start the program (specified by the \"$SHELL\" environment\\nvariable). Input and output redirection with \">\", \"<\", or \">>\"\\nare also allowed.\\n\\nWith no arguments, uses arguments last specified (with \"run\" or\\n\"set args\"). To cancel previous arguments and run with no arguments,\\nuse \"set args\" without arguments.\\n\\nTo start the inferior without using a shell, use \"set startup-with-shell off\".\\n'\n)\n
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.breakpoint_at_entry","title":"breakpoint_at_entry","text":"breakpoint_at_entry()\n
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.start","title":"start","text":"start(args=None) -> None\n
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.entry","title":"entry","text":"entry(args=None) -> None\n
"},{"location":"reference/pwndbg/commands/start/#pwndbg.commands.start.sstart","title":"sstart","text":"sstart() -> None\n
"},{"location":"reference/pwndbg/commands/strings/","title":"pwndbg.commands.strings","text":""},{"location":"reference/pwndbg/commands/strings/#pwndbg.commands.strings","title":"strings","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/strings/#pwndbg.commands.strings.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Extracts and displays ASCII strings from readable memory pages of the debugged process.\"\n)\n
"},{"location":"reference/pwndbg/commands/strings/#pwndbg.commands.strings.strings","title":"strings","text":"strings(n: int = 4, page_names: list[str] = [], save_as: str = None)\n
"},{"location":"reference/pwndbg/commands/telescope/","title":"pwndbg.commands.telescope","text":""},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope","title":"telescope","text":"Prints out pointer chains starting at some address in memory.
Generally used to print out the stack or register values.
Functions:
Attributes:
-
telescope_lines \u2013 -
skip_repeating_values \u2013 -
skip_repeating_values_minimum \u2013 -
print_framepointer_offset \u2013 -
print_retaddr_in_frame \u2013 -
dont_skip_registers \u2013 -
offset_separator \u2013 -
offset_delimiter \u2013 -
repeating_marker \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.telescope_lines","title":"telescope_lines module-attribute","text":"telescope_lines = add_param(\n \"telescope-lines\", 8, \"number of lines to printed by the telescope command\"\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.skip_repeating_values","title":"skip_repeating_values module-attribute","text":"skip_repeating_values = add_param(\n \"telescope-skip-repeating-val\",\n True,\n \"whether to skip repeating values of the telescope command\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.skip_repeating_values_minimum","title":"skip_repeating_values_minimum module-attribute","text":"skip_repeating_values_minimum = add_param(\n \"telescope-skip-repeating-val-min\",\n 3,\n \"minimum amount of repeated values before skipping lines\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.print_framepointer_offset","title":"print_framepointer_offset module-attribute","text":"print_framepointer_offset = add_param(\n \"telescope-framepointer-offset\",\n True,\n \"print offset to framepointer for each address, if sufficiently small\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.print_retaddr_in_frame","title":"print_retaddr_in_frame module-attribute","text":"print_retaddr_in_frame = add_param(\n \"telescope-frame-print-retaddr\",\n True,\n \"print one pointer past the stack frame\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.dont_skip_registers","title":"dont_skip_registers module-attribute","text":"dont_skip_registers = add_param(\n \"telescope-dont-skip-registers\",\n True,\n \"don't skip a repeated line if a registers points to it\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.offset_separator","title":"offset_separator module-attribute","text":"offset_separator = add_param(\n \"telescope-offset-separator\",\n \"\u2502\",\n \"offset separator of the telescope command\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.offset_delimiter","title":"offset_delimiter module-attribute","text":"offset_delimiter = add_param(\n \"telescope-offset-delimiter\",\n \":\",\n \"offset delimiter of the telescope command\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.repeating_marker","title":"repeating_marker module-attribute","text":"repeating_marker = add_param(\n \"telescope-repeating-marker\",\n \"... \u2193\",\n \"repeating values marker of the telescope command\",\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Dereferences on stack data, printing the entire stack frame with specified count and offset .\"\n)\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.telescope","title":"telescope","text":"telescope(\n address=None,\n count=telescope_lines,\n to_string=False,\n reverse=False,\n frame=False,\n inverse=False,\n)\n
Recursively dereferences pointers starting at the specified address ($sp by default)
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.regs_or_frame_offset","title":"regs_or_frame_offset","text":"regs_or_frame_offset(\n addr: int, bp: int | None, regs: dict[int, str], longest_regs: int\n) -> str\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.stack","title":"stack","text":"stack(count, offset, frame, inverse) -> None\n
"},{"location":"reference/pwndbg/commands/telescope/#pwndbg.commands.telescope.stackf","title":"stackf","text":"stackf(count, offset) -> None\n
"},{"location":"reference/pwndbg/commands/tips/","title":"pwndbg.commands.tips","text":""},{"location":"reference/pwndbg/commands/tips/#pwndbg.commands.tips","title":"tips","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/tips/#pwndbg.commands.tips.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Shows tips.')\n
"},{"location":"reference/pwndbg/commands/tips/#pwndbg.commands.tips.tips","title":"tips","text":"tips(all: bool) -> None\n
"},{"location":"reference/pwndbg/commands/tls/","title":"pwndbg.commands.tls","text":""},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls","title":"tls","text":"Command to print the information of the current Thread Local Storage (TLS).
Functions:
-
tls \u2013 -
threads \u2013
Attributes:
-
parser \u2013 -
group \u2013
"},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"List all threads belonging to the selected inferior.\"\n)\n
"},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls.group","title":"group module-attribute","text":"group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls.tls","title":"tls","text":"tls(pthread_self=False, all: bool = False) -> None\n
"},{"location":"reference/pwndbg/commands/tls/#pwndbg.commands.tls.threads","title":"threads","text":"threads(num_threads, respect_config) -> None\n
"},{"location":"reference/pwndbg/commands/valist/","title":"pwndbg.commands.valist","text":""},{"location":"reference/pwndbg/commands/valist/#pwndbg.commands.valist","title":"valist","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/valist/#pwndbg.commands.valist.parser","title":"parser module-attribute","text":"parser = ArgumentParser(description='Dumps the arguments of a va_list.')\n
"},{"location":"reference/pwndbg/commands/valist/#pwndbg.commands.valist.valist","title":"valist","text":"valist(addr: int, count: int) -> None\n
"},{"location":"reference/pwndbg/commands/version/","title":"pwndbg.commands.version","text":""},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version","title":"version","text":"Implements version and bugreport commands.
Functions:
Attributes:
-
bugreport_parser \u2013 -
bugreport_group \u2013
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.bugreport_parser","title":"bugreport_parser module-attribute","text":"bugreport_parser = ArgumentParser(description='Generate a bug report.')\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.bugreport_group","title":"bugreport_group module-attribute","text":"bugreport_group = add_mutually_exclusive_group()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.os_info","title":"os_info","text":"os_info()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.module_version","title":"module_version","text":"module_version(module)\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.debugger_version","title":"debugger_version","text":"debugger_version()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.all_versions","title":"all_versions","text":"all_versions()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_target_arch","title":"get_target_arch","text":"get_target_arch()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_terminal_size","title":"get_terminal_size","text":"get_terminal_size()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.version_impl","title":"version_impl","text":"version_impl() -> None\n
Implementation of the version command.
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.version","title":"version","text":"version() -> None\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.bugreport","title":"bugreport","text":"bugreport(run_browser=False, use_gh=False)\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_debugger_configuration","title":"get_debugger_configuration","text":"get_debugger_configuration()\n
"},{"location":"reference/pwndbg/commands/version/#pwndbg.commands.version.get_debugger_session_history","title":"get_debugger_session_history","text":"get_debugger_session_history()\n
"},{"location":"reference/pwndbg/commands/vmmap/","title":"pwndbg.commands.vmmap","text":""},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap","title":"vmmap","text":"Command to print the virtual memory map a la /proc/self/maps.
Functions:
-
pages_filter \u2013 -
print_vmmap_table_header \u2013 Prints the table header for the vmmap command.
-
print_vmmap_gaps_table_header \u2013 Prints the table header for the vmmap --gaps command.
-
calculate_total_memory \u2013 -
gap_text \u2013 -
print_map \u2013 -
print_adjacent_map \u2013 -
print_guard \u2013 -
print_gap \u2013 -
print_vmmap_gaps \u2013 Indicates the size of adjacent memory regions and unmapped gaps between them in process memory
-
vmmap \u2013 -
vmmap_add \u2013 -
vmmap_explore \u2013 -
vmmap_clear \u2013 -
vmmap_load \u2013
Attributes:
-
integer_types \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.integer_types","title":"integer_types module-attribute","text":"integer_types = (int, Value)\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Load virtual memory map pages from ELF file.\"\n)\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.pages_filter","title":"pages_filter","text":"pages_filter(gdbval_or_str)\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_vmmap_table_header","title":"print_vmmap_table_header","text":"print_vmmap_table_header() -> None\n
Prints the table header for the vmmap command.
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_vmmap_gaps_table_header","title":"print_vmmap_gaps_table_header","text":"print_vmmap_gaps_table_header() -> None\n
Prints the table header for the vmmap --gaps command.
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.calculate_total_memory","title":"calculate_total_memory","text":"calculate_total_memory(pages: tuple[Page, ...]) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.gap_text","title":"gap_text","text":"gap_text(page: Page) -> str\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_map","title":"print_map","text":"print_map(page: Page) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_adjacent_map","title":"print_adjacent_map","text":"print_adjacent_map(map_start: Page, map_end: Page) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_guard","title":"print_guard","text":"print_guard(page: Page) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_gap","title":"print_gap","text":"print_gap(current: Page, last_map: Page)\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.print_vmmap_gaps","title":"print_vmmap_gaps","text":"print_vmmap_gaps(pages: tuple[Page, ...]) -> None\n
Indicates the size of adjacent memory regions and unmapped gaps between them in process memory
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap","title":"vmmap","text":"vmmap(\n gdbval_or_str=None,\n writable=False,\n executable=False,\n lines_after=1,\n lines_before=1,\n context=None,\n gaps=False,\n) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_add","title":"vmmap_add","text":"vmmap_add(start: int, size: int, flags: str, offset: int) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_explore","title":"vmmap_explore","text":"vmmap_explore(address: int) -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_clear","title":"vmmap_clear","text":"vmmap_clear() -> None\n
"},{"location":"reference/pwndbg/commands/vmmap/#pwndbg.commands.vmmap.vmmap_load","title":"vmmap_load","text":"vmmap_load(filename) -> None\n
"},{"location":"reference/pwndbg/commands/windbg/","title":"pwndbg.commands.windbg","text":""},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg","title":"windbg","text":"Compatibility functionality for WinDbg users.
Functions:
-
enhex \u2013 -
db \u2013 Starting at the specified address, dump N bytes
-
dw \u2013 Starting at the specified address, dump N words
-
dd \u2013 Starting at the specified address, dump N dwords
-
dq \u2013 Starting at the specified address, dump N qwords
-
dc \u2013 -
dX \u2013 Traditionally, windbg will display 16 bytes of data per line.
-
eb \u2013 Write hex bytes at the specified address.
-
ew \u2013 Write hex words at the specified address.
-
ed \u2013 Write hex dwords at the specified address.
-
eq \u2013 Write hex qwords at the specified address.
-
ez \u2013 Write a character at the specified address.
-
eza \u2013 Write a string at the specified address.
-
eX \u2013 This relies on windbg's default hex encoding being enforced
-
dds \u2013 Dump pointers and symbols at the specified address.
-
da \u2013 -
ds \u2013 -
bl \u2013 List breakpoints
-
bd \u2013 Disable the breakpoint with the specified index.
-
be \u2013 Enable the breakpoint with the specified index.
-
bc \u2013 Clear the breakpoint with the specified index.
-
bp \u2013 -
k \u2013 Print a backtrace (alias 'bt')
-
go \u2013 WinDbg compatibility alias for 'continue' command.
-
ln \u2013 List the symbols nearest to the provided value.
-
peb \u2013 -
pc \u2013 WinDbg compatibility alias for 'nextcall' command.
Attributes:
-
da_parser \u2013 -
ds_parser \u2013 -
parser \u2013
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.da_parser","title":"da_parser module-attribute","text":"da_parser = ArgumentParser(\n description=\"Dump a string at the specified address.\"\n)\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ds_parser","title":"ds_parser module-attribute","text":"ds_parser = ArgumentParser(\n description=\"Dump a string at the specified address.\"\n)\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"List the symbols nearest to the provided value.\"\n)\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.enhex","title":"enhex","text":"enhex(size, value)\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.db","title":"db","text":"db(address, count=64)\n
Starting at the specified address, dump N bytes (default 64).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dw","title":"dw","text":"dw(address, count=32)\n
Starting at the specified address, dump N words (default 32).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dd","title":"dd","text":"dd(address, count=16)\n
Starting at the specified address, dump N dwords (default 16).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dq","title":"dq","text":"dq(address, count=8)\n
Starting at the specified address, dump N qwords (default 8).
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dc","title":"dc","text":"dc(address, count=8)\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dX","title":"dX","text":"dX(size, address, count, to_string=False, repeat=False)\n
Traditionally, windbg will display 16 bytes of data per line.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eb","title":"eb","text":"eb(address, data)\n
Write hex bytes at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ew","title":"ew","text":"ew(address, data)\n
Write hex words at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ed","title":"ed","text":"ed(address, data)\n
Write hex dwords at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eq","title":"eq","text":"eq(address, data)\n
Write hex qwords at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ez","title":"ez","text":"ez(address, data)\n
Write a character at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eza","title":"eza","text":"eza(address, data)\n
Write a string at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.eX","title":"eX","text":"eX(size, address, data, hex=True) -> None\n
This relies on windbg's default hex encoding being enforced
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.dds","title":"dds","text":"dds(addr)\n
Dump pointers and symbols at the specified address.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.da","title":"da","text":"da(address, max) -> None\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ds","title":"ds","text":"ds(address, max) -> None\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bl","title":"bl","text":"bl() -> None\n
List breakpoints
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bd","title":"bd","text":"bd(which='*') -> None\n
Disable the breakpoint with the specified index.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.be","title":"be","text":"be(which='*') -> None\n
Enable the breakpoint with the specified index.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bc","title":"bc","text":"bc(which='*') -> None\n
Clear the breakpoint with the specified index.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.bp","title":"bp","text":"bp(where) -> None\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.k","title":"k","text":"k() -> None\n
Print a backtrace (alias 'bt')
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.go","title":"go","text":"go() -> None\n
WinDbg compatibility alias for 'continue' command.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.ln","title":"ln","text":"ln(value: int = None) -> None\n
List the symbols nearest to the provided value.
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.peb","title":"peb","text":"peb() -> None\n
"},{"location":"reference/pwndbg/commands/windbg/#pwndbg.commands.windbg.pc","title":"pc","text":"pc()\n
WinDbg compatibility alias for 'nextcall' command.
"},{"location":"reference/pwndbg/commands/xinfo/","title":"pwndbg.commands.xinfo","text":""},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo","title":"xinfo","text":"Functions:
-
print_line \u2013 -
xinfo_stack \u2013 -
xinfo_mmap_file \u2013 -
xinfo_default \u2013 -
xinfo \u2013
Attributes:
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Shows offsets of the specified address from various useful locations.\"\n)\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.print_line","title":"print_line","text":"print_line(name, addr, first, second, op, width=20) -> None\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo_stack","title":"xinfo_stack","text":"xinfo_stack(page: Page, addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo_mmap_file","title":"xinfo_mmap_file","text":"xinfo_mmap_file(page: Page, addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo_default","title":"xinfo_default","text":"xinfo_default(page: Page, addr: int) -> None\n
"},{"location":"reference/pwndbg/commands/xinfo/#pwndbg.commands.xinfo.xinfo","title":"xinfo","text":"xinfo(address=None) -> None\n
"},{"location":"reference/pwndbg/commands/xor/","title":"pwndbg.commands.xor","text":""},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor","title":"xor","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor.parser","title":"parser module-attribute","text":"parser = ArgumentParser(\n description=\"Memfrobs a region of memory (xor with '*').\"\n)\n
"},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor.xor_memory","title":"xor_memory","text":"xor_memory(address, key, count)\n
Helper function for xorring memory in gdb
"},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor.xor","title":"xor","text":"xor(address, key, count) -> None\n
"},{"location":"reference/pwndbg/commands/xor/#pwndbg.commands.xor.memfrob","title":"memfrob","text":"memfrob(address, count)\n
"},{"location":"reference/pwndbg/dbg/","title":"pwndbg.dbg","text":""},{"location":"reference/pwndbg/dbg/#pwndbg.dbg","title":"dbg","text":"The abstracted debugger interface.
Modules:
Classes:
-
Error \u2013 -
DisassembledInstruction \u2013 -
DebuggerType \u2013 -
StopPoint \u2013 The handle to either an insalled breakpoint or watchpoint.
-
BreakpointLocation \u2013 This is the location specification for a breakpoint.
-
WatchpointLocation \u2013 This is the location specification for a watchpoint.
-
Registers \u2013 A handle to the register values in a frame.
-
SymbolLookupType \u2013 Enum representing types of symbol lookups for filtering symbol searches.
-
Frame \u2013 -
Thread \u2013 -
MemoryMap \u2013 A wrapper around a sequence of memory ranges
-
ExecutionController \u2013 -
Process \u2013 -
TypeCode \u2013 Broad categories of types.
-
TypeField \u2013 The fields in a structured type.
-
Type \u2013 Class representing a type in the context of an inferior process.
-
Value \u2013 Class representing a value in the context of an inferior process.
-
CommandHandle \u2013 An opaque handle to an installed command.
-
EventType \u2013 Events that can be listened for and reacted to in a debugger.
-
Debugger \u2013 The base class representing a debugger.
Functions:
Attributes:
-
dbg (Debugger) \u2013 -
T \u2013
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.dbg","title":"dbg module-attribute","text":"dbg: Debugger = None\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Error","title":"Error","text":" Bases: Exception
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DisassembledInstruction","title":"DisassembledInstruction","text":" Bases: TypedDict
Attributes:
-
addr (int) \u2013 -
asm (str) \u2013 -
length (int) \u2013
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DisassembledInstruction.addr","title":"addr instance-attribute","text":"addr: int\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DisassembledInstruction.asm","title":"asm instance-attribute","text":"asm: str\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DisassembledInstruction.length","title":"length instance-attribute","text":"length: int\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DebuggerType","title":"DebuggerType","text":" Bases: Enum
Attributes:
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DebuggerType.GDB","title":"GDB class-attribute instance-attribute","text":"GDB = 1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.DebuggerType.LLDB","title":"LLDB class-attribute instance-attribute","text":"LLDB = 2\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint","title":"StopPoint","text":"The handle to either an insalled breakpoint or watchpoint.
May be used in a with statement, in which case the stop point is automatically removed at the end of the statement. This allows for easy implementation of temporary breakpoints.
Methods:
-
remove \u2013 Removes the breakpoint associated with this handle.
-
set_enabled \u2013 Enables or disables this breakpoint.
-
__enter__ \u2013 -
__exit__ \u2013 Automatic breakpoint removal.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint.remove","title":"remove","text":"remove() -> None\n
Removes the breakpoint associated with this handle.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint.set_enabled","title":"set_enabled","text":"set_enabled(enabled: bool) -> None\n
Enables or disables this breakpoint.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint.__enter__","title":"__enter__","text":"__enter__() -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.StopPoint.__exit__","title":"__exit__","text":"__exit__(exc_type, exc_value, traceback) -> None\n
Automatic breakpoint removal.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.BreakpointLocation","title":"BreakpointLocation","text":"BreakpointLocation(address: int)\n
This is the location specification for a breakpoint.
Methods:
Attributes:
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.BreakpointLocation.address","title":"address instance-attribute","text":"address: int = address\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.BreakpointLocation.__eq__","title":"__eq__","text":"__eq__(other: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation","title":"WatchpointLocation","text":"WatchpointLocation(\n address: int, size: int, watch_read: bool, watch_write: bool\n)\n
This is the location specification for a watchpoint.
Attributes:
-
address (int) \u2013 -
size (int) \u2013 -
watch_read (bool) \u2013 -
watch_write (bool) \u2013
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation.address","title":"address instance-attribute","text":"address: int = address\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation.size","title":"size instance-attribute","text":"size: int = size\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation.watch_read","title":"watch_read instance-attribute","text":"watch_read: bool = watch_read\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.WatchpointLocation.watch_write","title":"watch_write instance-attribute","text":"watch_write: bool = watch_write\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Registers","title":"Registers","text":"A handle to the register values in a frame.
Methods:
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Registers.by_name","title":"by_name","text":"by_name(name: str) -> Value | None\n
Gets the value of a register if it exists, None otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.SymbolLookupType","title":"SymbolLookupType","text":" Bases: Enum
Enum representing types of symbol lookups for filtering symbol searches.
Attributes: - ANY: Represents searching for any symbol type (default). - FUNCTION: Represents searching specifically for function symbols. - VARIABLE: Represents searching specifically for variable symbols.
Attributes:
-
ANY \u2013 -
FUNCTION \u2013 -
VARIABLE \u2013
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.SymbolLookupType.ANY","title":"ANY class-attribute instance-attribute","text":"ANY = 1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.SymbolLookupType.FUNCTION","title":"FUNCTION class-attribute instance-attribute","text":"FUNCTION = 2\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.SymbolLookupType.VARIABLE","title":"VARIABLE class-attribute instance-attribute","text":"VARIABLE = 3\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame","title":"Frame","text":"Methods:
-
lookup_symbol \u2013 Looks up and returns the address of a symbol in current frame by its name.
-
evaluate_expression \u2013 Evaluate the given expression in the context of this frame, and
-
regs \u2013 Access the values of the registers in this frame.
-
reg_write \u2013 Sets the value of the register with the given name to the given value.
-
pc \u2013 The value of the program counter for this frame.
-
sp \u2013 The value of the stack pointer for this frame.
-
parent \u2013 The parent frame of this frame, if it exists.
-
child \u2013 The child frame of this frame, if it exists.
-
sal \u2013 The filename of the source code file associated with this frame, and the
-
__eq__ \u2013 Whether this frame is the same as the given frame. Two frames are the
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.lookup_symbol","title":"lookup_symbol","text":"lookup_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\n
Looks up and returns the address of a symbol in current frame by its name.
Parameters: - name (str): The name of the symbol to look up. - type (SymbolLookupType, optional): The type of symbol to search for. Defaults to SymbolLookupType.ANY.
Returns: - pwndbg.dbg_mod.Value | None: The value of the symbol if found, or None if not found.
Raises: - pwndbg.dbg_mod.Error: If symbol name contains invalid characters
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.evaluate_expression","title":"evaluate_expression","text":"evaluate_expression(expression: str, lock_scheduler: bool = False) -> Value\n
Evaluate the given expression in the context of this frame, and return a Value.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.evaluate_expression--lock_scheduler","title":"lock_scheduler","text":"Additionally, callers of this function might specify that they want to enable scheduler locking during the evaluation of this expression. This is a GDB-only option, and is intended for cases in which the result would be incorrect without it enabled, when running in GDB. Other debuggers should ignore this parameter.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.regs","title":"regs","text":"regs() -> Registers\n
Access the values of the registers in this frame.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.reg_write","title":"reg_write","text":"reg_write(name: str, val: int) -> bool\n
Sets the value of the register with the given name to the given value. Returns true if the register exists, false othewise. Throws an exception if the register exists but cannot be written to.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.pc","title":"pc","text":"pc() -> int\n
The value of the program counter for this frame.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.sp","title":"sp","text":"sp() -> int\n
The value of the stack pointer for this frame.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.parent","title":"parent","text":"parent() -> Frame | None\n
The parent frame of this frame, if it exists.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.child","title":"child","text":"child() -> Frame | None\n
The child frame of this frame, if it exists.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.sal","title":"sal","text":"sal() -> tuple[str, int] | None\n
The filename of the source code file associated with this frame, and the line number associated with it, if available.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Frame.__eq__","title":"__eq__","text":"__eq__(rhs: object) -> bool\n
Whether this frame is the same as the given frame. Two frames are the same if they point to the same stack frame and have the same execution context.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Thread","title":"Thread","text":"Methods:
-
bottom_frame \u2013 Frame at the bottom of the call stack for this thread.
-
ptid \u2013 The PTID of this thread, if available.
-
index \u2013 The unique index of this thread from the perspective of the debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Thread.bottom_frame","title":"bottom_frame","text":"bottom_frame() -> Iterator[Frame]\n
Frame at the bottom of the call stack for this thread.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Thread.ptid","title":"ptid","text":"ptid() -> int | None\n
The PTID of this thread, if available.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Thread.index","title":"index","text":"index() -> int\n
The unique index of this thread from the perspective of the debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap","title":"MemoryMap","text":"MemoryMap(pages: Sequence[Page])\n
A wrapper around a sequence of memory ranges
Methods:
Attributes:
-
pages (tuple[Page, ...]) \u2013
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap.pages","title":"pages instance-attribute","text":"pages: tuple[Page, ...] = tuple(pages)\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap.is_qemu","title":"is_qemu","text":"is_qemu() -> bool\n
Returns whether this memory map was generated from a QEMU target.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap.ranges","title":"ranges","text":"ranges() -> Sequence[Page]\n
Returns all ranges in this memory map.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.MemoryMap.lookup_page","title":"lookup_page","text":"lookup_page(address: int) -> Page | None\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.ExecutionController","title":"ExecutionController","text":"Methods:
-
single_step \u2013 Steps to the next instruction.
-
cont \u2013 Continues execution until the given breakpoint or whatchpoint is hit.
-
cont_selected_thread \u2013 Continues execution on single thread until the given breakpoint or whatchpoint is hit.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.ExecutionController.single_step","title":"single_step","text":"single_step() -> Awaitable[None]\n
Steps to the next instruction.
Throws CancelledError if a breakpoint or watchpoint is hit, the program exits, or if any other unexpected event that diverts execution happens while fulfulling the step.
FIXME GDB: On GDB stepi will execute other threads. On LLDB not. Please use set scheduler-locking step
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.ExecutionController.cont","title":"cont","text":"cont(until: StopPoint) -> Awaitable[None]\n
Continues execution until the given breakpoint or whatchpoint is hit. Continues execution on all threads.
Throws CancelledError if a breakpoint or watchpoint is hit that is not the one given in until, the program exits, or if any other unexpected event happens.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.ExecutionController.cont_selected_thread","title":"cont_selected_thread","text":"cont_selected_thread(until: StopPoint) -> Awaitable[None]\n
Continues execution on single thread until the given breakpoint or whatchpoint is hit. Continues execution on selected thread.
Throws CancelledError if a breakpoint or watchpoint is hit that is not the one given in until, the program exits, or if any other unexpected event happens.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process","title":"Process","text":"Methods:
-
threads \u2013 Returns a list containing the threads in this process.
-
pid \u2013 Returns the process ID of this process if it is alive.
-
alive \u2013 Returns whether this process is alive.
-
stopped_with_signal \u2013 Returns whether this process was stopped by a signal.
-
evaluate_expression \u2013 Evaluate the given expression in the context of the current process, and
-
vmmap \u2013 Returns the virtual memory map of this process.
-
read_memory \u2013 Reads the requested number of bytes from the address given in the memory
-
write_memory \u2013 Writes as many bytes from the given data buffer as possible into the
-
find_in_memory \u2013 Searches for a bit pattern in the memory space of the process. The bit
-
is_remote \u2013 Returns whether this process is a remote process connected to using the
-
send_remote \u2013 Sends the given packet to the GDB remote debugging protocol server.
-
send_monitor \u2013 Sends the given monitor command to the GDB remote debugging protocol
-
download_remote_file \u2013 Downloads the given file from the remote host and saves it to the local
-
create_value \u2013 Create a new value in the context of this process, with the given value
-
symbol_name_at_address \u2013 Returns the name of the symbol at the given address in the program, if
-
lookup_symbol \u2013 Looks up and returns the address of a symbol by its name.
-
types_with_name \u2013 Returns a list of all types in this process that match the given name.
-
arch \u2013 The default architecture of this process.
-
break_at \u2013 Install a breakpoint or watchpoint at the given location.
-
is_linux \u2013 Returns whether the current ABI is GNU/Linux.
-
disasm \u2013 Returns the disassembled instruction at the given address in the address
-
module_section_locations \u2013 Return a list of (address, size, section_name, module_name) tuples for
-
main_module_name \u2013 Returns the name of the main module.
-
main_module_entry \u2013 Returns the entry point of the main module.
-
is_dynamically_linked \u2013 Returns whether this process makes use of dynamically linked libraries.
-
dispatch_execution_controller \u2013 Queues up the given execution controller-based coroutine for execution,
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.threads","title":"threads","text":"threads() -> list[Thread]\n
Returns a list containing the threads in this process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.pid","title":"pid","text":"pid() -> int | None\n
Returns the process ID of this process if it is alive.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.alive","title":"alive","text":"alive() -> bool\n
Returns whether this process is alive.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.stopped_with_signal","title":"stopped_with_signal","text":"stopped_with_signal() -> bool\n
Returns whether this process was stopped by a signal.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.evaluate_expression","title":"evaluate_expression","text":"evaluate_expression(expression: str) -> Value\n
Evaluate the given expression in the context of the current process, and return a Value.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.vmmap","title":"vmmap","text":"vmmap() -> MemoryMap\n
Returns the virtual memory map of this process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.read_memory","title":"read_memory","text":"read_memory(address: int, size: int, partial: bool = False) -> bytearray\n
Reads the requested number of bytes from the address given in the memory space of this process. Will read as many bytes as possible starting at that location, and returns how many were read.
Throws an exception if reading fails and partial is False.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.write_memory","title":"write_memory","text":"write_memory(address: int, data: bytearray, partial: bool = False) -> int\n
Writes as many bytes from the given data buffer as possible into the given address in the memory space of this process.
Throws an exception if writing fails and partial is False.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.find_in_memory","title":"find_in_memory","text":"find_in_memory(\n pattern: bytearray,\n start: int,\n size: int,\n align: int,\n max_matches: int = -1,\n step: int = -1,\n) -> Generator[int, None, None]\n
Searches for a bit pattern in the memory space of the process. The bit pattern can be searched for in a given memory range, and with a given alignment. The maximum number of matches that will be generated is given by max_matches. A value of max_matches of -1 will generate all matches.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_remote","title":"is_remote","text":"is_remote() -> bool\n
Returns whether this process is a remote process connected to using the GDB remote debugging protocol.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.send_remote","title":"send_remote","text":"send_remote(packet: str) -> bytes\n
Sends the given packet to the GDB remote debugging protocol server. Should only be called if is_remote() is true.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.send_monitor","title":"send_monitor","text":"send_monitor(cmd: str) -> str\n
Sends the given monitor command to the GDB remote debugging protocol server. Should only be called if is_remote() is true.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.download_remote_file","title":"download_remote_file","text":"download_remote_file(remote_path: str, local_path: str) -> None\n
Downloads the given file from the remote host and saves it to the local given path. Should only be called if is_remote() is true.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.create_value","title":"create_value","text":"create_value(value: int, type: Type | None = None) -> Value\n
Create a new value in the context of this process, with the given value and, optionally, type. If no type is provided, one will be chosen automatically.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.symbol_name_at_address","title":"symbol_name_at_address","text":"symbol_name_at_address(address: int) -> str | None\n
Returns the name of the symbol at the given address in the program, if one exists.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.lookup_symbol","title":"lookup_symbol","text":"lookup_symbol(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> Value | None\n
Looks up and returns the address of a symbol by its name.
Parameters: - name (str): The name of the symbol to look up. - prefer_static (bool, optional): If True, prioritize symbols in the static block, if supported by the debugger. Defaults to False. - type (SymbolLookupType, optional): The type of symbol to search for. Defaults to SymbolLookupType.ANY. - objfile_endswith (str | None, optional): If specified, limits the search to the first object file whose name ends with the provided string.
Returns: - pwndbg.dbg_mod.Value | None: The value of the symbol if found, or None if not found.
Raises: - pwndbg.dbg_mod.Error: If no object file matching the objfile_endswith pattern is found.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.types_with_name","title":"types_with_name","text":"types_with_name(name: str) -> Sequence[Type]\n
Returns a list of all types in this process that match the given name.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.arch","title":"arch","text":"arch() -> ArchDefinition\n
The default architecture of this process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.break_at","title":"break_at","text":"break_at(\n location: BreakpointLocation | WatchpointLocation,\n stop_handler: Callable[[StopPoint], bool] | None = None,\n internal: bool = False,\n) -> StopPoint\n
Install a breakpoint or watchpoint at the given location.
The type of the location determines whether the newly created object is a watchpoint or a breakpoint. BreakpointLocation locations yield breakpoints, while WatchpointLocation locations yield watchpoints.
Aditionally, one may specify a stop handler function, to be run when the breakpoint or whatchpoint is hit, and that determines whether execution should stop. With a return value of True being interpreted as a signal to stop, and a return value of False being interpreted as a signal to continue execution. The extent of the actions that may be taken during the stop handler is determined by the debugger.
Marking a breakpoint or watchpoint as internal hints to the implementation that the created breakpoint or watchpoint should not be directly nameable by the user, and that it should not print any messages upon being triggered. Implementations should try to honor this hint, but they are not required to in case honoring it is either not possible or comes at a significant impact to performance.
This function returns a handle to the newly created breakpoint or watchpoint.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_linux","title":"is_linux","text":"is_linux() -> bool\n
Returns whether the current ABI is GNU/Linux.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.disasm","title":"disasm","text":"disasm(address: int) -> DisassembledInstruction | None\n
Returns the disassembled instruction at the given address in the address space of the running process, or None if there's no valid instruction at that address.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.module_section_locations","title":"module_section_locations","text":"module_section_locations() -> list[tuple[int, int, str, str]]\n
Return a list of (address, size, section_name, module_name) tuples for the loaded sections in every module of this process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.main_module_name","title":"main_module_name","text":"main_module_name() -> str | None\n
Returns the name of the main module.
On remote targets, this may be prefixed with \"target:\" string.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.main_module_entry","title":"main_module_entry","text":"main_module_entry() -> int | None\n
Returns the entry point of the main module.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_dynamically_linked","title":"is_dynamically_linked","text":"is_dynamically_linked() -> bool\n
Returns whether this process makes use of dynamically linked libraries.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.is_dynamically_linked--dynamically-linked","title":"\"dynamically linked\"","text":"What exactly it means to be \"dynamically linked\" here is a little ill-defined. Ideally, this function should return true if the process uses the default dynamic linker for the system, as that would better reflect whether the process uses dynamic linking.
Currently, though, Pwndbg expects it to behave the same as a check for the string \"No shared libraries loaded at this time.\" in the output of the info dll GDB command, which checks for the presence of other modules in the address space of the process, rather than whether or not the dynamic linker is used.
We should probably sort this out in the future.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Process.dispatch_execution_controller","title":"dispatch_execution_controller","text":"dispatch_execution_controller(\n procedure: Callable[[ExecutionController], Coroutine[Any, Any, None]],\n)\n
Queues up the given execution controller-based coroutine for execution, sometime between the calling of this function and the
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode","title":"TypeCode","text":" Bases: Enum
Broad categories of types.
Attributes:
-
INVALID \u2013 -
POINTER \u2013 -
ARRAY \u2013 -
STRUCT \u2013 -
TYPEDEF \u2013 -
UNION \u2013 -
INT \u2013 -
ENUM \u2013 -
FUNC \u2013 -
BOOL \u2013
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.INVALID","title":"INVALID class-attribute instance-attribute","text":"INVALID = -1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.POINTER","title":"POINTER class-attribute instance-attribute","text":"POINTER = 1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.ARRAY","title":"ARRAY class-attribute instance-attribute","text":"ARRAY = 2\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.STRUCT","title":"STRUCT class-attribute instance-attribute","text":"STRUCT = 3\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.TYPEDEF","title":"TYPEDEF class-attribute instance-attribute","text":"TYPEDEF = 4\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.UNION","title":"UNION class-attribute instance-attribute","text":"UNION = 5\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.INT","title":"INT class-attribute instance-attribute","text":"INT = 6\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.ENUM","title":"ENUM class-attribute instance-attribute","text":"ENUM = 7\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.FUNC","title":"FUNC class-attribute instance-attribute","text":"FUNC = 8\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeCode.BOOL","title":"BOOL class-attribute instance-attribute","text":"BOOL = 9\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField","title":"TypeField","text":"TypeField(\n bitpos: int,\n name: str | None,\n type: Type,\n parent_type,\n enumval: int | None = None,\n artificial: bool = False,\n is_base_class: bool = False,\n bitsize: int = 0,\n)\n
The fields in a structured type.
Currently this is just a mirror of gdb.Field.
Attributes:
-
bitpos \u2013 -
name \u2013 -
type \u2013 -
parent_type \u2013 -
enumval \u2013 -
artificial \u2013 -
is_base_class \u2013 -
bitsize \u2013
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.bitpos","title":"bitpos instance-attribute","text":"bitpos = bitpos\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.name","title":"name instance-attribute","text":"name = name\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.type","title":"type instance-attribute","text":"type = type\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.parent_type","title":"parent_type instance-attribute","text":"parent_type = parent_type\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.enumval","title":"enumval instance-attribute","text":"enumval = enumval\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.artificial","title":"artificial instance-attribute","text":"artificial = artificial\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.is_base_class","title":"is_base_class instance-attribute","text":"is_base_class = is_base_class\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.TypeField.bitsize","title":"bitsize instance-attribute","text":"bitsize = bitsize\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type","title":"Type","text":"Class representing a type in the context of an inferior process.
Methods:
-
func_arguments \u2013 Returns a list of function arguments type.
-
fields \u2013 List of all fields in this type, if it is a structured type.
-
has_field \u2013 Whether this type has a field with the given name.
-
array \u2013 Return a type that corresponds to an array whose elements have this type.
-
pointer \u2013 Return a pointer type that has this type as its pointee.
-
strip_typedefs \u2013 Return a type that corresponds to the base type after a typedef chain,
-
target \u2013 Return the target of this reference type, if this is a reference type.
-
keys \u2013 Returns a list containing all the field names of this type.
-
enum_member \u2013 Retrieve the integer value of an enum member.
-
offsetof \u2013 Calculate the byte offset of a field within a struct or union.
-
__eq__ \u2013 Returns True if types are the same
Attributes:
-
name_identifier (str | None) \u2013 Returns the identifier of this type, eg:
-
name_to_human_readable (str) \u2013 Returns the human friendly name of this type, eg:
-
array_len (int) \u2013 Get array length of this type.
-
sizeof (int) \u2013 The size of this type, in bytes.
-
alignof (int) \u2013 The alignment of this type, in bytes.
-
code (TypeCode) \u2013 What category of type this object belongs to.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.name_identifier","title":"name_identifier property","text":"name_identifier: str | None\n
Returns the identifier of this type, eg: - someStructName - someEnumName - someTypedefName
Returns None if the type is anonymous or does not have a name, such as: - Anonymous structs - Anonymous Typedefs - Basic types like char[], void, etc.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.name_to_human_readable","title":"name_to_human_readable property","text":"name_to_human_readable: str\n
Returns the human friendly name of this type, eg: - char [16] - int - char * - void * - fooStructName - barEnumName - barTypedefName
This function is not standardized, may return different names in gdb/lldb, eg: gdb: char [16] or char [50] or struct {...} lldb: char[16] or char[] or (anonymous struct)
You should not use this function. Only for human eyes.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.array_len","title":"array_len property","text":"array_len: int\n
Get array length of this type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.sizeof","title":"sizeof property","text":"sizeof: int\n
The size of this type, in bytes.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.alignof","title":"alignof property","text":"alignof: int\n
The alignment of this type, in bytes.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.code","title":"code property","text":"code: TypeCode\n
What category of type this object belongs to.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.func_arguments","title":"func_arguments","text":"func_arguments() -> list[Type] | None\n
Returns a list of function arguments type.
Returns:
Raises:
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.fields","title":"fields","text":"fields() -> list[TypeField]\n
List of all fields in this type, if it is a structured type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.has_field","title":"has_field","text":"has_field(name: str) -> bool\n
Whether this type has a field with the given name.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.array","title":"array","text":"array(count: int) -> Type\n
Return a type that corresponds to an array whose elements have this type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.pointer","title":"pointer","text":"pointer() -> Type\n
Return a pointer type that has this type as its pointee.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.strip_typedefs","title":"strip_typedefs","text":"strip_typedefs() -> Type\n
Return a type that corresponds to the base type after a typedef chain, if this is a typedef. Returns the type itself otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.target","title":"target","text":"target() -> Type\n
Return the target of this reference type, if this is a reference type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.keys","title":"keys","text":"keys() -> list[str]\n
Returns a list containing all the field names of this type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.enum_member","title":"enum_member","text":"enum_member(field_name: str) -> int | None\n
Retrieve the integer value of an enum member.
It returns: - integer value, when found field - returns None, If the field does not exist
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.offsetof","title":"offsetof","text":"offsetof(field_name: str) -> int | None\n
Calculate the byte offset of a field within a struct or union.
This method recursively traverses nested structures and unions, and it computes the byte-aligned offset for the specified field.
It returns: - offset in bytes if found - None if the field doesn't exist or if an unsupported alignment/bit-field is encountered
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Type.__eq__","title":"__eq__","text":"__eq__(rhs: object) -> bool\n
Returns True if types are the same
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value","title":"Value","text":"Class representing a value in the context of an inferior process.
Methods:
-
dereference \u2013 If this is a poitner value, dereferences the pointer and returns a new
-
string \u2013 If this value is a string, then this method converts it to a Python string.
-
value_to_human_readable \u2013 Converts a Value to a human-readable string representation.\n
-
fetch_lazy \u2013 Fetches the value if it is lazy, does nothing otherwise.
-
__int__ \u2013 Converts this value to an integer, if possible.
-
cast \u2013 Returns a new value with the same value as this object, but of the
-
__add__ \u2013 Adds an integer to this value, if that makes sense. Throws an exception
-
__sub__ \u2013 Subtract an integer from this value, if that makes sense. Throws an
-
__getitem__ \u2013 Gets the value with the given name that belongs to this value. For
Attributes:
-
address (Value | None) \u2013 The address of this value, in memory, if addressable, otherwise None.
-
is_optimized_out (bool) \u2013 Whether this value is present in debugging information, but has been
-
type (Type) \u2013 The type associated with this value.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.address","title":"address property","text":"address: Value | None\n
The address of this value, in memory, if addressable, otherwise None.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.is_optimized_out","title":"is_optimized_out property","text":"is_optimized_out: bool\n
Whether this value is present in debugging information, but has been optimized out of the actual program.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.type","title":"type property","text":"type: Type\n
The type associated with this value.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.dereference","title":"dereference","text":"dereference() -> Value\n
If this is a poitner value, dereferences the pointer and returns a new instance of Value, containing the value pointed to by this pointer.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.string","title":"string","text":"string() -> str\n
If this value is a string, then this method converts it to a Python string.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.value_to_human_readable","title":"value_to_human_readable","text":"value_to_human_readable() -> str\n
Converts a Value to a human-readable string representation.\n\n The format is similar to what is produced by the `str()` function for gdb.Value,\n displaying nested fields and pointers in a user-friendly way.\n\n **Usage Notes:**\n - This function is intended solely for displaying results to the user.\n - The output format may differ between debugger implementations (e.g., GDB vs LLDB),\n as each debugger may format values differently. For instance:\n - GDB might produce: '{\n
value = 0, inner = { next = 0x555555558098 } }' - LLDB might produce: '(inner_a_node) *$PWNDBG_CREATED_VALUE_0 = { value = 0 inner = { next = 0x0000555555558098 } }' - As such, this function should not be relied upon for parsing or programmatic use."},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.fetch_lazy","title":"fetch_lazy","text":"
fetch_lazy() -> None\n
Fetches the value if it is lazy, does nothing otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__int__","title":"__int__","text":"__int__() -> int\n
Converts this value to an integer, if possible.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.cast","title":"cast","text":"cast(type: Type | Any) -> Value\n
Returns a new value with the same value as this object, but of the given type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__add__","title":"__add__","text":"__add__(rhs: int) -> Value\n
Adds an integer to this value, if that makes sense. Throws an exception otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__sub__","title":"__sub__","text":"__sub__(rhs: int) -> Value\n
Subtract an integer from this value, if that makes sense. Throws an exception otherwise.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Value.__getitem__","title":"__getitem__","text":"__getitem__(idx: int | str) -> Value\n
Gets the value with the given name that belongs to this value. For structure types, this is the field with the given name. For array types, this is the field at the given index. For pointer types, this is the value of *(ptr+idx).
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.CommandHandle","title":"CommandHandle","text":"An opaque handle to an installed command.
Methods:
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.CommandHandle.remove","title":"remove","text":"remove() -> None\n
Removes this command from the command palette of the debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType","title":"EventType","text":" Bases: Enum
Events that can be listened for and reacted to in a debugger.
The events types listed here are defined as follows START: This event is fired some time between the creation of or attachment to the process to be debugged, and the start of its execution.STOP: This event is fired after execution of the process has been suspended, but before control is returned to the user for interactive debugging.EXIT: This event is fired after the process being debugged has been detached from or has finished executing.MEMORY_CHANGED: This event is fired when the user interactively makes changes to the memory of the process being debugged.REGISTER_CHANGED: Like MEMORY_CHANGED, but for registers.CONTINUE: This event is fired after the user has requested for process execution to continue after it had been previously suspended.NEW_MODULE: This event is fired when a new application module has been encountered by the debugger. This usually happens when a new application module is loaded into the memory space of the process being debugged. In GDB terminology, these are called objfiles.
Attributes:
-
SUSPEND_ALL \u2013 -
START \u2013 -
STOP \u2013 -
EXIT \u2013 -
MEMORY_CHANGED \u2013 -
REGISTER_CHANGED \u2013 -
CONTINUE \u2013 -
NEW_MODULE \u2013
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.SUSPEND_ALL","title":"SUSPEND_ALL class-attribute instance-attribute","text":"SUSPEND_ALL = -1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.START","title":"START class-attribute instance-attribute","text":"START = 0\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.STOP","title":"STOP class-attribute instance-attribute","text":"STOP = 1\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.EXIT","title":"EXIT class-attribute instance-attribute","text":"EXIT = 2\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.MEMORY_CHANGED","title":"MEMORY_CHANGED class-attribute instance-attribute","text":"MEMORY_CHANGED = 3\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.REGISTER_CHANGED","title":"REGISTER_CHANGED class-attribute instance-attribute","text":"REGISTER_CHANGED = 4\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.CONTINUE","title":"CONTINUE class-attribute instance-attribute","text":"CONTINUE = 5\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.EventType.NEW_MODULE","title":"NEW_MODULE class-attribute instance-attribute","text":"NEW_MODULE = 6\n
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger","title":"Debugger","text":"The base class representing a debugger.
