* Add stack variable lookup from DWARF debug info
* Add get_stack_var_name to Process API
* Implement get_stack_var_name for GDB
* Implement get_stack_var_name for LLDB
* Display stack variable names in memory view
* Fix linter issue
* Catch RuntimeError for stripped binaries
* Skip stack vars without address
* check prefix is not None instead of truthy
* fix accidental spacing
* address review feedback, adjust test regex, and introduce new test
* fix newlines
* fix lldb init
* facepalm
* Remove frame caching, remove import cache, and remove frame_pc parameter
* Remove frame caching, remove import cache, and remove frame_pc parameter
* Remove test from gdb
* Add caching for get_stack_var_name
* Remove unneeded variable
* Add comments explaining errors
* Add comments, not using the web editor...
* Update test for PR #3457
* revert test name
* fix test, match new schema to work on all architectures
* update test name back
* lldb tests fixy
* just rerunning tests, had http 500 errors
---------
Co-authored-by: Disconnect3d <dominik.b.czarnota@gmail.com>
Fixes#3472. Makes the "Symbols are loaded!" message less confusing by
changing it to: "Loaded custom symbols! (from {path})" so that the user
can inspect what were the symbols loaded.
* Add vmlinux command to load kernel syms from bzImage/vlinux
This commit implements the `vmlinux` command that loads kernel debug
symbols from a `bzImage` or `vmlinux` files. It works by loading it
through `vmlinux-to-elf` tool that needs to be in `$PATH` or provided as
`--tool <path>` argument.
I am not sure but for some reason it doesn't work for me that the tool
is in `$PATH` and I have to pass it as argument.
Then the `vmlinux` command extracts the kernel ELF from the kernel
object file and then loads it at appropriate kernel base address
detected by Pwndbg.
This then makes commands such as `kmod` to work correctly.
This is still WIP, but can be merged in current form.
It needs:
1. Vendoring of vmlinux-to-elf tool.
1. Caching of the resulting kernel ELF file as we currently re-create it
on each call to `vmlinux` command.
* add docs
* small print change
* lint fixup
We used the `pwndbg.aglib.kerne.ptr_size` incorrectly as a default value
for the `size` argument of `pwndbg.aglib.kernel.try_usymbol`.
The `pwndbg.aglib.kernel.ptr_size` is a function:
```py
In [3]: pwndbg.aglib.kernel.ptr_size??
Signature: pwndbg.aglib.kernel.ptr_size() -> 'int'
Docstring: <no docstring>
Source:
def ptr_size() -> int:
ops = arch_ops()
if ops:
return ops.ptr_size
else:
raise NotImplementedError()
File: ~/pwndbg/pwndbg/aglib/kernel/__init__.py
Type: function
```
And it wasn't evaluated.
Please note that we also cannot do just `size=kernel.ptr_size()` as an
argument because if we would do so, it would be evaluated only once when
the function is defined. This is just how Python works.
The previous pattern assumed addresses beginning with 0x7ffff and a limited
hex-length, which caused jemalloc heap tests to fail on some systems where
extents are mapped at addresses like 0x7ec7... with more digits.
Relax the regex to 0x[0-9a-fA-F]{6,16} so we still validate that a hex address
is printed, but support different virtual address layouts and jemalloc mappings.
* Fix plist to support pointer-sized integer fields like size_t
Resolves#3448
The plist command previously rejected fields that were not pointer types,
even if they were pointer-sized integers (like size_t, uintptr_t) used to
store addresses.
Changes:
- Accept integer types with size equal to architecture pointer size
- Handle type validation for pointer-sized integers
- Assume pointer-sized integers point to outer structure type
This allows plist to work with structs like:
struct node {
size_t next; // Previously rejected, now works
size_t prev;
};
* Strip typedefs before checking if field is pointer-sized int
size_t and similar types are TypeCode.TYPEDEF, not TypeCode.INT.
We need to call strip_typedefs() to get the underlying type
(e.g., size_t -> unsigned long) before checking the type code.
Thanks to @jackmisbach for catching this issue!
* Add test cases for plist with size_t fields
- Add test struct with size_t next pointer to linked-lists.c
- Add test_command_plist_size_t_field() to both GDB and DBG test suites
- Tests verify plist correctly handles typedef-wrapped pointer-sized integers
* Fix include placement in linked-lists.c
Move stdint.h include to top of file with other includes
* Set dereference-limit in size_t test cases
Ensure the test runs with a sufficient dereference limit to traverse all 3 nodes
* Use explicit count flag instead of dereference-limit in size_t test
Use -c 3 flag to explicitly request 3 nodes, matching the pattern used in other plist tests
* Simplify size_t test to use -f value flag
Use -f value flag to only display the value field, avoiding issues with
size_t formatting. This matches the pattern in test_command_plist_flat_field
and provides a cleaner, more focused test of the core functionality.
* Remove regs __getattr__, convert uses to read_reg(). Make .pc and .sp special properties to fetch current program counter and stack pointer
* Remove register lookup handler helper function, fixup docs
* Update comment
---------
Co-authored-by: Disconnect3d <dominik.b.czarnota@gmail.com>
* Fix vmmap indicator overwriting address prefix
Change the prefix handling in memory.get() to prepend the indicator
(e.g., ►) with a space instead of replacing the first characters of
the address. This prevents the indicator from overwriting the '0x'
prefix, making addresses easier to copy-paste.
Before: ►xffffffff81000000
After: ► 0xffffffff81000000
Fixes#3412
* Update Fix vmmap indicator overwriting address prefix
* Fix vmmap prefix alignment
* Align vmmap prefix column and clarify prefix behavior
---------
Co-authored-by: Chase Naples <Cnaples79@gmail.com>
* Enable cross-architecture instruction patching. Use Zig with the patch command, Capstone to disassemble in patch-list.
* remove old comments
* update comment
* rename variable
* Replace pc with . Mark the test as xfail given the qemu-version in CI doesn't support GDB writing to process memory
* Fix nearpc command disassembly instruction count
* Add -r parameter to nearpc to set number of previous instructions to show
* Add -t argument to nearpc
* docs
* Remove old comments
* Fix function parameter type for dev docs check
* Correct number of instructions to pull from cache
* Fix if condition edge case
* Rebase and fix typos
* Support system Zig in addition to the one bundled in a Python package
Add support for locating the Zig executable with the following precedence:
1. ziglang module - if installed, use bundled Zig.
2. zig in PATH - fallback to system installation.
On Arch Linux we don't package the ziglang Python package. This change makes it
possible for pwndbg to use the Zig executable from our zig0.14 package [0].
[0]: https://archlinux.org/packages/extra/x86_64/zig0.14/
Disclaimer: Authored with assistance from Claude Code.
* Fail if found Zig has unsupported version
Only version 0.14.1 works, 0.15+ doesn't
* Address PR comments
- Increase version check timeout from 1s to 15s (necessary on MacOS).
- Cache get_zig_executable() result.
- Only check version of system Zig. Python packaged one is locked.
* added kmemtrace class
* added ret trace handler
* added lldb ret trace handler
* making the output more colourful
* added the actual command
* storing output
* temp suspend ctx output
* tracing with mutex
* add option to only trace relevant allocations and frees
* cleaned up
* renaming
* docs
* format
* refactored + addressing comments
jackmisbach
Disconnect3d
patryk4815
k4lizen
Arthur
Abdullah
Eshaan Gupta
Matt.
patryk4815
OBarronCS
jxuanli
Alan Li
Carl Smedstad
Will Rosenberg