Methods:
-
setup \u2013 Perform debugger-specific initialization.
-
history \u2013 The command history of the interactive session in this debugger.
-
lex_args \u2013 Lexes the given command line into a list of arguments, according to the
-
selected_inferior \u2013 The inferior process currently being focused on in this interactive session.
-
selected_thread \u2013 The thread currently being focused on in this interactive session.
-
selected_frame \u2013 The stack frame currently being focused on in this interactive session.
-
commands \u2013 List the commands available in this session.
-
add_command \u2013 Adds a command with the given name to the debugger, that invokes the
-
has_event_type \u2013 Whether the given event type is supported by this debugger. Indicates
-
event_handler \u2013 Sets up the given function to be called when an event of the given type
-
ctx_suspend_events \u2013 Context manager for temporarily suspending and resuming the delivery of events
-
suspend_events \u2013 Suspend delivery of all events of the given type until it is resumed
-
resume_events \u2013 Resume the delivery of all events of the given type, if previously
-
set_sysroot \u2013 Sets the system root for this debugger.
-
x86_disassembly_flavor \u2013 The flavor of disassembly to use for x86 targets.
-
supports_breakpoint_creation_during_stop_handler \u2013 Whether breakpoint or watchpoint creation through break_at is
-
breakpoint_locations \u2013 Returns a list of all breakpoint locations that are currently
-
name \u2013 The type of the current debugger.
-
is_gdblib_available \u2013 Whether gdblib is available under this debugger.
-
string_limit \u2013 The maximum size of a string.
-
addrsz \u2013 Format the given address value.
-
get_cmd_window_size \u2013 The size of the command window, in characters, if available.
-
set_python_diagnostics \u2013 Enables or disables Python diagnostic messages for this debugger.
Attributes:
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.pre_ctx_lines","title":"pre_ctx_lines property","text":"pre_ctx_lines: int\n
Our prediction on how many lines of text will be printed as a preamble (right after the prompt, and before the context) the next time the context is printed.
This includes any lines the underlying debugger generates.
The user never sees these lines when context-clear-screen is enabled.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.setup","title":"setup","text":"setup(*args: Any) -> None\n
Perform debugger-specific initialization.
This method should be run immediately after pwndbg.dbg is set to an instance of this class, and, as such, is allowed to run code that depends on it being set.
Because we can't really know what a given debugger object will need as part of its setup process, we allow for as many arguments as desired to be passed in, and leave it up to the implementations to decide what they need. This shouldn't be a problem, seeing as, unlike other methods in this class, this should only be called as part of the debugger-specific bringup code.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.history","title":"history","text":"history(last: int = 10) -> list[tuple[int, str]]\n
The command history of the interactive session in this debugger.
This function returns the last last items in the command history, as an oldest-to-youngest-sorted list of tuples, where the first element in each tuple is the index of the command in the history, and the second element is a string giving the command itself.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.lex_args","title":"lex_args","text":"lex_args(command_line: str) -> list[str]\n
Lexes the given command line into a list of arguments, according to the conventions of the debugger being used and of the interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.selected_inferior","title":"selected_inferior","text":"selected_inferior() -> Process | None\n
The inferior process currently being focused on in this interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.selected_thread","title":"selected_thread","text":"selected_thread() -> Thread | None\n
The thread currently being focused on in this interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.selected_frame","title":"selected_frame","text":"selected_frame() -> Frame | None\n
The stack frame currently being focused on in this interactive session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.commands","title":"commands","text":"commands() -> list[str]\n
List the commands available in this session.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.add_command","title":"add_command","text":"add_command(\n name: str, handler: Callable[[Debugger, str, bool], None], doc: str | None\n) -> CommandHandle\n
Adds a command with the given name to the debugger, that invokes the given function every time it is called.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.has_event_type","title":"has_event_type","text":"has_event_type(ty: EventType) -> bool\n
Whether the given event type is supported by this debugger. Indicates that a user either can or cannot register an event handler of this type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.event_handler","title":"event_handler","text":"event_handler(\n ty: EventType,\n) -> Callable[[Callable[..., T]], Callable[..., T]]\n
Sets up the given function to be called when an event of the given type gets fired. Returns a callable that corresponds to the wrapped function. This function my be used as a decorator.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.ctx_suspend_events","title":"ctx_suspend_events","text":"ctx_suspend_events(ty: EventType) -> Iterator[None]\n
Context manager for temporarily suspending and resuming the delivery of events of a given type.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.suspend_events","title":"suspend_events","text":"suspend_events(ty: EventType) -> None\n
Suspend delivery of all events of the given type until it is resumed through a call to resume_events.
Events triggered during a suspension will be ignored, and will not be delived, even after delivery is resumed.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.resume_events","title":"resume_events","text":"resume_events(ty: EventType) -> None\n
Resume the delivery of all events of the given type, if previously suspeded through a call to suspend_events. Does nothing if the delivery has not been previously suspeded.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.set_sysroot","title":"set_sysroot","text":"set_sysroot(sysroot: str) -> bool\n
Sets the system root for this debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.x86_disassembly_flavor","title":"x86_disassembly_flavor","text":"x86_disassembly_flavor() -> Literal['att', 'intel']\n
The flavor of disassembly to use for x86 targets.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.supports_breakpoint_creation_during_stop_handler","title":"supports_breakpoint_creation_during_stop_handler","text":"supports_breakpoint_creation_during_stop_handler() -> bool\n
Whether breakpoint or watchpoint creation through break_at is supported during breakpoint stop handlers.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.breakpoint_locations","title":"breakpoint_locations","text":"breakpoint_locations() -> list[BreakpointLocation]\n
Returns a list of all breakpoint locations that are currently installed and enabled in the focused process.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.name","title":"name","text":"name() -> DebuggerType\n
The type of the current debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.is_gdblib_available","title":"is_gdblib_available","text":"is_gdblib_available() -> bool\n
Whether gdblib is available under this debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.string_limit","title":"string_limit","text":"string_limit() -> int\n
The maximum size of a string.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.addrsz","title":"addrsz","text":"addrsz(address: Any) -> str\n
Format the given address value.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.get_cmd_window_size","title":"get_cmd_window_size","text":"get_cmd_window_size() -> tuple[int, int]\n
The size of the command window, in characters, if available.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.Debugger.set_python_diagnostics","title":"set_python_diagnostics","text":"set_python_diagnostics(enabled: bool) -> None\n
Enables or disables Python diagnostic messages for this debugger.
"},{"location":"reference/pwndbg/dbg/#pwndbg.dbg.selection","title":"selection","text":"selection(\n target: T, get_current: Callable[[], T], select: Callable[[T], None]\n)\n
Debuggers have global state. Many of our queries require that we select a given object globally before we make them. When doing that, we must always be careful to return selection to its previous state before exiting. This class automatically manages the selection of a single object type.
Upon entrace to the with block, the element given by target will be compared to the object returned by calling get_current. If they compare different, the value previously returned by get_current is saved, and the element given by target will be selected by passing it as an argument to select, and, after execution leaves the with block, the previously saved element will be selected in the same fashion as the first element.
If the elements don't compare different, this is a no-op.
"},{"location":"reference/pwndbg/dbg/gdb/","title":"pwndbg.dbg.gdb","text":""},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb","title":"gdb","text":"Modules:
Classes:
-
GDBRegisters \u2013 -
GDBFrame \u2013 -
GDBThread \u2013 -
GDBMemoryMap \u2013 -
BreakpointAdapter \u2013 -
GDBStopPoint \u2013 -
GDBProcess \u2013 -
GDBExecutionController \u2013 -
GDBCommand \u2013 -
GDBCommandHandle \u2013 -
GDBType \u2013 -
GDBValue \u2013 -
GDB \u2013
Functions:
Attributes:
-
T \u2013 -
gdb_architecture_name_fixup_list \u2013 -
gdb_mips_to_arch_attribute_map \u2013 -
BPWP_DEFERRED_DELETE (Set[GDBStopPoint]) \u2013 -
BPWP_DEFERRED_ENABLE (Set[GDBStopPoint]) \u2013 -
BPWP_DEFERRED_DISABLE (Set[GDBStopPoint]) \u2013 -
EXECUTION_CONTROLLER \u2013
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.gdb_architecture_name_fixup_list","title":"gdb_architecture_name_fixup_list module-attribute","text":"gdb_architecture_name_fixup_list = (\n \"x86-64\",\n \"i386\",\n \"i8086\",\n \"aarch64\",\n \"mips\",\n \"rs6000\",\n \"powerpc\",\n \"sparc\",\n \"arm\",\n \"iwmmxt\",\n \"iwmmxt2\",\n \"xscale\",\n \"riscv:rv32\",\n \"riscv:rv64\",\n \"riscv\",\n \"loongarch64\",\n \"s390:64-bit\",\n)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.gdb_mips_to_arch_attribute_map","title":"gdb_mips_to_arch_attribute_map module-attribute","text":"gdb_mips_to_arch_attribute_map = {\n \"mips5\": MIPS_ISA_5,\n \"micromips\": MIPS_ISA_MICRO,\n \"isa32\": MIPS_ISA_32,\n \"isa32r2\": MIPS_ISA_32R2,\n \"isa32r3\": MIPS_ISA_32R3,\n \"isa32r5\": MIPS_ISA_32R5,\n \"isa32r6\": MIPS_ISA_32R6,\n \"isa64\": MIPS_ISA_64,\n \"isa64r2\": MIPS_ISA_64R2,\n \"isa64r3\": MIPS_ISA_64R3,\n \"isa64r5\": MIPS_ISA_64R5,\n \"isa64r6\": MIPS_ISA_64R6,\n}\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BPWP_DEFERRED_DELETE","title":"BPWP_DEFERRED_DELETE module-attribute","text":"BPWP_DEFERRED_DELETE: Set[GDBStopPoint] = set()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BPWP_DEFERRED_ENABLE","title":"BPWP_DEFERRED_ENABLE module-attribute","text":"BPWP_DEFERRED_ENABLE: Set[GDBStopPoint] = set()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BPWP_DEFERRED_DISABLE","title":"BPWP_DEFERRED_DISABLE module-attribute","text":"BPWP_DEFERRED_DISABLE: Set[GDBStopPoint] = set()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.EXECUTION_CONTROLLER","title":"EXECUTION_CONTROLLER module-attribute","text":"EXECUTION_CONTROLLER = GDBExecutionController()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBRegisters","title":"GDBRegisters","text":"GDBRegisters(frame: GDBFrame)\n
Bases: Registers
Methods:
Attributes:
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBRegisters.frame","title":"frame instance-attribute","text":"frame = frame\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBRegisters.by_name","title":"by_name","text":"by_name(name: str) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame","title":"GDBFrame","text":"GDBFrame(inner: Frame)\n
Bases: Frame
Methods:
-
lookup_symbol \u2013 -
evaluate_expression \u2013 -
regs \u2013 -
reg_write \u2013 -
pc \u2013 -
sp \u2013 -
parent \u2013 -
child \u2013 -
sal \u2013 -
__eq__ \u2013
Attributes:
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.inner","title":"inner instance-attribute","text":"inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.lookup_symbol","title":"lookup_symbol","text":"lookup_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.evaluate_expression","title":"evaluate_expression","text":"evaluate_expression(expression: str, lock_scheduler: bool = False) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.regs","title":"regs","text":"regs() -> Registers\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.reg_write","title":"reg_write","text":"reg_write(name: str, val: int) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.pc","title":"pc","text":"pc() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.sp","title":"sp","text":"sp() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.parent","title":"parent","text":"parent() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.child","title":"child","text":"child() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.sal","title":"sal","text":"sal() -> tuple[str, int] | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBFrame.__eq__","title":"__eq__","text":"__eq__(rhs: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread","title":"GDBThread","text":"GDBThread(inner: InferiorThread)\n
Bases: Thread
Methods:
-
bottom_frame \u2013 -
ptid \u2013 -
index \u2013
Attributes:
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread.inner","title":"inner instance-attribute","text":"inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread.bottom_frame","title":"bottom_frame","text":"bottom_frame() -> Iterator[Frame]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread.ptid","title":"ptid","text":"ptid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBThread.index","title":"index","text":"index() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap","title":"GDBMemoryMap","text":"GDBMemoryMap(qemu: bool, pages: Sequence[Page])\n
Bases: MemoryMap
Methods:
Attributes:
-
qemu \u2013 -
pages (tuple[Page, ...]) \u2013
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.qemu","title":"qemu instance-attribute","text":"qemu = qemu\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.pages","title":"pages instance-attribute","text":"pages: tuple[Page, ...] = tuple(pages)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.is_qemu","title":"is_qemu","text":"is_qemu() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.ranges","title":"ranges","text":"ranges() -> Sequence[Page]\n
Returns all ranges in this memory map.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBMemoryMap.lookup_page","title":"lookup_page","text":"lookup_page(address: int) -> Page | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BreakpointAdapter","title":"BreakpointAdapter","text":" Bases: Breakpoint
Methods:
Attributes:
-
stop_handler (Callable[[], bool]) \u2013
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BreakpointAdapter.stop_handler","title":"stop_handler instance-attribute","text":"stop_handler: Callable[[], bool]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.BreakpointAdapter.stop","title":"stop","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint","title":"GDBStopPoint","text":"GDBStopPoint(inner: Breakpoint, proc: GDBProcess)\n
Bases: StopPoint
Methods:
Attributes:
-
inner (Breakpoint) \u2013 -
proc (GDBProcess) \u2013 -
inner_stop (Callable[[], bool] | None) \u2013
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.inner","title":"inner instance-attribute","text":"inner: Breakpoint = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.proc","title":"proc instance-attribute","text":"proc: GDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.inner_stop","title":"inner_stop instance-attribute","text":"inner_stop: Callable[[], bool] | None = None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.set_enabled","title":"set_enabled","text":"set_enabled(enabled: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.remove","title":"remove","text":"remove() -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.__enter__","title":"__enter__","text":"__enter__() -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBStopPoint.__exit__","title":"__exit__","text":"__exit__(exc_type, exc_value, traceback) -> None\n
Automatic breakpoint removal.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess","title":"GDBProcess","text":"GDBProcess(inner: Inferior)\n
Bases: Process
Methods:
-
threads \u2013 -
pid \u2013 -
alive \u2013 -
stopped_with_signal \u2013 -
evaluate_expression \u2013 -
vmmap \u2013 -
read_memory \u2013 -
write_memory \u2013 -
find_in_memory \u2013 -
is_remote \u2013 -
send_remote \u2013 -
send_monitor \u2013 -
download_remote_file \u2013 -
create_value \u2013 -
symbol_name_at_address \u2013 -
lookup_symbol \u2013 -
types_with_name \u2013 -
arch \u2013 -
break_at \u2013 -
is_linux \u2013 -
disasm \u2013 -
module_section_locations \u2013 -
main_module_name \u2013 -
main_module_entry \u2013 -
is_dynamically_linked \u2013 -
dispatch_execution_controller \u2013
Attributes:
-
inner \u2013 -
in_bpwp_stop_handler (bool) \u2013
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.inner","title":"inner instance-attribute","text":"inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.in_bpwp_stop_handler","title":"in_bpwp_stop_handler instance-attribute","text":"in_bpwp_stop_handler: bool = False\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.threads","title":"threads","text":"threads() -> list[Thread]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.pid","title":"pid","text":"pid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.alive","title":"alive","text":"alive() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.stopped_with_signal","title":"stopped_with_signal","text":"stopped_with_signal() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.evaluate_expression","title":"evaluate_expression","text":"evaluate_expression(expression: str) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.vmmap","title":"vmmap","text":"vmmap() -> MemoryMap\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.read_memory","title":"read_memory","text":"read_memory(address: int, size: int, partial: bool = False) -> bytearray\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.write_memory","title":"write_memory","text":"write_memory(address: int, data: bytearray, partial: bool = False) -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.find_in_memory","title":"find_in_memory","text":"find_in_memory(\n pattern: bytearray,\n start: int,\n size: int,\n align: int,\n max_matches: int = -1,\n step: int = -1,\n) -> Generator[int, None, None]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.is_remote","title":"is_remote","text":"is_remote() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.send_remote","title":"send_remote","text":"send_remote(packet: str) -> bytes\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.send_monitor","title":"send_monitor","text":"send_monitor(cmd: str) -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.download_remote_file","title":"download_remote_file","text":"download_remote_file(remote_path: str, local_path: str) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.create_value","title":"create_value","text":"create_value(value: int, type: Type | None = None) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.symbol_name_at_address","title":"symbol_name_at_address","text":"symbol_name_at_address(address: int) -> str | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.lookup_symbol","title":"lookup_symbol","text":"lookup_symbol(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.types_with_name","title":"types_with_name","text":"types_with_name(name: str) -> Sequence[Type]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.arch","title":"arch","text":"arch() -> ArchDefinition\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.break_at","title":"break_at","text":"break_at(\n location: BreakpointLocation | WatchpointLocation,\n stop_handler: Callable[[StopPoint], bool] | None = None,\n internal: bool = False,\n) -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.is_linux","title":"is_linux","text":"is_linux() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.disasm","title":"disasm","text":"disasm(address: int) -> DisassembledInstruction | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.module_section_locations","title":"module_section_locations","text":"module_section_locations() -> list[tuple[int, int, str, str]]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.main_module_name","title":"main_module_name","text":"main_module_name() -> str | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.main_module_entry","title":"main_module_entry","text":"main_module_entry() -> int | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.is_dynamically_linked","title":"is_dynamically_linked","text":"is_dynamically_linked() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBProcess.dispatch_execution_controller","title":"dispatch_execution_controller","text":"dispatch_execution_controller(\n procedure: Callable[[ExecutionController], Coroutine[Any, Any, None]],\n)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBExecutionController","title":"GDBExecutionController","text":" Bases: ExecutionController
Methods:
-
single_step \u2013 -
cont \u2013 -
cont_selected_thread \u2013
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBExecutionController.single_step","title":"single_step async","text":"single_step()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBExecutionController.cont","title":"cont async","text":"cont(until: StopPoint)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBExecutionController.cont_selected_thread","title":"cont_selected_thread async","text":"cont_selected_thread(until: StopPoint)\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand","title":"GDBCommand","text":"GDBCommand(\n debugger: GDB,\n name: str,\n handler: Callable[[Debugger, str, bool], None],\n doc: str | None,\n)\n
Bases: Command
Methods:
Attributes:
-
debugger \u2013 -
handler \u2013 -
__doc__ \u2013
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand.debugger","title":"debugger instance-attribute","text":"debugger = debugger\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand.handler","title":"handler instance-attribute","text":"handler = handler\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand.__doc__","title":"__doc__ instance-attribute","text":"__doc__ = doc\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommand.invoke","title":"invoke","text":"invoke(args: str, from_tty: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommandHandle","title":"GDBCommandHandle","text":"GDBCommandHandle(command: Command)\n
Bases: CommandHandle
Methods:
Attributes:
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommandHandle.command","title":"command instance-attribute","text":"command = command\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBCommandHandle.remove","title":"remove","text":"remove() -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType","title":"GDBType","text":"GDBType(inner: Type)\n
Bases: Type
Methods:
Attributes:
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.CODE_MAPPING","title":"CODE_MAPPING class-attribute instance-attribute","text":"CODE_MAPPING = {\n TYPE_CODE_BOOL: BOOL,\n TYPE_CODE_INT: INT,\n TYPE_CODE_UNION: UNION,\n TYPE_CODE_STRUCT: STRUCT,\n TYPE_CODE_ENUM: ENUM,\n TYPE_CODE_TYPEDEF: TYPEDEF,\n TYPE_CODE_PTR: POINTER,\n TYPE_CODE_ARRAY: ARRAY,\n TYPE_CODE_FUNC: FUNC,\n TYPE_CODE_METHOD: FUNC,\n}\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.inner","title":"inner instance-attribute","text":"inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.name_identifier","title":"name_identifier property","text":"name_identifier: str | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.name_to_human_readable","title":"name_to_human_readable property","text":"name_to_human_readable: str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.sizeof","title":"sizeof property","text":"sizeof: int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.alignof","title":"alignof property","text":"alignof: int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.code","title":"code property","text":"code: TypeCode\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.array_len","title":"array_len property","text":"array_len: int\n
Get array length of this type.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.__eq__","title":"__eq__","text":"__eq__(rhs: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.func_arguments","title":"func_arguments","text":"func_arguments() -> list[Type] | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.fields","title":"fields","text":"fields() -> list[TypeField]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.has_field","title":"has_field","text":"has_field(name: str) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.array","title":"array","text":"array(count: int) -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.pointer","title":"pointer","text":"pointer() -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.strip_typedefs","title":"strip_typedefs","text":"strip_typedefs() -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.target","title":"target","text":"target() -> Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.keys","title":"keys","text":"keys() -> list[str]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.offsetof","title":"offsetof","text":"offsetof(field_name: str) -> int | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBType.enum_member","title":"enum_member","text":"enum_member(field_name: str) -> int | None\n
Retrieve the integer value of an enum member.
It returns: - integer value, when found field - returns None, If the field does not exist
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue","title":"GDBValue","text":"GDBValue(inner: Value)\n
Bases: Value
Methods:
-
dereference \u2013 -
string \u2013 -
value_to_human_readable \u2013 -
fetch_lazy \u2013 -
__int__ \u2013 -
cast \u2013 -
__add__ \u2013 -
__sub__ \u2013 -
__getitem__ \u2013
Attributes:
-
inner \u2013 -
address (Value | None) \u2013 -
is_optimized_out (bool) \u2013 -
type (Type) \u2013
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.inner","title":"inner instance-attribute","text":"inner = inner\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.address","title":"address property","text":"address: Value | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.is_optimized_out","title":"is_optimized_out property","text":"is_optimized_out: bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.type","title":"type property","text":"type: Type\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.dereference","title":"dereference","text":"dereference() -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.string","title":"string","text":"string() -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.value_to_human_readable","title":"value_to_human_readable","text":"value_to_human_readable() -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.fetch_lazy","title":"fetch_lazy","text":"fetch_lazy() -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__int__","title":"__int__","text":"__int__() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.cast","title":"cast","text":"cast(type: Type | Any) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__add__","title":"__add__","text":"__add__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__sub__","title":"__sub__","text":"__sub__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDBValue.__getitem__","title":"__getitem__","text":"__getitem__(key: str | int) -> Value\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB","title":"GDB","text":" Bases: Debugger
Methods:
Attributes:
-
pre_ctx_lines (int) \u2013
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.pre_ctx_lines","title":"pre_ctx_lines property","text":"pre_ctx_lines: int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.setup","title":"setup","text":"setup()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.add_command","title":"add_command","text":"add_command(\n name: str, handler: Callable[[Debugger, str, bool], None], doc: str | None\n) -> CommandHandle\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.history","title":"history","text":"history(last: int = 10) -> list[tuple[int, str]]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.lex_args","title":"lex_args","text":"lex_args(command_line: str) -> list[str]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.selected_thread","title":"selected_thread","text":"selected_thread() -> Thread | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.selected_frame","title":"selected_frame","text":"selected_frame() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.commands","title":"commands","text":"commands()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.selected_inferior","title":"selected_inferior","text":"selected_inferior() -> Process | None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.is_gdblib_available","title":"is_gdblib_available","text":"is_gdblib_available()\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.has_event_type","title":"has_event_type","text":"has_event_type(ty: EventType) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.event_handler","title":"event_handler","text":"event_handler(\n ty: EventType,\n) -> Callable[[Callable[..., T]], Callable[..., T]]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.suspend_events","title":"suspend_events","text":"suspend_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.resume_events","title":"resume_events","text":"resume_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.set_sysroot","title":"set_sysroot","text":"set_sysroot(sysroot: str) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.supports_breakpoint_creation_during_stop_handler","title":"supports_breakpoint_creation_during_stop_handler","text":"supports_breakpoint_creation_during_stop_handler() -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.breakpoint_locations","title":"breakpoint_locations","text":"breakpoint_locations() -> list[BreakpointLocation]\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.name","title":"name","text":"name() -> DebuggerType\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.x86_disassembly_flavor","title":"x86_disassembly_flavor","text":"x86_disassembly_flavor() -> Literal['att', 'intel']\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.string_limit","title":"string_limit","text":"string_limit() -> int\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.addrsz","title":"addrsz","text":"addrsz(address: Any) -> str\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.get_cmd_window_size","title":"get_cmd_window_size","text":"get_cmd_window_size() -> tuple[int | None, int | None]\n
Get the size of the command window.
GDB keeps these parameters up to date with the actual window size of the command output. This is the full terminal size in CLI mode or the size of the cmd window in TUI mode.
When the window size is set to be unlimited (0), the parameter is None.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.set_python_diagnostics","title":"set_python_diagnostics","text":"set_python_diagnostics(enabled: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.GDB.ctx_suspend_events","title":"ctx_suspend_events","text":"ctx_suspend_events(ty: EventType) -> Iterator[None]\n
Context manager for temporarily suspending and resuming the delivery of events of a given type.
"},{"location":"reference/pwndbg/dbg/gdb/#pwndbg.dbg.gdb.parse_and_eval","title":"parse_and_eval","text":"parse_and_eval(expression: str, global_context: bool) -> Value\n
Same as gdb.parse_and_eval, but only uses global_context if it is supported by the current version of GDB.
global_context was introduced in GDB 14.
"},{"location":"reference/pwndbg/dbg/gdb/debug_sym/","title":"pwndbg.dbg.gdb.debug_sym","text":""},{"location":"reference/pwndbg/dbg/gdb/debug_sym/#pwndbg.dbg.gdb.debug_sym","title":"debug_sym","text":""},{"location":"reference/pwndbg/dbg/gdb/symbol/","title":"pwndbg.dbg.gdb.symbol","text":""},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol","title":"symbol","text":"Looking up addresses for function names / symbols, and vice-versa.
Classes:
Functions:
-
resolve_addr \u2013 Retrieve the name for the symbol located at address
-
lookup_symbol \u2013 Get the address for symbol
-
lookup_frame_symbol \u2013 Get the address for local symbol from frame, in most time you don't need it
Attributes:
-
skipped_exceptions \u2013 -
DOMAIN_MAPPING \u2013 -
order_prefs \u2013
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.skipped_exceptions","title":"skipped_exceptions module-attribute","text":"skipped_exceptions = ('No frame selected', 'Cannot find thread-local')\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.DOMAIN_MAPPING","title":"DOMAIN_MAPPING module-attribute","text":"DOMAIN_MAPPING = {\n ANY: SYMBOL_VAR_DOMAIN,\n VARIABLE: SYMBOL_VAR_DOMAIN,\n FUNCTION: SYMBOL_FUNCTION_DOMAIN,\n}\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.order_prefs","title":"order_prefs module-attribute","text":"order_prefs = {\n True: (\n _global_static_symbol_to_address,\n _global_exported_symbol_to_address,\n ),\n False: (\n _global_exported_symbol_to_address,\n _global_static_symbol_to_address,\n ),\n}\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain","title":"Domain","text":" Bases: Enum
Methods:
Attributes:
-
ANY \u2013 -
VARIABLE \u2013 -
FUNCTION \u2013
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain.ANY","title":"ANY class-attribute instance-attribute","text":"ANY = 1\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain.VARIABLE","title":"VARIABLE class-attribute instance-attribute","text":"VARIABLE = 2\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain.FUNCTION","title":"FUNCTION class-attribute instance-attribute","text":"FUNCTION = 3\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.Domain.validate","title":"validate","text":"validate(sym: Symbol) -> bool\n
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.resolve_addr","title":"resolve_addr","text":"resolve_addr(address: int) -> str\n
Retrieve the name for the symbol located at address Empty string if no symbol
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.lookup_symbol","title":"lookup_symbol","text":"lookup_symbol(\n name: str,\n *,\n prefer_static: bool = False,\n domain: Domain = ANY,\n objfile_endswith: str | None = None,\n) -> Value | None\n
Get the address for symbol
"},{"location":"reference/pwndbg/dbg/gdb/symbol/#pwndbg.dbg.gdb.symbol.lookup_frame_symbol","title":"lookup_frame_symbol","text":"lookup_frame_symbol(name: str, *, domain: Domain = ANY) -> Value | None\n
Get the address for local symbol from frame, in most time you don't need it
"},{"location":"reference/pwndbg/dbg/lldb/","title":"pwndbg.dbg.lldb","text":""},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb","title":"lldb","text":"Modules:
Classes:
-
LLDBRegisters \u2013 -
LLDBFrame \u2013 -
LLDBThread \u2013 -
LLDBType \u2013 -
LLDBValue \u2013 -
LLDBMemoryMap \u2013 -
LLDBStopPoint \u2013 -
OneShotAwaitable \u2013 Used as part of the logic for the execution controller. This is an Awaitable
-
YieldContinue \u2013 Continues execution of the process until the breakpoint or watchpoint given
-
YieldSingleStep \u2013 Moves execution of the process being debugged forward by one instruction.
-
LLDBExecutionController \u2013 -
LLDBProcess \u2013 -
LLDBCommand \u2013 -
LLDB \u2013
Functions:
Attributes:
-
T \u2013 -
LLDB_VERSION (tuple[int, int]) \u2013 -
EXECUTION_CONTROLLER \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB_VERSION","title":"LLDB_VERSION module-attribute","text":"LLDB_VERSION: tuple[int, int] = None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.EXECUTION_CONTROLLER","title":"EXECUTION_CONTROLLER module-attribute","text":"EXECUTION_CONTROLLER = LLDBExecutionController()\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBRegisters","title":"LLDBRegisters","text":"LLDBRegisters(groups: SBValueList, proc: LLDBProcess)\n
Bases: Registers
Methods:
Attributes:
-
groups (SBValueList) \u2013 -
proc (LLDBProcess) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBRegisters.groups","title":"groups instance-attribute","text":"groups: SBValueList = groups\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBRegisters.proc","title":"proc instance-attribute","text":"proc: LLDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBRegisters.by_name","title":"by_name","text":"by_name(name: str) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame","title":"LLDBFrame","text":"LLDBFrame(inner: SBFrame, proc: LLDBProcess)\n
Bases: Frame
Methods:
-
lookup_symbol \u2013 -
evaluate_expression \u2013 -
regs \u2013 -
reg_write \u2013 -
pc \u2013 -
sp \u2013 -
parent \u2013 -
child \u2013 -
sal \u2013 -
__eq__ \u2013
Attributes:
-
inner (SBFrame) \u2013 -
proc (LLDBProcess) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.inner","title":"inner instance-attribute","text":"inner: SBFrame = inner\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.proc","title":"proc instance-attribute","text":"proc: LLDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.lookup_symbol","title":"lookup_symbol","text":"lookup_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.evaluate_expression","title":"evaluate_expression","text":"evaluate_expression(expression: str, lock_scheduler: bool = False) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.regs","title":"regs","text":"regs() -> Registers\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.reg_write","title":"reg_write","text":"reg_write(name: str, val: int) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.pc","title":"pc","text":"pc() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.sp","title":"sp","text":"sp() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.parent","title":"parent","text":"parent() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.child","title":"child","text":"child() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.sal","title":"sal","text":"sal() -> tuple[str, int] | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBFrame.__eq__","title":"__eq__","text":"__eq__(rhs: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread","title":"LLDBThread","text":"LLDBThread(inner: SBThread, proc: LLDBProcess)\n
Bases: Thread
Methods:
-
bottom_frame \u2013 -
ptid \u2013 -
index \u2013
Attributes:
-
inner (SBThread) \u2013 -
proc (LLDBProcess) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.inner","title":"inner instance-attribute","text":"inner: SBThread = inner\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.proc","title":"proc instance-attribute","text":"proc: LLDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.bottom_frame","title":"bottom_frame","text":"bottom_frame() -> Iterator[Frame]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.ptid","title":"ptid","text":"ptid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBThread.index","title":"index","text":"index() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType","title":"LLDBType","text":"LLDBType(inner: SBType)\n
Bases: Type
Methods:
-
__eq__ \u2013 -
func_arguments \u2013 -
fields \u2013 -
array \u2013 -
pointer \u2013 -
strip_typedefs \u2013 -
target \u2013 -
has_field \u2013 Whether this type has a field with the given name.
-
keys \u2013 Returns a list containing all the field names of this type.
-
enum_member \u2013 Retrieve the integer value of an enum member.
-
offsetof \u2013 Calculate the byte offset of a field within a struct or union.
Attributes:
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.inner","title":"inner instance-attribute","text":"inner: SBType = inner\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.name_identifier","title":"name_identifier property","text":"name_identifier: str | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.name_to_human_readable","title":"name_to_human_readable property","text":"name_to_human_readable: str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.sizeof","title":"sizeof property","text":"sizeof: int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.alignof","title":"alignof property","text":"alignof: int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.code","title":"code property","text":"code: TypeCode\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.array_len","title":"array_len property","text":"array_len: int\n
Get array length of this type.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.__eq__","title":"__eq__","text":"__eq__(rhs: object) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.func_arguments","title":"func_arguments","text":"func_arguments() -> list[Type] | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.fields","title":"fields","text":"fields() -> list[TypeField]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.array","title":"array","text":"array(count: int) -> Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.pointer","title":"pointer","text":"pointer() -> Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.strip_typedefs","title":"strip_typedefs","text":"strip_typedefs() -> Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.target","title":"target","text":"target() -> Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.has_field","title":"has_field","text":"has_field(name: str) -> bool\n
Whether this type has a field with the given name.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.keys","title":"keys","text":"keys() -> list[str]\n
Returns a list containing all the field names of this type.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.enum_member","title":"enum_member","text":"enum_member(field_name: str) -> int | None\n
Retrieve the integer value of an enum member.
It returns: - integer value, when found field - returns None, If the field does not exist
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBType.offsetof","title":"offsetof","text":"offsetof(field_name: str) -> int | None\n
Calculate the byte offset of a field within a struct or union.
This method recursively traverses nested structures and unions, and it computes the byte-aligned offset for the specified field.
It returns: - offset in bytes if found - None if the field doesn't exist or if an unsupported alignment/bit-field is encountered
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue","title":"LLDBValue","text":"LLDBValue(inner: SBValue, proc: LLDBProcess)\n
Bases: Value
Methods:
-
dereference \u2013 -
string \u2013 -
value_to_human_readable \u2013 -
fetch_lazy \u2013 -
__int__ \u2013 -
cast \u2013 -
__add__ \u2013 -
__sub__ \u2013 -
__getitem__ \u2013
Attributes:
-
proc \u2013 -
inner \u2013 -
address (Value | None) \u2013 -
is_optimized_out (bool) \u2013 -
type (Type) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.proc","title":"proc instance-attribute","text":"proc = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.inner","title":"inner instance-attribute","text":"inner = inner\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.address","title":"address property","text":"address: Value | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.is_optimized_out","title":"is_optimized_out property","text":"is_optimized_out: bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.type","title":"type property","text":"type: Type\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.dereference","title":"dereference","text":"dereference() -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.string","title":"string","text":"string() -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.value_to_human_readable","title":"value_to_human_readable","text":"value_to_human_readable() -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.fetch_lazy","title":"fetch_lazy","text":"fetch_lazy() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__int__","title":"__int__","text":"__int__() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.cast","title":"cast","text":"cast(type: Type | Any) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__add__","title":"__add__","text":"__add__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__sub__","title":"__sub__","text":"__sub__(rhs: int) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBValue.__getitem__","title":"__getitem__","text":"__getitem__(key: str | int) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap","title":"LLDBMemoryMap","text":"LLDBMemoryMap(pages: list[Page])\n
Bases: MemoryMap
Methods:
Attributes:
-
pages (tuple[Page, ...]) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap.pages","title":"pages instance-attribute","text":"pages: tuple[Page, ...] = tuple(pages)\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap.is_qemu","title":"is_qemu","text":"is_qemu() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap.ranges","title":"ranges","text":"ranges() -> Sequence[Page]\n
Returns all ranges in this memory map.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBMemoryMap.lookup_page","title":"lookup_page","text":"lookup_page(address: int) -> Page | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint","title":"LLDBStopPoint","text":"LLDBStopPoint(\n inner: SBBreakpoint | SBWatchpoint,\n proc: LLDBProcess,\n stop_handler_name: str | None,\n)\n
Bases: StopPoint
Methods:
Attributes:
-
inner (SBBreakpoint | SBWatchpoint) \u2013 -
proc (LLDBProcess) \u2013 -
stop_handler_name (str | None) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.inner","title":"inner instance-attribute","text":"inner: SBBreakpoint | SBWatchpoint = inner\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.proc","title":"proc instance-attribute","text":"proc: LLDBProcess = proc\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.stop_handler_name","title":"stop_handler_name instance-attribute","text":"stop_handler_name: str | None = stop_handler_name\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.remove","title":"remove","text":"remove() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.set_enabled","title":"set_enabled","text":"set_enabled(enabled: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.__enter__","title":"__enter__","text":"__enter__() -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBStopPoint.__exit__","title":"__exit__","text":"__exit__(exc_type, exc_value, traceback) -> None\n
Automatic breakpoint removal.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.OneShotAwaitable","title":"OneShotAwaitable","text":"OneShotAwaitable(value: Any)\n
Used as part of the logic for the execution controller. This is an Awaitable object that yields the value passed to its constructor exactly once.
Methods:
Attributes:
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.OneShotAwaitable.value","title":"value instance-attribute","text":"value = value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.OneShotAwaitable.__await__","title":"__await__","text":"__await__() -> Generator[Any, Any, Any]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.YieldContinue","title":"YieldContinue","text":"YieldContinue(target: LLDBStopPoint, selected_thread: bool = False)\n
Continues execution of the process until the breakpoint or watchpoint given in the constructor is hit or the operation is cancelled.
This class is part of the execution controller system, so it is intented to be yielded by the async function with access to an execution controller, and caught and hanlded by the event loop in the LLDB Pwndbg CLI.
Attributes:
-
target (LLDBStopPoint) \u2013 -
selected_thread (bool) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.YieldContinue.target","title":"target instance-attribute","text":"target: LLDBStopPoint = target\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.YieldContinue.selected_thread","title":"selected_thread instance-attribute","text":"selected_thread: bool = selected_thread\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.YieldSingleStep","title":"YieldSingleStep","text":"Moves execution of the process being debugged forward by one instruction.
This class is part of the execution controller system, so it is intented to be yielded by the async function with access to an execution controller, and caught and hanlded by the event loop in the LLDB Pwndbg CLI.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBExecutionController","title":"LLDBExecutionController","text":" Bases: ExecutionController
Methods:
-
single_step \u2013 -
cont \u2013 -
cont_selected_thread \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBExecutionController.single_step","title":"single_step","text":"single_step() -> Awaitable[None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBExecutionController.cont","title":"cont","text":"cont(target: StopPoint) -> Awaitable[None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBExecutionController.cont_selected_thread","title":"cont_selected_thread","text":"cont_selected_thread(target: StopPoint) -> Awaitable[None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess","title":"LLDBProcess","text":"LLDBProcess(\n dbg: LLDB, process: SBProcess, target: SBTarget, is_gdb_remote: bool\n)\n
Bases: Process
Methods:
Attributes:
-
dbg \u2013 -
process \u2013 -
target \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.dbg","title":"dbg instance-attribute","text":"dbg = dbg\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.process","title":"process instance-attribute","text":"process = process\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.target","title":"target instance-attribute","text":"target = target\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.threads","title":"threads","text":"threads() -> list[Thread]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.pid","title":"pid","text":"pid() -> int | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.alive","title":"alive","text":"alive() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.stopped_with_signal","title":"stopped_with_signal","text":"stopped_with_signal() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.evaluate_expression","title":"evaluate_expression","text":"evaluate_expression(expression: str) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.get_known_pages","title":"get_known_pages","text":"get_known_pages() -> list[Page]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.vmmap","title":"vmmap","text":"vmmap() -> MemoryMap\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.find_largest_range_len","title":"find_largest_range_len","text":"find_largest_range_len(\n min_search: int, max_search: int, test: Callable[[int], bool]\n) -> int\n
Finds the largest memory range given a minimum and a maximum value for the size of the rage. This is a binary search, so it should do on the order of log2(max_search - min_search) attempts before it arrives at an answer.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.read_memory","title":"read_memory","text":"read_memory(address: int, size: int, partial: bool = False) -> bytearray\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.write_memory","title":"write_memory","text":"write_memory(address: int, data: bytearray, partial: bool = False) -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.find_in_memory","title":"find_in_memory","text":"find_in_memory(\n pattern: bytearray,\n start: int,\n size: int,\n align: int,\n max_matches: int = -1,\n step: int = -1,\n) -> Generator[int, None, None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.is_remote","title":"is_remote","text":"is_remote() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.send_remote","title":"send_remote","text":"send_remote(packet: str) -> bytes\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.send_monitor","title":"send_monitor","text":"send_monitor(cmd: str) -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.download_remote_file","title":"download_remote_file","text":"download_remote_file(remote_path: str, local_path: str) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.create_value","title":"create_value","text":"create_value(value: int, type: Type | None = None) -> Value\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.symbol_name_at_address","title":"symbol_name_at_address","text":"symbol_name_at_address(address: int) -> str | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.lookup_symbol","title":"lookup_symbol","text":"lookup_symbol(\n name: str,\n *,\n prefer_static: bool = False,\n type: SymbolLookupType = ANY,\n objfile_endswith: str | None = None,\n) -> Value | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.types_with_name","title":"types_with_name","text":"types_with_name(name: str) -> Sequence[Type]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.arch","title":"arch","text":"arch() -> ArchDefinition\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.break_at","title":"break_at","text":"break_at(\n location: BreakpointLocation | WatchpointLocation,\n stop_handler: Callable[[StopPoint], bool] | None = None,\n internal: bool = False,\n) -> StopPoint\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.disasm","title":"disasm","text":"disasm(address: int) -> DisassembledInstruction | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.is_linux","title":"is_linux","text":"is_linux() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.module_section_locations","title":"module_section_locations","text":"module_section_locations() -> list[tuple[int, int, str, str]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.main_module_name","title":"main_module_name","text":"main_module_name() -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.main_module_entry","title":"main_module_entry","text":"main_module_entry() -> int | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.is_dynamically_linked","title":"is_dynamically_linked","text":"is_dynamically_linked() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBProcess.dispatch_execution_controller","title":"dispatch_execution_controller","text":"dispatch_execution_controller(\n procedure: Callable[[ExecutionController], Coroutine[Any, Any, None]],\n)\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBCommand","title":"LLDBCommand","text":"LLDBCommand(handler_name: str, command_name: str)\n
Bases: CommandHandle
Methods:
Attributes:
-
handler_name \u2013 -
command_name \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBCommand.handler_name","title":"handler_name instance-attribute","text":"handler_name = handler_name\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBCommand.command_name","title":"command_name instance-attribute","text":"command_name = command_name\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDBCommand.remove","title":"remove","text":"remove() -> None\n
Removes this command from the command palette of the debugger.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB","title":"LLDB","text":" Bases: Debugger
Methods:
Attributes:
-
exec_states (list[SBExecutionState]) \u2013 -
event_handlers (dict[EventType, list[Callable[..., T]]]) \u2013 -
suspended_events (dict[EventType, bool]) \u2013 -
prompt_hook (Callable[[], None]) \u2013 -
controllers (list[tuple[LLDBProcess, Coroutine[Any, Any, None]]]) \u2013 -
pre_ctx_lines (int) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.exec_states","title":"exec_states instance-attribute","text":"exec_states: list[SBExecutionState]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.event_handlers","title":"event_handlers instance-attribute","text":"event_handlers: dict[EventType, list[Callable[..., T]]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.suspended_events","title":"suspended_events instance-attribute","text":"suspended_events: dict[EventType, bool]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.prompt_hook","title":"prompt_hook instance-attribute","text":"prompt_hook: Callable[[], None]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.controllers","title":"controllers instance-attribute","text":"controllers: list[tuple[LLDBProcess, Coroutine[Any, Any, None]]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.pre_ctx_lines","title":"pre_ctx_lines property","text":"pre_ctx_lines: int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.setup","title":"setup","text":"setup(*args, **kwargs)\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.add_command","title":"add_command","text":"add_command(\n command_name: str,\n handler: Callable[[Debugger, str, bool], None],\n doc: str | None,\n) -> CommandHandle\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.history","title":"history","text":"history(last: int = 10) -> list[tuple[int, str]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.commands","title":"commands","text":"commands() -> list[str]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.lex_args","title":"lex_args","text":"lex_args(command_line: str) -> list[str]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.selected_inferior","title":"selected_inferior","text":"selected_inferior() -> Process | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.selected_thread","title":"selected_thread","text":"selected_thread() -> Thread | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.selected_frame","title":"selected_frame","text":"selected_frame() -> Frame | None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.has_event_type","title":"has_event_type","text":"has_event_type(ty: EventType) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.event_handler","title":"event_handler","text":"event_handler(\n ty: EventType,\n) -> Callable[[Callable[..., T]], Callable[..., T]]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.suspend_events","title":"suspend_events","text":"suspend_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.resume_events","title":"resume_events","text":"resume_events(ty: EventType) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.set_sysroot","title":"set_sysroot","text":"set_sysroot(sysroot: str) -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.supports_breakpoint_creation_during_stop_handler","title":"supports_breakpoint_creation_during_stop_handler","text":"supports_breakpoint_creation_during_stop_handler() -> bool\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.breakpoint_locations","title":"breakpoint_locations","text":"breakpoint_locations() -> list[BreakpointLocation]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.name","title":"name","text":"name() -> DebuggerType\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.x86_disassembly_flavor","title":"x86_disassembly_flavor","text":"x86_disassembly_flavor() -> Literal['att', 'intel']\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.string_limit","title":"string_limit","text":"string_limit() -> int\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.get_cmd_window_size","title":"get_cmd_window_size","text":"get_cmd_window_size() -> tuple[int, int]\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.is_gdblib_available","title":"is_gdblib_available","text":"is_gdblib_available()\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.addrsz","title":"addrsz","text":"addrsz(address: Any) -> str\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.set_python_diagnostics","title":"set_python_diagnostics","text":"set_python_diagnostics(enabled: bool) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.LLDB.ctx_suspend_events","title":"ctx_suspend_events","text":"ctx_suspend_events(ty: EventType) -> Iterator[None]\n
Context manager for temporarily suspending and resuming the delivery of events of a given type.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.rename_register","title":"rename_register","text":"rename_register(name: str, proc: LLDBProcess) -> str\n
Some register names differ between Pwndbg/GDB and LLDB. This function takes in a register name in the Pwndbg/GDB convention and returns the equivalent LLDB name for the register.
"},{"location":"reference/pwndbg/dbg/lldb/#pwndbg.dbg.lldb.map_type_code","title":"map_type_code","text":"map_type_code(type: SBType) -> TypeCode\n
Determines the type code of a given LLDB SBType.
"},{"location":"reference/pwndbg/dbg/lldb/hooks/","title":"pwndbg.dbg.lldb.hooks","text":""},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks","title":"hooks","text":"Code that sets up hooks for LLDB events.
Functions:
-
update_typeinfo \u2013 -
reset_config \u2013 -
on_start \u2013 -
on_stop \u2013 -
on_exit \u2013 -
renew_show_context \u2013 -
prompt_hook \u2013
Attributes:
-
should_show_context \u2013 -
dbg (LLDB) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.should_show_context","title":"should_show_context module-attribute","text":"should_show_context = False\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.dbg","title":"dbg module-attribute","text":"dbg: LLDB = dbg\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.update_typeinfo","title":"update_typeinfo","text":"update_typeinfo() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.reset_config","title":"reset_config","text":"reset_config() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.on_start","title":"on_start","text":"on_start() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.on_stop","title":"on_stop","text":"on_stop() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.on_exit","title":"on_exit","text":"on_exit() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.renew_show_context","title":"renew_show_context","text":"renew_show_context()\n
"},{"location":"reference/pwndbg/dbg/lldb/hooks/#pwndbg.dbg.lldb.hooks.prompt_hook","title":"prompt_hook","text":"prompt_hook()\n
"},{"location":"reference/pwndbg/dbg/lldb/pset/","title":"pwndbg.dbg.lldb.pset","text":""},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset","title":"pset","text":"Classes:
Functions:
"},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset.InvalidParse","title":"InvalidParse","text":" Bases: Exception
"},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset.pget","title":"pget","text":"pget(name: str) -> Parameter | None\n
Retrieves a parameter with a given name.
"},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset.pset","title":"pset","text":"pset(name: str, value: str) -> bool\n
Parses and sets a Pwndbg configuration value.
"},{"location":"reference/pwndbg/dbg/lldb/pset/#pwndbg.dbg.lldb.pset.parse_value","title":"parse_value","text":"parse_value(param: Parameter, expression: str) -> Any\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/","title":"pwndbg.dbg.lldb.repl","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl","title":"repl","text":"The Pwndbg REPL that is the interface to all debugging on LLDB.
Pwndbg has an event system that allows it to react to events in the process being debugged, such as when new executable modules get added to the its address space, when the value of memory and registers change, and pretty much all possible changes to its execution state. We'd like to have the event system work the same way under LLDB as it does under GDB.
Fortunately for us, the events types that are native to LLDB map really well to the event types in GDB and Pwndbg. Very, very unfortunately for us, however, that's basically where our luck ends.
LLDB, as of version 18, only provides two ways to capture events: registering directly with the broadcaster, or registering globally. The former is not available to us in the standard LLDB REPL, as we don't get access to the process object until after it's been launched1. Likewise for the latter, as the interactive debugger will register to receive the global process state change events before everyone else, and LLDB doesn't allow for multiple listeners for the same event bits in the same event class2.
This leaves us with handling process management ourselves as the only option we really have to implement event dispatch in Pwndbg. Easy, right? We can just hijack the commands that deal with target and process creation, and leave everything else untouched. Unfortunately for us, again, shadowing builtin commands is simply not allowed3.
So, really, all that's left for us is either implement our own REPL, or get rid of the event system.
Modules:
-
io \u2013 For our REPL, we need to drive our own I/O with the process being debugged. This
-
proc \u2013 -
readline \u2013 Readline interface for the Pwndbg LLDB REPL.
Classes:
-
EventRelay \u2013 The event system that is sensible for the REPL process driver to use isn't
-
YieldExecDirect \u2013 Execute the given command directly, on behalf of the user.
-
YieldInteractive \u2013 Prompt the user for the next command.
-
PwndbgController \u2013 Class providing interfaces for a client to control the behavior of Pwndbg
-
AutoTarget \u2013 During the execution of some commands, the LLDB CLI automatically creates an
Functions:
-
lex_args \u2013 Splits the arguments, respecting quotation marks.
-
show_greeting \u2013 Show the Pwndbg greeting, the same way the GDB version of Pwndbg would. This
-
print_error \u2013 Print an error message in the style of the LLDB CLI.
-
print_warn \u2013 Print a warning message in the style of the LLDB CLI.
-
run \u2013 Runs the Pwndbg CLI through the given asynchronous controller.
-
exec_repl_command \u2013 Parses and runs the given command, returning whether the event loop should continue.
-
parse \u2013 Parses a list of string arguments into an object containing the parsed
-
run_ipython_shell \u2013 -
target_create \u2013 Creates a new target, registers it with the Pwndbg LLDB implementation, and
-
process_launch \u2013 Launches a process with the given arguments.
-
process_attach \u2013 Attaches to a process with the given arguments.
-
attach \u2013 Attaches to a process with the given name or pid based on regex match.
-
process_connect \u2013 Connects to the given remote process.
-
gdb_remote \u2013 Like process_connect, but more lenient with the remote URL format.
-
continue_process \u2013 Continues the execution of a process.
Attributes:
-
show_tip \u2013 -
LLDB_EXCLUSIVE \u2013 -
target_create_ap \u2013 -
target_create_unsupported \u2013 -
process_launch_ap \u2013 -
process_launch_unsupported \u2013 -
process_attach_ap \u2013 -
process_attach_unsupported \u2013 -
process_connect_ap \u2013 -
gdb_remote_ap \u2013 -
continue_ap \u2013 -
continue_unsupported \u2013
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.show_tip","title":"show_tip module-attribute","text":"show_tip = add_param(\n \"show-tips\", True, \"whether to display the tip of the day on startup\"\n)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.LLDB_EXCLUSIVE","title":"LLDB_EXCLUSIVE module-attribute","text":"LLDB_EXCLUSIVE = [\n (\"script\", lambda cmd: startswith(\"sc\") and startswith(cmd)),\n (\"expression\", lambda cmd: startswith(\"e\") and startswith(cmd)),\n]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.target_create_ap","title":"target_create_ap module-attribute","text":"target_create_ap = ArgumentParser(add_help=False, prog='target create')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.target_create_unsupported","title":"target_create_unsupported module-attribute","text":"target_create_unsupported = [\n \"build\",\n \"core\",\n \"no-dependents\",\n \"remote-file\",\n \"symfile\",\n \"version\",\n]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_launch_ap","title":"process_launch_ap module-attribute","text":"process_launch_ap = ArgumentParser(add_help=False, prog='process launch')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_launch_unsupported","title":"process_launch_unsupported module-attribute","text":"process_launch_unsupported = [\n \"disable-aslr\",\n \"script-class\",\n \"plugin\",\n \"arch\",\n \"shell\",\n \"stderr\",\n \"stdin\",\n \"structured-data-key\",\n \"no-stdio\",\n \"stdout\",\n \"tty\",\n \"structured-data-value\",\n \"working-dir\",\n]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_attach_ap","title":"process_attach_ap module-attribute","text":"process_attach_ap = ArgumentParser(add_help=False, prog='process attach')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_attach_unsupported","title":"process_attach_unsupported module-attribute","text":"process_attach_unsupported = [\n \"python-class\",\n \"plugin\",\n \"structured-data-key\",\n \"structured-data-value\",\n]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_connect_ap","title":"process_connect_ap module-attribute","text":"process_connect_ap = ArgumentParser(add_help=False, prog='process connect')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.gdb_remote_ap","title":"gdb_remote_ap module-attribute","text":"gdb_remote_ap = ArgumentParser(add_help=False, prog='gdb-remote')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.continue_ap","title":"continue_ap module-attribute","text":"continue_ap = ArgumentParser(add_help=False, prog='continue')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.continue_unsupported","title":"continue_unsupported module-attribute","text":"continue_unsupported = ['ignore-count']\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay","title":"EventRelay","text":"EventRelay(dbg: LLDB)\n
Bases: EventHandler
The event system that is sensible for the REPL process driver to use isn't an exact match with the one used by the rest of Pwndbg. They're close, but there's a bit of work we have to do to properly convey certain events.
Methods:
-
created \u2013 -
suspended \u2013 -
resumed \u2013 -
exited \u2013 -
modules_loaded \u2013
Attributes:
-
dbg \u2013 -
ignore_resumed \u2013
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.dbg","title":"dbg instance-attribute","text":"dbg = dbg\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.ignore_resumed","title":"ignore_resumed instance-attribute","text":"ignore_resumed = 0\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.created","title":"created","text":"created()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.suspended","title":"suspended","text":"suspended(event: SBEvent)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.resumed","title":"resumed","text":"resumed()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.exited","title":"exited","text":"exited()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.EventRelay.modules_loaded","title":"modules_loaded","text":"modules_loaded()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.YieldExecDirect","title":"YieldExecDirect","text":"YieldExecDirect(command: str, capture: bool, prompt_silent: bool)\n
Execute the given command directly, on behalf of the user.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.YieldInteractive","title":"YieldInteractive","text":"Prompt the user for the next command.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController","title":"PwndbgController","text":"Class providing interfaces for a client to control the behavior of Pwndbg asynchronously.
Methods:
-
interactive \u2013 Runs a single interactive round, in which the user is prompted for a
-
execute \u2013 Runs the given command, and displays its output to the user.
-
execute_and_capture \u2013 Runs the given command, and captures its output as a byte string.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.interactive","title":"interactive","text":"interactive() -> Awaitable[None]\n
Runs a single interactive round, in which the user is prompted for a command from standard input and readline, and whatever command they type in is executed.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute","title":"execute","text":"execute(command: str) -> Awaitable[None]\n
Runs the given command, and displays its output to the user.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute--interactivity","title":"Interactivity","text":"Some commands - such as lldb and ipi - start interactive prompts when they are run, and issuing them through this command will not change that behavior.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute_and_capture","title":"execute_and_capture","text":"execute_and_capture(command: str) -> Awaitable[bytes]\n
Runs the given command, and captures its output as a byte string.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute_and_capture--interactivity","title":"Interactivity","text":"Same caveats apply as in execute.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.PwndbgController.execute_and_capture--reliabily-of-capture","title":"Reliabily of Capture","text":"Some Pwndbg commands currently do not have their outputs captured, even when run through this command. It is expected that this will be improved in the future, but, as as general rule, clients should not rely on the output of the command being available.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.AutoTarget","title":"AutoTarget","text":"AutoTarget(dbg: LLDB)\n
During the execution of some commands, the LLDB CLI automatically creates an empty target and selects it before the command is executed.
Methods:
-
__bool__ \u2013 -
close \u2013
Attributes:
-
error \u2013 -
target \u2013
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.AutoTarget.error","title":"error instance-attribute","text":"error = SBError()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.AutoTarget.target","title":"target instance-attribute","text":"target = CreateTarget(None, None, None, True, error)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.AutoTarget.__bool__","title":"__bool__","text":"__bool__()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.AutoTarget.close","title":"close","text":"close()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.lex_args","title":"lex_args","text":"lex_args(args: str) -> list[str]\n
Splits the arguments, respecting quotation marks.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.show_greeting","title":"show_greeting","text":"show_greeting() -> None\n
Show the Pwndbg greeting, the same way the GDB version of Pwndbg would. This one is considerably simpler than the GDB version, however, as we control the lifetime of the program, we know exactly when the greeting needs to be shown, so we don't bother with any of the lifetime checks.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.print_error","title":"print_error","text":"print_error(msg: str, *args)\n
Print an error message in the style of the LLDB CLI.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.print_warn","title":"print_warn","text":"print_warn(msg: str, *args)\n
Print a warning message in the style of the LLDB CLI.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.run","title":"run","text":"run(\n controller: Callable[[PwndbgController], Coroutine[Any, Any, None]],\n debug: bool = False,\n) -> None\n
Runs the Pwndbg CLI through the given asynchronous controller.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.exec_repl_command","title":"exec_repl_command","text":"exec_repl_command(\n line: str,\n lldb_out_target: BinaryIO,\n dbg: LLDB,\n driver: ProcessDriver,\n relay: EventRelay,\n) -> bool\n
Parses and runs the given command, returning whether the event loop should continue.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.parse","title":"parse","text":"parse(\n args: list[str],\n parser: ArgumentParser,\n unsupported: list[str],\n raw_marker: str | None = None,\n) -> Any | None\n
Parses a list of string arguments into an object containing the parsed data.
If raw_marker is not None, the argument list will be split in two, with all arguments before the split being fed to the argument parser, and all arguments after the split being returned as-is. In this case the return value is a tuple.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.run_ipython_shell","title":"run_ipython_shell","text":"run_ipython_shell()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.target_create","title":"target_create","text":"target_create(args: list[str], dbg: LLDB) -> None\n
Creates a new target, registers it with the Pwndbg LLDB implementation, and sets up listeners for it.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_launch","title":"process_launch","text":"process_launch(\n driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\n
Launches a process with the given arguments.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_attach","title":"process_attach","text":"process_attach(\n driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\n
Attaches to a process with the given arguments.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.attach","title":"attach","text":"attach(\n driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\n
Attaches to a process with the given name or pid based on regex match. Used for _regexp-attach <pid|name> (alias for attach <pid|name>) Note: for some reason, attach does not really take a regex for process name.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.process_connect","title":"process_connect","text":"process_connect(\n driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\n
Connects to the given remote process.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.gdb_remote","title":"gdb_remote","text":"gdb_remote(\n driver: ProcessDriver, relay: EventRelay, args: list[str], dbg: LLDB\n) -> None\n
Like process_connect, but more lenient with the remote URL format.
"},{"location":"reference/pwndbg/dbg/lldb/repl/#pwndbg.dbg.lldb.repl.continue_process","title":"continue_process","text":"continue_process(driver: ProcessDriver, args: list[str], dbg: LLDB) -> None\n
Continues the execution of a process.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/","title":"pwndbg.dbg.lldb.repl.io","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io","title":"io","text":"For our REPL, we need to drive our own I/O with the process being debugged. This module contains all the strategies we have for doing that.
Classes:
-
OpportunisticTerminalControl \u2013 Handles optional terminal control for a given file descriptor. Crucially,
-
IODriver \u2013 -
IODriverPlainText \u2013 Plaintext-based I/O driver. It simply copies input from our standard input
-
IODriverPseudoTerminal \u2013 pty-based I/O driver. Forwards input from standard input and has support for
Functions:
Attributes:
-
TERM_CONTROL_AVAILABLE \u2013 -
SELECT_AVAILABLE \u2013 -
PTY_AVAILABLE \u2013 -
TC_LFLAG \u2013 -
LIVE_PSEUDO_TERMINAL_OBJECTS \u2013
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.TERM_CONTROL_AVAILABLE","title":"TERM_CONTROL_AVAILABLE module-attribute","text":"TERM_CONTROL_AVAILABLE = True\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.SELECT_AVAILABLE","title":"SELECT_AVAILABLE module-attribute","text":"SELECT_AVAILABLE = True\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.PTY_AVAILABLE","title":"PTY_AVAILABLE module-attribute","text":"PTY_AVAILABLE = True\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.TC_LFLAG","title":"TC_LFLAG module-attribute","text":"TC_LFLAG = 3\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.LIVE_PSEUDO_TERMINAL_OBJECTS","title":"LIVE_PSEUDO_TERMINAL_OBJECTS module-attribute","text":"LIVE_PSEUDO_TERMINAL_OBJECTS = False\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl","title":"OpportunisticTerminalControl","text":"OpportunisticTerminalControl(fd: int = -1)\n
Handles optional terminal control for a given file descriptor. Crucially, all the functions in this class should work regardless of whether terminal control is actually supported on not, but should do nothing in case it is not supported.
'/dev/tty', and use that.
Methods:
-
get_line_buffering \u2013 Gets the current state of line buffering for this terminal.
-
set_line_buffering \u2013 Enables or disables line buffering for this terminal.
-
get_echo \u2013 Gets the current state of echoing for this terminal.
-
set_echo \u2013 Enables or disables echoing for this terminal.
Attributes:
-
fd (int) \u2013 -
supported (bool) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.fd","title":"fd instance-attribute","text":"fd: int = fd\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.supported","title":"supported instance-attribute","text":"supported: bool = True\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.get_line_buffering","title":"get_line_buffering","text":"get_line_buffering() -> bool\n
Gets the current state of line buffering for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.set_line_buffering","title":"set_line_buffering","text":"set_line_buffering(enabled: bool) -> None\n
Enables or disables line buffering for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.get_echo","title":"get_echo","text":"get_echo() -> bool\n
Gets the current state of echoing for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.OpportunisticTerminalControl.set_echo","title":"set_echo","text":"set_echo(enabled: bool) -> None\n
Enables or disables echoing for this terminal.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver","title":"IODriver","text":"Methods:
-
stdio \u2013 The names for the stdin, stdout and stderr files, respectively. These
-
start \u2013 Starts the handling of I/O by this driver on the given process.
-
stop \u2013 Stops the handling of I/O by this driver.
-
on_output_event \u2013 Hints that there might be data in either the standard output or the
-
on_process_start \u2013 Allow the I/O driver an opportunity to change aspects of the process
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.stdio","title":"stdio","text":"stdio() -> tuple[str | None, str | None, str | None]\n
The names for the stdin, stdout and stderr files, respectively. These will get passed as arguments to SBTarget.Launch
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.start","title":"start","text":"start(process: Process) -> None\n
Starts the handling of I/O by this driver on the given process.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.stop","title":"stop","text":"stop() -> None\n
Stops the handling of I/O by this driver.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.on_output_event","title":"on_output_event","text":"on_output_event() -> None\n
Hints that there might be data in either the standard output or the standard error streams. This should be called when an eBroadcastBitSTDOUT or eBroadcastBitSTDERR is encountered by the event loop.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriver.on_process_start","title":"on_process_start","text":"on_process_start(proc: SBProcess) -> None\n
Allow the I/O driver an opportunity to change aspects of the process after it has been launched, but before it has started executing, if it so wishes.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText","title":"IODriverPlainText","text":"IODriverPlainText()\n
Bases: IODriver
Plaintext-based I/O driver. It simply copies input from our standard input to the standard input of a given process, and copies output from the standard output of a given process to out standard output.
Methods:
-
stdio \u2013 -
on_output_event \u2013 -
on_process_start \u2013 -
start \u2013 -
stop \u2013
Attributes:
-
in_thr (Thread) \u2013 -
out_thr (Thread) \u2013 -
likely_output (BoundedSemaphore) \u2013 -
process (SBProcess) \u2013 -
stop_requested (Event) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.in_thr","title":"in_thr instance-attribute","text":"in_thr: Thread\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.out_thr","title":"out_thr instance-attribute","text":"out_thr: Thread\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.likely_output","title":"likely_output instance-attribute","text":"likely_output: BoundedSemaphore = BoundedSemaphore(1)\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.process","title":"process instance-attribute","text":"process: SBProcess = None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.stop_requested","title":"stop_requested instance-attribute","text":"stop_requested: Event = Event()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.stdio","title":"stdio","text":"stdio() -> tuple[str | None, str | None, str | None]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.on_output_event","title":"on_output_event","text":"on_output_event() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.on_process_start","title":"on_process_start","text":"on_process_start(proc: SBProcess) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.start","title":"start","text":"start(process: Process) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPlainText.stop","title":"stop","text":"stop() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal","title":"IODriverPseudoTerminal","text":"IODriverPseudoTerminal(manager: int, worker: str)\n
Bases: IODriver
pty-based I/O driver. Forwards input from standard input and has support for terminal width and height, and for terminal-based file operations on the program being debugged.
Methods:
-
stdio \u2013 -
start \u2013 -
stop \u2013 -
on_output_event \u2013 -
on_process_start \u2013
Attributes:
-
io_thread (Thread) \u2013 -
has_terminal_control (bool) \u2013 -
manager (int) \u2013 -
worker (str) \u2013 -
termcontrol (OpportunisticTerminalControl) \u2013 -
stop_requested (Event) \u2013 -
input_buffer (bytes) \u2013 -
process (SBProcess) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.io_thread","title":"io_thread instance-attribute","text":"io_thread: Thread\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.has_terminal_control","title":"has_terminal_control instance-attribute","text":"has_terminal_control: bool\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.manager","title":"manager instance-attribute","text":"manager: int = manager\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.worker","title":"worker instance-attribute","text":"worker: str = worker\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.termcontrol","title":"termcontrol instance-attribute","text":"termcontrol: OpportunisticTerminalControl = OpportunisticTerminalControl()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.stop_requested","title":"stop_requested instance-attribute","text":"stop_requested: Event = Event()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.input_buffer","title":"input_buffer instance-attribute","text":"input_buffer: bytes = b''\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.process","title":"process instance-attribute","text":"process: SBProcess = None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.stdio","title":"stdio","text":"stdio() -> tuple[str | None, str | None, str | None]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.start","title":"start","text":"start(process: Process) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.stop","title":"stop","text":"stop() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.on_output_event","title":"on_output_event","text":"on_output_event() -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.IODriverPseudoTerminal.on_process_start","title":"on_process_start","text":"on_process_start(proc: SBProcess) -> None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.get_io_driver","title":"get_io_driver","text":"get_io_driver() -> IODriver\n
Instances a new IODriver using the best strategy available in the current system. Meaning a PTY on Unix and plain text on Windows.
"},{"location":"reference/pwndbg/dbg/lldb/repl/io/#pwndbg.dbg.lldb.repl.io.make_pty","title":"make_pty","text":"make_pty() -> tuple[str, int] | None\n
We need to make a pseudo-terminal ourselves if we want the process to handle naturally for the user. Returns a tuple with the path of the worker device and the file descriptor of the manager device if successful.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/","title":"pwndbg.dbg.lldb.repl.proc","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc","title":"proc","text":"Classes:
-
EventHandler \u2013 The event types that make sense for us to track in the process driver aren't
-
ProcessDriver \u2013 Drives the execution of a process, responding to its events and handling its
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler","title":"EventHandler","text":"The event types that make sense for us to track in the process driver aren't the same as the ones in the rest of Pwndbg, so we just expose the native events in process driver, and let the rest of the REPL deal with any complexities that might arise from the translation.
This is mostly intended to keep the complexity of generating the START and NEW_THREAD events correctly out of the process driver.
Methods:
-
created \u2013 This function is called when a process is created or attached to.
-
suspended \u2013 This function is called when the execution of a process is suspended.
-
resumed \u2013 This function is called when the execution of a process is resumed.
-
exited \u2013 This function is called when a process terminates or is detached from.
-
modules_loaded \u2013 This function is called when a new modules have been loaded.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.created","title":"created","text":"created()\n
This function is called when a process is created or attached to.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.suspended","title":"suspended","text":"suspended(cause: SBEvent)\n
This function is called when the execution of a process is suspended.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.resumed","title":"resumed","text":"resumed()\n
This function is called when the execution of a process is resumed.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.exited","title":"exited","text":"exited()\n
This function is called when a process terminates or is detached from.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.EventHandler.modules_loaded","title":"modules_loaded","text":"modules_loaded()\n
This function is called when a new modules have been loaded.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver","title":"ProcessDriver","text":"ProcessDriver(event_handler: EventHandler, debug=False)\n
Drives the execution of a process, responding to its events and handling its I/O, and exposes a simple synchronous interface to the REPL interface.
Methods:
-
has_process \u2013 Whether there's an active process in this driver.
-
has_connection \u2013 Whether this driver's connected to a target. All drivers that have an
-
cancel \u2013 Request that a currently ongoing operation be cancelled.
-
interrupt \u2013 Interrupts the currently running process.
-
cont \u2013 Continues execution of the process this object is driving, and returns
-
run_lldb_command \u2013 Runs the given LLDB command and ataches I/O if necessary.
-
run_coroutine \u2013 Runs the given coroutine and allows it to control the execution of the
-
launch \u2013 Launches the process and handles startup events. Always stops on first
-
attach \u2013 Attach to a process and handles startup events. Always stops on first
-
connect \u2013 Connects to a remote proces with the given URL using the plugin with the
Attributes:
-
io (IODriver) \u2013 -
process (SBProcess) \u2013 -
listener (SBListener) \u2013 -
debug (bool) \u2013 -
eh (EventHandler) \u2013 -
cancellation_requested (bool) \u2013
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.io","title":"io instance-attribute","text":"io: IODriver = None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.process","title":"process instance-attribute","text":"process: SBProcess = None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.listener","title":"listener instance-attribute","text":"listener: SBListener = None\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.debug","title":"debug instance-attribute","text":"debug: bool = debug\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.eh","title":"eh instance-attribute","text":"eh: EventHandler = event_handler\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.cancellation_requested","title":"cancellation_requested instance-attribute","text":"cancellation_requested: bool = False\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.has_process","title":"has_process","text":"has_process() -> bool\n
Whether there's an active process in this driver.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.has_connection","title":"has_connection","text":"has_connection() -> bool\n
Whether this driver's connected to a target. All drivers that have an active process also must necessarily be connected.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.cancel","title":"cancel","text":"cancel() -> None\n
Request that a currently ongoing operation be cancelled.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.interrupt","title":"interrupt","text":"interrupt() -> None\n
Interrupts the currently running process.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.cont","title":"cont","text":"cont() -> None\n
Continues execution of the process this object is driving, and returns whenever the process stops.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.run_lldb_command","title":"run_lldb_command","text":"run_lldb_command(command: str, target: BinaryIO) -> None\n
Runs the given LLDB command and ataches I/O if necessary.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.run_coroutine","title":"run_coroutine","text":"run_coroutine(coroutine: Coroutine[Any, Any, None]) -> bool\n
Runs the given coroutine and allows it to control the execution of the process in this driver. Returns True if the coroutine ran to completion, and False if it was cancelled.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.launch","title":"launch","text":"launch(\n target: SBTarget,\n io: IODriver,\n env: list[str],\n args: list[str],\n working_dir: str,\n) -> SBError\n
Launches the process and handles startup events. Always stops on first opportunity, and returns immediately after the process has stopped.
Fires the created() event.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.attach","title":"attach","text":"attach(target: SBTarget, io: IODriver, info: SBAttachInfo) -> SBError\n
Attach to a process and handles startup events. Always stops on first opportunity, and returns immediately after the process has stopped.
Fires the created() event.
"},{"location":"reference/pwndbg/dbg/lldb/repl/proc/#pwndbg.dbg.lldb.repl.proc.ProcessDriver.connect","title":"connect","text":"connect(target: SBTarget, io: IODriver, url: str, plugin: str) -> SBError\n
Connects to a remote proces with the given URL using the plugin with the given name. This might cause the process to launch in some implementations, or it might require a call to launch(), in implementations that require a further call to SBProcess::RemoteLaunch().
Fires the created() event if a process is automatically attached to or launched when a connection succeeds.
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/","title":"pwndbg.dbg.lldb.repl.readline","text":""},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline","title":"readline","text":"Readline interface for the Pwndbg LLDB REPL.
Mostly concerns itself with argument completion.
Functions:
-
complete \u2013 Runs the tab autocompletion function for readline based on the values
-
display_completions \u2013 Display the completions found by complete in the style of LLDB.
-
wrap_with_history \u2013 -
ctx_with_history \u2013 -
enable_readline \u2013 Enables the readline functionality.
-
disable_readline \u2013 Disables the readline functionality.
Attributes:
-
P \u2013 -
T \u2013 -
PROMPT \u2013 -
HISTORY_FILE \u2013 -
complete_values \u2013 -
complete_descrs \u2013
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.PROMPT","title":"PROMPT module-attribute","text":"PROMPT = readline_escape(prompt, 'pwndbg-lldb> ')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.HISTORY_FILE","title":"HISTORY_FILE module-attribute","text":"HISTORY_FILE = expanduser('~/.pwndbg_history')\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.complete_values","title":"complete_values module-attribute","text":"complete_values = SBStringList()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.complete_descrs","title":"complete_descrs module-attribute","text":"complete_descrs = SBStringList()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.complete","title":"complete","text":"complete(dbg: LLDB, text: str, state: int) -> str | None\n
Runs the tab autocompletion function for readline based on the values returned by SBCommandInterpreter.HandleCompletion.
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.display_completions","title":"display_completions","text":"display_completions(substitutions, matches, longest_match_len)\n
Display the completions found by complete in the style of LLDB.
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.wrap_with_history","title":"wrap_with_history","text":"wrap_with_history(function: Callable[P, T]) -> Callable[P, T]\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.ctx_with_history","title":"ctx_with_history","text":"ctx_with_history()\n
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.enable_readline","title":"enable_readline","text":"enable_readline(dbg: LLDB)\n
Enables the readline functionality.
"},{"location":"reference/pwndbg/dbg/lldb/repl/readline/#pwndbg.dbg.lldb.repl.readline.disable_readline","title":"disable_readline","text":"disable_readline()\n
Disables the readline functionality.
"},{"location":"reference/pwndbg/dbg/lldb/util/","title":"pwndbg.dbg.lldb.util","text":""},{"location":"reference/pwndbg/dbg/lldb/util/#pwndbg.dbg.lldb.util","title":"util","text":"Functions:
"},{"location":"reference/pwndbg/dbg/lldb/util/#pwndbg.dbg.lldb.util.system_decode","title":"system_decode","text":"system_decode(b: bytes) -> str\n
LLDB requires Python strings in many places where it makes sense to accept bytes values. This is mostly an artifact of how Swig maps C char* to str in Python, but since Swig will refuse bytes objects, we have to figure out a way to pass this data as a regular string object, even if that's nonsensical in Python terms.
This function tries its best to resolve that by decoding it with the same decoder the filesystem uses, and, failing that, ASCII.
"},{"location":"reference/pwndbg/decorators/","title":"pwndbg.decorators","text":""},{"location":"reference/pwndbg/decorators/#pwndbg.decorators","title":"decorators","text":"Project-wide function decorators.
Functions:
Attributes:
-
first_prompt \u2013 -
P \u2013 -
T \u2013 -
K \u2013
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.first_prompt","title":"first_prompt module-attribute","text":"first_prompt = False\n
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.K","title":"K module-attribute","text":"K = TypeVar('K')\n
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.only_after_first_prompt","title":"only_after_first_prompt","text":"only_after_first_prompt(\n value_before: T | None = None,\n) -> Callable[[Callable[P, T]], Callable[P, T | None]]\n
Decorator to prevent a function from running before the first prompt was displayed. The 'value_before' parameter can be used to specify the value that is returned if the function is called before the first prompt was displayed.
"},{"location":"reference/pwndbg/decorators/#pwndbg.decorators.suppress_errors","title":"suppress_errors","text":"suppress_errors(\n fallback: K = None, should_warn: bool = True\n) -> Callable[[Callable[P, T]], Callable[P, T | K]]\n
Decorator to make a function return a fallback value when it would otherwise error. The 'fallback' parameter can be used to specify the fallback value. If the 'should_warn' parameter is set, a warning will be printed whenever an error is suppressed.
"},{"location":"reference/pwndbg/emu/","title":"pwndbg.emu","text":""},{"location":"reference/pwndbg/emu/#pwndbg.emu","title":"emu","text":"Emulation assistance from Unicorn.
Modules:
"},{"location":"reference/pwndbg/emu/emulator/","title":"pwndbg.emu.emulator","text":""},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator","title":"emulator","text":"Emulation assistance from Unicorn.
Classes:
-
InstructionExecutedResult \u2013 -
Emulator \u2013
Functions:
Attributes:
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.arch_to_UC","title":"arch_to_UC module-attribute","text":"arch_to_UC = {\n \"i386\": UC_ARCH_X86,\n \"x86-64\": UC_ARCH_X86,\n \"mips\": UC_ARCH_MIPS,\n \"sparc\": UC_ARCH_SPARC,\n \"arm\": UC_ARCH_ARM,\n \"armcm\": UC_ARCH_ARM,\n \"aarch64\": UC_ARCH_ARM64,\n \"rv32\": UC_ARCH_RISCV,\n \"rv64\": UC_ARCH_RISCV,\n \"s390x\": UC_ARCH_S390X,\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.arch_to_UC_consts","title":"arch_to_UC_consts module-attribute","text":"arch_to_UC_consts = {\n \"i386\": parse_consts(x86_const),\n \"x86-64\": parse_consts(x86_const),\n \"mips\": parse_consts(mips_const),\n \"sparc\": parse_consts(sparc_const),\n \"arm\": parse_consts(arm_const),\n \"armcm\": parse_consts(arm_const),\n \"aarch64\": parse_consts(arm64_const),\n \"rv32\": parse_consts(riscv_const),\n \"rv64\": parse_consts(riscv_const),\n \"s390x\": parse_consts(s390x_const),\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.arch_to_reg_const_map","title":"arch_to_reg_const_map module-attribute","text":"arch_to_reg_const_map = {\n \"i386\": create_reg_to_const_map(arch_to_UC_consts[\"i386\"]),\n \"x86-64\": create_reg_to_const_map(\n arch_to_UC_consts[\"x86-64\"],\n {\"FSBASE\": UC_X86_REG_FS_BASE, \"GSBASE\": UC_X86_REG_GS_BASE},\n ),\n \"mips\": create_reg_to_const_map(arch_to_UC_consts[\"mips\"]),\n \"sparc\": create_reg_to_const_map(arch_to_UC_consts[\"sparc\"]),\n \"arm\": create_reg_to_const_map(arch_to_UC_consts[\"arm\"]),\n \"armcm\": create_reg_to_const_map(arch_to_UC_consts[\"armcm\"]),\n \"aarch64\": create_reg_to_const_map(\n arch_to_UC_consts[\"aarch64\"], {\"CPSR\": UC_ARM64_REG_NZCV}\n ),\n \"rv32\": create_reg_to_const_map(arch_to_UC_consts[\"rv32\"]),\n \"rv64\": create_reg_to_const_map(arch_to_UC_consts[\"rv64\"]),\n \"s390x\": create_reg_to_const_map(arch_to_UC_consts[\"s390x\"]),\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.enable_virtual_tlb","title":"enable_virtual_tlb module-attribute","text":"enable_virtual_tlb = {'s390x': True}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.DEBUG","title":"DEBUG module-attribute","text":"DEBUG = NO_DEBUG\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.arch_to_SYSCALL","title":"arch_to_SYSCALL module-attribute","text":"arch_to_SYSCALL = {\n UC_ARCH_X86: [\n X86_INS_SYSCALL,\n X86_INS_SYSENTER,\n X86_INS_SYSEXIT,\n X86_INS_SYSRET,\n X86_INS_IRET,\n X86_INS_IRETD,\n X86_INS_IRETQ,\n X86_INS_INT,\n X86_INS_INT1,\n X86_INS_INT3,\n ],\n UC_ARCH_MIPS: [MIPS_INS_SYSCALL],\n UC_ARCH_SPARC: [SPARC_INS_T],\n UC_ARCH_ARM: [ARM_INS_SVC],\n UC_ARCH_ARM64: [AARCH64_INS_SVC],\n UC_ARCH_PPC: [PPC_INS_SC],\n UC_ARCH_RISCV: [RISCV_INS_ECALL],\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.ARM_BANNED_INSTRUCTIONS","title":"ARM_BANNED_INSTRUCTIONS module-attribute","text":"ARM_BANNED_INSTRUCTIONS = {\n ARM_INS_MRC,\n ARM_INS_MRRC,\n ARM_INS_MRC2,\n ARM_INS_MRRC2,\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.BANNED_INSTRUCTIONS","title":"BANNED_INSTRUCTIONS module-attribute","text":"BANNED_INSTRUCTIONS = {\n \"mips\": {MIPS_INS_RDHWR},\n \"arm\": ARM_BANNED_INSTRUCTIONS,\n \"armcm\": ARM_BANNED_INSTRUCTIONS,\n \"aarch64\": {AARCH64_INS_MRS},\n}\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.blacklisted_regs","title":"blacklisted_regs module-attribute","text":"blacklisted_regs = ['ip', 'cs', 'ds', 'es', 'fs', 'gs', 'ss']\n
e = pwndbg.emu.emulator.Emulator() e.until_jump()
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.InstructionExecutedResult","title":"InstructionExecutedResult","text":" Bases: NamedTuple
Attributes:
-
address (int) \u2013 -
size (int) \u2013
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.InstructionExecutedResult.address","title":"address instance-attribute","text":"address: int\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.InstructionExecutedResult.size","title":"size instance-attribute","text":"size: int\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator","title":"Emulator","text":"Emulator()\n
Methods:
-
read_register \u2013 -
read_memory \u2013 -
telescope \u2013 -
format_telescope \u2013 -
format_telescope_list \u2013 -
telescope_enhance \u2013 -
memory_read_string \u2013 -
__getattr__ \u2013 -
update_pc \u2013 -
read_thumb_bit \u2013 Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
-
get_uc_mode \u2013 Retrieve the mode used by Unicorn for the current architecture.
-
map_page \u2013 -
hook_mem_invalid \u2013 -
hook_intr \u2013 We never want to emulate through an interrupt. Just stop.
-
get_reg_enum \u2013 Returns the Unicorn Emulator enum code for the named register.
-
hook_add \u2013 -
hook_del \u2013 -
emu_start \u2013 -
emu_stop \u2013 -
emulate_with_hook \u2013 -
mem_read \u2013 -
until_jump \u2013 Emulates instructions starting at the specified address until the
-
until_jump_hook_code \u2013 -
until_call \u2013 -
until_syscall \u2013 Emulates instructions starting at the specified address until the program
-
until_syscall_hook_code \u2013 -
single_step \u2013 Steps one instruction.
-
single_step_iter \u2013 -
single_step_hook_code \u2013 -
dumpregs \u2013 -
trace_hook \u2013 -
__repr__ \u2013
Attributes:
-
arch \u2013 -
const_regs \u2013 -
uc_mode \u2013 -
uc \u2013 -
regs (RegisterSet) \u2013 -
valid \u2013 -
last_pc \u2013 -
last_single_step_result \u2013 -
last_step_succeeded (bool) \u2013
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.arch","title":"arch instance-attribute","text":"arch = name\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.const_regs","title":"const_regs instance-attribute","text":"const_regs = arch_to_reg_const_map[arch]\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.uc_mode","title":"uc_mode instance-attribute","text":"uc_mode = get_uc_mode()\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.uc","title":"uc instance-attribute","text":"uc = Uc(arch_to_UC[arch], uc_mode)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.regs","title":"regs instance-attribute","text":"regs: RegisterSet = current\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.valid","title":"valid instance-attribute","text":"valid = True\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.last_pc","title":"last_pc instance-attribute","text":"last_pc = None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.last_single_step_result","title":"last_single_step_result instance-attribute","text":"last_single_step_result = InstructionExecutedResult(None, None)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.last_step_succeeded","title":"last_step_succeeded property","text":"last_step_succeeded: bool\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.read_register","title":"read_register","text":"read_register(name: str)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.read_memory","title":"read_memory","text":"read_memory(address: int, size: int) -> bytes | None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.telescope","title":"telescope","text":"telescope(address: int, limit: int, read_size: int = None) -> list[int]\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.format_telescope","title":"format_telescope","text":"format_telescope(address: int, limit: int) -> str\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.format_telescope_list","title":"format_telescope_list","text":"format_telescope_list(\n chain: list[int], limit: int, enhance_string_len: int = None\n) -> str\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.telescope_enhance","title":"telescope_enhance","text":"telescope_enhance(\n value: int, code: bool = True, enhance_string_len: int = None\n)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.memory_read_string","title":"memory_read_string","text":"memory_read_string(\n address: int, max_string_len=None, max_read=None\n) -> str | None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.update_pc","title":"update_pc","text":"update_pc(pc=None) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.read_thumb_bit","title":"read_thumb_bit","text":"read_thumb_bit() -> int\n
Return 0 or 1, representing the status of the Thumb bit in the current Arm architecture
This reads from the emulator itself, meaning this can be read to determine a state transitions between non-Thumb and Thumb mode
Return None if the Thumb bit is not relevent to the current architecture
Mimics the read_thumb_bit function defined in aglib/arch.py
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.get_uc_mode","title":"get_uc_mode","text":"get_uc_mode()\n
Retrieve the mode used by Unicorn for the current architecture.
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.map_page","title":"map_page","text":"map_page(page) -> bool\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_mem_invalid","title":"hook_mem_invalid","text":"hook_mem_invalid(uc, access, address, size: int, value, user_data) -> bool\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_intr","title":"hook_intr","text":"hook_intr(uc, intno, user_data) -> None\n
We never want to emulate through an interrupt. Just stop.
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.get_reg_enum","title":"get_reg_enum","text":"get_reg_enum(reg: str) -> int | None\n
Returns the Unicorn Emulator enum code for the named register.
Also supports general registers like 'sp' and 'pc'.
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_add","title":"hook_add","text":"hook_add(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.hook_del","title":"hook_del","text":"hook_del(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.emu_start","title":"emu_start","text":"emu_start(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.emu_stop","title":"emu_stop","text":"emu_stop(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.emulate_with_hook","title":"emulate_with_hook","text":"emulate_with_hook(hook, count=512) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.mem_read","title":"mem_read","text":"mem_read(*a, **kw)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_jump","title":"until_jump","text":"until_jump(pc: int = None)\n
Emulates instructions starting at the specified address until the program counter is set to an address which does not linearly follow the previously-emulated instruction.
Parameters:
Return Returns a tuple containing the address of the jump instruction, and its target in the format (address, target).
If emulation is forced to stop (e.g., because of a syscall or invalid memory access) then address is the instruction which could not be emulated through, and target will be None.
Notes This routine does not consider 'call $+5'
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_jump_hook_code","title":"until_jump_hook_code","text":"until_jump_hook_code(_uc, address, instruction_size: int, _user_data) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_call","title":"until_call","text":"until_call(pc=None)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_syscall","title":"until_syscall","text":"until_syscall(pc=None)\n
Emulates instructions starting at the specified address until the program counter points at a syscall instruction (int 0x80, svc, etc.).
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.until_syscall_hook_code","title":"until_syscall_hook_code","text":"until_syscall_hook_code(uc, address, size: int, user_data) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.single_step","title":"single_step","text":"single_step(pc=None, check_instruction=False) -> tuple[int, int]\n
Steps one instruction.
Yields:
-
int \u2013 Each iteration, yields a tuple of (address_just_executed, instruction_size).
-
int \u2013 Returns (None, None) upon failure to execute the instruction
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.single_step_iter","title":"single_step_iter","text":"single_step_iter(pc=None)\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.single_step_hook_code","title":"single_step_hook_code","text":"single_step_hook_code(\n _uc, address: int, instruction_size: int, _user_data\n) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.dumpregs","title":"dumpregs","text":"dumpregs() -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.trace_hook","title":"trace_hook","text":"trace_hook(_uc, address, instruction_size: int, _user_data) -> None\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.Emulator.__repr__","title":"__repr__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.parse_consts","title":"parse_consts","text":"parse_consts(u_consts) -> dict[str, int]\n
Unicorn \"consts\" is a python module consisting of a variable definition for each known entity. We repack it here as a dict for performance.
Maps \"UC_*\" -> integer value of the constant
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.create_reg_to_const_map","title":"create_reg_to_const_map","text":"create_reg_to_const_map(\n base_consts: dict[str, int], additional_mapping: dict[str, int] = None\n) -> dict[str, int]\n
"},{"location":"reference/pwndbg/emu/emulator/#pwndbg.emu.emulator.debug","title":"debug","text":"debug(debug_type, fmt, args=()) -> None\n
"},{"location":"reference/pwndbg/enhance/","title":"pwndbg.enhance","text":""},{"location":"reference/pwndbg/enhance/#pwndbg.enhance","title":"enhance","text":"Attempt to describe the data at a memory address as best as possible.
Only when the data is not a pointer.
Currently prints out code, integers, or strings, in a best-effort manner dependent on page permissions, the contents of the data, and any supplemental information sources (e.g. active IDA Pro connection).
Functions:
"},{"location":"reference/pwndbg/enhance/#pwndbg.enhance.format_small_int","title":"format_small_int","text":"format_small_int(value: int) -> str\n
"},{"location":"reference/pwndbg/enhance/#pwndbg.enhance.format_small_int_pair","title":"format_small_int_pair","text":"format_small_int_pair(first: int, second: int) -> tuple[str, str]\n
"},{"location":"reference/pwndbg/enhance/#pwndbg.enhance.int_str","title":"int_str","text":"int_str(value: int) -> str\n
"},{"location":"reference/pwndbg/enhance/#pwndbg.enhance.enhance","title":"enhance","text":"enhance(\n value: int,\n code: bool = True,\n safe_linking: bool = False,\n attempt_dereference=True,\n enhance_string_len: int = None,\n) -> str\n
Given the last pointer in a chain, attempt to characterize
Note that 'the last pointer in a chain' may not at all actually be a pointer.
Additionally, optimizations are made based on various sources of data for 'value'. For example, if it is set to RWX, we try to get information on whether it resides on the stack, or in a RW section that happens to be RWX, to determine which order to print the fields.
Parameters:
-
value (int) \u2013 Value to enhance
-
code (bool, default: True ) \u2013 Hint that indicates the value may be an instruction
-
safe_linking (bool, default: False ) \u2013 Whether this chain use safe-linking
-
enhance_string_len (int, default: None ) \u2013 The length of string to display for enhancement of the last pointer
"},{"location":"reference/pwndbg/exception/","title":"pwndbg.exception","text":""},{"location":"reference/pwndbg/exception/#pwndbg.exception","title":"exception","text":"Common exception handling.
Functions:
-
print_exception \u2013 -
inform_report_issue \u2013 Informs user that he can report an issue.
-
inform_verbose_and_debug \u2013 -
handle \u2013 Displays an exception to the user, optionally displaying a full traceback
-
set_trace \u2013 Enable sane debugging in Pwndbg by switching to the \"real\" stdio.
-
update \u2013
Attributes:
-
verbose \u2013 -
debug \u2013
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.verbose","title":"verbose module-attribute","text":"verbose = add_param(\n \"exception-verbose\",\n False,\n \"print a full stacktrace for exceptions raised in Pwndbg commands\",\n)\n
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.debug","title":"debug module-attribute","text":"debug = add_param(\n \"exception-debugger\",\n False,\n \"whether to debug exceptions raised in Pwndbg commands\",\n)\n
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.print_exception","title":"print_exception","text":"print_exception(exception_msg) -> None\n
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.inform_report_issue","title":"inform_report_issue","text":"inform_report_issue(exception_msg) -> None\n
Informs user that he can report an issue. The use of caching makes it reporting only once for a given exception message.
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.inform_verbose_and_debug","title":"inform_verbose_and_debug","text":"inform_verbose_and_debug() -> None\n
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.handle","title":"handle","text":"handle(name='Error')\n
Displays an exception to the user, optionally displaying a full traceback and spawning an interactive post-moretem debugger.
Notes set exception-verbose on enables stack traces.set exception-debugger on enables the post-mortem debugger.
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.set_trace","title":"set_trace","text":"set_trace() -> None\n
Enable sane debugging in Pwndbg by switching to the \"real\" stdio.
"},{"location":"reference/pwndbg/exception/#pwndbg.exception.update","title":"update","text":"update() -> None\n
"},{"location":"reference/pwndbg/gdblib/","title":"pwndbg.gdblib","text":""},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib","title":"gdblib","text":"Library for handling GDB logic. Being removed in favour of aglib.
Modules:
-
bpoint \u2013 -
config \u2013 Dynamic configuration system for pwndbg, using GDB's built-in Parameter
-
events \u2013 Enables callbacks into functions to be automatically invoked
-
functions \u2013 Put all functions defined for gdb in here.
-
got \u2013 Global Offset Table Tracker
-
hooks \u2013 -
info \u2013 Runs a few useful commands which are available under \"info\".
-
prompt \u2013 -
ptmalloc2_tracking \u2013 Heap Tracking
-
scheduler \u2013 -
shellcode \u2013 Shellcode
-
symbol \u2013 Looking up addresses for function names / symbols, and
-
tui \u2013 -
vmmap \u2013 Routines to enumerate mapped memory, and attempt to associate
Functions:
Attributes:
-
regs \u2013 -
__all__ \u2013 -
gdb_version \u2013 -
msg \u2013
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.regs","title":"regs module-attribute","text":"regs = None\n
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.__all__","title":"__all__ module-attribute","text":"__all__ = ()\n
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.gdb_version","title":"gdb_version module-attribute","text":"gdb_version = tuple(map(int, groups()))\n
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.msg","title":"msg module-attribute","text":"msg = 'Unsupported GDB version, pwndbg only support GDB12+'\n
"},{"location":"reference/pwndbg/gdblib/#pwndbg.gdblib.load_gdblib","title":"load_gdblib","text":"load_gdblib() -> None\n
Import all gdblib modules that need to run code on import
"},{"location":"reference/pwndbg/gdblib/bpoint/","title":"pwndbg.gdblib.bpoint","text":""},{"location":"reference/pwndbg/gdblib/bpoint/#pwndbg.gdblib.bpoint","title":"bpoint","text":"Classes:
"},{"location":"reference/pwndbg/gdblib/bpoint/#pwndbg.gdblib.bpoint.Breakpoint","title":"Breakpoint","text":" Bases: Breakpoint
Breakpoint class, similar to gdb.Breakpoint, but clears the caches associated with the stop event before determining whether it should stop the inferior or not.
Unlike gdb.Breakpoint, users of this class should override should_stop(), instead of stop(), as the latter is used to do cache invalidation.
Methods:
"},{"location":"reference/pwndbg/gdblib/bpoint/#pwndbg.gdblib.bpoint.Breakpoint.stop","title":"stop","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/bpoint/#pwndbg.gdblib.bpoint.Breakpoint.should_stop","title":"should_stop","text":"should_stop() -> bool\n
This function is called whenever this breakpoint is hit in the code and its return value determines whether the inferior will be stopped.
"},{"location":"reference/pwndbg/gdblib/config/","title":"pwndbg.gdblib.config","text":""},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config","title":"config","text":"Dynamic configuration system for pwndbg, using GDB's built-in Parameter mechanism.
To create a new pwndbg configuration point, call pwndbg.config.add_param.
Parameters should be declared in the module in which they are primarily used, or in this module for general-purpose parameters.
All pwndbg Parameter types are accessible via property access on this module, for example:
>>> pwndbg.config.add_param('example-value', 7, 'an example')\n>>> int(pwndbg.config.example_value)\n7\n
Classes:
Functions:
Attributes:
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.CLASS_MAPPING","title":"CLASS_MAPPING module-attribute","text":"CLASS_MAPPING = {\n PARAM_BOOLEAN: PARAM_BOOLEAN,\n PARAM_AUTO_BOOLEAN: PARAM_AUTO_BOOLEAN,\n PARAM_INTEGER: PARAM_INTEGER,\n PARAM_ZINTEGER: PARAM_ZINTEGER,\n PARAM_UINTEGER: PARAM_UINTEGER,\n PARAM_ZUINTEGER: PARAM_ZUINTEGER,\n PARAM_ZUINTEGER_UNLIMITED: PARAM_ZUINTEGER_UNLIMITED,\n PARAM_STRING: PARAM_STRING,\n PARAM_ENUM: PARAM_ENUM,\n PARAM_OPTIONAL_FILENAME: PARAM_OPTIONAL_FILENAME,\n}\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter","title":"Parameter","text":"Parameter(param: Parameter)\n
Bases: Parameter
Methods:
-
init_super \u2013 Initializes the super class for GDB >= 9
-
on_change \u2013 Called when the value of the pwndbg.lib.config.Parameter changes
-
get_set_string \u2013 Handles the GDB set <param>
-
get_show_string \u2013 Handles the GDB show <param>
Attributes:
-
set_doc \u2013 -
show_doc \u2013 -
__doc__ \u2013 -
param \u2013 -
value \u2013 -
native_value \u2013 -
native_default \u2013
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.set_doc","title":"set_doc instance-attribute","text":"set_doc = 'Set ' + set_show_doc + '.'\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.show_doc","title":"show_doc instance-attribute","text":"show_doc = 'Show ' + set_show_doc + '.'\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.__doc__","title":"__doc__ instance-attribute","text":"__doc__ = help_docstring or None\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.param","title":"param instance-attribute","text":"param = param\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.value","title":"value instance-attribute","text":"value = value\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.native_value","title":"native_value property","text":"native_value\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.native_default","title":"native_default property","text":"native_default\n
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.init_super","title":"init_super","text":"init_super(param: Parameter) -> None\n
Initializes the super class for GDB >= 9
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.on_change","title":"on_change","text":"on_change(value: Any) -> None\n
Called when the value of the pwndbg.lib.config.Parameter changes Transfer the value to the GDB parameter to keep them in sync.
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.get_set_string","title":"get_set_string","text":"get_set_string() -> str\n
Handles the GDB set <param>
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.Parameter.get_show_string","title":"get_show_string","text":"get_show_string(svalue: str) -> str\n
Handles the GDB show <param>
"},{"location":"reference/pwndbg/gdblib/config/#pwndbg.gdblib.config.init_params","title":"init_params","text":"init_params() -> None\n
"},{"location":"reference/pwndbg/gdblib/events/","title":"pwndbg.gdblib.events","text":""},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events","title":"events","text":"Enables callbacks into functions to be automatically invoked when various events occur to the debuggee (e.g. STOP on SIGINT) by using a decorator.
Classes:
Functions:
Attributes:
-
DISABLED \u2013 -
DISABLED_DEADLOCK \u2013 -
ENABLED \u2013 -
debug \u2013 -
gdb_workaround_stop_event \u2013 -
P \u2013 -
T \u2013 -
queued_events (Deque[Callable[..., Any]]) \u2013 -
executing_event \u2013 -
registered (dict[Any, dict[HandlerPriority, list[Callable[..., Any]]]]) \u2013 -
connected \u2013 -
paused \u2013
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.DISABLED","title":"DISABLED module-attribute","text":"DISABLED = 'disabled'\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.DISABLED_DEADLOCK","title":"DISABLED_DEADLOCK module-attribute","text":"DISABLED_DEADLOCK = 'disabled-deadlock'\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.ENABLED","title":"ENABLED module-attribute","text":"ENABLED = 'enabled'\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.debug","title":"debug module-attribute","text":"debug = add_param(\n \"debug-events\", False, \"display internal event debugging info\"\n)\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.gdb_workaround_stop_event","title":"gdb_workaround_stop_event module-attribute","text":"gdb_workaround_stop_event = add_param('gdb-workaround-stop-event', DISABLED, \"asynchronous stop events to improve 'commands' functionality\", help_docstring=f'\nNote that this may cause unexpected behavior with Pwndbg or gdb.execute.\n\nValues explained:\n\n+ `{DISABLED}` - Disable the workaround (default).\n+ `{DISABLED_DEADLOCK}` - Disable only deadlock detection; deadlocks may still occur.\n+ `{ENABLED}` - Enable asynchronous stop events; gdb.execute may behave unexpectedly (asynchronously).\n ', param_class=PARAM_ENUM, enum_sequence=[DISABLED, DISABLED_DEADLOCK, ENABLED])\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.queued_events","title":"queued_events module-attribute","text":"queued_events: Deque[Callable[..., Any]] = deque()\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.executing_event","title":"executing_event module-attribute","text":"executing_event = False\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.registered","title":"registered module-attribute","text":"registered: dict[Any, dict[HandlerPriority, list[Callable[..., Any]]]] = {\n exited: {},\n cont: {},\n new_objfile: {},\n stop: {},\n start: {},\n new_thread: {},\n before_prompt: {},\n memory_changed: {},\n register_changed: {},\n}\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.connected","title":"connected module-attribute","text":"connected = {}\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.paused","title":"paused module-attribute","text":"paused = defaultdict(bool)\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent","title":"StartEvent","text":"StartEvent()\n
Methods:
-
connect \u2013 -
disconnect \u2013 -
on_new_objfile \u2013 -
on_exited \u2013 -
on_stop \u2013
Attributes:
-
registered (list[Callable[..., Any]]) \u2013 -
running \u2013
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.registered","title":"registered instance-attribute","text":"registered: list[Callable[..., Any]] = []\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.running","title":"running instance-attribute","text":"running = False\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.connect","title":"connect","text":"connect(function: Callable[..., Any]) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.disconnect","title":"disconnect","text":"disconnect(function: Callable[..., Any]) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.on_new_objfile","title":"on_new_objfile","text":"on_new_objfile() -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.on_exited","title":"on_exited","text":"on_exited() -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.StartEvent.on_stop","title":"on_stop","text":"on_stop() -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.HandlerPriority","title":"HandlerPriority","text":" Bases: Enum
A priority level for an event handler, ordered from highest to lowest priority.
Attributes:
-
CACHE_CLEAR \u2013 -
LOW \u2013
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.HandlerPriority.CACHE_CLEAR","title":"CACHE_CLEAR class-attribute instance-attribute","text":"CACHE_CLEAR = auto()\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.HandlerPriority.LOW","title":"LOW class-attribute instance-attribute","text":"LOW = auto()\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.wrap_safe_event_handler","title":"wrap_safe_event_handler","text":"wrap_safe_event_handler(\n event_handler: Callable[P, T], event_type: Any\n) -> Callable[P, T]\n
Wraps an event handler to ensure it is only executed when the event is safe. Invalid events are queued and executed later when safe.
Note: Avoid using gdb.post_event because of another bug in gdbserver where the gdb.newest_frame function may not work properly.
Workaround to fix bug in gdbserver (gdb.events.new_objfile): #2576 Workaround to fix bug in gdb (gdb.events.stop): #425
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.pause","title":"pause","text":"pause(event_registry) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.unpause","title":"unpause","text":"unpause(event_registry) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.connect","title":"connect","text":"connect(\n func: Callable[[], T],\n event_handler: Any,\n name: str = \"\",\n priority: HandlerPriority = LOW,\n) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.exit","title":"exit","text":"exit(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.cont","title":"cont","text":"cont(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.new_objfile","title":"new_objfile","text":"new_objfile(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.stop","title":"stop","text":"stop(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.start","title":"start","text":"start(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.thread","title":"thread","text":"thread(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.before_prompt","title":"before_prompt","text":"before_prompt(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.reg_changed","title":"reg_changed","text":"reg_changed(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.mem_changed","title":"mem_changed","text":"mem_changed(func: Callable[[], T], **kwargs: Any) -> Callable[[], T]\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.log_objfiles","title":"log_objfiles","text":"log_objfiles(ofile: NewObjFileEvent | None = None) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.invoke_event","title":"invoke_event","text":"invoke_event(event: Any, *args: Any, **kwargs: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.after_reload","title":"after_reload","text":"after_reload(fire_start: bool = True) -> None\n
"},{"location":"reference/pwndbg/gdblib/events/#pwndbg.gdblib.events.on_reload","title":"on_reload","text":"on_reload() -> None\n
"},{"location":"reference/pwndbg/gdblib/functions/","title":"pwndbg.gdblib.functions","text":""},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions","title":"functions","text":"Put all functions defined for gdb in here.
This file might be changed into a module in the future.
Functions:
-
GdbFunction \u2013 -
rebase \u2013 Return address rebased onto the executable's mappings.
-
base \u2013 Return the base address of the first memory mapping containing the given name.
-
hex2ptr \u2013 Converts a hex string to a little-endian address and returns the address.
-
argc \u2013 Get the number of program arguments.
-
argv \u2013 Get the n-th program argument.
-
environ \u2013 Get an environment variable by name.
-
envp \u2013 Get the n-th environment variable.
-
dbg_value_to_gdb \u2013 -
fsbase \u2013 Get the value of the FS segment register.
-
gsbase \u2013 Get the value of the GS segment register.
Attributes:
-
functions (list[_GdbFunction]) \u2013
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.functions","title":"functions module-attribute","text":"functions: list[_GdbFunction] = []\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.GdbFunction","title":"GdbFunction","text":"GdbFunction(only_when_running: bool = False) -> Callable[..., Any]\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.rebase","title":"rebase","text":"rebase(addr: int | Value) -> int\n
Return address rebased onto the executable's mappings.
Example:
pwndbg> p/x $rebase(0xd9020)\n$1 = 0x55555562d020\npwndbg> vmmap\n0x555555554000 0x55555556f000 r--p 1b000 0 /usr/bin/bash\n0x55555556f000 0x55555562d000 r-xp be000 1b000 /usr/bin/bash\n0x55555562d000 0x55555565e000 r--p 31000 d9000 /usr/bin/bash\n[...]\npwndbg> p $rebase(0xd9020) == 0x555555554000 + 0xd9020\n$2 = 1\npwndbg> tele $rebase(0xd9020)\n00:0000\u2502 0x55555562d020 \u25c2\u2014 0x204900636f6c6c61 /* 'alloc' */\n01:0008\u2502 0x55555562d028 \u25c2\u2014 'have no name!'\n02:0010\u2502 0x55555562d030 \u25c2\u2014 0x65720021656d616e /* 'name!' */\n03:0018\u2502 0x55555562d038 \u25c2\u2014 'adline stdin'\n[...]\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.base","title":"base","text":"base(name_pattern: str | Value) -> int\n
Return the base address of the first memory mapping containing the given name.
Example:
pwndbg> p/x $base(\"libc\")\n$4 = 0x7ffff7d4b000\npwndbg> vmmap libc\n 0x7ffff7d4a000 0x7ffff7d4b000 rw-p 1000 6e000 /usr/lib/libncursesw.so.6.5\n\u25ba 0x7ffff7d4b000 0x7ffff7d6f000 r--p 24000 0 /usr/lib/libc.so.6\n\u25ba 0x7ffff7d6f000 0x7ffff7ed6000 r-xp 167000 24000 /usr/lib/libc.so.6\n\u25ba 0x7ffff7ed6000 0x7ffff7f2b000 r--p 55000 18b000 /usr/lib/libc.so.6\n\u25ba 0x7ffff7f2b000 0x7ffff7f2f000 r--p 4000 1e0000 /usr/lib/libc.so.6\n\u25ba 0x7ffff7f2f000 0x7ffff7f31000 rw-p 2000 1e4000 /usr/lib/libc.so.6\n 0x7ffff7f31000 0x7ffff7f39000 rw-p 8000 0 [anon_7ffff7f31]\npwndbg> tele $base(\\\"libc\\\")+0x1337\n00:0000\u2502 0x7ffff7d4c337 \u25c2\u2014 0x80480a04214000f0\n01:0008\u2502 0x7ffff7d4c33f \u25c2\u2014 0x8040c02204452040\n02:0010\u2502 0x7ffff7d4c347 \u25c2\u2014 0x20042400000200\n03:0018\u2502 0x7ffff7d4c34f \u25c2\u2014 0x20 /* ' ' */\n[...]\n
Beware of accidentally matching the wrong mapping. For instance, if the loaded executable contained the string \"libc\" anywhere in it's path, it would've been returned.
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.hex2ptr","title":"hex2ptr","text":"hex2ptr(hex_string: str | Value) -> int\n
Converts a hex string to a little-endian address and returns the address.
Example:
pwndbg> p/x $hex2ptr(\"20 74 ed f7 ff 7f\")\n$1 = 0x7ffff7ed7420\npwndbg> p/x $hex2ptr(\"2074edf7ff7f\")\n$2 = 0x7ffff7ed7420\npwndbg> distance '$base(\"libc\")' '$hex2ptr(\"20 74 ed f7 ff 7f\")'\n0x7ffff7d4b000->0x7ffff7ed7420 is 0x18c420 bytes (0x31884 words)\n
Especially useful for quickly converting pwntools output.
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.argc","title":"argc","text":"argc() -> int\n
Get the number of program arguments. Evaluates to argc.
Example:
pwndbg> p $argc()\n$1 = 2\npwndbg> argv\n00:0000\u2502 0x7fffffffe288 \u2014\u25b8 0x7fffffffe659 \u25c2\u2014 '/usr/bin/cat'\n01:0008\u2502 0x7fffffffe290 \u2014\u25b8 0x7fffffffe666 \u25c2\u2014 'gdbinit.py'\n02:0010\u2502 0x7fffffffe298 \u25c2\u2014 0\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.argv","title":"argv","text":"argv(index: Value) -> Value\n
Get the n-th program argument. Evaluate argv on the supplied value.
Example:
pwndbg> p $argv(0)\n$11 = (signed char *) 0x7fffffffe666 \"/usr/bin/sh\"\npwndbg> argv\n00:0000\u2502 0x7fffffffe2a8 \u2014\u25b8 0x7fffffffe666 \u25c2\u2014 '/usr/bin/sh'\n01:0008\u2502 0x7fffffffe2b0 \u25c2\u2014 0\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.environ","title":"environ","text":"environ(env_name: Value) -> Value\n
Get an environment variable by name. Evaluate getenv() on the supplied value.
Example:
pwndbg> p $environ(\"LANG\")\n$2 = (signed char *) 0x7fffffffebfb \"LANG=en_US.UTF-8\"\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.envp","title":"envp","text":"envp(index: Value) -> Value\n
Get the n-th environment variable. Evaluate envp on the supplied value.
Example:
pwndbg> p $envp(0x3F)\n$13 = (signed char *) 0x7fffffffef7d \"LANG=en_US.UTF-8\"\npwndbg> p $envp(0x3F) == $environ(\"LANG\")\n$14 = 1\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.dbg_value_to_gdb","title":"dbg_value_to_gdb","text":"dbg_value_to_gdb(d: Value) -> Value\n
"},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.fsbase","title":"fsbase","text":"fsbase(offset: Value = Value(0)) -> int\n
Get the value of the FS segment register. Only valid on x86(-64).
Example:
pwndbg> p/x $fsbase()\n$3 = 0x7ffff7cdab80\npwndbg> p $fs_base == $fsbase()\n$4 = 1\npwndbg> x/gx $fsbase(0x28)\n0x7ffff7cdaba8: 0x4da926e1668e5a00\npwndbg> x/gx $fsbase(0x30)\n0x7ffff7cdabb0: 0x190a86d93bccf0ad\npwndbg> tls\nThread Local Storage (TLS) base: 0x7ffff7cdab80\nTLS is located at:\n 0x7ffff7cda000 0x7ffff7cdc000 rw-p 2000 0 [anon_7ffff7cda]\nDumping the address:\ntcbhead_t @ 0x7ffff7cdab80\n 0x00007ffff7cdab80 +0x0000 tcb : 0x7ffff7cdab80\n 0x00007ffff7cdab88 +0x0008 dtv : 0x7ffff7cdb4f0\n 0x00007ffff7cdab90 +0x0010 self : 0x7ffff7cdab80\n 0x00007ffff7cdab98 +0x0018 multiple_threads : 0x0\n 0x00007ffff7cdab9c +0x001c gscope_flag : 0x0\n 0x00007ffff7cdaba0 +0x0020 sysinfo : 0x0\n 0x00007ffff7cdaba8 +0x0028 stack_guard : 0x4da926e1668e5a00\n 0x00007ffff7cdabb0 +0x0030 pointer_guard : 0x190a86d93bccf0ad\n [...]\npwndbg> canary\n[...]\nCanary = 0x4da926e1668e5a00 (may be incorrect on != glibc)\n[...]\n
FS will usually point to the start of the TLS. If you're not providing an offset, it is usually easier to use GDB's builtin $fs_base variable."},{"location":"reference/pwndbg/gdblib/functions/#pwndbg.gdblib.functions.gsbase","title":"gsbase","text":"gsbase(offset: Value = Value(0)) -> int\n
Get the value of the GS segment register. Only valid on x86(-64).
Example:
pwndbg> p/x $gsbase()\n$1 = 0x0\n
The value of the GS register is more interesting when doing kernel debugging: pwndbg> p/x $gsbase()\n$1 = 0xffff999287a00000\npwndbg> tele $gsbase()\n00:0000\u2502 0xffff999287a00000 \u25c2\u2014 0\n... \u2193 4 skipped\n05:0028\u2502 0xffff999287a00028 \u25c2\u2014 0xd6aa9b336d52a400\n06:0030\u2502 0xffff999287a00030 \u25c2\u2014 0\n07:0038\u2502 0xffff999287a00038 \u25c2\u2014 0\npwndbg> p $gsbase() == $gs_base\n$2 = 1\n
If you're not providing an offset, it is usually easier to use GDB's builtin $gs_base variable."},{"location":"reference/pwndbg/gdblib/got/","title":"pwndbg.gdblib.got","text":""},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got","title":"got","text":"Global Offset Table Tracker
Subsystem for tracking accesses to external function calls made through pointers in an inferior's Global Offset Table, such as those made by the stubs in the Procedure Linkage Table.
Currently, it does this by attatching watchpoints to the entries in the GOT and taking note of where the call came from, but it could be done much faster by injecting our own code into the program space to track this.
Classes:
-
RelocTypes \u2013 This class contains all the relocation type constants so that one may
-
TrapAllocator \u2013 Utility that allocates and manages executable addresses in the space of the
-
Patcher \u2013 Watches for changes made by program code to the GOT and fixes them up.
-
Tracker \u2013 Class that tracks the accesses made to the entries in the GOT.
Functions:
-
is_mmap_error \u2013 Checks whether the return value of an mmap of indicates an error.
-
display_name \u2013 Return the display name for a symbol or objfile.
-
all_tracked_entries \u2013 Return an iterator over all of the GOT whose accesses are being tracked.
-
tracked_entry_by_address \u2013 Return the tracker associated with the entry at the given address, if any.
-
enable_got_call_tracking \u2013 Enable the analysis of calls made through the GOT.
-
disable_got_call_tracking \u2013 Disable the analysis of calls made through the GOT.
-
jump_slots_for \u2013 Returns the jump slot addresses described by the given dynamic section.
Attributes:
-
JUMP_SLOTS \u2013 -
IRELATIVE_SLOTS \u2013 -
TRAP_ALLOCATOR \u2013 -
GOT_TRACKING \u2013 -
INSTALLED_WATCHPOINTS (dict[int, tuple[Tracker, Patcher]]) \u2013
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.JUMP_SLOTS","title":"JUMP_SLOTS module-attribute","text":"JUMP_SLOTS = {\n \"x86-64\": {R_X86_64_JUMP_SLOT},\n \"i386\": {R_386_JMP_SLOT},\n \"aarch64\": {R_AARCH64_JUMP_SLOT},\n \"mips\": {R_MIPS_JUMP_SLOT},\n \"powerpc\": {R_PPC_JMP_SLOT},\n \"sparc\": {R_SPARC_JMP_SLOT},\n \"arm\": {R_ARM_JUMP_SLOT},\n \"armcm\": {R_ARM_JUMP_SLOT},\n \"rv32\": {R_RISCV_JUMP_SLOT},\n \"rv64\": {R_RISCV_JUMP_SLOT},\n}\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.IRELATIVE_SLOTS","title":"IRELATIVE_SLOTS module-attribute","text":"IRELATIVE_SLOTS = {\n \"x86-64\": {R_X86_64_IRELATIVE},\n \"i386\": {R_386_IRELATIVE},\n \"aarch64\": {R_AARCH64_P32_IRELATIVE, R_AARCH64_IRELATIVE},\n \"mips\": set(),\n \"powerpc\": {R_PPC_IRELATIVE},\n \"sparc\": {R_SPARC_IRELATIVE},\n \"arm\": {R_ARM_IRELATIVE},\n \"armcm\": {R_ARM_IRELATIVE},\n \"rv32\": {R_RISCV_IRELATIVE},\n \"rv64\": {R_RISCV_IRELATIVE},\n}\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TRAP_ALLOCATOR","title":"TRAP_ALLOCATOR module-attribute","text":"TRAP_ALLOCATOR = TrapAllocator()\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.GOT_TRACKING","title":"GOT_TRACKING module-attribute","text":"GOT_TRACKING = False\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.INSTALLED_WATCHPOINTS","title":"INSTALLED_WATCHPOINTS module-attribute","text":"INSTALLED_WATCHPOINTS: dict[int, tuple[Tracker, Patcher]] = {}\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes","title":"RelocTypes","text":"This class contains all the relocation type constants so that one may interpret the relocations types present in the DYNAMIC segment. These constants are defined in each of the processors' SystemV R4 psABI document, or equivalent, and should stay the same across all implementations of libc on systems that adhere to that ABI, such as Linux.
Most of these were sourced from GLibc, which conveniently lists all of the relocations types in a single file1.
Attributes:
-
R_RISCV_JUMP_SLOT \u2013 -
R_X86_64_JUMP_SLOT \u2013 -
R_386_JMP_SLOT \u2013 -
R_CRIS_JUMP_SLOT \u2013 -
R_390_JMP_SLOT \u2013 -
R_CKCORE_JUMP_SLOT \u2013 -
R_TILEPRO_JMP_SLOT \u2013 -
R_MICROBLAZE_JUMP_SLOT \u2013 -
R_TILEGX_JMP_SLOT \u2013 -
R_OR1K_JMP_SLOT \u2013 -
R_68K_JMP_SLOT \u2013 -
R_SPARC_JMP_SLOT \u2013 -
R_PPC_JMP_SLOT \u2013 -
R_PPC64_JMP_SLOT \u2013 -
R_ARM_JUMP_SLOT \u2013 -
R_MN10300_JMP_SLOT \u2013 -
R_ALPHA_JMP_SLOT \u2013 -
R_NIOS2_JUMP_SLOT \u2013 -
R_NDS32_JMP_SLOT \u2013 -
R_METAG_JMP_SLOT \u2013 -
R_M32R_JMP_SLOT \u2013 -
R_ARC_JMP_SLOT \u2013 -
R_MIPS_JUMP_SLOT \u2013 -
R_SH_JMP_SLOT \u2013 -
R_AARCH64_JUMP_SLOT \u2013 -
R_X86_64_IRELATIVE \u2013 -
R_386_IRELATIVE \u2013 -
R_RISCV_IRELATIVE \u2013 -
R_390_IRELATIVE \u2013 -
R_ARM_IRELATIVE \u2013 -
R_AARCH64_P32_IRELATIVE \u2013 -
R_PPC_IRELATIVE \u2013 -
R_PPC64_IRELATIVE \u2013 -
R_SPARC_IRELATIVE \u2013 -
R_AARCH64_IRELATIVE \u2013
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_RISCV_JUMP_SLOT","title":"R_RISCV_JUMP_SLOT class-attribute instance-attribute","text":"R_RISCV_JUMP_SLOT = 5\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_X86_64_JUMP_SLOT","title":"R_X86_64_JUMP_SLOT class-attribute instance-attribute","text":"R_X86_64_JUMP_SLOT = 7\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_386_JMP_SLOT","title":"R_386_JMP_SLOT class-attribute instance-attribute","text":"R_386_JMP_SLOT = 7\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_CRIS_JUMP_SLOT","title":"R_CRIS_JUMP_SLOT class-attribute instance-attribute","text":"R_CRIS_JUMP_SLOT = 11\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_390_JMP_SLOT","title":"R_390_JMP_SLOT class-attribute instance-attribute","text":"R_390_JMP_SLOT = 11\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_CKCORE_JUMP_SLOT","title":"R_CKCORE_JUMP_SLOT class-attribute instance-attribute","text":"R_CKCORE_JUMP_SLOT = 12\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_TILEPRO_JMP_SLOT","title":"R_TILEPRO_JMP_SLOT class-attribute instance-attribute","text":"R_TILEPRO_JMP_SLOT = 12\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_MICROBLAZE_JUMP_SLOT","title":"R_MICROBLAZE_JUMP_SLOT class-attribute instance-attribute","text":"R_MICROBLAZE_JUMP_SLOT = 17\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_TILEGX_JMP_SLOT","title":"R_TILEGX_JMP_SLOT class-attribute instance-attribute","text":"R_TILEGX_JMP_SLOT = 18\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_OR1K_JMP_SLOT","title":"R_OR1K_JMP_SLOT class-attribute instance-attribute","text":"R_OR1K_JMP_SLOT = 20\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_68K_JMP_SLOT","title":"R_68K_JMP_SLOT class-attribute instance-attribute","text":"R_68K_JMP_SLOT = 21\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_SPARC_JMP_SLOT","title":"R_SPARC_JMP_SLOT class-attribute instance-attribute","text":"R_SPARC_JMP_SLOT = 21\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC_JMP_SLOT","title":"R_PPC_JMP_SLOT class-attribute instance-attribute","text":"R_PPC_JMP_SLOT = 21\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC64_JMP_SLOT","title":"R_PPC64_JMP_SLOT class-attribute instance-attribute","text":"R_PPC64_JMP_SLOT = 21\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ARM_JUMP_SLOT","title":"R_ARM_JUMP_SLOT class-attribute instance-attribute","text":"R_ARM_JUMP_SLOT = 22\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_MN10300_JMP_SLOT","title":"R_MN10300_JMP_SLOT class-attribute instance-attribute","text":"R_MN10300_JMP_SLOT = 22\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ALPHA_JMP_SLOT","title":"R_ALPHA_JMP_SLOT class-attribute instance-attribute","text":"R_ALPHA_JMP_SLOT = 26\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_NIOS2_JUMP_SLOT","title":"R_NIOS2_JUMP_SLOT class-attribute instance-attribute","text":"R_NIOS2_JUMP_SLOT = 38\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_NDS32_JMP_SLOT","title":"R_NDS32_JMP_SLOT class-attribute instance-attribute","text":"R_NDS32_JMP_SLOT = 41\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_METAG_JMP_SLOT","title":"R_METAG_JMP_SLOT class-attribute instance-attribute","text":"R_METAG_JMP_SLOT = 44\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_M32R_JMP_SLOT","title":"R_M32R_JMP_SLOT class-attribute instance-attribute","text":"R_M32R_JMP_SLOT = 52\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ARC_JMP_SLOT","title":"R_ARC_JMP_SLOT class-attribute instance-attribute","text":"R_ARC_JMP_SLOT = 55\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_MIPS_JUMP_SLOT","title":"R_MIPS_JUMP_SLOT class-attribute instance-attribute","text":"R_MIPS_JUMP_SLOT = 127\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_SH_JMP_SLOT","title":"R_SH_JMP_SLOT class-attribute instance-attribute","text":"R_SH_JMP_SLOT = 164\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_AARCH64_JUMP_SLOT","title":"R_AARCH64_JUMP_SLOT class-attribute instance-attribute","text":"R_AARCH64_JUMP_SLOT = 1026\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_X86_64_IRELATIVE","title":"R_X86_64_IRELATIVE class-attribute instance-attribute","text":"R_X86_64_IRELATIVE = 37\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_386_IRELATIVE","title":"R_386_IRELATIVE class-attribute instance-attribute","text":"R_386_IRELATIVE = 42\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_RISCV_IRELATIVE","title":"R_RISCV_IRELATIVE class-attribute instance-attribute","text":"R_RISCV_IRELATIVE = 58\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_390_IRELATIVE","title":"R_390_IRELATIVE class-attribute instance-attribute","text":"R_390_IRELATIVE = 61\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_ARM_IRELATIVE","title":"R_ARM_IRELATIVE class-attribute instance-attribute","text":"R_ARM_IRELATIVE = 160\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_AARCH64_P32_IRELATIVE","title":"R_AARCH64_P32_IRELATIVE class-attribute instance-attribute","text":"R_AARCH64_P32_IRELATIVE = 188\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC_IRELATIVE","title":"R_PPC_IRELATIVE class-attribute instance-attribute","text":"R_PPC_IRELATIVE = 248\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_PPC64_IRELATIVE","title":"R_PPC64_IRELATIVE class-attribute instance-attribute","text":"R_PPC64_IRELATIVE = 248\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_SPARC_IRELATIVE","title":"R_SPARC_IRELATIVE class-attribute instance-attribute","text":"R_SPARC_IRELATIVE = 249\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.RelocTypes.R_AARCH64_IRELATIVE","title":"R_AARCH64_IRELATIVE class-attribute instance-attribute","text":"R_AARCH64_IRELATIVE = 1032\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator","title":"TrapAllocator","text":"TrapAllocator()\n
Utility that allocates and manages executable addresses in the space of the executing program that we can trap.
Methods:
-
alloc \u2013 Allocates a new address to where program execution can be diverted.
-
free \u2013 Indicates that an address obtained from alloc() can be recycled.
-
clear \u2013 Deletes all memory mappings and frees all addresses.
Attributes:
-
block_capacity \u2013 -
slot_size \u2013
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.block_capacity","title":"block_capacity class-attribute instance-attribute","text":"block_capacity = 4096\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.slot_size","title":"slot_size class-attribute instance-attribute","text":"slot_size = 8\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.alloc","title":"alloc","text":"alloc()\n
Allocates a new address to where program execution can be diverted.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.free","title":"free","text":"free(address) -> None\n
Indicates that an address obtained from alloc() can be recycled.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.TrapAllocator.clear","title":"clear","text":"clear()\n
Deletes all memory mappings and frees all addresses.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher","title":"Patcher","text":"Patcher(entry, tracker)\n
Bases: Breakpoint
Watches for changes made by program code to the GOT and fixes them up.
This class is paired with Tracker, and instances of both classes always function together.
Methods:
-
should_stop \u2013 -
stop \u2013
Attributes:
-
silent \u2013 -
entry \u2013 -
tracker \u2013 -
init \u2013
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.silent","title":"silent instance-attribute","text":"silent = True\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.entry","title":"entry class-attribute instance-attribute","text":"entry = entry\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.tracker","title":"tracker class-attribute instance-attribute","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.init","title":"init instance-attribute","text":"init = True\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.should_stop","title":"should_stop","text":"should_stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Patcher.stop","title":"stop","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker","title":"Tracker","text":"Tracker()\n
Bases: Breakpoint
Class that tracks the accesses made to the entries in the GOT.
This class is paired with Patcher, and instances of both classes always function together.
Methods:
-
delete \u2013 -
should_stop \u2013 -
stop \u2013
Attributes:
-
total_hits \u2013 -
target \u2013 -
dynamic_section \u2013 -
relocation_fn \u2013 -
relocation_index \u2013 -
link_map_entry \u2013 -
trapped_address \u2013 -
hits (dict[tuple[int, ...], int]) \u2013 -
silent \u2013
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.total_hits","title":"total_hits class-attribute instance-attribute","text":"total_hits = 0\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.target","title":"target class-attribute instance-attribute","text":"target = 0\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.dynamic_section","title":"dynamic_section class-attribute instance-attribute","text":"dynamic_section = None\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.relocation_fn","title":"relocation_fn class-attribute instance-attribute","text":"relocation_fn = None\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.relocation_index","title":"relocation_index class-attribute instance-attribute","text":"relocation_index = 0\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.link_map_entry","title":"link_map_entry class-attribute instance-attribute","text":"link_map_entry = None\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.trapped_address","title":"trapped_address class-attribute instance-attribute","text":"trapped_address = alloc()\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.hits","title":"hits class-attribute instance-attribute","text":"hits: dict[tuple[int, ...], int] = {}\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.silent","title":"silent instance-attribute","text":"silent = True\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.delete","title":"delete","text":"delete() -> None\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.should_stop","title":"should_stop","text":"should_stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.Tracker.stop","title":"stop","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.is_mmap_error","title":"is_mmap_error","text":"is_mmap_error(ptr: int)\n
Checks whether the return value of an mmap of indicates an error.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.display_name","title":"display_name","text":"display_name(name, basename=False)\n
Return the display name for a symbol or objfile.
Ideally, we'd like to display all of the names of the symbols as text, but there is really nothing stopping symbol names from being stored in some fairly wacky encoding or really from having names that aren't text at all.
We should try our best to turn whatever the symbol name is into text, but not so much that non-text entries or entries in unknown encodings become unrecognizable.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.all_tracked_entries","title":"all_tracked_entries","text":"all_tracked_entries()\n
Return an iterator over all of the GOT whose accesses are being tracked.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.tracked_entry_by_address","title":"tracked_entry_by_address","text":"tracked_entry_by_address(address)\n
Return the tracker associated with the entry at the given address, if any.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.enable_got_call_tracking","title":"enable_got_call_tracking","text":"enable_got_call_tracking(disable_hardware_whatchpoints=True) -> None\n
Enable the analysis of calls made through the GOT.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.disable_got_call_tracking","title":"disable_got_call_tracking","text":"disable_got_call_tracking() -> None\n
Disable the analysis of calls made through the GOT.
"},{"location":"reference/pwndbg/gdblib/got/#pwndbg.gdblib.got.jump_slots_for","title":"jump_slots_for","text":"jump_slots_for(dynamic)\n
Returns the jump slot addresses described by the given dynamic section.
"},{"location":"reference/pwndbg/gdblib/hooks/","title":"pwndbg.gdblib.hooks","text":""},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks","title":"hooks","text":"Functions:
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.update_typeinfo","title":"update_typeinfo","text":"update_typeinfo() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.update_arch","title":"update_arch","text":"update_arch() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.reset_config","title":"reset_config","text":"reset_config() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.on_start","title":"on_start","text":"on_start() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.on_stop","title":"on_stop","text":"on_stop() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.on_exit","title":"on_exit","text":"on_exit() -> None\n
"},{"location":"reference/pwndbg/gdblib/hooks/#pwndbg.gdblib.hooks.init","title":"init","text":"init() -> None\n
Calls all GDB hook functions that need to be called when GDB/pwndbg itself is loaded, as opposed to when an actual hook event occurs
"},{"location":"reference/pwndbg/gdblib/info/","title":"pwndbg.gdblib.info","text":""},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info","title":"info","text":"Runs a few useful commands which are available under \"info\".
Functions:
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.proc_mappings","title":"proc_mappings","text":"proc_mappings() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.auxv","title":"auxv","text":"auxv() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.files","title":"files","text":"files() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.target","title":"target","text":"target() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.sharedlibrary","title":"sharedlibrary","text":"sharedlibrary() -> str\n
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.parsed_sharedlibrary","title":"parsed_sharedlibrary","text":"parsed_sharedlibrary() -> dict[str, tuple[int, int]]\n
Returns a dictionary of shared libraries with their .text section from and to addresses.
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.sharedlibrary_paths","title":"sharedlibrary_paths","text":"sharedlibrary_paths() -> list[str]\n
Get the paths of all shared libraries loaded in the process by parsing the output of \"info sharedlibrary\".
"},{"location":"reference/pwndbg/gdblib/info/#pwndbg.gdblib.info.address","title":"address","text":"address(symbol: str) -> int | None\n
"},{"location":"reference/pwndbg/gdblib/prompt/","title":"pwndbg.gdblib.prompt","text":""},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt","title":"prompt","text":"Functions:
Attributes:
-
show_tip \u2013 -
cur (tuple[Inferior, InferiorThread] | None) \u2013 -
context_shown \u2013 -
last_alive_state \u2013
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.show_tip","title":"show_tip module-attribute","text":"show_tip = add_param(\n \"show-tips\", True, \"whether to display the tip of the day on startup\"\n)\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.cur","title":"cur module-attribute","text":"cur: tuple[Inferior, InferiorThread] | None = None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.context_shown","title":"context_shown module-attribute","text":"context_shown = False\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.last_alive_state","title":"last_alive_state module-attribute","text":"last_alive_state = False\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.initial_hook","title":"initial_hook","text":"initial_hook(*a: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.show_hint","title":"show_hint","text":"show_hint() -> None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.thread_is_stopped","title":"thread_is_stopped","text":"thread_is_stopped() -> bool\n
This detects whether selected thread is stopped. It is not stopped in situations when gdb is executing commands that are attached to a breakpoint by command command.
For more info see issue #229 ( #299 ) :return: Whether gdb executes commands attached to bp with command command.
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.prompt_hook","title":"prompt_hook","text":"prompt_hook(*a: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.reset_context_shown","title":"reset_context_shown","text":"reset_context_shown(*a: Any) -> None\n
"},{"location":"reference/pwndbg/gdblib/prompt/#pwndbg.gdblib.prompt.set_prompt","title":"set_prompt","text":"set_prompt() -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/","title":"pwndbg.gdblib.ptmalloc2_tracking","text":""},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking","title":"ptmalloc2_tracking","text":"Heap Tracking
This module implements runtime tracking of the heap, allowing pwndbg to detect heap related misbehavior coming from an inferior in real time, which lets us catch UAF bugs, double frees (and more), and report them to the user.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking--approach","title":"Approach","text":"The approach used starting with using breakpoints to hook into the following libc symbols: malloc, free, calloc, and realloc. Each hook has a reference to a shared instance of the Tracker class, which is responsible for handling the tracking of the chunks of memory from the heap.
The tracker keeps two sorted maps of chunks, for freed and in use chunks, keyed by their base address. Newly allocated chunks are added to the map of in use chunks right before an allocating call returns, and newly freed chunks are moved from the map of in use chunks to the map of free ones right before a freeing call returns. The tracker is also responsible for installing watchpoints for free chunks when they're added to the free chunk map and deleting them when their corresponding chunks are removed from the map.
Additionally, because going through the data structures inside of libc to determine whether a chunk is free or not is, more often than not, a fairly slow operation, this module will only do so when it determines its view of the chunks has diverged from the one in libc in a way that would affect behavior. When such a diffence is detected, this module will rebuild the chunk maps in the range it determines to have been affected.
Currently, the way it does this is by deleting and querying from libc the new status of all chunks that overlap the region of a new allocation when it detects that allocation overlaps chunks it previously considered free.
This approach lets us avoid a lot of the following linked lists that comes with trying to answer the allocation status of a chunk, by keeping at hand as much known-good information as possible about them. Keep in mind that, although it is much faster than going to libc every time we need to know the allocation status of a chunk, this approach does have drawbacks when it comes to memory usage.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking--compatibility","title":"Compatibility","text":"Currently module assumes the inferior is using GLibc.
There are points along the code in this module where the assumptions it makes are explicitly documented and checked to be valid for the current inferior, so that it may be immediately clear to the user that something has gone wrong if they happen to not be valid. However, be aware that there may be assumptions that were not made explicit.
Classes:
-
FreeChunkWatchpoint \u2013 -
AllocChunkWatchpoint \u2013 -
Chunk \u2013 -
Tracker \u2013 -
MallocEnterBreakpoint \u2013 -
CallocEnterBreakpoint \u2013 -
AllocExitBreakpoint \u2013 -
ReallocEnterBreakpoint \u2013 -
ReallocExitBreakpoint \u2013 -
FreeEnterBreakpoint \u2013 -
FreeExitBreakpoint \u2013
Functions:
-
is_enabled \u2013 Whether the heap tracker in enabled.
-
resolve_address \u2013 Checks whether a given symbol is available and part of libc, and returns its
-
get_chunk \u2013 Reads a chunk from a given address.
-
in_program_code_stack \u2013 -
install \u2013 -
uninstall \u2013
Attributes:
-
LIBC_NAME \u2013 -
MALLOC_NAME \u2013 -
CALLOC_NAME \u2013 -
REALLOC_NAME \u2013 -
FREE_NAME \u2013 -
last_issue (str | None) \u2013 -
PRINT_DEBUG \u2013 -
DEFERED_DELETE (list[Breakpoint]) \u2013 -
malloc_enter \u2013 -
calloc_enter \u2013 -
realloc_enter \u2013 -
free_enter \u2013 -
stop_on_error \u2013
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.LIBC_NAME","title":"LIBC_NAME module-attribute","text":"LIBC_NAME = 'libc.so.6'\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.MALLOC_NAME","title":"MALLOC_NAME module-attribute","text":"MALLOC_NAME = 'malloc'\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.CALLOC_NAME","title":"CALLOC_NAME module-attribute","text":"CALLOC_NAME = 'calloc'\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.REALLOC_NAME","title":"REALLOC_NAME module-attribute","text":"REALLOC_NAME = 'realloc'\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FREE_NAME","title":"FREE_NAME module-attribute","text":"FREE_NAME = 'free'\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.last_issue","title":"last_issue module-attribute","text":"last_issue: str | None = None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.PRINT_DEBUG","title":"PRINT_DEBUG module-attribute","text":"PRINT_DEBUG = False\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.DEFERED_DELETE","title":"DEFERED_DELETE module-attribute","text":"DEFERED_DELETE: list[Breakpoint] = []\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.malloc_enter","title":"malloc_enter module-attribute","text":"malloc_enter = None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.calloc_enter","title":"calloc_enter module-attribute","text":"calloc_enter = None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.realloc_enter","title":"realloc_enter module-attribute","text":"realloc_enter = None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.free_enter","title":"free_enter module-attribute","text":"free_enter = None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.stop_on_error","title":"stop_on_error module-attribute","text":"stop_on_error = True\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeChunkWatchpoint","title":"FreeChunkWatchpoint","text":"FreeChunkWatchpoint(chunk: Chunk, tracker: Tracker)\n
Bases: Breakpoint
Methods:
Attributes:
-
chunk \u2013 -
tracker \u2013
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeChunkWatchpoint.chunk","title":"chunk instance-attribute","text":"chunk = chunk\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeChunkWatchpoint.tracker","title":"tracker instance-attribute","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeChunkWatchpoint.stop","title":"stop","text":"stop()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocChunkWatchpoint","title":"AllocChunkWatchpoint","text":"AllocChunkWatchpoint(chunk: Chunk)\n
Bases: Breakpoint
Methods:
Attributes:
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocChunkWatchpoint.chunk","title":"chunk instance-attribute","text":"chunk = chunk\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocChunkWatchpoint.stop","title":"stop","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk","title":"Chunk","text":"Chunk(address: int, size: int, requested_size: int, flags: int)\n
Attributes:
-
address \u2013 -
size \u2013 -
requested_size \u2013 -
flags \u2013
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk.address","title":"address instance-attribute","text":"address = address\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk.size","title":"size instance-attribute","text":"size = size\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk.requested_size","title":"requested_size instance-attribute","text":"requested_size = requested_size\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Chunk.flags","title":"flags instance-attribute","text":"flags = flags\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker","title":"Tracker","text":"Tracker()\n
Methods:
-
is_performing_memory_management \u2013 -
enter_memory_management \u2013 -
exit_memory_management \u2013 -
malloc \u2013 -
free \u2013
Attributes:
-
free_chunks (SortedDict[int, Chunk]) \u2013 -
alloc_chunks (SortedDict[int, Chunk]) \u2013 -
free_watchpoints (dict[int, FreeChunkWatchpoint]) \u2013 -
memory_management_calls (dict[int, bool]) \u2013
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.free_chunks","title":"free_chunks instance-attribute","text":"free_chunks: SortedDict[int, Chunk] = SortedDict()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.alloc_chunks","title":"alloc_chunks instance-attribute","text":"alloc_chunks: SortedDict[int, Chunk] = SortedDict()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.free_watchpoints","title":"free_watchpoints instance-attribute","text":"free_watchpoints: dict[int, FreeChunkWatchpoint] = {}\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.memory_management_calls","title":"memory_management_calls instance-attribute","text":"memory_management_calls: dict[int, bool] = {}\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.is_performing_memory_management","title":"is_performing_memory_management","text":"is_performing_memory_management()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.enter_memory_management","title":"enter_memory_management","text":"enter_memory_management(name: str) -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.exit_memory_management","title":"exit_memory_management","text":"exit_memory_management() -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.malloc","title":"malloc","text":"malloc(chunk: Chunk) -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.Tracker.free","title":"free","text":"free(address: int) -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.MallocEnterBreakpoint","title":"MallocEnterBreakpoint","text":"MallocEnterBreakpoint(address, tracker)\n
Bases: Breakpoint
Methods:
Attributes:
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.MallocEnterBreakpoint.tracker","title":"tracker instance-attribute","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.MallocEnterBreakpoint.stop","title":"stop","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.CallocEnterBreakpoint","title":"CallocEnterBreakpoint","text":"CallocEnterBreakpoint(address, tracker)\n
Bases: Breakpoint
Methods:
Attributes:
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.CallocEnterBreakpoint.tracker","title":"tracker instance-attribute","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.CallocEnterBreakpoint.stop","title":"stop","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint","title":"AllocExitBreakpoint","text":"AllocExitBreakpoint(tracker, requested_size, name)\n
Bases: FinishBreakpoint
Methods:
-
stop \u2013 -
out_of_scope \u2013
Attributes:
-
requested_size \u2013 -
tracker \u2013 -
name \u2013
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.requested_size","title":"requested_size instance-attribute","text":"requested_size = requested_size\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.tracker","title":"tracker instance-attribute","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.name","title":"name instance-attribute","text":"name = name\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.stop","title":"stop","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.AllocExitBreakpoint.out_of_scope","title":"out_of_scope","text":"out_of_scope() -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocEnterBreakpoint","title":"ReallocEnterBreakpoint","text":"ReallocEnterBreakpoint(address, tracker)\n
Bases: Breakpoint
Methods:
Attributes:
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocEnterBreakpoint.tracker","title":"tracker instance-attribute","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocEnterBreakpoint.stop","title":"stop","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint","title":"ReallocExitBreakpoint","text":"ReallocExitBreakpoint(tracker, freed_ptr, requested_size)\n
Bases: FinishBreakpoint
Methods:
-
stop \u2013 -
out_of_scope \u2013
Attributes:
-
freed_ptr \u2013 -
requested_size \u2013 -
tracker \u2013
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.freed_ptr","title":"freed_ptr instance-attribute","text":"freed_ptr = freed_ptr\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.requested_size","title":"requested_size instance-attribute","text":"requested_size = requested_size\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.tracker","title":"tracker instance-attribute","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.stop","title":"stop","text":"stop()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.ReallocExitBreakpoint.out_of_scope","title":"out_of_scope","text":"out_of_scope() -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeEnterBreakpoint","title":"FreeEnterBreakpoint","text":"FreeEnterBreakpoint(address, tracker)\n
Bases: Breakpoint
Methods:
Attributes:
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeEnterBreakpoint.tracker","title":"tracker instance-attribute","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeEnterBreakpoint.stop","title":"stop","text":"stop() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint","title":"FreeExitBreakpoint","text":"FreeExitBreakpoint(tracker, ptr)\n
Bases: FinishBreakpoint
Methods:
-
stop \u2013 -
out_of_scope \u2013
Attributes:
-
ptr \u2013 -
tracker \u2013
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.ptr","title":"ptr instance-attribute","text":"ptr = ptr\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.tracker","title":"tracker instance-attribute","text":"tracker = tracker\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.stop","title":"stop","text":"stop()\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.FreeExitBreakpoint.out_of_scope","title":"out_of_scope","text":"out_of_scope() -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.is_enabled","title":"is_enabled","text":"is_enabled() -> bool\n
Whether the heap tracker in enabled.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.resolve_address","title":"resolve_address","text":"resolve_address(name: str) -> int | None\n
Checks whether a given symbol is available and part of libc, and returns its address.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.get_chunk","title":"get_chunk","text":"get_chunk(address, requested_size)\n
Reads a chunk from a given address.
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.in_program_code_stack","title":"in_program_code_stack","text":"in_program_code_stack() -> bool\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.install","title":"install","text":"install(disable_hardware_watchpoints=True) -> None\n
"},{"location":"reference/pwndbg/gdblib/ptmalloc2_tracking/#pwndbg.gdblib.ptmalloc2_tracking.uninstall","title":"uninstall","text":"uninstall() -> None\n
"},{"location":"reference/pwndbg/gdblib/scheduler/","title":"pwndbg.gdblib.scheduler","text":""},{"location":"reference/pwndbg/gdblib/scheduler/#pwndbg.gdblib.scheduler","title":"scheduler","text":"Functions:
"},{"location":"reference/pwndbg/gdblib/scheduler/#pwndbg.gdblib.scheduler.lock_scheduler","title":"lock_scheduler","text":"lock_scheduler() -> Iterator[None]\n
This context manager can be used to run GDB commands with threads scheduling being locked which means that other threads will be stopped during execution.
This is useful to prevent bugs where e.g.: gdb.parse_and_eval(\"(int)foo()\") would execute foo() on the current debugee thread but would also unlock other threads for being executed and those other threads may for example hit a breakpoint we set previously which would be confusing for the user.
See also: https://sourceware.org/gdb/onlinedocs/gdb/All_002dStop-Mode.html
"},{"location":"reference/pwndbg/gdblib/scheduler/#pwndbg.gdblib.scheduler.parse_and_eval_with_scheduler_lock","title":"parse_and_eval_with_scheduler_lock","text":"parse_and_eval_with_scheduler_lock(expr: str) -> Value\n
"},{"location":"reference/pwndbg/gdblib/shellcode/","title":"pwndbg.gdblib.shellcode","text":""},{"location":"reference/pwndbg/gdblib/shellcode/#pwndbg.gdblib.shellcode","title":"shellcode","text":"Shellcode
This module implements functionality that allows for the execution of a small amount of code in the context of the inferior.
Functions:
"},{"location":"reference/pwndbg/gdblib/shellcode/#pwndbg.gdblib.shellcode.exec_syscall","title":"exec_syscall","text":"exec_syscall(\n syscall,\n arg0=None,\n arg1=None,\n arg2=None,\n arg3=None,\n arg4=None,\n arg5=None,\n arg6=None,\n disable_breakpoints=False,\n)\n
Tries executing the given syscall in the context of the inferior.
"},{"location":"reference/pwndbg/gdblib/shellcode/#pwndbg.gdblib.shellcode.exec_shellcode","title":"exec_shellcode","text":"exec_shellcode(\n blob, restore_context=True, capture=None, disable_breakpoints=False\n)\n
Tries executing the given blob of machine code in the current context of the inferior, optionally restoring the values of the registers as they were before the shellcode ran, as a means to allow for execution of the inferior to continue uninterrupted. The value of the program counter is always restored.
Additionally, the caller may specify an object to be called before the context is restored, so that information stored in the registers after the shellcode finishes can be retrieved. The return value of that call will be returned by this function.
"},{"location":"reference/pwndbg/gdblib/shellcode/#pwndbg.gdblib.shellcode.exec_shellcode--safety","title":"Safety","text":"Seeing as this function injects code directly into the inferior and runs it, the caller must be careful to inject code that will (1) terminate and (2) not cause the inferior to misbehave. Otherwise, it is fairly easy to crash or currupt the memory in the inferior.
"},{"location":"reference/pwndbg/gdblib/symbol/","title":"pwndbg.gdblib.symbol","text":""},{"location":"reference/pwndbg/gdblib/symbol/#pwndbg.gdblib.symbol","title":"symbol","text":"Looking up addresses for function names / symbols, and vice-versa.
Uses IDA when available if there isn't sufficient symbol information available.
Functions:
"},{"location":"reference/pwndbg/gdblib/symbol/#pwndbg.gdblib.symbol.selected_frame_source_absolute_filename","title":"selected_frame_source_absolute_filename","text":"selected_frame_source_absolute_filename()\n
Retrieve the symbol table\u2019s source absolute file name from the selected frame.
In case of missing symbol table or frame information, None is returned.
"},{"location":"reference/pwndbg/gdblib/tui/","title":"pwndbg.gdblib.tui","text":""},{"location":"reference/pwndbg/gdblib/tui/#pwndbg.gdblib.tui","title":"tui","text":"Modules:
-
context \u2013 -
control \u2013
Functions:
"},{"location":"reference/pwndbg/gdblib/tui/#pwndbg.gdblib.tui.setup","title":"setup","text":"setup() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/","title":"pwndbg.gdblib.tui.context","text":""},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context","title":"context","text":"Classes:
Attributes:
-
sections \u2013 -
target_func (Callable[..., _Window]) \u2013
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.sections","title":"sections module-attribute","text":"sections = ['legend'] + [replace('context_', '') for section in values()]\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.target_func","title":"target_func module-attribute","text":"target_func: Callable[..., _Window] = (\n lambda window, section_name=section_name: ContextTUIWindow(\n window, section_name\n )\n)\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow","title":"ContextTUIWindow","text":"ContextTUIWindow(tui_window: 'gdb.TuiWindow', section: str)\n
Methods:
-
close \u2013 -
render \u2013 -
hscroll \u2013 -
vscroll \u2013 -
click \u2013
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.___ansi_substr","title":"___ansi_substr class-attribute instance-attribute","text":"___ansi_substr = _ansi_substr\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.close","title":"close","text":"close() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.render","title":"render","text":"render() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.hscroll","title":"hscroll","text":"hscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.vscroll","title":"vscroll","text":"vscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/context/#pwndbg.gdblib.tui.context.ContextTUIWindow.click","title":"click","text":"click(x: int, y: int, button: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/","title":"pwndbg.gdblib.tui.control","text":""},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control","title":"control","text":"Classes:
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow","title":"ControlTUIWindow","text":"ControlTUIWindow(tui_window: 'gdb.TuiWindow')\n
Methods:
-
close \u2013 -
render \u2013 -
hscroll \u2013 -
vscroll \u2013 -
click \u2013
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.close","title":"close","text":"close() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.render","title":"render","text":"render() -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.hscroll","title":"hscroll","text":"hscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.vscroll","title":"vscroll","text":"vscroll(num: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/tui/control/#pwndbg.gdblib.tui.control.ControlTUIWindow.click","title":"click","text":"click(x: int, y: int, button: int) -> None\n
"},{"location":"reference/pwndbg/gdblib/vmmap/","title":"pwndbg.gdblib.vmmap","text":""},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap","title":"vmmap","text":"Routines to enumerate mapped memory, and attempt to associate address ranges with various ELF files and permissions.
The reason that we need robustness is that not every operating system has /proc/$$/maps, which backs 'info proc mapping'.
Functions:
-
is_corefile \u2013 For example output use:
-
get_known_maps \u2013 Similar to vmmap.get(), except only returns maps in cases where
-
coredump_maps \u2013 Parses info proc mappings and maintenance info sections
-
parse_info_proc_mappings_line \u2013 Parse a line from info proc mappings and return a pwndbg.lib.memory.Page
-
info_proc_maps \u2013 Parse the result of info proc mappings.
-
proc_tid_maps \u2013 Parse the contents of /proc/$TID/maps on the server.
-
info_sharedlibrary \u2013 Parses the output of info sharedlibrary.
-
info_files \u2013 -
info_auxv \u2013 Extracts the name of the executable from the output of the command
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.is_corefile","title":"is_corefile","text":"is_corefile() -> bool\n
For example output use gdb ./tests/binaries/crash_simple.out -ex run -ex 'generate-core-file ./core' -ex 'quit'
And then use gdb ./tests/binaries/crash_simple.out -core ./core -ex 'info target'
And: gdb -core ./core
As the two differ in output slighty.
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.get_known_maps","title":"get_known_maps","text":"get_known_maps() -> tuple[Page, ...] | None\n
Similar to vmmap.get(), except only returns maps in cases where the mappings are known, like if it's a coredump, or if process mappings are available.
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.coredump_maps","title":"coredump_maps","text":"coredump_maps() -> tuple[Page, ...]\n
Parses info proc mappings and maintenance info sections and tries to make sense out of the result :)
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.parse_info_proc_mappings_line","title":"parse_info_proc_mappings_line","text":"parse_info_proc_mappings_line(\n line: str, perms_available: bool, parse_flags: bool\n) -> Page | None\n
Parse a line from info proc mappings and return a pwndbg.lib.memory.Page object if the line is valid.
Example lines 0x4c3000 0x4c5000 0x2000 0xc2000 rw-p /root/hello_world/main 0x4c5000 0x4cb000 0x6000 0x0 rw-p
The objfile column might be empty, and the permissions column is only present in GDB versions >= 12.1 bminor/binutils-gdb@29ef4c0
Parameters:
Returns:
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.info_proc_maps","title":"info_proc_maps","text":"info_proc_maps(parse_flags=True) -> tuple[Page, ...]\n
Parse the result of info proc mappings.
Example output:
Start Addr End Addr Size Offset Perms objfile\n 0x400000 0x401000 0x1000 0x0 r--p /root/hello_world/main\n 0x401000 0x497000 0x96000 0x1000 r-xp /root/hello_world/main\n 0x497000 0x4be000 0x27000 0x97000 r--p /root/hello_world/main\n 0x4be000 0x4c3000 0x5000 0xbd000 r--p /root/hello_world/main\n 0x4c3000 0x4c5000 0x2000 0xc2000 rw-p /root/hello_world/main\n 0x4c5000 0x4cb000 0x6000 0x0 rw-p\n 0x4cb000 0x4ed000 0x22000 0x0 rw-p [heap]\n0x7ffff7ff9000 0x7ffff7ffd000 0x4000 0x0 r--p [vvar]\n0x7ffff7ffd000 0x7ffff7fff000 0x2000 0x0 r-xp [vdso]\n0x7ffffffde000 0x7ffffffff000 0x21000 0x0 rw-p [stack]\n
0xffffffffff600000 0xffffffffff601000 0x1000 0x0 --xp [vsyscall]
Note: this may return no pages due to a bug/behavior of GDB. See https://sourceware.org/bugzilla/show_bug.cgi?id=31207 for more information.
Returns:
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.proc_tid_maps","title":"proc_tid_maps","text":"proc_tid_maps() -> tuple[Page, ...] | None\n
Parse the contents of /proc/$TID/maps on the server. (TID == Thread Identifier. We do not use PID since it may not be correct)
Returns:
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.info_sharedlibrary","title":"info_sharedlibrary","text":"info_sharedlibrary() -> tuple[Page, ...]\n
Parses the output of info sharedlibrary.
Specifically, all we really want is any valid pointer into each library, and the path to the library on disk.
With this information, we can use the ELF parser to get all of the page permissions for every mapped page in the ELF.
Returns:
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.info_files","title":"info_files","text":"info_files() -> tuple[Page, ...]\n
"},{"location":"reference/pwndbg/gdblib/vmmap/#pwndbg.gdblib.vmmap.info_auxv","title":"info_auxv","text":"info_auxv(skip_exe: bool = False) -> tuple[Page, ...]\n
Extracts the name of the executable from the output of the command \"info auxv\". Note that if the executable path is a symlink, it is not dereferenced by info auxv and we also don't dereference it.
Parameters:
Returns:
"},{"location":"reference/pwndbg/ghidra/","title":"pwndbg.ghidra","text":""},{"location":"reference/pwndbg/ghidra/#pwndbg.ghidra","title":"ghidra","text":"Ghidra integration.
Functions:
Attributes:
"},{"location":"reference/pwndbg/ghidra/#pwndbg.ghidra.r2decompiler","title":"r2decompiler module-attribute","text":"r2decompiler = add_param(\n \"r2decompiler\",\n \"radare2\",\n \"framework that your ghidra plugin installed\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"radare2\", \"rizin\"],\n)\n
"},{"location":"reference/pwndbg/ghidra/#pwndbg.ghidra.set_r2decompiler","title":"set_r2decompiler","text":"set_r2decompiler() -> None\n
"},{"location":"reference/pwndbg/ghidra/#pwndbg.ghidra.decompile","title":"decompile","text":"decompile(func=None)\n
Return the source of the given function decompiled by ghidra.
If no function is given, decompile the function within the current pc. This function requires radare2, r2pipe and r2ghidra, or their related rizin counterparts.
Raises Exception if any fatal error occurs.
"},{"location":"reference/pwndbg/glibc/","title":"pwndbg.glibc","text":""},{"location":"reference/pwndbg/glibc/#pwndbg.glibc","title":"glibc","text":"Get information about the GLibc
Functions:
-
set_glibc_version \u2013 -
get_version \u2013 -
get_libc_filename_from_info_sharedlibrary \u2013 Get the filename of the libc by parsing the output of info sharedlibrary.
-
dump_elf_data_section \u2013 Dump .data section of libc ELF file
-
dump_relocations_by_section_name \u2013 Dump relocations of a section by section name of libc ELF file
-
get_section_address_by_name \u2013 Find section address of libc by section name
-
OnlyWhenGlibcLoaded \u2013 -
check_safe_linking \u2013 Safe-linking is a glibc 2.32 mitigation; see:
Attributes:
-
P \u2013 -
T \u2013 -
safe_lnk \u2013 -
glibc_version \u2013
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.safe_lnk","title":"safe_lnk module-attribute","text":"safe_lnk = add_param(\n \"safe-linking\",\n None,\n \"whether glibc uses safe-linking\",\n param_class=PARAM_AUTO_BOOLEAN,\n)\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.glibc_version","title":"glibc_version module-attribute","text":"glibc_version = add_param(\n \"glibc\",\n \"\",\n \"glibc version for heap heuristics resolution (e.g. 2.31)\",\n scope=heap,\n)\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.set_glibc_version","title":"set_glibc_version","text":"set_glibc_version() -> None\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.get_version","title":"get_version","text":"get_version() -> tuple[int, ...] | None\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.get_libc_filename_from_info_sharedlibrary","title":"get_libc_filename_from_info_sharedlibrary","text":"get_libc_filename_from_info_sharedlibrary() -> str | None\n
Get the filename of the libc by parsing the output of info sharedlibrary.
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.dump_elf_data_section","title":"dump_elf_data_section","text":"dump_elf_data_section() -> tuple[int, int, bytes] | None\n
Dump .data section of libc ELF file
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.dump_relocations_by_section_name","title":"dump_relocations_by_section_name","text":"dump_relocations_by_section_name(\n section_name: str,\n) -> tuple[Relocation, ...] | None\n
Dump relocations of a section by section name of libc ELF file
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.get_section_address_by_name","title":"get_section_address_by_name","text":"get_section_address_by_name(section_name: str) -> int\n
Find section address of libc by section name
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.OnlyWhenGlibcLoaded","title":"OnlyWhenGlibcLoaded","text":"OnlyWhenGlibcLoaded(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/glibc/#pwndbg.glibc.check_safe_linking","title":"check_safe_linking","text":"check_safe_linking() -> bool\n
Safe-linking is a glibc 2.32 mitigation; see: - https://lanph3re.blogspot.com/2020/08/blog-post.html - https://research.checkpoint.com/2020/safe-linking-eliminating-a-20-year-old-malloc-exploit-primitive/
"},{"location":"reference/pwndbg/hexdump/","title":"pwndbg.hexdump","text":""},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump","title":"hexdump","text":"Hexdump implementation, ~= stolen from pwntools.
Functions:
-
groupby \u2013 -
load_color_scheme \u2013 -
hexdump \u2013
Attributes:
-
color_scheme \u2013 -
printable \u2013 -
config_colorize_ascii \u2013 -
config_separator \u2013 -
config_byte_separator \u2013
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.color_scheme","title":"color_scheme module-attribute","text":"color_scheme = None\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.printable","title":"printable module-attribute","text":"printable = None\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.config_colorize_ascii","title":"config_colorize_ascii module-attribute","text":"config_colorize_ascii = add_param(\n \"hexdump-colorize-ascii\",\n True,\n \"whether to colorize the hexdump command ascii section\",\n)\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.config_separator","title":"config_separator module-attribute","text":"config_separator = add_param(\n \"hexdump-ascii-block-separator\",\n \"\u2502\",\n \"block separator char of the hexdump command\",\n)\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.config_byte_separator","title":"config_byte_separator module-attribute","text":"config_byte_separator = add_param(\n \"hexdump-byte-separator\",\n \" \",\n \"separator of single bytes in hexdump (does NOT affect group separator)\",\n)\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.groupby","title":"groupby","text":"groupby(width: int, array, fill=None)\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.load_color_scheme","title":"load_color_scheme","text":"load_color_scheme() -> None\n
"},{"location":"reference/pwndbg/hexdump/#pwndbg.hexdump.hexdump","title":"hexdump","text":"hexdump(\n data: bytes,\n address: int = 0,\n width: int = 16,\n group_width: int = 4,\n flip_group_endianness: bool = False,\n skip: bool = True,\n offset: int = 0,\n size: int = 0,\n count: int = 0,\n repeat: bool = False,\n dX_call: bool = False,\n)\n
"},{"location":"reference/pwndbg/integration/","title":"pwndbg.integration","text":""},{"location":"reference/pwndbg/integration/#pwndbg.integration","title":"integration","text":"Decompiler integration.
Modules:
-
binja \u2013 Talks to an XMLRPC server running inside of an active Binary Ninja instance,
-
ida \u2013 Talks to an XMLRPC server running inside of an active IDA Pro instance,
Classes:
Functions:
Attributes:
-
provider_name \u2013 -
symbol_lookup \u2013 -
smart_enhance \u2013 -
function_lookup \u2013 -
provider (IntegrationProvider) \u2013
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.provider_name","title":"provider_name module-attribute","text":"provider_name = add_param(\n \"integration-provider\",\n \"none\",\n \"which provider to use for integration features\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"none\", \"binja\", \"ida\"],\n)\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.symbol_lookup","title":"symbol_lookup module-attribute","text":"symbol_lookup = add_param(\n \"integration-symbol-lookup\",\n True,\n \"whether to use integration to look up unknown symbols\",\n)\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.smart_enhance","title":"smart_enhance module-attribute","text":"smart_enhance = add_param(\n \"integration-smart-enhance\",\n True,\n \"use integration to determine when to disassemble during enhancing\",\n)\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.function_lookup","title":"function_lookup module-attribute","text":"function_lookup = add_param(\n \"integration-function-lookup\",\n True,\n \"use integration to look up function type signatures\",\n)\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.provider","title":"provider module-attribute","text":"provider: IntegrationProvider = IntegrationProvider()\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider","title":"IntegrationProvider","text":"A class representing an integration that provides intelligence external to GDB.
Methods:
-
get_symbol \u2013 Get a symbol at an address, or an offset from a symbol.
-
get_versions \u2013 Gets any version strings relevant to the integration,
-
is_in_function \u2013 Checks if integration thinks that an address is in a function,
-
get_comment_lines \u2013 Gets any comments attached to an instruction.
-
decompile \u2013 Decompiles the code near an address given a line count.
-
get_func_type \u2013 Gets the type signature of a function, used for argument labeling.
-
get_stack_var_name \u2013 Gets the name of a stack variable based on only the address of the variable.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_symbol","title":"get_symbol","text":"get_symbol(addr: int) -> str | None\n
Get a symbol at an address, or an offset from a symbol.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_versions","title":"get_versions","text":"get_versions() -> tuple[str, ...]\n
Gets any version strings relevant to the integration, which are used when displaying the version command.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.is_in_function","title":"is_in_function","text":"is_in_function(addr: int) -> bool\n
Checks if integration thinks that an address is in a function, which is used to determine if tel should try to disassemble something.
If uncertain, it's better to default to True than to False.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_comment_lines","title":"get_comment_lines","text":"get_comment_lines(addr: int) -> list[str]\n
Gets any comments attached to an instruction.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.decompile","title":"decompile","text":"decompile(addr: int, lines: int) -> list[str] | None\n
Decompiles the code near an address given a line count.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_func_type","title":"get_func_type","text":"get_func_type(addr: int) -> Function | None\n
Gets the type signature of a function, used for argument labeling.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.IntegrationProvider.get_stack_var_name","title":"get_stack_var_name","text":"get_stack_var_name(addr: int) -> str | None\n
Gets the name of a stack variable based on only the address of the variable.
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider","title":"ConfigurableProvider dataclass","text":"ConfigurableProvider(inner: IntegrationProvider)\n
Bases: IntegrationProvider
A wrapper around an IntegrationProvider that skips calling functions if disabled in config.
Methods:
-
get_symbol \u2013 -
get_versions \u2013 -
is_in_function \u2013 -
get_comment_lines \u2013 -
decompile \u2013 -
get_func_type \u2013 -
get_stack_var_name \u2013
Attributes:
-
inner (IntegrationProvider) \u2013
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.inner","title":"inner instance-attribute","text":"inner: IntegrationProvider\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_symbol","title":"get_symbol","text":"get_symbol(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_versions","title":"get_versions","text":"get_versions() -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.is_in_function","title":"is_in_function","text":"is_in_function(addr: int) -> bool\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_comment_lines","title":"get_comment_lines","text":"get_comment_lines(addr: int) -> list[str]\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.decompile","title":"decompile","text":"decompile(addr: int, lines: int) -> list[str] | None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_func_type","title":"get_func_type","text":"get_func_type(addr: int) -> Function | None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.ConfigurableProvider.get_stack_var_name","title":"get_stack_var_name","text":"get_stack_var_name(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/#pwndbg.integration.switch_providers","title":"switch_providers","text":"switch_providers()\n
"},{"location":"reference/pwndbg/integration/binja/","title":"pwndbg.integration.binja","text":""},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja","title":"binja","text":"Talks to an XMLRPC server running inside of an active Binary Ninja instance, in order to query it about the database. Allows symbol resolution and interactive debugging.
Classes:
-
DarkTheme \u2013 -
LightTheme \u2013 -
BinjaProvider \u2013
Functions:
-
init_bn_rpc_client \u2013 -
with_bn \u2013 -
available \u2013 -
can_connect \u2013 -
l2r \u2013 -
r2l \u2013 -
base \u2013 -
auto_update_pc \u2013 -
auto_update_bp \u2013 -
auto_clear_pc \u2013 -
navigate_to \u2013 -
bn_to_pygment_tok \u2013 -
bn_to_pygment_theme \u2013
Attributes:
-
bn_rpc_host \u2013 -
bn_rpc_port \u2013 -
bn_timeout \u2013 -
bn_autosync \u2013 -
bn_il_level \u2013 -
P \u2013 -
T \u2013 -
K \u2013 -
themes \u2013 -
style \u2013
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_rpc_host","title":"bn_rpc_host module-attribute","text":"bn_rpc_host = add_param(\n \"bn-rpc-host\", \"127.0.0.1\", \"Binary Ninja XML-RPC server host\"\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_rpc_port","title":"bn_rpc_port module-attribute","text":"bn_rpc_port = add_param(\n \"bn-rpc-port\", 31337, \"Binary Ninja XML-RPC server port\"\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_timeout","title":"bn_timeout module-attribute","text":"bn_timeout = add_param(\n \"bn-timeout\", 2, \"time to wait for Binary Ninja XML-RPC, in seconds\"\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_autosync","title":"bn_autosync module-attribute","text":"bn_autosync = add_param(\n \"bn-autosync\", False, \"whether to automatically run bn-sync every step\"\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_il_level","title":"bn_il_level module-attribute","text":"bn_il_level = add_param(\n \"bn-il-level\",\n \"hlil\",\n \"the IL level to use when displaying Binary Ninja decompilation\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"disasm\", \"llil\", \"mlil\", \"hlil\"],\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.K","title":"K module-attribute","text":"K = TypeVar('K')\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.themes","title":"themes module-attribute","text":"themes = {}\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.style","title":"style module-attribute","text":"style = add_param(\n \"bn-decomp-style\",\n \"dark\",\n \"decompilation highlight theme for Binary Ninja\",\n param_class=PARAM_ENUM,\n enum_sequence=list(keys()),\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.DarkTheme","title":"DarkTheme","text":" Bases: Style
Attributes:
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.DarkTheme.styles","title":"styles class-attribute instance-attribute","text":"styles = bn_to_pygment_theme(\n {\n \"TextToken\": \"#e0e0e0\",\n \"InstructionToken\": \"#eddfb3\",\n \"OperandSeparatorToken\": \"#e0e0e0\",\n \"RegisterToken\": \"#e0e0e0\",\n \"IntegerToken\": \"#a2d9af\",\n \"PossibleAddressToken\": \"#a2d9af\",\n \"BeginMemoryOperandToken\": \"#e0e0e0\",\n \"EndMemoryOperandToken\": \"#e0e0e0\",\n \"FloatingPointToken\": \"#a2d9af\",\n \"AnnotationToken\": \"#dac4d1\",\n \"CodeRelativeAddressToken\": \"#a2d9af\",\n \"ArgumentNameToken\": \"#e0e0e0\",\n \"HexDumpByteValueToken\": \"#e0e0e0\",\n \"HexDumpSkippedByteToken\": \"#e0e0e0\",\n \"HexDumpInvalidByteToken\": \"#909090\",\n \"HexDumpTextToken\": \"#e0e0e0\",\n \"OpcodeToken\": \"#909090\",\n \"StringToken\": \"#dac4d1\",\n \"CharacterConstantToken\": \"#dac4d1\",\n \"KeywordToken\": \"#eddfb3\",\n \"TypeNameToken\": \"#edbd81\",\n \"FieldNameToken\": \"#b0dde4\",\n \"NameSpaceToken\": \"#80c6e9\",\n \"NameSpaceSeparatorToken\": \"#80c6e9\",\n \"TagToken\": \"#e0e0e0\",\n \"StructOffsetToken\": \"#b0dde4\",\n \"StructOffsetByteValueToken\": \"#e0e0e0\",\n \"StructureHexDumpTextToken\": \"#e0e0e0\",\n \"GotoLabelToken\": \"#80c6e9\",\n \"CommentToken\": \"#dac4d1\",\n \"PossibleValueToken\": \"#e0e0e0\",\n \"PossibleValueTypeToken\": \"#e0e0e0\",\n \"ArrayIndexToken\": \"#a2d9af\",\n \"IndentationToken\": \"#5d5d5d\",\n \"UnknownMemoryToken\": \"#909090\",\n \"EnumerationMemberToken\": \"#eddfb3\",\n \"OperationToken\": \"#89a4b1\",\n \"BaseStructureNameToken\": \"#dac4d1\",\n \"BaseStructureSeparatorToken\": \"#dac4d1\",\n \"BraceToken\": \"#e0e0e0\",\n \"CodeSymbolToken\": \"#80c6e9\",\n \"DataSymbolToken\": \"#8ee6ed\",\n \"LocalVariableToken\": \"#e0e0e0\",\n \"ImportToken\": \"#edbd81\",\n \"AddressDisplayToken\": \"#a2d9af\",\n \"IndirectImportToken\": \"#edbd81\",\n \"ExternalSymbolToken\": \"#edbd81\",\n \"StackVariableToken\": \"#c1dcc7\",\n \"AddressSeparatorToken\": \"#e0e0e0\",\n }\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.LightTheme","title":"LightTheme","text":" Bases: Style
Attributes:
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.LightTheme.styles","title":"styles class-attribute instance-attribute","text":"styles = bn_to_pygment_theme(\n {\n \"TextToken\": \"#1f1f1f\",\n \"InstructionToken\": \"#8d8d2d\",\n \"OperandSeparatorToken\": \"#1f1f1f\",\n \"RegisterToken\": \"#1f1f1f\",\n \"IntegerToken\": \"#30820d\",\n \"PossibleAddressToken\": \"#30820d\",\n \"BeginMemoryOperandToken\": \"#1f1f1f\",\n \"EndMemoryOperandToken\": \"#1f1f1f\",\n \"FloatingPointToken\": \"#30820d\",\n \"AnnotationToken\": \"#bf2624\",\n \"CodeRelativeAddressToken\": \"#30820d\",\n \"ArgumentNameToken\": \"#1f1f1f\",\n \"HexDumpByteValueToken\": \"#1f1f1f\",\n \"HexDumpSkippedByteToken\": \"#1f1f1f\",\n \"HexDumpInvalidByteToken\": \"#7a7a7a\",\n \"HexDumpTextToken\": \"#1f1f1f\",\n \"OpcodeToken\": \"#7a7a7a\",\n \"StringToken\": \"#203635\",\n \"CharacterConstantToken\": \"#203635\",\n \"KeywordToken\": \"#8d8d2d\",\n \"TypeNameToken\": \"#e07c35\",\n \"FieldNameToken\": \"#35dae0\",\n \"NameSpaceToken\": \"#00a4c7\",\n \"NameSpaceSeparatorToken\": \"#00a4c7\",\n \"TagToken\": \"#1f1f1f\",\n \"StructOffsetToken\": \"#35dae0\",\n \"StructOffsetByteValueToken\": \"#1f1f1f\",\n \"StructureHexDumpTextToken\": \"#1f1f1f\",\n \"GotoLabelToken\": \"#00a4c7\",\n \"CommentToken\": \"#bf2624\",\n \"PossibleValueToken\": \"#1f1f1f\",\n \"PossibleValueTypeToken\": \"#1f1f1f\",\n \"ArrayIndexToken\": \"#30820d\",\n \"IndentationToken\": \"#bcbcbc\",\n \"UnknownMemoryToken\": \"#7a7a7a\",\n \"EnumerationMemberToken\": \"#8d8d2d\",\n \"OperationToken\": \"#5b848d\",\n \"BaseStructureNameToken\": \"#bf2624\",\n \"BaseStructureSeparatorToken\": \"#bf2624\",\n \"BraceToken\": \"#1f1f1f\",\n \"CodeSymbolToken\": \"#00a4c7\",\n \"DataSymbolToken\": \"#278cad\",\n \"LocalVariableToken\": \"#1f1f1f\",\n \"ImportToken\": \"#e07c35\",\n \"AddressDisplayToken\": \"#30820d\",\n \"IndirectImportToken\": \"#e07c35\",\n \"ExternalSymbolToken\": \"#e07c35\",\n \"StackVariableToken\": \"#275016\",\n \"AddressSeparatorToken\": \"#1f1f1f\",\n }\n)\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider","title":"BinjaProvider","text":" Bases: IntegrationProvider
Methods:
-
get_symbol \u2013 -
get_versions \u2013 -
is_in_function \u2013 -
get_comment_lines \u2013 -
decompile \u2013 -
get_func_type \u2013 -
get_stack_var_name \u2013
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_symbol","title":"get_symbol","text":"get_symbol(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_versions","title":"get_versions","text":"get_versions() -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.is_in_function","title":"is_in_function","text":"is_in_function(addr: int) -> bool\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_comment_lines","title":"get_comment_lines","text":"get_comment_lines(addr: int) -> list[str]\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.decompile","title":"decompile","text":"decompile(addr: int, lines: int) -> list[str] | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_func_type","title":"get_func_type","text":"get_func_type(addr: int) -> Function | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.BinjaProvider.get_stack_var_name","title":"get_stack_var_name","text":"get_stack_var_name(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.init_bn_rpc_client","title":"init_bn_rpc_client","text":"init_bn_rpc_client() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.with_bn","title":"with_bn","text":"with_bn(\n fallback: K = None,\n) -> Callable[[Callable[P, T]], Callable[P, T | K]]\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.available","title":"available","text":"available() -> bool\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.can_connect","title":"can_connect","text":"can_connect() -> bool\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.l2r","title":"l2r","text":"l2r(addr: int) -> int\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.r2l","title":"r2l","text":"r2l(addr: int) -> int\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.base","title":"base","text":"base()\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.auto_update_pc","title":"auto_update_pc","text":"auto_update_pc() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.auto_update_bp","title":"auto_update_bp","text":"auto_update_bp() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.auto_clear_pc","title":"auto_clear_pc","text":"auto_clear_pc() -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.navigate_to","title":"navigate_to","text":"navigate_to(addr: int) -> None\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_to_pygment_tok","title":"bn_to_pygment_tok","text":"bn_to_pygment_tok(tok: str) -> Any\n
"},{"location":"reference/pwndbg/integration/binja/#pwndbg.integration.binja.bn_to_pygment_theme","title":"bn_to_pygment_theme","text":"bn_to_pygment_theme(theme: dict[str, str]) -> dict[Any, str]\n
"},{"location":"reference/pwndbg/integration/ida/","title":"pwndbg.integration.ida","text":""},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida","title":"ida","text":"Talks to an XMLRPC server running inside of an active IDA Pro instance, in order to query it about the database. Allows symbol resolution and interactive debugging.
Classes:
-
IDC \u2013 -
IdaProvider \u2013
Functions:
Attributes:
-
ida_rpc_host \u2013 -
ida_rpc_port \u2013 -
ida_timeout \u2013 -
P \u2013 -
T \u2013 -
colored_pc \u2013 -
idc \u2013 -
ida_replacements \u2013
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_rpc_host","title":"ida_rpc_host module-attribute","text":"ida_rpc_host = add_param(\n \"ida-rpc-host\", \"127.0.0.1\", \"ida xmlrpc server address\"\n)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_rpc_port","title":"ida_rpc_port module-attribute","text":"ida_rpc_port = add_param('ida-rpc-port', 31337, 'ida xmlrpc server port')\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_timeout","title":"ida_timeout module-attribute","text":"ida_timeout = add_param(\n \"ida-timeout\", 2, \"time to wait for ida xmlrpc in seconds\"\n)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.colored_pc","title":"colored_pc module-attribute","text":"colored_pc = None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.idc","title":"idc module-attribute","text":"idc = IDC()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ida_replacements","title":"ida_replacements module-attribute","text":"ida_replacements = {\n \"__int64\": \"signed long long int\",\n \"__int32\": \"signed int\",\n \"__int16\": \"signed short\",\n \"__int8\": \"signed char\",\n \"__uint64\": \"unsigned long long int\",\n \"__uint32\": \"unsigned int\",\n \"__uint16\": \"unsigned short\",\n \"__uint8\": \"unsigned char\",\n \"_BOOL_1\": \"unsigned char\",\n \"_BOOL_2\": \"unsigned short\",\n \"_BOOL_4\": \"unsigned int\",\n \"_BYTE\": \"unsigned char\",\n \"_WORD\": \"unsigned short\",\n \"_DWORD\": \"unsigned int\",\n \"_QWORD\": \"unsigned long long\",\n \"__pure\": \"\",\n \"__hidden\": \"\",\n \"__return_ptr\": \"\",\n \"__struct_ptr\": \"\",\n \"__array_ptr\": \"\",\n \"__fastcall\": \"\",\n \"__cdecl\": \"\",\n \"__thiscall\": \"\",\n \"__userpurge\": \"\",\n}\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IDC","title":"IDC","text":"IDC()\n
Attributes:
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IDC.query","title":"query class-attribute instance-attribute","text":"query = (\n \"{k:v for k,v in globals()['idc'].__dict__.items() if isinstance(v, int)}\"\n)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider","title":"IdaProvider","text":" Bases: IntegrationProvider
Methods:
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_symbol","title":"get_symbol","text":"get_symbol(addr: int) -> str | None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_versions","title":"get_versions","text":"get_versions() -> tuple[str, ...]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.is_in_function","title":"is_in_function","text":"is_in_function(addr: int) -> bool\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_comment_lines","title":"get_comment_lines","text":"get_comment_lines(addr: int) -> list[str]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.decompile","title":"decompile","text":"decompile(addr: int, lines: int) -> list[str] | None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_func_type","title":"get_func_type","text":"get_func_type(addr: int) -> Function | None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.IdaProvider.get_stack_var_name","title":"get_stack_var_name","text":"get_stack_var_name(addr: int) -> str | None\n
Gets the name of a stack variable based on only the address of the variable.
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.init_ida_rpc_client","title":"init_ida_rpc_client","text":"init_ida_rpc_client() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.withIDA","title":"withIDA","text":"withIDA(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.withHexrays","title":"withHexrays","text":"withHexrays(func: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.takes_address","title":"takes_address","text":"takes_address(\n function: Callable[Concatenate[int, P], T],\n) -> Callable[Concatenate[int, P], T]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.returns_address","title":"returns_address","text":"returns_address(function: Callable[P, int]) -> Callable[P, int]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.available","title":"available","text":"available() -> bool\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.can_connect","title":"can_connect","text":"can_connect() -> bool\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.l2r","title":"l2r","text":"l2r(addr: int) -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.r2l","title":"r2l","text":"r2l(addr: int) -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.remote","title":"remote","text":"remote(function) -> None\n
Runs the provided function in IDA's interpreter.
The function must be self-contained and not reference any global variables.
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.base","title":"base","text":"base()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Comment","title":"Comment","text":"Comment(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Name","title":"Name","text":"Name(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFuncOffset","title":"GetFuncOffset","text":"GetFuncOffset(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFuncAttr","title":"GetFuncAttr","text":"GetFuncAttr(addr: int, attr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetType","title":"GetType","text":"GetType(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.here","title":"here","text":"here() -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Jump","title":"Jump","text":"Jump(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Anterior","title":"Anterior","text":"Anterior(addr: int)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetBreakpoints","title":"GetBreakpoints","text":"GetBreakpoints()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetBptQty","title":"GetBptQty","text":"GetBptQty()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetBptEA","title":"GetBptEA","text":"GetBptEA(i: int) -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.UpdateBreakpoints","title":"UpdateBreakpoints","text":"UpdateBreakpoints() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.SetColor","title":"SetColor","text":"SetColor(pc, color)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Auto_Color_PC","title":"Auto_Color_PC","text":"Auto_Color_PC() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.Auto_UnColor_PC","title":"Auto_UnColor_PC","text":"Auto_UnColor_PC() -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.LocByName","title":"LocByName","text":"LocByName(name) -> int\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.PrevHead","title":"PrevHead","text":"PrevHead(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.NextHead","title":"NextHead","text":"NextHead(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFunctionName","title":"GetFunctionName","text":"GetFunctionName(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFlags","title":"GetFlags","text":"GetFlags(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.isASCII","title":"isASCII","text":"isASCII(flags)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.ArgCount","title":"ArgCount","text":"ArgCount(address) -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.SaveBase","title":"SaveBase","text":"SaveBase(path: str)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetIdbPath","title":"GetIdbPath","text":"GetIdbPath()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.has_cached_cfunc","title":"has_cached_cfunc","text":"has_cached_cfunc(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.decompile","title":"decompile","text":"decompile(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.decompile_context","title":"decompile_context","text":"decompile_context(pc, context_lines)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.get_ida_versions","title":"get_ida_versions","text":"get_ida_versions() -> dict[str, str]\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucQty","title":"GetStrucQty","text":"GetStrucQty()\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucId","title":"GetStrucId","text":"GetStrucId(idx)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucName","title":"GetStrucName","text":"GetStrucName(sid)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucSize","title":"GetStrucSize","text":"GetStrucSize(sid)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetFrameId","title":"GetFrameId","text":"GetFrameId(addr)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberQty","title":"GetMemberQty","text":"GetMemberQty(sid)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberSize","title":"GetMemberSize","text":"GetMemberSize(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberId","title":"GetMemberId","text":"GetMemberId(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberName","title":"GetMemberName","text":"GetMemberName(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberOffset","title":"GetMemberOffset","text":"GetMemberOffset(sid, member_name)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetMemberFlag","title":"GetMemberFlag","text":"GetMemberFlag(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.GetStrucNextOff","title":"GetStrucNextOff","text":"GetStrucNextOff(sid, offset)\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.print_member","title":"print_member","text":"print_member(sid, offset) -> None\n
"},{"location":"reference/pwndbg/integration/ida/#pwndbg.integration.ida.print_structs","title":"print_structs","text":"print_structs() -> None\n
"},{"location":"reference/pwndbg/lib/","title":"pwndbg.lib","text":""},{"location":"reference/pwndbg/lib/#pwndbg.lib","title":"lib","text":"Library for non-debugger-dependant functionality.
Modules:
-
abi \u2013 -
android \u2013 -
arch \u2013 -
cache \u2013 Caches return values until some event in the inferior happens,
-
common \u2013 -
config \u2013 -
disasm \u2013 -
elftypes \u2013 -
exception \u2013 -
funcparser \u2013 -
functions \u2013 -
functions_data \u2013 -
gcc \u2013 Functions for determining the architecture-dependent path to
-
heap \u2013 -
kernel \u2013 -
memory \u2013 Reading, writing, and describing memory.
-
net \u2013 Re-implements some psutil functionality to be able to get information from
-
regs \u2013 Reading register value from the inferior, and provides a
-
stdio \u2013 Provides functionality to circumvent GDB's hooks on sys.stdin and sys.stdout
-
strings \u2013 -
tempfile \u2013 Common helper and cache for pwndbg tempdir
-
tips \u2013 -
version \u2013 -
which \u2013
"},{"location":"reference/pwndbg/lib/abi/","title":"pwndbg.lib.abi","text":""},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi","title":"abi","text":"Classes:
-
ABI \u2013 Encapsulates information about a calling convention.
-
SyscallABI \u2013 The syscall ABI treats the syscall number as the zeroth argument,
-
SigreturnABI \u2013 The sigreturn ABI is similar to the syscall ABI, except that
Attributes:
-
linux_i386 \u2013 -
linux_amd64 \u2013 -
linux_arm \u2013 -
linux_aarch64 \u2013 -
linux_mips \u2013 -
linux_mips64 \u2013 -
linux_ppc \u2013 -
linux_ppc64 \u2013 -
linux_riscv32 \u2013 -
linux_riscv64 \u2013 -
linux_i386_syscall \u2013 -
linux_amd64_syscall \u2013 -
linux_arm_syscall \u2013 -
linux_aarch64_syscall \u2013 -
linux_mips_syscall \u2013 -
linux_mips64_syscall \u2013 -
linux_ppc_syscall \u2013 -
linux_ppc64_syscall \u2013 -
linux_riscv32_syscall \u2013 -
linux_riscv64_syscall \u2013 -
linux_i386_sigreturn \u2013 -
linux_amd64_sigreturn \u2013 -
linux_arm_sigreturn \u2013 -
linux_i386_srop \u2013 -
linux_amd64_srop \u2013 -
linux_arm_srop \u2013 -
DEFAULT_ABIS (dict[tuple[int, str, str], ABI]) \u2013 -
SYSCALL_ABIS (dict[tuple[int, str, str], SyscallABI]) \u2013 -
SIGRETURN_ABIS (dict[tuple[int, str, str], SigreturnABI]) \u2013
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_i386","title":"linux_i386 module-attribute","text":"linux_i386 = ABI([], 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64","title":"linux_amd64 module-attribute","text":"linux_amd64 = ABI(['rdi', 'rsi', 'rdx', 'rcx', 'r8', 'r9'], 8, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm","title":"linux_arm module-attribute","text":"linux_arm = ABI(['r0', 'r1', 'r2', 'r3'], 8, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_aarch64","title":"linux_aarch64 module-attribute","text":"linux_aarch64 = ABI(['x0', 'x1', 'x2', 'x3'], 16, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips","title":"linux_mips module-attribute","text":"linux_mips = ABI(['$a0', '$a1', '$a2', '$a3'], 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips64","title":"linux_mips64 module-attribute","text":"linux_mips64 = ABI(\n [\"$a0\", \"$a1\", \"$a2\", \"$a3\", \"$a4\", \"$a5\", \"$a6\", \"$a7\"], 8, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc","title":"linux_ppc module-attribute","text":"linux_ppc = ABI(['r3', 'r4', 'r5', 'r6', 'r7', 'r8', 'r9', 'r10'], 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc64","title":"linux_ppc64 module-attribute","text":"linux_ppc64 = ABI(['r3', 'r4', 'r5', 'r6', 'r7', 'r8', 'r9', 'r10'], 8, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv32","title":"linux_riscv32 module-attribute","text":"linux_riscv32 = ABI(['a0', 'a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'a7'], 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv64","title":"linux_riscv64 module-attribute","text":"linux_riscv64 = ABI(['a0', 'a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'a7'], 8, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_i386_syscall","title":"linux_i386_syscall module-attribute","text":"linux_i386_syscall = SyscallABI(\n [\"eax\", \"ebx\", \"ecx\", \"edx\", \"esi\", \"edi\", \"ebp\"], 4, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64_syscall","title":"linux_amd64_syscall module-attribute","text":"linux_amd64_syscall = SyscallABI(\n [\"rax\", \"rdi\", \"rsi\", \"rdx\", \"r10\", \"r8\", \"r9\"], 8, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm_syscall","title":"linux_arm_syscall module-attribute","text":"linux_arm_syscall = SyscallABI(\n [\"r7\", \"r0\", \"r1\", \"r2\", \"r3\", \"r4\", \"r5\", \"r6\"], 4, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_aarch64_syscall","title":"linux_aarch64_syscall module-attribute","text":"linux_aarch64_syscall = SyscallABI(\n [\"x8\", \"x0\", \"x1\", \"x2\", \"x3\", \"x4\", \"x5\"], 16, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips_syscall","title":"linux_mips_syscall module-attribute","text":"linux_mips_syscall = SyscallABI(['$v0', '$a0', '$a1', '$a2', '$a3'], 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_mips64_syscall","title":"linux_mips64_syscall module-attribute","text":"linux_mips64_syscall = SyscallABI(\n [\"$v0\", \"$a0\", \"$a1\", \"$a2\", \"$a3\", \"$a4\", \"$a5\"], 4, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc_syscall","title":"linux_ppc_syscall module-attribute","text":"linux_ppc_syscall = SyscallABI(\n [\"r0\", \"r3\", \"r4\", \"r5\", \"r6\", \"r7\", \"r8\", \"r9\"], 4, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_ppc64_syscall","title":"linux_ppc64_syscall module-attribute","text":"linux_ppc64_syscall = SyscallABI(\n [\"r0\", \"r3\", \"r4\", \"r5\", \"r6\", \"r7\", \"r8\"], 8, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv32_syscall","title":"linux_riscv32_syscall module-attribute","text":"linux_riscv32_syscall = SyscallABI(\n [\"a7\", \"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\"], 4, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_riscv64_syscall","title":"linux_riscv64_syscall module-attribute","text":"linux_riscv64_syscall = SyscallABI(\n [\"a7\", \"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\"], 8, 0\n)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_i386_sigreturn","title":"linux_i386_sigreturn module-attribute","text":"linux_i386_sigreturn = SigreturnABI(['eax'], 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64_sigreturn","title":"linux_amd64_sigreturn module-attribute","text":"linux_amd64_sigreturn = SigreturnABI(['rax'], 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm_sigreturn","title":"linux_arm_sigreturn module-attribute","text":"linux_arm_sigreturn = SigreturnABI(['r7'], 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_i386_srop","title":"linux_i386_srop module-attribute","text":"linux_i386_srop = ABI(['eax'], 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_amd64_srop","title":"linux_amd64_srop module-attribute","text":"linux_amd64_srop = ABI(['rax'], 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.linux_arm_srop","title":"linux_arm_srop module-attribute","text":"linux_arm_srop = ABI(['r7'], 4, 0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.DEFAULT_ABIS","title":"DEFAULT_ABIS module-attribute","text":"DEFAULT_ABIS: dict[tuple[int, str, str], ABI] = {\n (32, \"i386\", \"linux\"): linux_i386,\n (64, \"x86-64\", \"linux\"): linux_amd64,\n (64, \"aarch64\", \"linux\"): linux_aarch64,\n (32, \"arm\", \"linux\"): linux_arm,\n (32, \"thumb\", \"linux\"): linux_arm,\n (32, \"mips\", \"linux\"): linux_mips,\n (64, \"mips\", \"linux\"): linux_mips64,\n (32, \"powerpc\", \"linux\"): linux_ppc,\n (64, \"powerpc\", \"linux\"): linux_ppc64,\n (32, \"rv32\", \"linux\"): linux_riscv32,\n (64, \"rv64\", \"linux\"): linux_riscv64,\n}\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SYSCALL_ABIS","title":"SYSCALL_ABIS module-attribute","text":"SYSCALL_ABIS: dict[tuple[int, str, str], SyscallABI] = {\n (32, \"i386\", \"linux\"): linux_i386_syscall,\n (64, \"x86-64\", \"linux\"): linux_amd64_syscall,\n (64, \"aarch64\", \"linux\"): linux_aarch64_syscall,\n (32, \"arm\", \"linux\"): linux_arm_syscall,\n (32, \"thumb\", \"linux\"): linux_arm_syscall,\n (32, \"mips\", \"linux\"): linux_mips_syscall,\n (64, \"mips\", \"linux\"): linux_mips64_syscall,\n (32, \"powerpc\", \"linux\"): linux_ppc_syscall,\n (64, \"powerpc\", \"linux\"): linux_ppc64_syscall,\n (32, \"rv32\", \"linux\"): linux_riscv32_syscall,\n (64, \"rv64\", \"linux\"): linux_riscv64_syscall,\n}\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SIGRETURN_ABIS","title":"SIGRETURN_ABIS module-attribute","text":"SIGRETURN_ABIS: dict[tuple[int, str, str], SigreturnABI] = {\n (32, \"i386\", \"linux\"): linux_i386_sigreturn,\n (64, \"x86-64\", \"linux\"): linux_amd64_sigreturn,\n (32, \"arm\", \"linux\"): linux_arm_sigreturn,\n (32, \"thumb\", \"linux\"): linux_arm_sigreturn,\n}\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI","title":"ABI","text":"ABI(regs: list[str], align: int, minimum: int)\n
Encapsulates information about a calling convention.
Attributes:
-
returns \u2013 -
register_arguments (list[str]) \u2013 -
arg_alignment \u2013 -
stack_minimum \u2013
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.returns","title":"returns class-attribute instance-attribute","text":"returns = True\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.register_arguments","title":"register_arguments class-attribute instance-attribute","text":"register_arguments: list[str] = regs\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.arg_alignment","title":"arg_alignment class-attribute instance-attribute","text":"arg_alignment = align\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.ABI.stack_minimum","title":"stack_minimum class-attribute instance-attribute","text":"stack_minimum = minimum\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI","title":"SyscallABI","text":"SyscallABI(register_arguments: list[str], *a: Any, **kw: Any)\n
Bases: ABI
The syscall ABI treats the syscall number as the zeroth argument, which must be loaded into the specified register.
Attributes:
-
syscall_register \u2013 -
register_arguments (list[str]) \u2013 -
arg_alignment \u2013 -
stack_minimum \u2013 -
returns \u2013
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.syscall_register","title":"syscall_register instance-attribute","text":"syscall_register = pop(0)\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.register_arguments","title":"register_arguments class-attribute instance-attribute","text":"register_arguments: list[str] = regs\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.arg_alignment","title":"arg_alignment class-attribute instance-attribute","text":"arg_alignment = align\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.stack_minimum","title":"stack_minimum class-attribute instance-attribute","text":"stack_minimum = minimum\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SyscallABI.returns","title":"returns class-attribute instance-attribute","text":"returns = True\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI","title":"SigreturnABI","text":"SigreturnABI(register_arguments: list[str], *a: Any, **kw: Any)\n
Bases: SyscallABI
The sigreturn ABI is similar to the syscall ABI, except that both PC and SP are loaded from the stack. Because of this, there is no 'return' slot necessary on the stack.
Attributes:
-
returns \u2013 -
register_arguments (list[str]) \u2013 -
arg_alignment \u2013 -
stack_minimum \u2013 -
syscall_register \u2013
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.returns","title":"returns class-attribute instance-attribute","text":"returns = False\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.register_arguments","title":"register_arguments class-attribute instance-attribute","text":"register_arguments: list[str] = regs\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.arg_alignment","title":"arg_alignment class-attribute instance-attribute","text":"arg_alignment = align\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.stack_minimum","title":"stack_minimum class-attribute instance-attribute","text":"stack_minimum = minimum\n
"},{"location":"reference/pwndbg/lib/abi/#pwndbg.lib.abi.SigreturnABI.syscall_register","title":"syscall_register instance-attribute","text":"syscall_register = pop(0)\n
"},{"location":"reference/pwndbg/lib/android/","title":"pwndbg.lib.android","text":""},{"location":"reference/pwndbg/lib/android/#pwndbg.lib.android","title":"android","text":"Functions:
Attributes:
"},{"location":"reference/pwndbg/lib/android/#pwndbg.lib.android.KNOWN_AIDS","title":"KNOWN_AIDS module-attribute","text":"KNOWN_AIDS = {\n 0: \"AID_ROOT\",\n 1000: \"AID_SYSTEM\",\n 1001: \"AID_RADIO\",\n 1002: \"AID_BLUETOOTH\",\n 1003: \"AID_GRAPHICS\",\n 1004: \"AID_INPUT\",\n 1005: \"AID_AUDIO\",\n 1006: \"AID_CAMERA\",\n 1007: \"AID_LOG\",\n 1008: \"AID_COMPASS\",\n 1009: \"AID_MOUNT\",\n 1010: \"AID_WIFI\",\n 1011: \"AID_ADB\",\n 1012: \"AID_INSTALL\",\n 1013: \"AID_MEDIA\",\n 1014: \"AID_DHCP\",\n 1015: \"AID_SDCARD_RW\",\n 1016: \"AID_VPN\",\n 1017: \"AID_KEYSTORE\",\n 1018: \"AID_USB\",\n 1019: \"AID_DRM\",\n 1020: \"AID_MDNSR\",\n 1021: \"AID_GPS\",\n 1022: \"AID_UNUSED1\",\n 1023: \"AID_MEDIA_RW\",\n 1024: \"AID_MTP\",\n 1025: \"AID_UNUSED2\",\n 1026: \"AID_DRMRPC\",\n 1027: \"AID_NFC\",\n 1028: \"AID_SDCARD_R\",\n 1029: \"AID_CLAT\",\n 1030: \"AID_LOOP_RADIO\",\n 1031: \"AID_MEDIA_DRM\",\n 1032: \"AID_PACKAGE_INFO\",\n 1033: \"AID_SDCARD_PICS\",\n 1034: \"AID_SDCARD_AV\",\n 1035: \"AID_SDCARD_ALL\",\n 1036: \"AID_LOGD\",\n 1037: \"AID_SHARED_RELRO\",\n 1038: \"AID_DBUS\",\n 1039: \"AID_TLSDATE\",\n 1040: \"AID_MEDIA_EX\",\n 1041: \"AID_AUDIOSERVER\",\n 1042: \"AID_METRICS_COLL\",\n 1043: \"AID_METRICSD\",\n 1044: \"AID_WEBSERV\",\n 1045: \"AID_DEBUGGERD\",\n 1046: \"AID_MEDIA_CODEC\",\n 1047: \"AID_CAMERASERVER\",\n 1048: \"AID_FIREWALL\",\n 1049: \"AID_TRUNKS\",\n 1050: \"AID_NVRAM\",\n 2001: \"AID_CACHE\",\n 2002: \"AID_DIAG\",\n 2900: \"AID_OEM_RESERVED_START\",\n 2999: \"AID_OEM_RESERVED_END\",\n 3001: \"AID_NET_BT_ADMIN\",\n 3002: \"AID_NET_BT\",\n 3003: \"AID_INET\",\n 3004: \"AID_NET_RAW\",\n 3005: \"AID_NET_ADMIN\",\n 3006: \"AID_NET_BW_STATS\",\n 3007: \"AID_NET_BW_ACCT\",\n 3008: \"AID_NET_BT_STACK\",\n 3009: \"AID_READPROC\",\n 3010: \"AID_WAKELOCK\",\n 5000: \"AID_OEM_RESERVED_2_START\",\n 5999: \"AID_OEM_RESERVED_2_END\",\n 9997: \"AID_EVERYBODY\",\n 9998: \"AID_MISC\",\n 9999: \"AID_NOBODY\",\n 10000: \"AID_APP\",\n 50000: \"AID_SHARED_GID_START\",\n 59999: \"AID_SHARED_GID_END\",\n 99000: \"AID_ISOLATED_START\",\n 99999: \"AID_ISOLATED_END\",\n 100000: \"AID_USER\",\n}\n
"},{"location":"reference/pwndbg/lib/android/#pwndbg.lib.android.aid_name","title":"aid_name","text":"aid_name(uid: int) -> str\n
"},{"location":"reference/pwndbg/lib/arch/","title":"pwndbg.lib.arch","text":""},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch","title":"arch","text":"Classes:
-
Platform \u2013 -
ArchAttribute \u2013 -
ArchDefinition \u2013
Attributes:
-
PWNDBG_SUPPORTED_ARCHITECTURES_TYPE \u2013 -
PWNDBG_SUPPORTED_ARCHITECTURES (list[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE]) \u2013 -
PWNLIB_ARCH_MAPPINGS \u2013 -
PWNLIB_PLATFORM_MAPPINGS (dict[Platform, str]) \u2013
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.PWNDBG_SUPPORTED_ARCHITECTURES_TYPE","title":"PWNDBG_SUPPORTED_ARCHITECTURES_TYPE module-attribute","text":"PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = Literal[\n \"x86-64\",\n \"i386\",\n \"i8086\",\n \"mips\",\n \"aarch64\",\n \"arm\",\n \"armcm\",\n \"rv32\",\n \"rv64\",\n \"sparc\",\n \"powerpc\",\n \"loongarch64\",\n \"s390x\",\n]\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.PWNDBG_SUPPORTED_ARCHITECTURES","title":"PWNDBG_SUPPORTED_ARCHITECTURES module-attribute","text":"PWNDBG_SUPPORTED_ARCHITECTURES: list[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE] = (\n list(get_args(PWNDBG_SUPPORTED_ARCHITECTURES_TYPE))\n)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.PWNLIB_ARCH_MAPPINGS","title":"PWNLIB_ARCH_MAPPINGS module-attribute","text":"PWNLIB_ARCH_MAPPINGS = {\n \"x86-64\": \"amd64\",\n \"i386\": \"i386\",\n \"i8086\": \"none\",\n \"mips\": \"mips\",\n \"aarch64\": \"aarch64\",\n \"arm\": \"arm\",\n \"armcm\": \"thumb\",\n \"rv32\": \"riscv32\",\n \"rv64\": \"riscv64\",\n \"powerpc\": \"powerpc\",\n \"sparc\": \"sparc\",\n \"loongarch64\": \"none\",\n \"s390x\": \"s390\",\n}\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.PWNLIB_PLATFORM_MAPPINGS","title":"PWNLIB_PLATFORM_MAPPINGS module-attribute","text":"PWNLIB_PLATFORM_MAPPINGS: dict[Platform, str] = {\n LINUX: \"linux\",\n DARWIN: \"darwin\",\n}\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Platform","title":"Platform","text":" Bases: Enum
Attributes:
-
LINUX \u2013 -
DARWIN \u2013
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Platform.LINUX","title":"LINUX class-attribute instance-attribute","text":"LINUX = (auto(),)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.Platform.DARWIN","title":"DARWIN class-attribute instance-attribute","text":"DARWIN = (auto(),)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute","title":"ArchAttribute","text":"ArchAttribute(_, cs_mode)\n
Bases: Enum
Attributes:
-
MIPS_ISA_1 \u2013 -
MIPS_ISA_2 \u2013 -
MIPS_ISA_3 \u2013 -
MIPS_ISA_4 \u2013 -
MIPS_ISA_5 \u2013 -
MIPS_ISA_32 \u2013 -
MIPS_ISA_32R2 \u2013 -
MIPS_ISA_32R3 \u2013 -
MIPS_ISA_32R5 \u2013 -
MIPS_ISA_32R6 \u2013 -
MIPS_ISA_64 \u2013 -
MIPS_ISA_64R2 \u2013 -
MIPS_ISA_64R3 \u2013 -
MIPS_ISA_64R5 \u2013 -
MIPS_ISA_64R6 \u2013 -
MIPS_ISA_MICRO \u2013 -
MIPS_ISA_NANO \u2013 -
cs_mode \u2013
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_1","title":"MIPS_ISA_1 class-attribute instance-attribute","text":"MIPS_ISA_1 = (auto(), CS_MODE_MIPS1)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_2","title":"MIPS_ISA_2 class-attribute instance-attribute","text":"MIPS_ISA_2 = (auto(), CS_MODE_MIPS2)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_3","title":"MIPS_ISA_3 class-attribute instance-attribute","text":"MIPS_ISA_3 = (auto(), CS_MODE_MIPS3)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_4","title":"MIPS_ISA_4 class-attribute instance-attribute","text":"MIPS_ISA_4 = (auto(), CS_MODE_MIPS4)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_5","title":"MIPS_ISA_5 class-attribute instance-attribute","text":"MIPS_ISA_5 = (auto(), CS_MODE_MIPS5)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_32","title":"MIPS_ISA_32 class-attribute instance-attribute","text":"MIPS_ISA_32 = (auto(), CS_MODE_MIPS32)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_32R2","title":"MIPS_ISA_32R2 class-attribute instance-attribute","text":"MIPS_ISA_32R2 = (auto(), CS_MODE_MIPS32R2)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_32R3","title":"MIPS_ISA_32R3 class-attribute instance-attribute","text":"MIPS_ISA_32R3 = (auto(), CS_MODE_MIPS32R3)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_32R5","title":"MIPS_ISA_32R5 class-attribute instance-attribute","text":"MIPS_ISA_32R5 = (auto(), CS_MODE_MIPS32R5)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_32R6","title":"MIPS_ISA_32R6 class-attribute instance-attribute","text":"MIPS_ISA_32R6 = (auto(), CS_MODE_MIPS32R6)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_64","title":"MIPS_ISA_64 class-attribute instance-attribute","text":"MIPS_ISA_64 = (auto(), CS_MODE_MIPS64)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_64R2","title":"MIPS_ISA_64R2 class-attribute instance-attribute","text":"MIPS_ISA_64R2 = (auto(), CS_MODE_MIPS64R2)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_64R3","title":"MIPS_ISA_64R3 class-attribute instance-attribute","text":"MIPS_ISA_64R3 = (auto(), CS_MODE_MIPS64R3)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_64R5","title":"MIPS_ISA_64R5 class-attribute instance-attribute","text":"MIPS_ISA_64R5 = (auto(), CS_MODE_MIPS64R5)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_64R6","title":"MIPS_ISA_64R6 class-attribute instance-attribute","text":"MIPS_ISA_64R6 = (auto(), CS_MODE_MIPS64R6)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_MICRO","title":"MIPS_ISA_MICRO class-attribute instance-attribute","text":"MIPS_ISA_MICRO = (auto(), CS_MODE_MICRO)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.MIPS_ISA_NANO","title":"MIPS_ISA_NANO class-attribute instance-attribute","text":"MIPS_ISA_NANO = (auto(), CS_MODE_NANOMIPS)\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchAttribute.cs_mode","title":"cs_mode instance-attribute","text":"cs_mode = cs_mode\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition","title":"ArchDefinition dataclass","text":"ArchDefinition(\n name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE,\n ptrsize: int,\n endian: Literal[\"little\", \"big\"],\n platform: Platform,\n attributes: list[ArchAttribute] = list(),\n)\n
Attributes:
-
name (PWNDBG_SUPPORTED_ARCHITECTURES_TYPE) \u2013 -
ptrsize (int) \u2013 Pointer size in bytes
-
endian (Literal['little', 'big']) \u2013 -
platform (Platform) \u2013 -
attributes (list[ArchAttribute]) \u2013
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition.name","title":"name instance-attribute","text":"name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int\n
Pointer size in bytes
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition.endian","title":"endian instance-attribute","text":"endian: Literal['little', 'big']\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition.platform","title":"platform instance-attribute","text":"platform: Platform\n
"},{"location":"reference/pwndbg/lib/arch/#pwndbg.lib.arch.ArchDefinition.attributes","title":"attributes class-attribute instance-attribute","text":"attributes: list[ArchAttribute] = field(default_factory=list)\n
"},{"location":"reference/pwndbg/lib/cache/","title":"pwndbg.lib.cache","text":""},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache","title":"cache","text":"Caches return values until some event in the inferior happens, e.g. execution stops because of a SIGINT or breakpoint, or a new library/objfile are loaded, etc.
Classes:
Functions:
Attributes:
-
T \u2013 -
P \u2013 -
debug \u2013 -
debug_name \u2013 -
Cache \u2013 -
IS_CACHING \u2013 -
IS_CACHING_DISABLED_FOR (dict[str, bool]) \u2013
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.debug","title":"debug module-attribute","text":"debug = NO_DEBUG\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.debug_name","title":"debug_name module-attribute","text":"debug_name = 'regs'\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.Cache","title":"Cache module-attribute","text":"Cache = Union[Dict[Tuple[Any, ...], Any], DebugCacheDict]\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.IS_CACHING","title":"IS_CACHING module-attribute","text":"IS_CACHING = True\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.IS_CACHING_DISABLED_FOR","title":"IS_CACHING_DISABLED_FOR module-attribute","text":"IS_CACHING_DISABLED_FOR: dict[str, bool] = {\n \"stop\": False,\n \"exit\": False,\n \"objfile\": False,\n \"start\": False,\n \"cont\": False,\n \"thread\": False,\n \"prompt\": False,\n \"forever\": False,\n}\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict","title":"DebugCacheDict","text":"DebugCacheDict(func: Callable[P, T], *args: Any, **kwargs: Any)\n
Bases: UserDict
Methods:
-
__getitem__ \u2013 -
__setitem__ \u2013 -
clear \u2013
Attributes:
-
hits \u2013 -
misses \u2013 -
func \u2013 -
name \u2013
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.hits","title":"hits instance-attribute","text":"hits = 0\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.misses","title":"misses instance-attribute","text":"misses = 0\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.func","title":"func instance-attribute","text":"func = func\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.name","title":"name instance-attribute","text":"name = f'{split('.')[-1]}.{__name__}'\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.__getitem__","title":"__getitem__","text":"__getitem__(key: tuple[Any, ...]) -> Any\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.__setitem__","title":"__setitem__","text":"__setitem__(key: tuple[Any, ...], value: Any) -> None\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.DebugCacheDict.clear","title":"clear","text":"clear() -> None\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.connect_clear_caching_events","title":"connect_clear_caching_events","text":"connect_clear_caching_events(\n event_dicts: dict[str, tuple[Any, ...]], **kwargs: Any\n) -> None\n
Connect given debugger event hooks to correspoonding _CacheUntilEvent instances
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.cache_until","title":"cache_until","text":"cache_until(\n *event_names: str,\n) -> Callable[[Callable[P, T]], Callable[P, T]]\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.clear_caches","title":"clear_caches","text":"clear_caches() -> None\n
"},{"location":"reference/pwndbg/lib/cache/#pwndbg.lib.cache.clear_cache","title":"clear_cache","text":"clear_cache(cache_name: str) -> None\n
"},{"location":"reference/pwndbg/lib/common/","title":"pwndbg.lib.common","text":""},{"location":"reference/pwndbg/lib/common/#pwndbg.lib.common","title":"common","text":"Functions:
"},{"location":"reference/pwndbg/lib/common/#pwndbg.lib.common.hex2ptr_common","title":"hex2ptr_common","text":"hex2ptr_common(arg: str) -> int\n
Converts a hex string to a little-endian integer address.
"},{"location":"reference/pwndbg/lib/config/","title":"pwndbg.lib.config","text":""},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config","title":"config","text":"Classes:
-
Scope \u2013 -
Parameter \u2013 -
Config \u2013
Attributes:
-
T \u2013 -
PARAM_BOOLEAN \u2013 -
PARAM_AUTO_BOOLEAN \u2013 -
PARAM_INTEGER \u2013 -
PARAM_ZINTEGER \u2013 -
PARAM_UINTEGER \u2013 -
PARAM_ZUINTEGER \u2013 -
PARAM_ZUINTEGER_UNLIMITED \u2013 -
PARAM_STRING \u2013 -
PARAM_ENUM \u2013 -
PARAM_OPTIONAL_FILENAME \u2013 -
PARAM_CLASSES \u2013 -
HELP_DEFAULT_PREFIX \u2013 -
HELP_VALID_VALUES_PREFIX \u2013
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_BOOLEAN","title":"PARAM_BOOLEAN module-attribute","text":"PARAM_BOOLEAN = 0\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_AUTO_BOOLEAN","title":"PARAM_AUTO_BOOLEAN module-attribute","text":"PARAM_AUTO_BOOLEAN = 1\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_INTEGER","title":"PARAM_INTEGER module-attribute","text":"PARAM_INTEGER = 2\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ZINTEGER","title":"PARAM_ZINTEGER module-attribute","text":"PARAM_ZINTEGER = 3\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_UINTEGER","title":"PARAM_UINTEGER module-attribute","text":"PARAM_UINTEGER = 4\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ZUINTEGER","title":"PARAM_ZUINTEGER module-attribute","text":"PARAM_ZUINTEGER = 5\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ZUINTEGER_UNLIMITED","title":"PARAM_ZUINTEGER_UNLIMITED module-attribute","text":"PARAM_ZUINTEGER_UNLIMITED = 6\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_STRING","title":"PARAM_STRING module-attribute","text":"PARAM_STRING = 7\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_ENUM","title":"PARAM_ENUM module-attribute","text":"PARAM_ENUM = 8\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_OPTIONAL_FILENAME","title":"PARAM_OPTIONAL_FILENAME module-attribute","text":"PARAM_OPTIONAL_FILENAME = 9\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.PARAM_CLASSES","title":"PARAM_CLASSES module-attribute","text":"PARAM_CLASSES = {bool: PARAM_BOOLEAN, int: PARAM_ZINTEGER, str: PARAM_STRING}\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.HELP_DEFAULT_PREFIX","title":"HELP_DEFAULT_PREFIX module-attribute","text":"HELP_DEFAULT_PREFIX = 'Default:'\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.HELP_VALID_VALUES_PREFIX","title":"HELP_VALID_VALUES_PREFIX module-attribute","text":"HELP_VALID_VALUES_PREFIX = 'Valid values:'\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Scope","title":"Scope","text":" Bases: Enum
Attributes:
-
config \u2013 -
theme \u2013 -
heap \u2013
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Scope.config","title":"config class-attribute instance-attribute","text":"config = 1\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Scope.theme","title":"theme class-attribute instance-attribute","text":"theme = 2\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Scope.heap","title":"heap class-attribute instance-attribute","text":"heap = 3\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter","title":"Parameter","text":"Parameter(\n name: str,\n default: Any,\n set_show_doc: str,\n *,\n help_docstring: str = \"\",\n param_class: int | None = None,\n enum_sequence: Sequence[str] | None = None,\n scope: Scope = config,\n)\n
Methods:
-
add_update_listener \u2013 -
revert_default \u2013 -
attr_name \u2013 Returns the attribute name associated with this config option,
-
__getattr__ \u2013 -
pretty_val \u2013 Convert a value this object could contain to its pretty string representation.
-
pretty \u2013 -
pretty_default \u2013 -
__int__ \u2013 -
__str__ \u2013 -
__bool__ \u2013 -
__eq__ \u2013 -
__lt__ \u2013 -
__add__ \u2013 -
__radd__ \u2013 -
__sub__ \u2013 -
__rsub__ \u2013 -
__mul__ \u2013 -
__rmul__ \u2013 -
__div__ \u2013 -
__floordiv__ \u2013 -
__pow__ \u2013 -
__mod__ \u2013 -
__len__ \u2013
Attributes:
-
name \u2013 -
default \u2013 -
param_class \u2013 -
set_show_doc \u2013 -
help_docstring \u2013 -
enum_sequence \u2013 -
scope \u2013 -
update_listeners (list[Callable[[Any], None]]) \u2013 -
value (Any) \u2013 -
is_changed (bool) \u2013
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.name","title":"name instance-attribute","text":"name = name\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.default","title":"default instance-attribute","text":"default = default\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.param_class","title":"param_class instance-attribute","text":"param_class = param_class or PARAM_CLASSES[type(default)]\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.set_show_doc","title":"set_show_doc instance-attribute","text":"set_show_doc = set_show_doc\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.help_docstring","title":"help_docstring instance-attribute","text":"help_docstring = help_docstring\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.enum_sequence","title":"enum_sequence instance-attribute","text":"enum_sequence = enum_sequence\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.scope","title":"scope instance-attribute","text":"scope = scope\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.update_listeners","title":"update_listeners instance-attribute","text":"update_listeners: list[Callable[[Any], None]] = []\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.value","title":"value property writable","text":"value: Any\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.is_changed","title":"is_changed property","text":"is_changed: bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.add_update_listener","title":"add_update_listener","text":"add_update_listener(listener: Callable[[Any], None]) -> None\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.revert_default","title":"revert_default","text":"revert_default() -> None\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.attr_name","title":"attr_name","text":"attr_name() -> str\n
Returns the attribute name associated with this config option, i.e. my-config has the attribute name my_config
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.pretty_val","title":"pretty_val","text":"pretty_val(val: Any) -> str\n
Convert a value this object could contain to its pretty string representation.
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.pretty","title":"pretty","text":"pretty() -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.pretty_default","title":"pretty_default","text":"pretty_default() -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__int__","title":"__int__","text":"__int__() -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__bool__","title":"__bool__","text":"__bool__() -> bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__eq__","title":"__eq__","text":"__eq__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__lt__","title":"__lt__","text":"__lt__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__add__","title":"__add__","text":"__add__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__radd__","title":"__radd__","text":"__radd__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__sub__","title":"__sub__","text":"__sub__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__rsub__","title":"__rsub__","text":"__rsub__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__mul__","title":"__mul__","text":"__mul__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__rmul__","title":"__rmul__","text":"__rmul__(other: int) -> str\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__div__","title":"__div__","text":"__div__(other: float) -> float\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__floordiv__","title":"__floordiv__","text":"__floordiv__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__pow__","title":"__pow__","text":"__pow__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__mod__","title":"__mod__","text":"__mod__(other: int) -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Parameter.__len__","title":"__len__","text":"__len__() -> int\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config","title":"Config","text":"Config()\n
Methods:
-
add_param \u2013 -
add_param_obj \u2013 -
trigger \u2013 -
get_params \u2013 -
__getattr__ \u2013 -
__setattr__ \u2013
Attributes:
-
params (dict[str, Parameter]) \u2013 -
triggers (DefaultDict[str, list[Callable[..., Any]]]) \u2013
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.params","title":"params instance-attribute","text":"params: dict[str, Parameter] = {}\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.triggers","title":"triggers instance-attribute","text":"triggers: DefaultDict[str, list[Callable[..., Any]]] = defaultdict(list)\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.add_param","title":"add_param","text":"add_param(\n name: str,\n default: Any,\n set_show_doc: str,\n *,\n help_docstring: str = \"\",\n param_class: int | None = None,\n enum_sequence: Sequence[str] | None = None,\n scope: Scope = config,\n) -> Parameter\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.add_param_obj","title":"add_param_obj","text":"add_param_obj(p: Parameter) -> Parameter\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.trigger","title":"trigger","text":"trigger(*params: Parameter) -> Callable[[Callable[..., T]], Callable[..., T]]\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.get_params","title":"get_params","text":"get_params(scope: Scope) -> list[Parameter]\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.__getattr__","title":"__getattr__","text":"__getattr__(name: str) -> Parameter\n
"},{"location":"reference/pwndbg/lib/config/#pwndbg.lib.config.Config.__setattr__","title":"__setattr__","text":"__setattr__(attr, val)\n
"},{"location":"reference/pwndbg/lib/disasm/","title":"pwndbg.lib.disasm","text":""},{"location":"reference/pwndbg/lib/disasm/#pwndbg.lib.disasm","title":"disasm","text":"Modules:
"},{"location":"reference/pwndbg/lib/disasm/helpers/","title":"pwndbg.lib.disasm.helpers","text":""},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers","title":"helpers","text":"Functions:
-
to_signed \u2013 Returns the signed number associated with the two's-complement binary representation of unsigned
-
logical_shift_left \u2013 -
logical_shift_right \u2013 n is truncated to the width of bit_width before the operation takes place.
-
rotate_right \u2013 n is truncated to the width of bit_width before the operation takes place.
-
arithmetic_shift_right \u2013 This returns the value represented by the two's-complement binary representation of the final result.
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.to_signed","title":"to_signed","text":"to_signed(unsigned: int, bit_width: int)\n
Returns the signed number associated with the two's-complement binary representation of unsigned
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.logical_shift_left","title":"logical_shift_left","text":"logical_shift_left(n: int, shift_amt: int, bit_width: int)\n
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.logical_shift_right","title":"logical_shift_right","text":"logical_shift_right(n: int, shift_amt: int, bit_width: int)\n
n is truncated to the width of bit_width before the operation takes place.
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.rotate_right","title":"rotate_right","text":"rotate_right(n: int, shift_amt: int, bit_width: int)\n
n is truncated to the width of bit_width before the operation takes place.
"},{"location":"reference/pwndbg/lib/disasm/helpers/#pwndbg.lib.disasm.helpers.arithmetic_shift_right","title":"arithmetic_shift_right","text":"arithmetic_shift_right(n: int, shift_amt: int, bit_width: int)\n
This returns the value represented by the two's-complement binary representation of the final result. This means the result could be negative (if the top bit of the input is negative)
n is truncated to the width of bit_width before the operation takes place.
"},{"location":"reference/pwndbg/lib/elftypes/","title":"pwndbg.lib.elftypes","text":""},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes","title":"elftypes","text":"Classes:
-
constants \u2013 -
Elf32_Ehdr \u2013 -
Elf64_Ehdr \u2013 -
Elf32_Phdr \u2013 -
Elf64_Phdr \u2013 -
AUXV \u2013
Attributes:
-
Elf32_Addr \u2013 -
Elf32_Half \u2013 -
Elf32_Off \u2013 -
Elf32_Sword \u2013 -
Elf32_Word \u2013 -
Elf64_Addr \u2013 -
Elf64_Half \u2013 -
Elf64_SHalf \u2013 -
Elf64_Off \u2013 -
Elf64_Sword \u2013 -
Elf64_Word \u2013 -
Elf64_Xword \u2013 -
Elf64_Sxword \u2013 -
AT_CONSTANTS (dict[int, str]) \u2013 -
AT_CONSTANT_NAMES \u2013
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Addr","title":"Elf32_Addr module-attribute","text":"Elf32_Addr = c_uint32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Half","title":"Elf32_Half module-attribute","text":"Elf32_Half = c_uint16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Off","title":"Elf32_Off module-attribute","text":"Elf32_Off = c_uint32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Sword","title":"Elf32_Sword module-attribute","text":"Elf32_Sword = c_int32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Word","title":"Elf32_Word module-attribute","text":"Elf32_Word = c_uint32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Addr","title":"Elf64_Addr module-attribute","text":"Elf64_Addr = c_uint64\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Half","title":"Elf64_Half module-attribute","text":"Elf64_Half = c_uint16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_SHalf","title":"Elf64_SHalf module-attribute","text":"Elf64_SHalf = c_int16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Off","title":"Elf64_Off module-attribute","text":"Elf64_Off = c_uint64\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Sword","title":"Elf64_Sword module-attribute","text":"Elf64_Sword = c_int32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Word","title":"Elf64_Word module-attribute","text":"Elf64_Word = c_uint32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Xword","title":"Elf64_Xword module-attribute","text":"Elf64_Xword = c_uint64\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Sxword","title":"Elf64_Sxword module-attribute","text":"Elf64_Sxword = c_int64\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AT_CONSTANTS","title":"AT_CONSTANTS module-attribute","text":"AT_CONSTANTS: dict[int, str] = {\n 0: \"AT_NULL\",\n 1: \"AT_IGNORE\",\n 2: \"AT_EXECFD\",\n 3: \"AT_PHDR\",\n 4: \"AT_PHENT\",\n 5: \"AT_PHNUM\",\n 6: \"AT_PAGESZ\",\n 7: \"AT_BASE\",\n 8: \"AT_FLAGS\",\n 9: \"AT_ENTRY\",\n 10: \"AT_NOTELF\",\n 11: \"AT_UID\",\n 12: \"AT_EUID\",\n 13: \"AT_GID\",\n 14: \"AT_EGID\",\n 15: \"AT_PLATFORM\",\n 16: \"AT_HWCAP\",\n 17: \"AT_CLKTCK\",\n 18: \"AT_FPUCW\",\n 19: \"AT_DCACHEBSIZE\",\n 20: \"AT_ICACHEBSIZE\",\n 21: \"AT_UCACHEBSIZE\",\n 22: \"AT_IGNOREPPC\",\n 23: \"AT_SECURE\",\n 24: \"AT_BASE_PLATFORM\",\n 25: \"AT_RANDOM\",\n 26: \"AT_HWCAP2\",\n 27: \"AT_RSEQ_FEATURE_SIZE\",\n 28: \"AT_RSEQ_ALIGN\",\n 29: \"AT_HWCAP3\",\n 30: \"AT_HWCAP4\",\n 31: \"AT_EXECFN\",\n 32: \"AT_SYSINFO\",\n 33: \"AT_SYSINFO_EHDR\",\n 34: \"AT_L1I_CACHESHAPE\",\n 35: \"AT_L1D_CACHESHAPE\",\n 36: \"AT_L2_CACHESHAPE\",\n 37: \"AT_L3_CACHESHAPE\",\n 40: \"AT_L1I_CACHESIZE\",\n 41: \"AT_L1I_CACHEGEOMETRY\",\n 42: \"AT_L1D_CACHESIZE\",\n 43: \"AT_L1D_CACHEGEOMETRY\",\n 44: \"AT_L2_CACHESIZE\",\n 45: \"AT_L2_CACHEGEOMETRY\",\n 46: \"AT_L3_CACHESIZE\",\n 47: \"AT_L3_CACHEGEOMETRY\",\n 51: \"AT_MINSIGSTKSZ\",\n}\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AT_CONSTANT_NAMES","title":"AT_CONSTANT_NAMES module-attribute","text":"AT_CONSTANT_NAMES = {v: _qfor (k, v) in items()}\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants","title":"constants","text":"Attributes:
-
EI_MAG0 \u2013 -
EI_MAG1 \u2013 -
EI_MAG2 \u2013 -
EI_MAG3 \u2013 -
EI_CLASS \u2013 -
EI_DATA \u2013 -
EI_VERSION \u2013 -
EI_OSABI \u2013 -
EI_ABIVERSION \u2013 -
EI_PAD \u2013 -
EI_NIDENT \u2013 -
ELFMAG0 \u2013 -
ELFMAG1 \u2013 -
ELFMAG2 \u2013 -
ELFMAG3 \u2013 -
ELFCLASSNONE \u2013 -
ELFCLASS32 \u2013 -
ELFCLASS64 \u2013 -
ELFDATANONE \u2013 -
ELFDATA2LSB \u2013 -
ELFDATA2MSB \u2013 -
PT_NULL \u2013 -
PT_LOAD \u2013 -
PT_DYNAMIC \u2013 -
PT_INTERP \u2013 -
PT_NOTE \u2013 -
PT_SHLIB \u2013 -
PT_PHDR \u2013 -
PT_TLS \u2013 -
ET_NONE \u2013 -
ET_REL \u2013 -
ET_EXEC \u2013 -
ET_DYN \u2013 -
ET_CORE \u2013 -
DT_NULL \u2013 -
DT_NEEDED \u2013 -
DT_PLTRELSZ \u2013 -
DT_PLTGOT \u2013 -
DT_HASH \u2013 -
DT_STRTAB \u2013 -
DT_SYMTAB \u2013 -
DT_RELA \u2013 -
DT_RELASZ \u2013 -
DT_RELAENT \u2013 -
DT_STRSZ \u2013 -
DT_SYMENT \u2013 -
DT_INIT \u2013 -
DT_FINI \u2013 -
DT_SONAME \u2013 -
DT_RPATH \u2013 -
DT_SYMBOLIC \u2013 -
DT_REL \u2013 -
DT_RELSZ \u2013 -
DT_RELENT \u2013 -
DT_PLTREL \u2013 -
DT_DEBUG \u2013 -
DT_TEXTREL \u2013 -
DT_JMPREL \u2013 -
DT_ENCODING \u2013 -
SHT_NULL \u2013 -
SHT_PROGBITS \u2013 -
SHT_SYMTAB \u2013 -
SHT_STRTAB \u2013 -
SHT_RELA \u2013 -
SHT_HASH \u2013 -
SHT_DYNAMIC \u2013 -
SHT_NOTE \u2013 -
SHT_NOBITS \u2013 -
SHT_REL \u2013 -
SHT_SHLIB \u2013 -
SHT_DYNSYM \u2013 -
SHT_NUM \u2013 -
STT_NOTYPE \u2013 -
STT_OBJECT \u2013 -
STT_FUNC \u2013 -
STT_SECTION \u2013 -
STT_FILE \u2013 -
STT_COMMON \u2013 -
STT_TLS \u2013 -
NT_PRSTATUS \u2013 -
NT_PRFPREG \u2013 -
NT_PRPSINFO \u2013 -
NT_TASKSTRUCT \u2013 -
NT_AUXV \u2013 -
NT_SIGINFO \u2013 -
NT_FILE \u2013 -
NT_PRXFPREG \u2013 -
NT_PPC_VMX \u2013 -
NT_PPC_SPE \u2013 -
NT_PPC_VSX \u2013 -
NT_386_TLS \u2013 -
NT_386_IOPERM \u2013 -
NT_X86_XSTATE \u2013 -
NT_S390_HIGH_GPRS \u2013 -
NT_S390_TIMER \u2013 -
NT_S390_TODCMP \u2013 -
NT_S390_TODPREG \u2013 -
NT_S390_CTRS \u2013 -
NT_S390_PREFIX \u2013 -
NT_S390_LAST_BREAK \u2013 -
NT_S390_SYSTEM_CALL \u2013 -
NT_S390_TDB \u2013 -
NT_ARM_VFP \u2013 -
NT_ARM_TLS \u2013 -
NT_ARM_HW_BREAK \u2013 -
NT_ARM_HW_WATCH \u2013 -
NT_METAG_CBUF \u2013 -
NT_METAG_RPIPE \u2013 -
NT_METAG_TLS \u2013 -
AT_NULL \u2013 -
AT_IGNORE \u2013 -
AT_EXECFD \u2013 -
AT_PHDR \u2013 -
AT_PHENT \u2013 -
AT_PHNUM \u2013 -
AT_PAGESZ \u2013 -
AT_BASE \u2013 -
AT_FLAGS \u2013 -
AT_ENTRY \u2013 -
AT_NOTELF \u2013 -
AT_UID \u2013 -
AT_EUID \u2013 -
AT_GID \u2013 -
AT_EGID \u2013 -
AT_PLATFORM \u2013 -
AT_HWCAP \u2013 -
AT_CLKTCK \u2013 -
AT_FPUCW \u2013 -
AT_DCACHEBSIZE \u2013 -
AT_ICACHEBSIZE \u2013 -
AT_UCACHEBSIZE \u2013 -
AT_IGNOREPPC \u2013 -
AT_SECURE \u2013 -
AT_BASE_PLATFORM \u2013 -
AT_RANDOM \u2013 -
AT_EXECFN \u2013 -
AT_SYSINFO \u2013 -
AT_SYSINFO_EHDR \u2013 -
AT_L1I_CACHESHAPE \u2013 -
AT_L1D_CACHESHAPE \u2013 -
AT_L2_CACHESHAPE \u2013 -
AT_L3_CACHESHAPE \u2013
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_MAG0","title":"EI_MAG0 class-attribute instance-attribute","text":"EI_MAG0 = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_MAG1","title":"EI_MAG1 class-attribute instance-attribute","text":"EI_MAG1 = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_MAG2","title":"EI_MAG2 class-attribute instance-attribute","text":"EI_MAG2 = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_MAG3","title":"EI_MAG3 class-attribute instance-attribute","text":"EI_MAG3 = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_CLASS","title":"EI_CLASS class-attribute instance-attribute","text":"EI_CLASS = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_DATA","title":"EI_DATA class-attribute instance-attribute","text":"EI_DATA = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_VERSION","title":"EI_VERSION class-attribute instance-attribute","text":"EI_VERSION = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_OSABI","title":"EI_OSABI class-attribute instance-attribute","text":"EI_OSABI = 7\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_ABIVERSION","title":"EI_ABIVERSION class-attribute instance-attribute","text":"EI_ABIVERSION = 8\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_PAD","title":"EI_PAD class-attribute instance-attribute","text":"EI_PAD = 9\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.EI_NIDENT","title":"EI_NIDENT class-attribute instance-attribute","text":"EI_NIDENT = 16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG0","title":"ELFMAG0 class-attribute instance-attribute","text":"ELFMAG0 = 127\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG1","title":"ELFMAG1 class-attribute instance-attribute","text":"ELFMAG1 = ord('E')\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG2","title":"ELFMAG2 class-attribute instance-attribute","text":"ELFMAG2 = ord('L')\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFMAG3","title":"ELFMAG3 class-attribute instance-attribute","text":"ELFMAG3 = ord('F')\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFCLASSNONE","title":"ELFCLASSNONE class-attribute instance-attribute","text":"ELFCLASSNONE = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFCLASS32","title":"ELFCLASS32 class-attribute instance-attribute","text":"ELFCLASS32 = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFCLASS64","title":"ELFCLASS64 class-attribute instance-attribute","text":"ELFCLASS64 = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFDATANONE","title":"ELFDATANONE class-attribute instance-attribute","text":"ELFDATANONE = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFDATA2LSB","title":"ELFDATA2LSB class-attribute instance-attribute","text":"ELFDATA2LSB = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ELFDATA2MSB","title":"ELFDATA2MSB class-attribute instance-attribute","text":"ELFDATA2MSB = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_NULL","title":"PT_NULL class-attribute instance-attribute","text":"PT_NULL = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_LOAD","title":"PT_LOAD class-attribute instance-attribute","text":"PT_LOAD = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_DYNAMIC","title":"PT_DYNAMIC class-attribute instance-attribute","text":"PT_DYNAMIC = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_INTERP","title":"PT_INTERP class-attribute instance-attribute","text":"PT_INTERP = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_NOTE","title":"PT_NOTE class-attribute instance-attribute","text":"PT_NOTE = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_SHLIB","title":"PT_SHLIB class-attribute instance-attribute","text":"PT_SHLIB = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_PHDR","title":"PT_PHDR class-attribute instance-attribute","text":"PT_PHDR = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.PT_TLS","title":"PT_TLS class-attribute instance-attribute","text":"PT_TLS = 7\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_NONE","title":"ET_NONE class-attribute instance-attribute","text":"ET_NONE = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_REL","title":"ET_REL class-attribute instance-attribute","text":"ET_REL = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_EXEC","title":"ET_EXEC class-attribute instance-attribute","text":"ET_EXEC = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_DYN","title":"ET_DYN class-attribute instance-attribute","text":"ET_DYN = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.ET_CORE","title":"ET_CORE class-attribute instance-attribute","text":"ET_CORE = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_NULL","title":"DT_NULL class-attribute instance-attribute","text":"DT_NULL = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_NEEDED","title":"DT_NEEDED class-attribute instance-attribute","text":"DT_NEEDED = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_PLTRELSZ","title":"DT_PLTRELSZ class-attribute instance-attribute","text":"DT_PLTRELSZ = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_PLTGOT","title":"DT_PLTGOT class-attribute instance-attribute","text":"DT_PLTGOT = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_HASH","title":"DT_HASH class-attribute instance-attribute","text":"DT_HASH = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_STRTAB","title":"DT_STRTAB class-attribute instance-attribute","text":"DT_STRTAB = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SYMTAB","title":"DT_SYMTAB class-attribute instance-attribute","text":"DT_SYMTAB = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELA","title":"DT_RELA class-attribute instance-attribute","text":"DT_RELA = 7\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELASZ","title":"DT_RELASZ class-attribute instance-attribute","text":"DT_RELASZ = 8\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELAENT","title":"DT_RELAENT class-attribute instance-attribute","text":"DT_RELAENT = 9\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_STRSZ","title":"DT_STRSZ class-attribute instance-attribute","text":"DT_STRSZ = 10\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SYMENT","title":"DT_SYMENT class-attribute instance-attribute","text":"DT_SYMENT = 11\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_INIT","title":"DT_INIT class-attribute instance-attribute","text":"DT_INIT = 12\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_FINI","title":"DT_FINI class-attribute instance-attribute","text":"DT_FINI = 13\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SONAME","title":"DT_SONAME class-attribute instance-attribute","text":"DT_SONAME = 14\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RPATH","title":"DT_RPATH class-attribute instance-attribute","text":"DT_RPATH = 15\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_SYMBOLIC","title":"DT_SYMBOLIC class-attribute instance-attribute","text":"DT_SYMBOLIC = 16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_REL","title":"DT_REL class-attribute instance-attribute","text":"DT_REL = 17\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELSZ","title":"DT_RELSZ class-attribute instance-attribute","text":"DT_RELSZ = 18\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_RELENT","title":"DT_RELENT class-attribute instance-attribute","text":"DT_RELENT = 19\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_PLTREL","title":"DT_PLTREL class-attribute instance-attribute","text":"DT_PLTREL = 20\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_DEBUG","title":"DT_DEBUG class-attribute instance-attribute","text":"DT_DEBUG = 21\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_TEXTREL","title":"DT_TEXTREL class-attribute instance-attribute","text":"DT_TEXTREL = 22\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_JMPREL","title":"DT_JMPREL class-attribute instance-attribute","text":"DT_JMPREL = 23\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.DT_ENCODING","title":"DT_ENCODING class-attribute instance-attribute","text":"DT_ENCODING = 32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NULL","title":"SHT_NULL class-attribute instance-attribute","text":"SHT_NULL = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_PROGBITS","title":"SHT_PROGBITS class-attribute instance-attribute","text":"SHT_PROGBITS = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_SYMTAB","title":"SHT_SYMTAB class-attribute instance-attribute","text":"SHT_SYMTAB = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_STRTAB","title":"SHT_STRTAB class-attribute instance-attribute","text":"SHT_STRTAB = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_RELA","title":"SHT_RELA class-attribute instance-attribute","text":"SHT_RELA = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_HASH","title":"SHT_HASH class-attribute instance-attribute","text":"SHT_HASH = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_DYNAMIC","title":"SHT_DYNAMIC class-attribute instance-attribute","text":"SHT_DYNAMIC = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NOTE","title":"SHT_NOTE class-attribute instance-attribute","text":"SHT_NOTE = 7\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NOBITS","title":"SHT_NOBITS class-attribute instance-attribute","text":"SHT_NOBITS = 8\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_REL","title":"SHT_REL class-attribute instance-attribute","text":"SHT_REL = 9\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_SHLIB","title":"SHT_SHLIB class-attribute instance-attribute","text":"SHT_SHLIB = 10\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_DYNSYM","title":"SHT_DYNSYM class-attribute instance-attribute","text":"SHT_DYNSYM = 11\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.SHT_NUM","title":"SHT_NUM class-attribute instance-attribute","text":"SHT_NUM = 12\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_NOTYPE","title":"STT_NOTYPE class-attribute instance-attribute","text":"STT_NOTYPE = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_OBJECT","title":"STT_OBJECT class-attribute instance-attribute","text":"STT_OBJECT = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_FUNC","title":"STT_FUNC class-attribute instance-attribute","text":"STT_FUNC = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_SECTION","title":"STT_SECTION class-attribute instance-attribute","text":"STT_SECTION = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_FILE","title":"STT_FILE class-attribute instance-attribute","text":"STT_FILE = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_COMMON","title":"STT_COMMON class-attribute instance-attribute","text":"STT_COMMON = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.STT_TLS","title":"STT_TLS class-attribute instance-attribute","text":"STT_TLS = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRSTATUS","title":"NT_PRSTATUS class-attribute instance-attribute","text":"NT_PRSTATUS = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRFPREG","title":"NT_PRFPREG class-attribute instance-attribute","text":"NT_PRFPREG = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRPSINFO","title":"NT_PRPSINFO class-attribute instance-attribute","text":"NT_PRPSINFO = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_TASKSTRUCT","title":"NT_TASKSTRUCT class-attribute instance-attribute","text":"NT_TASKSTRUCT = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_AUXV","title":"NT_AUXV class-attribute instance-attribute","text":"NT_AUXV = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_SIGINFO","title":"NT_SIGINFO class-attribute instance-attribute","text":"NT_SIGINFO = 1397311305\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_FILE","title":"NT_FILE class-attribute instance-attribute","text":"NT_FILE = 1179208773\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PRXFPREG","title":"NT_PRXFPREG class-attribute instance-attribute","text":"NT_PRXFPREG = 1189489535\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PPC_VMX","title":"NT_PPC_VMX class-attribute instance-attribute","text":"NT_PPC_VMX = 256\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PPC_SPE","title":"NT_PPC_SPE class-attribute instance-attribute","text":"NT_PPC_SPE = 257\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_PPC_VSX","title":"NT_PPC_VSX class-attribute instance-attribute","text":"NT_PPC_VSX = 258\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_386_TLS","title":"NT_386_TLS class-attribute instance-attribute","text":"NT_386_TLS = 512\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_386_IOPERM","title":"NT_386_IOPERM class-attribute instance-attribute","text":"NT_386_IOPERM = 513\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_X86_XSTATE","title":"NT_X86_XSTATE class-attribute instance-attribute","text":"NT_X86_XSTATE = 514\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_HIGH_GPRS","title":"NT_S390_HIGH_GPRS class-attribute instance-attribute","text":"NT_S390_HIGH_GPRS = 768\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TIMER","title":"NT_S390_TIMER class-attribute instance-attribute","text":"NT_S390_TIMER = 769\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TODCMP","title":"NT_S390_TODCMP class-attribute instance-attribute","text":"NT_S390_TODCMP = 770\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TODPREG","title":"NT_S390_TODPREG class-attribute instance-attribute","text":"NT_S390_TODPREG = 771\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_CTRS","title":"NT_S390_CTRS class-attribute instance-attribute","text":"NT_S390_CTRS = 772\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_PREFIX","title":"NT_S390_PREFIX class-attribute instance-attribute","text":"NT_S390_PREFIX = 773\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_LAST_BREAK","title":"NT_S390_LAST_BREAK class-attribute instance-attribute","text":"NT_S390_LAST_BREAK = 774\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_SYSTEM_CALL","title":"NT_S390_SYSTEM_CALL class-attribute instance-attribute","text":"NT_S390_SYSTEM_CALL = 775\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_S390_TDB","title":"NT_S390_TDB class-attribute instance-attribute","text":"NT_S390_TDB = 776\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_VFP","title":"NT_ARM_VFP class-attribute instance-attribute","text":"NT_ARM_VFP = 1024\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_TLS","title":"NT_ARM_TLS class-attribute instance-attribute","text":"NT_ARM_TLS = 1025\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_HW_BREAK","title":"NT_ARM_HW_BREAK class-attribute instance-attribute","text":"NT_ARM_HW_BREAK = 1026\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_ARM_HW_WATCH","title":"NT_ARM_HW_WATCH class-attribute instance-attribute","text":"NT_ARM_HW_WATCH = 1027\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_METAG_CBUF","title":"NT_METAG_CBUF class-attribute instance-attribute","text":"NT_METAG_CBUF = 1280\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_METAG_RPIPE","title":"NT_METAG_RPIPE class-attribute instance-attribute","text":"NT_METAG_RPIPE = 1281\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.NT_METAG_TLS","title":"NT_METAG_TLS class-attribute instance-attribute","text":"NT_METAG_TLS = 1282\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_NULL","title":"AT_NULL class-attribute instance-attribute","text":"AT_NULL = 0\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_IGNORE","title":"AT_IGNORE class-attribute instance-attribute","text":"AT_IGNORE = 1\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EXECFD","title":"AT_EXECFD class-attribute instance-attribute","text":"AT_EXECFD = 2\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PHDR","title":"AT_PHDR class-attribute instance-attribute","text":"AT_PHDR = 3\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PHENT","title":"AT_PHENT class-attribute instance-attribute","text":"AT_PHENT = 4\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PHNUM","title":"AT_PHNUM class-attribute instance-attribute","text":"AT_PHNUM = 5\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PAGESZ","title":"AT_PAGESZ class-attribute instance-attribute","text":"AT_PAGESZ = 6\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_BASE","title":"AT_BASE class-attribute instance-attribute","text":"AT_BASE = 7\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_FLAGS","title":"AT_FLAGS class-attribute instance-attribute","text":"AT_FLAGS = 8\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_ENTRY","title":"AT_ENTRY class-attribute instance-attribute","text":"AT_ENTRY = 9\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_NOTELF","title":"AT_NOTELF class-attribute instance-attribute","text":"AT_NOTELF = 10\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_UID","title":"AT_UID class-attribute instance-attribute","text":"AT_UID = 11\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EUID","title":"AT_EUID class-attribute instance-attribute","text":"AT_EUID = 12\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_GID","title":"AT_GID class-attribute instance-attribute","text":"AT_GID = 13\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EGID","title":"AT_EGID class-attribute instance-attribute","text":"AT_EGID = 14\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_PLATFORM","title":"AT_PLATFORM class-attribute instance-attribute","text":"AT_PLATFORM = 15\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_HWCAP","title":"AT_HWCAP class-attribute instance-attribute","text":"AT_HWCAP = 16\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_CLKTCK","title":"AT_CLKTCK class-attribute instance-attribute","text":"AT_CLKTCK = 17\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_FPUCW","title":"AT_FPUCW class-attribute instance-attribute","text":"AT_FPUCW = 18\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_DCACHEBSIZE","title":"AT_DCACHEBSIZE class-attribute instance-attribute","text":"AT_DCACHEBSIZE = 19\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_ICACHEBSIZE","title":"AT_ICACHEBSIZE class-attribute instance-attribute","text":"AT_ICACHEBSIZE = 20\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_UCACHEBSIZE","title":"AT_UCACHEBSIZE class-attribute instance-attribute","text":"AT_UCACHEBSIZE = 21\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_IGNOREPPC","title":"AT_IGNOREPPC class-attribute instance-attribute","text":"AT_IGNOREPPC = 22\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_SECURE","title":"AT_SECURE class-attribute instance-attribute","text":"AT_SECURE = 23\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_BASE_PLATFORM","title":"AT_BASE_PLATFORM class-attribute instance-attribute","text":"AT_BASE_PLATFORM = 24\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_RANDOM","title":"AT_RANDOM class-attribute instance-attribute","text":"AT_RANDOM = 25\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_EXECFN","title":"AT_EXECFN class-attribute instance-attribute","text":"AT_EXECFN = 31\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_SYSINFO","title":"AT_SYSINFO class-attribute instance-attribute","text":"AT_SYSINFO = 32\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_SYSINFO_EHDR","title":"AT_SYSINFO_EHDR class-attribute instance-attribute","text":"AT_SYSINFO_EHDR = 33\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L1I_CACHESHAPE","title":"AT_L1I_CACHESHAPE class-attribute instance-attribute","text":"AT_L1I_CACHESHAPE = 34\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L1D_CACHESHAPE","title":"AT_L1D_CACHESHAPE class-attribute instance-attribute","text":"AT_L1D_CACHESHAPE = 35\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L2_CACHESHAPE","title":"AT_L2_CACHESHAPE class-attribute instance-attribute","text":"AT_L2_CACHESHAPE = 36\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.constants.AT_L3_CACHESHAPE","title":"AT_L3_CACHESHAPE class-attribute instance-attribute","text":"AT_L3_CACHESHAPE = 37\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Ehdr","title":"Elf32_Ehdr","text":" Bases: Structure
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Ehdr","title":"Elf64_Ehdr","text":" Bases: Structure
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf32_Phdr","title":"Elf32_Phdr","text":" Bases: Structure
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.Elf64_Phdr","title":"Elf64_Phdr","text":" Bases: Structure
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV","title":"AUXV","text":" Bases: dict[str, int | str]
Methods:
-
set \u2013 -
__getattr__ \u2013 -
__str__ \u2013
Attributes:
-
AT_PHDR (int | None) \u2013 -
AT_BASE (int | None) \u2013 -
AT_PLATFORM (str | None) \u2013 -
AT_BASE_PLATFORM (str | None) \u2013 -
AT_ENTRY (int | None) \u2013 -
AT_RANDOM (int | None) \u2013 -
AT_EXECFN (str | None) \u2013 -
AT_SYSINFO (int | None) \u2013 -
AT_SYSINFO_EHDR (int | None) \u2013
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_PHDR","title":"AT_PHDR instance-attribute","text":"AT_PHDR: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_BASE","title":"AT_BASE instance-attribute","text":"AT_BASE: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_PLATFORM","title":"AT_PLATFORM instance-attribute","text":"AT_PLATFORM: str | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_BASE_PLATFORM","title":"AT_BASE_PLATFORM instance-attribute","text":"AT_BASE_PLATFORM: str | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_ENTRY","title":"AT_ENTRY instance-attribute","text":"AT_ENTRY: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_RANDOM","title":"AT_RANDOM instance-attribute","text":"AT_RANDOM: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_EXECFN","title":"AT_EXECFN instance-attribute","text":"AT_EXECFN: str | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_SYSINFO","title":"AT_SYSINFO instance-attribute","text":"AT_SYSINFO: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.AT_SYSINFO_EHDR","title":"AT_SYSINFO_EHDR instance-attribute","text":"AT_SYSINFO_EHDR: int | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.set","title":"set","text":"set(const: int, value: int) -> None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.__getattr__","title":"__getattr__","text":"__getattr__(attr: str) -> int | str | None\n
"},{"location":"reference/pwndbg/lib/elftypes/#pwndbg.lib.elftypes.AUXV.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/lib/exception/","title":"pwndbg.lib.exception","text":""},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception","title":"exception","text":"Classes:
-
IndentContextManager \u2013
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager","title":"IndentContextManager","text":"IndentContextManager()\n
Methods:
-
__enter__ \u2013 -
__exit__ \u2013 -
print \u2013 -
addr_hex \u2013 -
aux_hex \u2013 -
prefix \u2013
Attributes:
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.indent","title":"indent instance-attribute","text":"indent = 0\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.__enter__","title":"__enter__","text":"__enter__() -> None\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.__exit__","title":"__exit__","text":"__exit__(\n exc_type: type[BaseException] | None,\n exc_value: BaseException | None,\n exc_tb: TracebackType | None,\n) -> None\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.print","title":"print","text":"print(*a, **kw) -> None\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.addr_hex","title":"addr_hex","text":"addr_hex(val: int) -> str\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.aux_hex","title":"aux_hex","text":"aux_hex(val: int) -> str\n
"},{"location":"reference/pwndbg/lib/exception/#pwndbg.lib.exception.IndentContextManager.prefix","title":"prefix","text":"prefix(s: str)\n
"},{"location":"reference/pwndbg/lib/funcparser/","title":"pwndbg.lib.funcparser","text":""},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser","title":"funcparser","text":"Functions:
-
extractTypeAndName \u2013 -
Stringify \u2013 -
ExtractFuncDecl \u2013 -
ExtractAllFuncDecls \u2013 -
ExtractFuncDeclFromSource \u2013
Attributes:
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.CAstNode","title":"CAstNode module-attribute","text":"CAstNode = Union[\n EllipsisParam, PtrDecl, ArrayDecl, FuncDecl, Struct, Union, Enum\n]\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.extractTypeAndName","title":"extractTypeAndName","text":"extractTypeAndName(\n n: CAstNode, defaultName: str | None = None\n) -> tuple[str, int, str] | None\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.Stringify","title":"Stringify","text":"Stringify(X: Function | Argument) -> str\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.ExtractFuncDecl","title":"ExtractFuncDecl","text":"ExtractFuncDecl(node: CAstNode, verbose: bool = False) -> Function | None\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.ExtractAllFuncDecls","title":"ExtractAllFuncDecls","text":"ExtractAllFuncDecls(ast: CAstNode, verbose: bool = False)\n
"},{"location":"reference/pwndbg/lib/funcparser/#pwndbg.lib.funcparser.ExtractFuncDeclFromSource","title":"ExtractFuncDeclFromSource","text":"ExtractFuncDeclFromSource(source: str) -> Function | None\n
"},{"location":"reference/pwndbg/lib/functions/","title":"pwndbg.lib.functions","text":""},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions","title":"functions","text":"Classes:
-
Function \u2013 -
Argument \u2013 -
Flag \u2013 -
LazyFunctions \u2013
Functions:
-
format_flags_argument \u2013
Attributes:
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.functions","title":"functions module-attribute","text":"functions = LazyFunctions()\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function","title":"Function","text":" Bases: NamedTuple
Attributes:
-
type (str) \u2013 -
derefcnt (int) \u2013 -
name (str) \u2013 -
args (list[Argument]) \u2013
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function.type","title":"type instance-attribute","text":"type: str\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function.derefcnt","title":"derefcnt instance-attribute","text":"derefcnt: int\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Function.args","title":"args instance-attribute","text":"args: list[Argument]\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument","title":"Argument","text":" Bases: NamedTuple
Attributes:
-
type (str) \u2013 -
derefcnt (int) \u2013 -
name (str) \u2013 -
flags (tuple[Flag, ...] | None) \u2013
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument.type","title":"type instance-attribute","text":"type: str\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument.derefcnt","title":"derefcnt instance-attribute","text":"derefcnt: int\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Argument.flags","title":"flags class-attribute instance-attribute","text":"flags: tuple[Flag, ...] | None = None\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Flag","title":"Flag","text":" Bases: NamedTuple
Attributes:
-
value (int) \u2013 -
name (str) \u2013
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Flag.value","title":"value instance-attribute","text":"value: int\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.Flag.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.LazyFunctions","title":"LazyFunctions","text":"LazyFunctions(*args, **kw)\n
Bases: Mapping[str, Function]
Methods:
-
__getitem__ \u2013 -
__iter__ \u2013 -
__len__ \u2013
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.LazyFunctions.__getitem__","title":"__getitem__","text":"__getitem__(key)\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.LazyFunctions.__iter__","title":"__iter__","text":"__iter__()\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.LazyFunctions.__len__","title":"__len__","text":"__len__()\n
"},{"location":"reference/pwndbg/lib/functions/#pwndbg.lib.functions.format_flags_argument","title":"format_flags_argument","text":"format_flags_argument(flags: tuple[Flag, ...], value: int)\n
"},{"location":"reference/pwndbg/lib/functions_data/","title":"pwndbg.lib.functions_data","text":""},{"location":"reference/pwndbg/lib/functions_data/#pwndbg.lib.functions_data","title":"functions_data","text":"Functions:
"},{"location":"reference/pwndbg/lib/functions_data/#pwndbg.lib.functions_data.load_functions","title":"load_functions","text":"load_functions()\n
"},{"location":"reference/pwndbg/lib/gcc/","title":"pwndbg.lib.gcc","text":""},{"location":"reference/pwndbg/lib/gcc/#pwndbg.lib.gcc","title":"gcc","text":"Functions for determining the architecture-dependent path to GCC and any flags it should be executed with.
Functions:
Attributes:
"},{"location":"reference/pwndbg/lib/gcc/#pwndbg.lib.gcc.printed_message","title":"printed_message module-attribute","text":"printed_message = False\n
"},{"location":"reference/pwndbg/lib/gcc/#pwndbg.lib.gcc.which","title":"which","text":"which(arch: ArchDefinition) -> list[str]\n
"},{"location":"reference/pwndbg/lib/heap/","title":"pwndbg.lib.heap","text":""},{"location":"reference/pwndbg/lib/heap/#pwndbg.lib.heap","title":"heap","text":"Modules:
"},{"location":"reference/pwndbg/lib/heap/helpers/","title":"pwndbg.lib.heap.helpers","text":""},{"location":"reference/pwndbg/lib/heap/helpers/#pwndbg.lib.heap.helpers","title":"helpers","text":"Functions:
"},{"location":"reference/pwndbg/lib/heap/helpers/#pwndbg.lib.heap.helpers.find_fastbin_size","title":"find_fastbin_size","text":"find_fastbin_size(\n mem: bytes, max_size: int, step: int\n) -> Generator[int, None, None]\n
"},{"location":"reference/pwndbg/lib/kernel/","title":"pwndbg.lib.kernel","text":""},{"location":"reference/pwndbg/lib/kernel/#pwndbg.lib.kernel","title":"kernel","text":"Modules:
-
kconfig \u2013 -
structs \u2013
"},{"location":"reference/pwndbg/lib/kernel/kconfig/","title":"pwndbg.lib.kernel.kconfig","text":""},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig","title":"kconfig","text":"Classes:
Functions:
-
parse_config \u2013 -
parse_compresed_config \u2013 -
config_to_key \u2013
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig","title":"Kconfig","text":"Kconfig(compressed_config: bytes, *args: Any, **kwargs: Any)\n
Bases: UserDict
Methods:
-
get_key \u2013 -
__getitem__ \u2013 -
__contains__ \u2013 -
__getattr__ \u2013
Attributes:
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.data","title":"data instance-attribute","text":"data = parse_compresed_config(compressed_config)\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.get_key","title":"get_key","text":"get_key(name: str) -> str | None\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.__getitem__","title":"__getitem__","text":"__getitem__(name: str)\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.__contains__","title":"__contains__","text":"__contains__(name: object) -> bool\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.Kconfig.__getattr__","title":"__getattr__","text":"__getattr__(name: str)\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.parse_config","title":"parse_config","text":"parse_config(config_text: bytes) -> dict[str, str]\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.parse_compresed_config","title":"parse_compresed_config","text":"parse_compresed_config(compressed_config: bytes) -> dict[str, str]\n
"},{"location":"reference/pwndbg/lib/kernel/kconfig/#pwndbg.lib.kernel.kconfig.config_to_key","title":"config_to_key","text":"config_to_key(name: str) -> str\n
"},{"location":"reference/pwndbg/lib/kernel/structs/","title":"pwndbg.lib.kernel.structs","text":""},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs","title":"structs","text":"Classes:
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry","title":"IDTEntry","text":"IDTEntry(entry)\n
Represents an entry in the Interrupt Descriptor Table (IDT)
The IDTEntry class stores information about an IDT entry, including its index, offset, segment selector, descriptor privilege level (DPL), gate type, and interrupt stack table (IST) index.
https://wiki.osdev.org/Interrupt_Descriptor_Table
Attributes:
-
offset \u2013 -
segment \u2013 -
dpl \u2013 -
type \u2013 -
ist \u2013 -
present \u2013
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.offset","title":"offset instance-attribute","text":"offset = None\n
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.segment","title":"segment instance-attribute","text":"segment = None\n
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.dpl","title":"dpl instance-attribute","text":"dpl = None\n
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.type","title":"type instance-attribute","text":"type = None\n
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.ist","title":"ist instance-attribute","text":"ist = None\n
"},{"location":"reference/pwndbg/lib/kernel/structs/#pwndbg.lib.kernel.structs.IDTEntry.present","title":"present instance-attribute","text":"present = None\n
"},{"location":"reference/pwndbg/lib/memory/","title":"pwndbg.lib.memory","text":""},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory","title":"memory","text":"Reading, writing, and describing memory.
Classes:
Functions:
-
round_down \u2013 round_down(address, align) -> int
-
round_up \u2013 round_up(address, align) -> int
-
page_align \u2013 page_align(address) -> int
-
page_size_align \u2013 -
page_offset \u2013
Attributes:
-
PAGE_SIZE \u2013 -
PAGE_MASK \u2013 -
align_down \u2013 -
align_up \u2013
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.PAGE_SIZE","title":"PAGE_SIZE module-attribute","text":"PAGE_SIZE = 4096\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.PAGE_MASK","title":"PAGE_MASK module-attribute","text":"PAGE_MASK = ~PAGE_SIZE - 1\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.align_down","title":"align_down module-attribute","text":"align_down = round_down\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.align_up","title":"align_up module-attribute","text":"align_up = round_up\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page","title":"Page","text":"Page(start: int, size: int, flags: int, offset: int, objfile: str = '')\n
Represents the address space and page permissions of at least one page of memory.
Methods:
-
__str__ \u2013 -
__repr__ \u2013 -
__contains__ \u2013 -
__eq__ \u2013 -
__lt__ \u2013 -
__hash__ \u2013
Attributes:
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.vaddr","title":"vaddr class-attribute instance-attribute","text":"vaddr = start\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.memsz","title":"memsz class-attribute instance-attribute","text":"memsz = size\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.flags","title":"flags class-attribute instance-attribute","text":"flags = flags\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.offset","title":"offset class-attribute instance-attribute","text":"offset = offset\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.objfile","title":"objfile class-attribute instance-attribute","text":"objfile = objfile\n
Possible non-empty values of objfile: - Contains square brackets \"[]\" if it's not a memory mapped file. Examples: [stack], [vsyscall], [heap], [vdso] - A path to a file, such as /usr/lib/libc.so.6
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.start","title":"start property","text":"start: int\n
Mapping start address.
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.end","title":"end property","text":"end: int\n
Address beyond mapping. So the last effective address is self.end-1 It is the same as displayed in /proc//maps"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.is_stack","title":"is_stack property","text":"
is_stack: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.is_memory_mapped_file","title":"is_memory_mapped_file property","text":"is_memory_mapped_file: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.read","title":"read property","text":"read: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.write","title":"write property","text":"write: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.execute","title":"execute property","text":"execute: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.rw","title":"rw property","text":"rw: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.wx","title":"wx property","text":"wx: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.rwx","title":"rwx property","text":"rwx: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.is_guard","title":"is_guard property","text":"is_guard: bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.permstr","title":"permstr property","text":"permstr: str\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__repr__","title":"__repr__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__contains__","title":"__contains__","text":"__contains__(addr: int) -> bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__eq__","title":"__eq__","text":"__eq__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__lt__","title":"__lt__","text":"__lt__(other: object) -> bool\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.Page.__hash__","title":"__hash__","text":"__hash__() -> int\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.round_down","title":"round_down","text":"round_down(address: int, align: int) -> int\n
round_down(address, align) -> int
Round down address to the nearest increment of align.
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.round_up","title":"round_up","text":"round_up(address: int, align: int) -> int\n
round_up(address, align) -> int
Round up address to the nearest increment of align.
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.page_align","title":"page_align","text":"page_align(address: int) -> int\n
page_align(address) -> int
Round down address to the nearest page boundary.
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.page_size_align","title":"page_size_align","text":"page_size_align(address: int) -> int\n
"},{"location":"reference/pwndbg/lib/memory/#pwndbg.lib.memory.page_offset","title":"page_offset","text":"page_offset(address: int) -> int\n
"},{"location":"reference/pwndbg/lib/net/","title":"pwndbg.lib.net","text":""},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net","title":"net","text":"Re-implements some psutil functionality to be able to get information from remote debugging sessions.
Classes:
-
inode \u2013 -
Connection \u2013 -
UnixSocket \u2013 -
Netlink \u2013
Functions:
-
format_host_port \u2013 -
tcp \u2013 -
tcp6 \u2013 -
unix \u2013 -
netlink \u2013
Attributes:
-
TCP_STATUSES \u2013 -
NETLINK_TYPES \u2013
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.TCP_STATUSES","title":"TCP_STATUSES module-attribute","text":"TCP_STATUSES = {\n \"01\": \"established\",\n \"02\": \"syn_sent\",\n \"03\": \"syn_recv\",\n \"04\": \"fin_wait1\",\n \"05\": \"fin_wait2\",\n \"06\": \"time_wait\",\n \"07\": \"close\",\n \"08\": \"close_wait\",\n \"09\": \"last_ack\",\n \"0A\": \"listen\",\n \"0B\": \"closing\",\n}\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.NETLINK_TYPES","title":"NETLINK_TYPES module-attribute","text":"NETLINK_TYPES = {\n 0: \"NETLINK_ROUTE\",\n 1: \"NETLINK_UNUSED\",\n 2: \"NETLINK_USERSOCK\",\n 3: \"NETLINK_FIREWALL\",\n 4: \"NETLINK_SOCK_DIAG\",\n 5: \"NETLINK_NFLOG\",\n 6: \"NETLINK_XFRM\",\n 7: \"NETLINK_SELINUX\",\n 8: \"NETLINK_ISCSI\",\n 9: \"NETLINK_AUDIT\",\n 10: \"NETLINK_FIB_LOOKUP\",\n 11: \"NETLINK_CONNECTOR\",\n 12: \"NETLINK_NETFILTER\",\n 13: \"NETLINK_IP6_FW\",\n 14: \"NETLINK_DNRTMSG\",\n 15: \"NETLINK_KOBJECT_UEVENT\",\n 16: \"NETLINK_GENERIC\",\n 18: \"NETLINK_SCSITRANSPORT\",\n 19: \"NETLINK_ECRYPTFS\",\n 20: \"NETLINK_RDMA\",\n 21: \"NETLINK_CRYPTO\",\n}\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.inode","title":"inode","text":"Attributes:
-
inode (int | None) \u2013
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.inode.inode","title":"inode class-attribute instance-attribute","text":"inode: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection","title":"Connection","text":" Bases: inode
Methods:
-
__str__ \u2013 -
__repr__ \u2013
Attributes:
-
rhost (str | None) \u2013 -
lhost (str | None) \u2013 -
rport (int | None) \u2013 -
lport (int | None) \u2013 -
inode (int | None) \u2013 -
status (str | None) \u2013 -
family (str | None) \u2013
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.rhost","title":"rhost class-attribute instance-attribute","text":"rhost: str | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.lhost","title":"lhost class-attribute instance-attribute","text":"lhost: str | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.rport","title":"rport class-attribute instance-attribute","text":"rport: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.lport","title":"lport class-attribute instance-attribute","text":"lport: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.inode","title":"inode class-attribute instance-attribute","text":"inode: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.status","title":"status class-attribute instance-attribute","text":"status: str | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.family","title":"family class-attribute instance-attribute","text":"family: str | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Connection.__repr__","title":"__repr__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket","title":"UnixSocket","text":" Bases: inode
Methods:
-
__str__ \u2013 -
__repr__ \u2013
Attributes:
-
path \u2013 -
inode (int | None) \u2013
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket.path","title":"path class-attribute instance-attribute","text":"path = '(anonymous)'\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket.inode","title":"inode class-attribute instance-attribute","text":"inode: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.UnixSocket.__repr__","title":"__repr__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink","title":"Netlink","text":" Bases: inode
Methods:
-
__str__ \u2013 -
__repr__ \u2013
Attributes:
-
eth (int) \u2013 -
portid (int | None) \u2013 -
inode (int | None) \u2013
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.eth","title":"eth class-attribute instance-attribute","text":"eth: int = 0\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.portid","title":"portid class-attribute instance-attribute","text":"portid: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.inode","title":"inode class-attribute instance-attribute","text":"inode: int | None = None\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.__str__","title":"__str__","text":"__str__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.Netlink.__repr__","title":"__repr__","text":"__repr__() -> str\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.format_host_port","title":"format_host_port","text":"format_host_port(ip, port)\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.tcp","title":"tcp","text":"tcp(data: str) -> list[Connection]\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.tcp6","title":"tcp6","text":"tcp6(data: str) -> list[Connection]\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.unix","title":"unix","text":"unix(data: str) -> list[UnixSocket]\n
"},{"location":"reference/pwndbg/lib/net/#pwndbg.lib.net.netlink","title":"netlink","text":"netlink(data: str) -> list[Netlink]\n
"},{"location":"reference/pwndbg/lib/regs/","title":"pwndbg.lib.regs","text":""},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs","title":"regs","text":"Reading register value from the inferior, and provides a standardized interface to registers like \"sp\" and \"pc\".
Classes:
-
BitFlags \u2013 -
AddressingRegister \u2013 Represents a register that is used to store an address, e.g. cr3, gsbase, fsbase
-
SegmentRegisters \u2013 Represents the x86 segment register set
-
KernelRegisterSet \u2013 additional registers that are useful when pwning kernels
-
UnicornRegisterWrite \u2013 Represent a register to write to the Unicorn emulator.
-
Reg \u2013 -
RegisterSet \u2013 -
PsuedoEmulatedRegisterFile \u2013 This class represents a set of registers that can be written, read, and invalidated.
Attributes:
-
arm_cpsr_flags \u2013 -
arm_xpsr_flags \u2013 -
aarch64_cpsr_flags \u2013 -
aarch64_sctlr_flags \u2013 -
aarch64_scr_flags \u2013 -
arm \u2013 -
armcm \u2013 -
aarch64 \u2013 -
x86flags \u2013 -
amd64_kernel \u2013 -
amd64 \u2013 -
i386 \u2013 -
powerpc \u2013 -
sparc \u2013 -
mips \u2013 -
riscv \u2013 -
loongarch64 \u2013 -
s390x \u2013 -
reg_sets (dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, RegisterSet]) \u2013
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.arm_cpsr_flags","title":"arm_cpsr_flags module-attribute","text":"arm_cpsr_flags = BitFlags(\n [\n (\"N\", 31),\n (\"Z\", 30),\n (\"C\", 29),\n (\"V\", 28),\n (\"Q\", 27),\n (\"J\", 24),\n (\"T\", 5),\n (\"E\", 9),\n (\"A\", 8),\n (\"I\", 7),\n (\"F\", 6),\n ]\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.arm_xpsr_flags","title":"arm_xpsr_flags module-attribute","text":"arm_xpsr_flags = BitFlags(\n [(\"N\", 31), (\"Z\", 30), (\"C\", 29), (\"V\", 28), (\"Q\", 27), (\"T\", 24)]\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64_cpsr_flags","title":"aarch64_cpsr_flags module-attribute","text":"aarch64_cpsr_flags = BitFlags(\n [\n (\"N\", 31),\n (\"Z\", 30),\n (\"C\", 29),\n (\"V\", 28),\n (\"Q\", 27),\n (\"PAN\", 22),\n (\"IL\", 20),\n (\"D\", 9),\n (\"A\", 8),\n (\"I\", 7),\n (\"F\", 6),\n (\"EL\", (2, 2)),\n (\"SP\", 0),\n ]\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64_sctlr_flags","title":"aarch64_sctlr_flags module-attribute","text":"aarch64_sctlr_flags = BitFlags(\n [\n (\"TIDCP\", 63),\n (\"SPINTMASK\", 62),\n (\"NMI\", 61),\n (\"EPAN\", 57),\n (\"ATA0\", 43),\n (\"ATA0\", 42),\n (\"TCF\", (40, 2)),\n (\"TCF0\", (38, 2)),\n (\"ITFSB\", 37),\n (\"BT1\", 36),\n (\"BT0\", 35),\n (\"EnIA\", 31),\n (\"EnIB\", 30),\n (\"EnDA\", 27),\n (\"UCI\", 26),\n (\"EE\", 25),\n (\"E0E\", 24),\n (\"SPAN\", 23),\n (\"TSCXT\", 20),\n (\"WXN\", 19),\n (\"nTWE\", 18),\n (\"nTWI\", 16),\n (\"UCT\", 15),\n (\"DZE\", 14),\n (\"EnDB\", 13),\n (\"I\", 12),\n (\"UMA\", 9),\n (\"SED\", 8),\n (\"ITD\", 7),\n (\"nAA\", 6),\n (\"CP15BEN\", 5),\n (\"SA0\", 4),\n (\"SA\", 3),\n (\"C\", 2),\n (\"A\", 1),\n (\"M\", 0),\n ]\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64_scr_flags","title":"aarch64_scr_flags module-attribute","text":"aarch64_scr_flags = BitFlags(\n [(\"HCE\", 8), (\"SMD\", 7), (\"EA\", 3), (\"FIQ\", 2), (\"IRQ\", 1), (\"NS\", 0)]\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.arm","title":"arm module-attribute","text":"arm = RegisterSet(\n retaddr=(Reg(\"lr\", 4),),\n flags={\"cpsr\": arm_cpsr_flags},\n gpr=(\n Reg(\"r0\", 4),\n Reg(\"r1\", 4),\n Reg(\"r2\", 4),\n Reg(\"r3\", 4),\n Reg(\"r4\", 4),\n Reg(\"r5\", 4),\n Reg(\"r6\", 4),\n Reg(\"r7\", 4),\n Reg(\"r8\", 4),\n Reg(\"r9\", 4),\n Reg(\"r10\", 4),\n Reg(\"r11\", 4),\n Reg(\"r12\", 4),\n ),\n args=(\"r0\", \"r1\", \"r2\", \"r3\"),\n retval=\"r0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.armcm","title":"armcm module-attribute","text":"armcm = RegisterSet(\n retaddr=(Reg(\"lr\", 4),),\n flags={\"xpsr\": arm_xpsr_flags},\n gpr=(\n Reg(\"r0\", 4),\n Reg(\"r1\", 4),\n Reg(\"r2\", 4),\n Reg(\"r3\", 4),\n Reg(\"r4\", 4),\n Reg(\"r5\", 4),\n Reg(\"r6\", 4),\n Reg(\"r7\", 4),\n Reg(\"r8\", 4),\n Reg(\"r9\", 4),\n Reg(\"r10\", 4),\n Reg(\"r11\", 4),\n Reg(\"r12\", 4),\n ),\n args=(\"r0\", \"r1\", \"r2\", \"r3\"),\n retval=\"r0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.aarch64","title":"aarch64 module-attribute","text":"aarch64 = RegisterSet(\n retaddr=(Reg(\"lr\", 8),),\n flags={\"cpsr\": aarch64_cpsr_flags},\n extra_flags={\n \"scr_el3\": aarch64_scr_flags,\n \"sctlr\": aarch64_sctlr_flags,\n \"sctlr_el2\": aarch64_sctlr_flags,\n \"sctlr_el3\": aarch64_sctlr_flags,\n \"spsr_el1\": aarch64_cpsr_flags,\n \"spsr_el2\": aarch64_cpsr_flags,\n \"spsr_el3\": aarch64_cpsr_flags,\n },\n gpr=(\n Reg(\"x0\", 8, subregisters=(Reg(\"w0\", 4, zero_extend_writes=True),)),\n Reg(\"x1\", 8, subregisters=(Reg(\"w1\", 4, zero_extend_writes=True),)),\n Reg(\"x2\", 8, subregisters=(Reg(\"w2\", 4, zero_extend_writes=True),)),\n Reg(\"x3\", 8, subregisters=(Reg(\"w3\", 4, zero_extend_writes=True),)),\n Reg(\"x4\", 8, subregisters=(Reg(\"w4\", 4, zero_extend_writes=True),)),\n Reg(\"x5\", 8, subregisters=(Reg(\"w5\", 4, zero_extend_writes=True),)),\n Reg(\"x6\", 8, subregisters=(Reg(\"w6\", 4, zero_extend_writes=True),)),\n Reg(\"x7\", 8, subregisters=(Reg(\"w7\", 4, zero_extend_writes=True),)),\n Reg(\"x8\", 8, subregisters=(Reg(\"w8\", 4, zero_extend_writes=True),)),\n Reg(\"x9\", 8, subregisters=(Reg(\"w9\", 4, zero_extend_writes=True),)),\n Reg(\"x10\", 8, subregisters=(Reg(\"w10\", 4, zero_extend_writes=True),)),\n Reg(\"x11\", 8, subregisters=(Reg(\"w11\", 4, zero_extend_writes=True),)),\n Reg(\"x12\", 8, subregisters=(Reg(\"w12\", 4, zero_extend_writes=True),)),\n Reg(\"x13\", 8, subregisters=(Reg(\"w13\", 4, zero_extend_writes=True),)),\n Reg(\"x14\", 8, subregisters=(Reg(\"w14\", 4, zero_extend_writes=True),)),\n Reg(\"x15\", 8, subregisters=(Reg(\"w15\", 4, zero_extend_writes=True),)),\n Reg(\"x16\", 8, subregisters=(Reg(\"w16\", 4, zero_extend_writes=True),)),\n Reg(\"x17\", 8, subregisters=(Reg(\"w17\", 4, zero_extend_writes=True),)),\n Reg(\"x18\", 8, subregisters=(Reg(\"w18\", 4, zero_extend_writes=True),)),\n Reg(\"x19\", 8, subregisters=(Reg(\"w19\", 4, zero_extend_writes=True),)),\n Reg(\"x20\", 8, subregisters=(Reg(\"w20\", 4, zero_extend_writes=True),)),\n Reg(\"x21\", 8, subregisters=(Reg(\"w21\", 4, zero_extend_writes=True),)),\n Reg(\"x22\", 8, subregisters=(Reg(\"w22\", 4, zero_extend_writes=True),)),\n Reg(\"x23\", 8, subregisters=(Reg(\"w23\", 4, zero_extend_writes=True),)),\n Reg(\"x24\", 8, subregisters=(Reg(\"w24\", 4, zero_extend_writes=True),)),\n Reg(\"x25\", 8, subregisters=(Reg(\"w25\", 4, zero_extend_writes=True),)),\n Reg(\"x26\", 8, subregisters=(Reg(\"w26\", 4, zero_extend_writes=True),)),\n Reg(\"x27\", 8, subregisters=(Reg(\"w27\", 4, zero_extend_writes=True),)),\n Reg(\"x28\", 8, subregisters=(Reg(\"w28\", 4, zero_extend_writes=True),)),\n Reg(\"x29\", 8, subregisters=(Reg(\"w29\", 4, zero_extend_writes=True),)),\n ),\n args=(\"x0\", \"x1\", \"x2\", \"x3\"),\n retval=\"x0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.x86flags","title":"x86flags module-attribute","text":"x86flags = {\n \"eflags\": BitFlags(\n [\n (\"CF\", 0),\n (\"PF\", 2),\n (\"AF\", 4),\n (\"ZF\", 6),\n (\"SF\", 7),\n (\"IF\", 9),\n (\"DF\", 10),\n (\"OF\", 11),\n (\"AC\", 18),\n ]\n )\n}\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.amd64_kernel","title":"amd64_kernel module-attribute","text":"amd64_kernel = KernelRegisterSet(\n segments=SegmentRegisters([\"cs\", \"ss\", \"ds\", \"es\", \"fs\", \"gs\"]),\n controls={\n \"cr0\": BitFlags([(\"PE\", 0), (\"WP\", 16), (\"PG\", 31)]),\n \"cr3\": AddressingRegister(\"cr3\", False),\n \"cr4\": BitFlags(\n [\n (\"UMIP\", 11),\n (\"FSGSBASE\", 16),\n (\"SMEP\", 20),\n (\"SMAP\", 21),\n (\"PKE\", 22),\n (\"CET\", 23),\n (\"PKS\", 24),\n ]\n ),\n },\n msrs={\n \"efer\": BitFlags([(\"NXE\", 11)]),\n \"gs_base\": AddressingRegister(\"gs_base\", True),\n \"fs_base\": AddressingRegister(\"fs_base\", True),\n },\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.amd64","title":"amd64 module-attribute","text":"amd64 = RegisterSet(\n pc=Reg(\"rip\"),\n stack=Reg(\n \"rsp\",\n 8,\n subregisters=(\n Reg(\"esp\", 4, 0, zero_extend_writes=True),\n Reg(\"sp\", 2, 0),\n Reg(\"spl\", 1, 0),\n ),\n ),\n frame=Reg(\n \"rbp\",\n 8,\n subregisters=(\n Reg(\"ebp\", 4, 0, zero_extend_writes=True),\n Reg(\"bp\", 2, 0),\n Reg(\"bpl\", 1, 0),\n ),\n ),\n flags=x86flags,\n gpr=(\n Reg(\n \"rax\",\n 8,\n subregisters=(\n Reg(\"eax\", 4, 0, zero_extend_writes=True),\n Reg(\"ax\", 2, 0),\n Reg(\"ah\", 1, 1),\n Reg(\"al\", 1, 0),\n ),\n ),\n Reg(\n \"rbx\",\n 8,\n subregisters=(\n Reg(\"ebx\", 4, 0, zero_extend_writes=True),\n Reg(\"bx\", 2, 0),\n Reg(\"bh\", 1, 1),\n Reg(\"bl\", 1, 0),\n ),\n ),\n Reg(\n \"rcx\",\n 8,\n subregisters=(\n Reg(\"ecx\", 4, 0, zero_extend_writes=True),\n Reg(\"cx\", 2, 0),\n Reg(\"ch\", 1, 1),\n Reg(\"cl\", 1, 0),\n ),\n ),\n Reg(\n \"rdx\",\n 8,\n subregisters=(\n Reg(\"edx\", 4, 0, zero_extend_writes=True),\n Reg(\"dx\", 2, 0),\n Reg(\"dh\", 1, 1),\n Reg(\"dl\", 1, 0),\n ),\n ),\n Reg(\n \"rdi\",\n 8,\n subregisters=(\n Reg(\"edi\", 4, 0, zero_extend_writes=True),\n Reg(\"di\", 2, 0),\n Reg(\"dil\", 1, 0),\n ),\n ),\n Reg(\n \"rsi\",\n 8,\n subregisters=(\n Reg(\"esi\", 4, 0, zero_extend_writes=True),\n Reg(\"si\", 2, 0),\n Reg(\"sil\", 1, 0),\n ),\n ),\n Reg(\n \"r8\",\n 8,\n subregisters=(\n Reg(\"r8d\", 4, 0, zero_extend_writes=True),\n Reg(\"r8w\", 2, 0),\n Reg(\"r8b\", 1, 0),\n ),\n ),\n Reg(\n \"r9\",\n 8,\n subregisters=(\n Reg(\"r9d\", 4, 0, zero_extend_writes=True),\n Reg(\"r9w\", 2, 0),\n Reg(\"r9b\", 1, 0),\n ),\n ),\n Reg(\n \"r10\",\n 8,\n subregisters=(\n Reg(\"r10d\", 4, 0, zero_extend_writes=True),\n Reg(\"r10w\", 2, 0),\n Reg(\"r10b\", 1, 0),\n ),\n ),\n Reg(\n \"r11\",\n 8,\n subregisters=(\n Reg(\"r11d\", 4, 0, zero_extend_writes=True),\n Reg(\"r11w\", 2, 0),\n Reg(\"r11b\", 1, 0),\n ),\n ),\n Reg(\n \"r12\",\n 8,\n subregisters=(\n Reg(\"r12d\", 4, 0, zero_extend_writes=True),\n Reg(\"r12w\", 2, 0),\n Reg(\"r12b\", 1, 0),\n ),\n ),\n Reg(\n \"r13\",\n 8,\n subregisters=(\n Reg(\"r13d\", 4, 0, zero_extend_writes=True),\n Reg(\"r13w\", 2, 0),\n Reg(\"r13b\", 1, 0),\n ),\n ),\n Reg(\n \"r14\",\n 8,\n subregisters=(\n Reg(\"r14d\", 4, 0, zero_extend_writes=True),\n Reg(\"r14w\", 2, 0),\n Reg(\"r14b\", 1, 0),\n ),\n ),\n Reg(\n \"r15\",\n 8,\n subregisters=(\n Reg(\"r15d\", 4, 0, zero_extend_writes=True),\n Reg(\"r15w\", 2, 0),\n Reg(\"r15b\", 1, 0),\n ),\n ),\n ),\n misc=(\"cs\", \"ss\", \"ds\", \"es\", \"fs\", \"gs\", \"fs_base\", \"gs_base\", \"ip\"),\n kernel=amd64_kernel,\n args=(\"rdi\", \"rsi\", \"rdx\", \"rcx\", \"r8\", \"r9\"),\n retval=\"rax\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.i386","title":"i386 module-attribute","text":"i386 = RegisterSet(\n pc=Reg(\"eip\"),\n stack=Reg(\"esp\", 4, subregisters=(Reg(\"sp\", 2, 0),)),\n frame=Reg(\"ebp\", 4, subregisters=(Reg(\"bp\", 2, 0),)),\n flags=x86flags,\n gpr=(\n Reg(\n \"eax\",\n 4,\n subregisters=(Reg(\"ax\", 2, 0), Reg(\"ah\", 1, 1), Reg(\"al\", 1, 0)),\n ),\n Reg(\n \"ebx\",\n 4,\n subregisters=(Reg(\"bx\", 2, 0), Reg(\"bh\", 1, 1), Reg(\"bl\", 1, 0)),\n ),\n Reg(\n \"ecx\",\n 4,\n subregisters=(Reg(\"cx\", 2, 0), Reg(\"ch\", 1, 1), Reg(\"cl\", 1, 0)),\n ),\n Reg(\n \"edx\",\n 4,\n subregisters=(Reg(\"dx\", 2, 0), Reg(\"dh\", 1, 1), Reg(\"dl\", 1, 0)),\n ),\n Reg(\"edi\", 4, subregisters=(Reg(\"di\", 2, 0),)),\n Reg(\"esi\", 4, subregisters=(Reg(\"si\", 2, 0),)),\n ),\n misc=(\"cs\", \"ss\", \"ds\", \"es\", \"fs\", \"gs\", \"fs_base\", \"gs_base\", \"ip\"),\n retval=\"eax\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.powerpc","title":"powerpc module-attribute","text":"powerpc = RegisterSet(\n retaddr=(Reg(\"lr\"),),\n flags={\"msr\": BitFlags(), \"xer\": BitFlags()},\n gpr=(\n Reg(\"r0\"),\n Reg(\"r1\"),\n Reg(\"r2\"),\n Reg(\"r3\"),\n Reg(\"r4\"),\n Reg(\"r5\"),\n Reg(\"r6\"),\n Reg(\"r7\"),\n Reg(\"r8\"),\n Reg(\"r9\"),\n Reg(\"r10\"),\n Reg(\"r11\"),\n Reg(\"r12\"),\n Reg(\"r13\"),\n Reg(\"r14\"),\n Reg(\"r15\"),\n Reg(\"r16\"),\n Reg(\"r17\"),\n Reg(\"r18\"),\n Reg(\"r19\"),\n Reg(\"r20\"),\n Reg(\"r21\"),\n Reg(\"r22\"),\n Reg(\"r23\"),\n Reg(\"r24\"),\n Reg(\"r25\"),\n Reg(\"r26\"),\n Reg(\"r27\"),\n Reg(\"r28\"),\n Reg(\"r29\"),\n Reg(\"r30\"),\n Reg(\"r31\"),\n Reg(\"cr\"),\n Reg(\"ctr\"),\n ),\n args=(\"r3\", \"r4\", \"r5\", \"r6\", \"r7\", \"r8\", \"r9\", \"r10\"),\n retval=\"r3\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.sparc","title":"sparc module-attribute","text":"sparc = RegisterSet(\n stack=Reg(\"sp\"),\n frame=Reg(\"fp\"),\n retaddr=(Reg(\"i7\"),),\n flags={\"psr\": BitFlags()},\n gpr=(\n Reg(\"g1\"),\n Reg(\"g2\"),\n Reg(\"g3\"),\n Reg(\"g4\"),\n Reg(\"g5\"),\n Reg(\"g6\"),\n Reg(\"g7\"),\n Reg(\"o0\"),\n Reg(\"o1\"),\n Reg(\"o2\"),\n Reg(\"o3\"),\n Reg(\"o4\"),\n Reg(\"o5\"),\n Reg(\"o7\"),\n Reg(\"l0\"),\n Reg(\"l1\"),\n Reg(\"l2\"),\n Reg(\"l3\"),\n Reg(\"l4\"),\n Reg(\"l5\"),\n Reg(\"l6\"),\n Reg(\"l7\"),\n Reg(\"i0\"),\n Reg(\"i1\"),\n Reg(\"i2\"),\n Reg(\"i3\"),\n Reg(\"i4\"),\n Reg(\"i5\"),\n ),\n args=(\"i0\", \"i1\", \"i2\", \"i3\", \"i4\", \"i5\"),\n retval=\"o0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.mips","title":"mips module-attribute","text":"mips = RegisterSet(\n frame=Reg(\"fp\"),\n retaddr=(Reg(\"ra\"),),\n gpr=(\n Reg(\"v0\"),\n Reg(\"v1\"),\n Reg(\"a0\"),\n Reg(\"a1\"),\n Reg(\"a2\"),\n Reg(\"a3\"),\n Reg(\"t0\"),\n Reg(\"t1\"),\n Reg(\"t2\"),\n Reg(\"t3\"),\n Reg(\"t4\"),\n Reg(\"t5\"),\n Reg(\"t6\"),\n Reg(\"t7\"),\n Reg(\"t8\"),\n Reg(\"t9\"),\n Reg(\"s0\"),\n Reg(\"s1\"),\n Reg(\"s2\"),\n Reg(\"s3\"),\n Reg(\"s4\"),\n Reg(\"s5\"),\n Reg(\"s6\"),\n Reg(\"s7\"),\n Reg(\"s8\"),\n Reg(\"gp\"),\n ),\n args=(\"a0\", \"a1\", \"a2\", \"a3\"),\n retval=\"v0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.riscv","title":"riscv module-attribute","text":"riscv = RegisterSet(\n pc=Reg(\"pc\"),\n stack=Reg(\"sp\"),\n retaddr=(Reg(\"ra\"),),\n gpr=(\n Reg(\"gp\"),\n Reg(\"tp\"),\n Reg(\"t0\"),\n Reg(\"t1\"),\n Reg(\"t2\"),\n Reg(\"s0\"),\n Reg(\"s1\"),\n Reg(\"a0\"),\n Reg(\"a1\"),\n Reg(\"a2\"),\n Reg(\"a3\"),\n Reg(\"a4\"),\n Reg(\"a5\"),\n Reg(\"a6\"),\n Reg(\"a7\"),\n Reg(\"s2\"),\n Reg(\"s3\"),\n Reg(\"s4\"),\n Reg(\"s5\"),\n Reg(\"s6\"),\n Reg(\"s7\"),\n Reg(\"s8\"),\n Reg(\"s9\"),\n Reg(\"s10\"),\n Reg(\"s11\"),\n Reg(\"t3\"),\n Reg(\"t4\"),\n Reg(\"t5\"),\n Reg(\"t6\"),\n ),\n args=(\"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\", \"a7\"),\n retval=\"a0\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.loongarch64","title":"loongarch64 module-attribute","text":"loongarch64 = RegisterSet(\n pc=Reg(\"pc\"),\n stack=Reg(\"sp\"),\n frame=Reg(\"fp\"),\n retaddr=(Reg(\"ra\"),),\n gpr=(\n Reg(\"a0\"),\n Reg(\"a1\"),\n Reg(\"a2\"),\n Reg(\"a3\"),\n Reg(\"a4\"),\n Reg(\"a5\"),\n Reg(\"a6\"),\n Reg(\"a7\"),\n Reg(\"t0\"),\n Reg(\"t1\"),\n Reg(\"t2\"),\n Reg(\"t3\"),\n Reg(\"t4\"),\n Reg(\"t5\"),\n Reg(\"t6\"),\n Reg(\"t7\"),\n Reg(\"t8\"),\n Reg(\"s0\"),\n Reg(\"s1\"),\n Reg(\"s2\"),\n Reg(\"s3\"),\n Reg(\"s4\"),\n Reg(\"s5\"),\n Reg(\"s6\"),\n Reg(\"s7\"),\n Reg(\"s8\"),\n ),\n args=(\"a0\", \"a1\", \"a2\", \"a3\", \"a4\", \"a5\", \"a6\", \"a7\"),\n misc=(\"tp\", \"r21\"),\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.s390x","title":"s390x module-attribute","text":"s390x = RegisterSet(\n pc=Reg(\"pc\"),\n retaddr=(Reg(\"r14\"),),\n stack=Reg(\"r15\"),\n flags={\"pswm\": BitFlags()},\n gpr=(\n Reg(\"r0\"),\n Reg(\"r1\"),\n Reg(\"r2\"),\n Reg(\"r3\"),\n Reg(\"r4\"),\n Reg(\"r5\"),\n Reg(\"r6\"),\n Reg(\"r7\"),\n Reg(\"r8\"),\n Reg(\"r9\"),\n Reg(\"r10\"),\n Reg(\"r11\"),\n Reg(\"r12\"),\n Reg(\"r13\"),\n ),\n args=(\"r2\", \"r3\", \"r4\", \"r5\", \"r6\"),\n retval=\"r2\",\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.reg_sets","title":"reg_sets module-attribute","text":"reg_sets: dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, RegisterSet] = {\n \"i386\": i386,\n \"i8086\": i386,\n \"x86-64\": amd64,\n \"rv32\": riscv,\n \"rv64\": riscv,\n \"mips\": mips,\n \"sparc\": sparc,\n \"arm\": arm,\n \"armcm\": armcm,\n \"aarch64\": aarch64,\n \"powerpc\": powerpc,\n \"loongarch64\": loongarch64,\n \"s390x\": s390x,\n}\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags","title":"BitFlags","text":"BitFlags(flags: list[tuple[str, int | tuple[int, int]]] = [])\n
Methods:
-
__getattr__ \u2013 -
__getitem__ \u2013 -
__setitem__ \u2013 -
__delitem__ \u2013 -
__iter__ \u2013 -
__len__ \u2013 -
__repr__ \u2013 -
update \u2013 -
context \u2013
Attributes:
-
regname (str) \u2013 -
flags (OrderedDict[str, int | tuple[int, int]]) \u2013
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.regname","title":"regname instance-attribute","text":"regname: str = ''\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.flags","title":"flags instance-attribute","text":"flags: OrderedDict[str, int | tuple[int, int]] = {}\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__getattr__","title":"__getattr__","text":"__getattr__(name)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__getitem__","title":"__getitem__","text":"__getitem__(key)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__setitem__","title":"__setitem__","text":"__setitem__(key, value)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__delitem__","title":"__delitem__","text":"__delitem__(key)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__iter__","title":"__iter__","text":"__iter__()\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__len__","title":"__len__","text":"__len__()\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.__repr__","title":"__repr__","text":"__repr__()\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.update","title":"update","text":"update(regname: str)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.BitFlags.context","title":"context","text":"context(rc)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister","title":"AddressingRegister","text":"AddressingRegister(reg: str, is_virtual: bool)\n
Represents a register that is used to store an address, e.g. cr3, gsbase, fsbase
Methods:
-
update \u2013 -
context \u2013
Attributes:
-
reg (str) \u2013 -
value (int) \u2013 -
is_virtual (bool) \u2013
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister.reg","title":"reg instance-attribute","text":"reg: str = reg\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister.value","title":"value instance-attribute","text":"value: int = 0\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister.is_virtual","title":"is_virtual instance-attribute","text":"is_virtual: bool = is_virtual\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister.update","title":"update","text":"update(regname: str)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.AddressingRegister.context","title":"context","text":"context(rc)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.SegmentRegisters","title":"SegmentRegisters","text":"SegmentRegisters(regs: list[str])\n
Represents the x86 segment register set
Methods:
Attributes:
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.SegmentRegisters.regs","title":"regs instance-attribute","text":"regs: list[str] = regs\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.SegmentRegisters.context","title":"context","text":"context(rc)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.KernelRegisterSet","title":"KernelRegisterSet","text":"KernelRegisterSet(\n segments: SegmentRegisters | None,\n controls: dict[str, BitFlags | AddressingRegister] = {},\n msrs: dict[str, BitFlags | AddressingRegister] = {},\n)\n
additional registers that are useful when pwning kernels used only for x86-64 for now
Attributes:
-
segments (SegmentRegisters) \u2013 -
controls (dict[str, BitFlags | AddressingRegister]) \u2013 -
msrs (dict[str, BitFlags | AddressingRegister]) \u2013
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.KernelRegisterSet.segments","title":"segments instance-attribute","text":"segments: SegmentRegisters = segments\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.KernelRegisterSet.controls","title":"controls instance-attribute","text":"controls: dict[str, BitFlags | AddressingRegister] = controls\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.KernelRegisterSet.msrs","title":"msrs instance-attribute","text":"msrs: dict[str, BitFlags | AddressingRegister] = msrs\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.UnicornRegisterWrite","title":"UnicornRegisterWrite dataclass","text":"UnicornRegisterWrite(name: str, force_write: bool)\n
Represent a register to write to the Unicorn emulator.
Attributes:
-
name (str) \u2013 -
force_write (bool) \u2013
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.UnicornRegisterWrite.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.UnicornRegisterWrite.force_write","title":"force_write instance-attribute","text":"force_write: bool\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg","title":"Reg dataclass","text":"Reg(\n name: str,\n size: int | None = None,\n offset: int = 0,\n zero_extend_writes: bool = False,\n subregisters: tuple[Reg, ...] = (),\n)\n
Attributes:
-
name (str) \u2013 -
size (int | None) \u2013 Register width in bytes. None if the register size is arch.ptrsize
-
offset (int) \u2013 Relevant for subregisters - the offset of this register in the main register
-
zero_extend_writes (bool) \u2013 Upon writing a value to this subregister, are the higher bits of the full register zeroed out?
-
subregisters (tuple[Reg, ...]) \u2013
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg.name","title":"name instance-attribute","text":"name: str\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg.size","title":"size class-attribute instance-attribute","text":"size: int | None = None\n
Register width in bytes. None if the register size is arch.ptrsize
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg.offset","title":"offset class-attribute instance-attribute","text":"offset: int = 0\n
Relevant for subregisters - the offset of this register in the main register
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg.zero_extend_writes","title":"zero_extend_writes class-attribute instance-attribute","text":"zero_extend_writes: bool = False\n
Upon writing a value to this subregister, are the higher bits of the full register zeroed out?
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.Reg.subregisters","title":"subregisters class-attribute instance-attribute","text":"subregisters: tuple[Reg, ...] = ()\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet","title":"RegisterSet","text":"RegisterSet(\n pc: Reg = Reg(\"pc\"),\n stack: Reg = Reg(\"sp\"),\n frame: Reg | None = None,\n retaddr: tuple[Reg, ...] = (),\n flags: dict[str, BitFlags] = {},\n extra_flags: dict[str, BitFlags] = {},\n gpr: tuple[Reg, ...] = (),\n misc: tuple[str, ...] = (),\n args: tuple[str, ...] = (),\n kernel: KernelRegisterSet | None = None,\n retval: str | None = None,\n)\n
Methods:
-
__contains__ \u2013 -
__iter__ \u2013
Attributes:
-
pc (str) \u2013 -
stack (str) \u2013 -
frame (str | None) \u2013 -
retaddr (tuple[str, ...]) \u2013 -
flags (dict[str, BitFlags]) \u2013 -
extra_flags \u2013 -
gpr (tuple[str, ...]) \u2013 -
misc (tuple[str, ...]) \u2013 -
args (tuple[str, ...]) \u2013 -
retval (str | None) \u2013 -
kernel (KernelRegisterSet | None) \u2013 -
reg_definitions (dict[str, Reg]) \u2013 -
full_register_lookup (dict[str, Reg]) \u2013 -
common (list[str]) \u2013 -
emulated_regs_order (list[UnicornRegisterWrite]) \u2013 -
all (set[str]) \u2013
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.pc","title":"pc instance-attribute","text":"pc: str = name\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.stack","title":"stack instance-attribute","text":"stack: str = name\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.frame","title":"frame class-attribute instance-attribute","text":"frame: str | None = name if frame else None\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.retaddr","title":"retaddr instance-attribute","text":"retaddr: tuple[str, ...] = tuple(name for x in retaddr)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.flags","title":"flags instance-attribute","text":"flags: dict[str, BitFlags] = flags\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.extra_flags","title":"extra_flags instance-attribute","text":"extra_flags = extra_flags\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.gpr","title":"gpr instance-attribute","text":"gpr: tuple[str, ...] = tuple(name for x in gpr)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.misc","title":"misc instance-attribute","text":"misc: tuple[str, ...] = misc\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.args","title":"args instance-attribute","text":"args: tuple[str, ...] = args\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.retval","title":"retval instance-attribute","text":"retval: str | None = retval\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.kernel","title":"kernel instance-attribute","text":"kernel: KernelRegisterSet | None = kernel\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.reg_definitions","title":"reg_definitions instance-attribute","text":"reg_definitions: dict[str, Reg] = {}\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.full_register_lookup","title":"full_register_lookup instance-attribute","text":"full_register_lookup: dict[str, Reg] = {}\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.common","title":"common class-attribute instance-attribute","text":"common: list[str] = []\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.emulated_regs_order","title":"emulated_regs_order instance-attribute","text":"emulated_regs_order: list[UnicornRegisterWrite] = []\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.all","title":"all instance-attribute","text":"all: set[str] = (\n set(misc)\n | set(flags)\n | set(extra_flags)\n | set(retaddr)\n | set(common)\n | set(all_subregisters)\n)\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.__contains__","title":"__contains__","text":"__contains__(reg: str) -> bool\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.RegisterSet.__iter__","title":"__iter__","text":"__iter__() -> Iterator[str]\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PsuedoEmulatedRegisterFile","title":"PsuedoEmulatedRegisterFile","text":"PsuedoEmulatedRegisterFile(register_set: RegisterSet, ptrsize: int)\n
This class represents a set of registers that can be written, read, and invalidated.
The aim is to allow some manual dynamic/static analysis without the need for a full emulator.
The implementation can handle the behavior of architectures with partial registers, such as x86 (Ex: rax has \"eax\", \"ax\", \"ah\", and \"al\" as subregisters) or AArch64 (Ex: X0 contains W0). Most of the complexity of the bitshifts and masks arise from the necessity to handle these cases.
Methods:
Attributes:
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PsuedoEmulatedRegisterFile.register_set","title":"register_set instance-attribute","text":"register_set: RegisterSet = register_set\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PsuedoEmulatedRegisterFile.ptrsize","title":"ptrsize instance-attribute","text":"ptrsize: int = ptrsize\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PsuedoEmulatedRegisterFile.masks","title":"masks instance-attribute","text":"masks: defaultdict[str, int] = defaultdict(int)\n
Map of register name to bitmask indicating what bits of the register we know the value of.
Example: { \"rax\": 0xFFFF } This indicates that in the RAX register, we only know the bottom 16 bits. This likely resulted from writing the \"ax\" register. Any attempt to read any other bits returns None. In this case, we can read from \"ax\", \"ah\", and \"al\", but not \"eax\" or \"rax\".
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PsuedoEmulatedRegisterFile.values","title":"values instance-attribute","text":"values: defaultdict[str, int] = defaultdict(int)\n
Map of register to the value we know it to have.
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PsuedoEmulatedRegisterFile.write_register","title":"write_register","text":"write_register(\n reg: str,\n value: int,\n source_width: int | None = None,\n sign_extend: bool = False,\n) -> None\n
source_width is the byte width of the value's source. It should be specified when the source has a width shorter than the destination register.
Examples:
movsbl EAX, AL // sign extend 1 byte register to 4 byte register movzbl EAX, AL // zero extend
Source width would be 1, and in the first case sign_extend should be set to True. If sign_extend is False, we zero extend.
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PsuedoEmulatedRegisterFile.read_register","title":"read_register","text":"read_register(reg: str) -> int | None\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PsuedoEmulatedRegisterFile.invalidate_all_registers","title":"invalidate_all_registers","text":"invalidate_all_registers() -> None\n
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PsuedoEmulatedRegisterFile.invalidate_register","title":"invalidate_register","text":"invalidate_register(reg: str) -> None\n
Invalidate the bits that a write to this register would override.
This can be used when we statically detect that a register is written, but we don't know the concrete value that is written so we have to invalidate any current knowledge of the register's bits.
"},{"location":"reference/pwndbg/lib/regs/#pwndbg.lib.regs.PsuedoEmulatedRegisterFile.__repr__","title":"__repr__","text":"__repr__()\n
"},{"location":"reference/pwndbg/lib/stdio/","title":"pwndbg.lib.stdio","text":""},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio","title":"stdio","text":"Provides functionality to circumvent GDB's hooks on sys.stdin and sys.stdout which prevent output from appearing on-screen inside of certain event handlers.
Classes:
Attributes:
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.stdio","title":"stdio module-attribute","text":"stdio = Stdio()\n
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.Stdio","title":"Stdio","text":"Methods:
-
__enter__ \u2013 -
__exit__ \u2013
Attributes:
-
queue (list[tuple[TextIO, TextIO, TextIO]]) \u2013
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.Stdio.queue","title":"queue class-attribute instance-attribute","text":"queue: list[tuple[TextIO, TextIO, TextIO]] = []\n
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.Stdio.__enter__","title":"__enter__","text":"__enter__(*a: Any, **kw: Any) -> None\n
"},{"location":"reference/pwndbg/lib/stdio/#pwndbg.lib.stdio.Stdio.__exit__","title":"__exit__","text":"__exit__(\n exc_type: type[BaseException] | None,\n exc_value: BaseException | None,\n traceback: TracebackType | None,\n) -> None\n
"},{"location":"reference/pwndbg/lib/strings/","title":"pwndbg.lib.strings","text":""},{"location":"reference/pwndbg/lib/strings/#pwndbg.lib.strings","title":"strings","text":"Functions:
"},{"location":"reference/pwndbg/lib/strings/#pwndbg.lib.strings.strip_colors","title":"strip_colors","text":"strip_colors(text)\n
Remove all ANSI color codes from the text
"},{"location":"reference/pwndbg/lib/tempfile/","title":"pwndbg.lib.tempfile","text":""},{"location":"reference/pwndbg/lib/tempfile/#pwndbg.lib.tempfile","title":"tempfile","text":"Common helper and cache for pwndbg tempdir
Functions:
"},{"location":"reference/pwndbg/lib/tempfile/#pwndbg.lib.tempfile.tempdir","title":"tempdir","text":"tempdir() -> str\n
Returns a safe and unpredictable temporary directory with pwndbg prefix.
"},{"location":"reference/pwndbg/lib/tempfile/#pwndbg.lib.tempfile.cachedir","title":"cachedir","text":"cachedir(namespace: str | None = None) -> str\n
Returns and potentially creates a persistent safe cachedir location based on XDG_CACHE_HOME or ~/.cache
Optionally creates a sub namespace inside the pwndbg cache folder.
"},{"location":"reference/pwndbg/lib/tips/","title":"pwndbg.lib.tips","text":""},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips","title":"tips","text":"Functions:
Attributes:
-
GDB_TIPS (list[str]) \u2013 -
PWNDBG_TIPS (list[str]) \u2013 -
LLDB_TIPS (list[str]) \u2013
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.GDB_TIPS","title":"GDB_TIPS module-attribute","text":"GDB_TIPS: list[str] = [\n \"GDB's `apropos <topic>` command displays all registered commands that are related to the given <topic>\",\n \"GDB's `follow-fork-mode` parameter can be used to set whether to trace parent or child after fork() calls. Pwndbg sets it to child by default\",\n 'Use GDB\\'s `dprintf` command to print all calls to given function. E.g. `dprintf malloc, \"malloc(%p)\\\\n\", (void*)$rdi` will print all malloc calls',\n \"Use GDB's `pi` command to run an interactive Python console where you can use Pwndbg APIs like `pwndbg.aglib.memory.read(addr, len)`, `pwndbg.aglib.memory.write(addr, data)`, `pwndbg.aglib.vmmap.get()` and so on!\",\n \"GDB's `set directories <path>` parameter can be used to debug e.g. glibc sources like the malloc/free functions!\",\n \"If you have debugging symbols the `info args` command shows current frame's function arguments (use `up` and `down` to switch between frames)\",\n 'Calling functions like `call (void)puts(\"hello world\")` will run all other target threads for the time the function runs. Use `set scheduler-locking on` to lock the execution to current thread when calling functions',\n \"Use the `pipe <cmd> | <prog>` command to pass output of a GDB/Pwndbg command to a shell program, e.g. `pipe elfsections | grep bss`. This can also be shortened to: `| <cmd> | <prog>`\",\n \"Prefixing a command with `!` in GDB will execute it as a shell command, e.g.: `!ls` or `!cat flag.txt`\",\n]\n
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.PWNDBG_TIPS","title":"PWNDBG_TIPS module-attribute","text":"PWNDBG_TIPS: list[str] = [\n \"If you want Pwndbg to clear screen on each command (but still save previous output in history) use `set context-clear-screen on`\",\n \"The `set show-flags on` setting will display CPU flags register in the regs context panel\",\n \"GDB and Pwndbg parameters can be shown or set with `show <param>` and `set <param> <value>` GDB commands\",\n \"Use Pwndbg's `config` and `theme` commands to tune its configuration and theme colors!\",\n \"Pwndbg mirrors some of WinDbg commands like `eq`, `ew`, `ed`, `eb`, `es`, `dq`, `dw`, `dd`, `db`, `ds` for writing and reading memory\",\n \"Pwndbg resolves kernel memory maps by parsing page tables (default) or via `monitor info mem` QEMU gdbstub command (use `set kernel-vmmap-via-page-tables off` for that)\",\n \"Use the `vmmap` command for a better & colored memory maps display (than the GDB's `info proc mappings`)\",\n \"Use the `telescope` command to dereference a given address/pointer multiple times (if the dereferenced value is a valid ptr; see `config telescope` to configure its behavior)\",\n \"Use the `context` (or `ctx`) command to display the context once again. You can reconfigure the context layout with `set context-section <sections>` or forward the output to a file/tty via `set context-output <file>`. See also `config context` to configure it further!\",\n \"Disable Pwndbg context information display with `set context-sections ''`\",\n \"Pwndbg context displays where the program branches to thanks to emulating few instructions into the future. You can disable this with `set emulate off` which may also speed up debugging\",\n \"Use the `canary` command to see all stack canary/cookie values on the stack (based on the *usual* stack canary value initialized by glibc)\",\n \"Use the `procinfo` command for better process introspection (than the GDB's `info proc` command)\",\n \"Want to display each context panel in a separate tmux window? See https://github.com/pwndbg/pwndbg/blob/dev/FEATURES.md#splitting--layouting-context\",\n 'Use `$base(\"heap\")` to get the start address of a [heap] memory page',\n \"Use the `errno` (or `errno <number>`) command to see the name of the last or provided (libc) error\",\n \"Pwndbg sets the SIGLARM, SIGBUS, SIGPIPE and SIGSEGV signals so they are not passed to the app; see `info signals` for full GDB signals configuration\",\n \"Use `vmmap -A|-B <number> <filter>` to display <number> of maps after/before filtered ones\",\n \"Use the `killall` command to kill all specified threads (via their ids)\",\n \"Use the `spray` command to spray memory with cyclic pattern or specified value\",\n \"Use `patch <address> '<assembly>'` to patch an address with given assembly code\",\n \"Want to NOP some instructions? Use `patch <address> 'nop; nop; nop'`\",\n \"`heap-config` shows heap related configuration\",\n \"`break-if-taken` and `break-if-not-taken` commands sets breakpoints after a given jump instruction was taken or not\",\n \"`stepuntilasm <assembly-instruction [operands]>` steps program forward until matching instruction occures\",\n \"Use `plist` command to dump elements of linked list\",\n \"If your program has multiple threads they will be displayed in the context display or using the `context threads` command\",\n \"Use `track-got enable|info|query` to track GOT accesses - useful for hijacking control flow via writable GOT/PLT\",\n \"Need to `mmap` or `mprotect` memory in the debugee? Use commands with the same name to inject and run such syscalls\",\n \"Use `hi` to see if a an address belongs to a glibc heap chunk\",\n \"Use `contextprev` and `contextnext` to display a previous context output again without scrolling\",\n \"Try splitting the context output into multiple TUI windows using `layout pwndbg` (`tui disable` or `ctrl-x + a` to go back to CLI mode)\",\n]\n
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.LLDB_TIPS","title":"LLDB_TIPS module-attribute","text":"LLDB_TIPS: list[str] = [\n \"Use LLDB's `help <command>` to get detailed help on any command\",\n \"LLDB's `expr` command lets you evaluate expressions in the current frame context\",\n \"Use `frame variable` (or `fr v`) to show all variables in the current frame\",\n \"The `watchpoint set` command allows you to stop execution when a variable changes\",\n \"Use `process launch --stop-at-entry` to stop at the program entry point\",\n \"LLDB's `memory read` (or `m read`) command displays memory contents at a specified address\",\n \"Use `thread backtrace all` to see backtraces of all threads\",\n \"The `breakpoint set --func-regex <regex>` command sets breakpoints on functions matching a regular expression\",\n \"Use `target modules list` to see all loaded modules in your process\",\n \"LLDB's `image lookup` command helps find symbols, addresses, and files in the executable and loaded libraries\",\n \"Use `command alias` to create custom shortcuts for frequently used commands\",\n \"LLDB's `register read` shows the contents of registers in the selected frame\",\n \"The `disassemble` command shows assembly instructions for the current function\",\n \"Use `thread step-inst` (or `si`) to step one instruction\",\n \"LLDB's Python API can be accessed with the `script` command to extend debugging capabilities\",\n \"Use `process attach --pid <pid>` to attach to a running process\",\n \"The `breakpoint command add` lets you run commands when a breakpoint is hit\",\n \"Use `memory find` to search for a value in the process's memory\",\n \"LLDB's `settings set` command allows you to customize debugger behavior\",\n \"The `platform list` command shows all available platforms for remote debugging\",\n]\n
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.get_tip_of_the_day","title":"get_tip_of_the_day","text":"get_tip_of_the_day() -> str\n
Returns a random tip based on the current debugger type.
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.get_all_tips","title":"get_all_tips","text":"get_all_tips() -> list[str]\n
Returns all tips applicable to the current debugger.
"},{"location":"reference/pwndbg/lib/tips/#pwndbg.lib.tips.color_tip","title":"color_tip","text":"color_tip(tip: str) -> str\n
"},{"location":"reference/pwndbg/lib/version/","title":"pwndbg.lib.version","text":""},{"location":"reference/pwndbg/lib/version/#pwndbg.lib.version","title":"version","text":"Functions:
Attributes:
-
__version__ \u2013 -
b_id \u2013
"},{"location":"reference/pwndbg/lib/version/#pwndbg.lib.version.__version__","title":"__version__ module-attribute","text":"__version__ = '2025.05.30'\n
"},{"location":"reference/pwndbg/lib/version/#pwndbg.lib.version.b_id","title":"b_id module-attribute","text":"b_id = build_id()\n
"},{"location":"reference/pwndbg/lib/version/#pwndbg.lib.version.build_id","title":"build_id","text":"build_id() -> str\n
Returns pwndbg commit id if git is available.
"},{"location":"reference/pwndbg/lib/which/","title":"pwndbg.lib.which","text":""},{"location":"reference/pwndbg/lib/which/#pwndbg.lib.which","title":"which","text":"Functions:
"},{"location":"reference/pwndbg/lib/which/#pwndbg.lib.which.which","title":"which","text":"which(name: str, all: bool = False) -> str | set[str] | None\n
which(name, flags = os.X_OK, all = False) -> str or str set
Works as the system command which; searches $PATH for name and returns a full path if found.
If all is True the set of all found locations is returned, else the first occurrence or None is returned.
Parameters:
Returns:
-
str | set[str] | None \u2013 If all is True the set of all locations where name was found,
-
str | set[str] | None \u2013 else the first location or None if not found.
Example which('sh') '/bin/sh'
"},{"location":"reference/pwndbg/log/","title":"pwndbg.log","text":""},{"location":"reference/pwndbg/log/#pwndbg.log","title":"log","text":"Logging.
Classes:
"},{"location":"reference/pwndbg/log/#pwndbg.log.ColorFormatter","title":"ColorFormatter","text":" Bases: Formatter
Methods:
Attributes:
"},{"location":"reference/pwndbg/log/#pwndbg.log.ColorFormatter.log_funcs","title":"log_funcs class-attribute instance-attribute","text":"log_funcs = {\n DEBUG: debug,\n INFO: info,\n WARNING: warn,\n ERROR: error,\n CRITICAL: error,\n}\n
"},{"location":"reference/pwndbg/log/#pwndbg.log.ColorFormatter.format","title":"format","text":"format(record)\n
"},{"location":"reference/pwndbg/profiling/","title":"pwndbg.profiling","text":""},{"location":"reference/pwndbg/profiling/#pwndbg.profiling","title":"profiling","text":"Pwndbg profiling.
Classes:
Functions:
Attributes:
-
profiler (Profiler | None) \u2013
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.profiler","title":"profiler module-attribute","text":"profiler: Profiler | None = None\n
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.Profiler","title":"Profiler","text":"Profiler(p: Profile)\n
Methods:
-
print_time_elapsed \u2013 -
start \u2013 -
stop \u2013
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.Profiler.print_time_elapsed","title":"print_time_elapsed","text":"print_time_elapsed() -> None\n
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.Profiler.start","title":"start","text":"start() -> None\n
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.Profiler.stop","title":"stop","text":"stop(filename: str | None = None) -> None\n
"},{"location":"reference/pwndbg/profiling/#pwndbg.profiling.init","title":"init","text":"init(p: Profile, _start_time: float | None) -> None\n
"},{"location":"reference/pwndbg/radare2/","title":"pwndbg.radare2","text":""},{"location":"reference/pwndbg/radare2/#pwndbg.radare2","title":"radare2","text":"Radare2 integration with r2pipe.
Functions:
"},{"location":"reference/pwndbg/radare2/#pwndbg.radare2.r2pipe","title":"r2pipe","text":"r2pipe()\n
Spawn and return a r2pipe handle for the current process file.
This function requires a radare2 installation plus the r2pipe python library. The base address is automatically set for PIE when loading the binary. After opening the handle, the binary is automatically analyzed.
Raises ImportError if r2pipe python library is not available. Raises Exception if anything goes fatally wrong.
Returns a r2pipe.open handle.
"},{"location":"reference/pwndbg/rizin/","title":"pwndbg.rizin","text":""},{"location":"reference/pwndbg/rizin/#pwndbg.rizin","title":"rizin","text":"Rizin integration with rzpipe.
Functions:
"},{"location":"reference/pwndbg/rizin/#pwndbg.rizin.rzpipe","title":"rzpipe","text":"rzpipe()\n
Spawn and return a rzpipe handle for the current process file. This function requires a rizin installation plus the rzpipe python library. The base address is automatically set for PIE when loading the binary. After opening the handle, the binary is automatically analyzed. Raises ImportError if rzpipe python library is not available. Raises Exception if anything goes fatally wrong. Returns a rzpipe.open handle.
"},{"location":"reference/pwndbg/search/","title":"pwndbg.search","text":""},{"location":"reference/pwndbg/search/#pwndbg.search","title":"search","text":"Search the address space for byte patterns.
Functions:
"},{"location":"reference/pwndbg/search/#pwndbg.search.search","title":"search","text":"search(\n searchfor: bytes,\n mappings: Collection[Page] | None = None,\n start: int | None = None,\n end: int | None = None,\n step: int | None = None,\n aligned: int | None = None,\n limit: int | None = None,\n executable: bool = False,\n writable: bool = False,\n) -> Generator[int, None, None]\n
Search inferior memory for a byte sequence.
Parameters:
-
searchfor (bytes) \u2013 Byte sequence to find
-
mappings (Collection[Page] | None, default: None ) \u2013 List of pwndbg.lib.memory.Page objects to search By default, uses all available mappings.
-
start (int | None, default: None ) \u2013 First address to search, inclusive.
-
end (int | None, default: None ) \u2013 Last address to search, exclusive.
-
step (int | None, default: None ) \u2013 Size of memory region to skip each result
-
aligned (int | None, default: None ) \u2013 Strict byte alignment for search result
-
limit (int | None, default: None ) \u2013 Maximum number of results to return
-
executable (bool, default: False ) \u2013 Restrict search to executable pages
-
writable (bool, default: False ) \u2013 Restrict search to writable pages
Yields:
"},{"location":"reference/pwndbg/ui/","title":"pwndbg.ui","text":""},{"location":"reference/pwndbg/ui/#pwndbg.ui","title":"ui","text":"A few helpers for making things print pretty-like.
Functions:
-
banner \u2013 -
addrsz \u2013 -
get_window_size \u2013 -
get_cmd_window_size \u2013
Attributes:
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.title_position","title":"title_position module-attribute","text":"title_position = add_param(\n \"banner-title-position\",\n \"center\",\n \"banner title position\",\n param_class=PARAM_ENUM,\n enum_sequence=[\"center\", \"left\", \"right\"],\n)\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.banner","title":"banner","text":"banner(title, target=stdout, width=None, extra='')\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.addrsz","title":"addrsz","text":"addrsz(address) -> str\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.get_window_size","title":"get_window_size","text":"get_window_size(target=stdout)\n
"},{"location":"reference/pwndbg/ui/#pwndbg.ui.get_cmd_window_size","title":"get_cmd_window_size","text":"get_cmd_window_size()\n
"},{"location":"reference/pwndbg/wrappers/","title":"pwndbg.wrappers","text":""},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers","title":"wrappers","text":"Specific command output wrappers.
Modules:
-
checksec \u2013 -
readelf \u2013
Classes:
Functions:
Attributes:
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.P","title":"P module-attribute","text":"P = ParamSpec('P')\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.T","title":"T module-attribute","text":"T = TypeVar('T')\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand","title":"OnlyWithCommand","text":"OnlyWithCommand(*commands: str | list[str])\n
Methods:
Attributes:
-
all_cmds (list[str]) \u2013 -
cmd (list[str]) \u2013 -
cmd_path (str | None) \u2013
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand.all_cmds","title":"all_cmds instance-attribute","text":"all_cmds: list[str] = [\n cmd[0] if isinstance(cmd, list) else cmd for cmd in commands\n]\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand.cmd","title":"cmd instance-attribute","text":"cmd: list[str] = command if isinstance(command, list) else [command]\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand.cmd_path","title":"cmd_path instance-attribute","text":"cmd_path: str | None = which(cmd[0])\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.OnlyWithCommand.__call__","title":"__call__","text":"__call__(function: Callable[P, T]) -> Callable[P, T | None]\n
"},{"location":"reference/pwndbg/wrappers/#pwndbg.wrappers.call_cmd","title":"call_cmd","text":"call_cmd(cmd: str | list[str]) -> str\n
"},{"location":"reference/pwndbg/wrappers/checksec/","title":"pwndbg.wrappers.checksec","text":""},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec","title":"checksec","text":"Functions:
-
monkeypatch_pwnlib_term_text \u2013 -
get_raw_out \u2013 -
relro_status \u2013 -
pie_status \u2013
"},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec.monkeypatch_pwnlib_term_text","title":"monkeypatch_pwnlib_term_text","text":"monkeypatch_pwnlib_term_text() -> Iterator[None]\n
"},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec.get_raw_out","title":"get_raw_out","text":"get_raw_out(local_path: str) -> str\n
"},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec.relro_status","title":"relro_status","text":"relro_status(local_path: str) -> str\n
"},{"location":"reference/pwndbg/wrappers/checksec/#pwndbg.wrappers.checksec.pie_status","title":"pie_status","text":"pie_status(local_path: str) -> str\n
"},{"location":"reference/pwndbg/wrappers/readelf/","title":"pwndbg.wrappers.readelf","text":""},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf","title":"readelf","text":"Classes:
Functions:
Attributes:
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.cmd_name","title":"cmd_name module-attribute","text":"cmd_name = 'readelf'\n
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.RelocationType","title":"RelocationType","text":" Bases: Enum
Attributes:
-
JUMP_SLOT \u2013 -
GLOB_DAT \u2013 -
IRELATIVE \u2013
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.RelocationType.JUMP_SLOT","title":"JUMP_SLOT class-attribute instance-attribute","text":"JUMP_SLOT = 1\n
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.RelocationType.GLOB_DAT","title":"GLOB_DAT class-attribute instance-attribute","text":"GLOB_DAT = 2\n
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.RelocationType.IRELATIVE","title":"IRELATIVE class-attribute instance-attribute","text":"IRELATIVE = 3\n
"},{"location":"reference/pwndbg/wrappers/readelf/#pwndbg.wrappers.readelf.get_got_entry","title":"get_got_entry","text":"get_got_entry(local_path: str) -> dict[RelocationType, list[str]]\n
"},{"location":"blog/archive/2022/","title":"2022","text":""}]}
\ No newline at end of file