lyc
/
pwndbg
mirror of https://github.com/pwndbg/pwndbg.git
1
0
Fork 0
Code Releases Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '71159e33c2'
${ noResults }
pwndbg/2025.10.20/contributing/improving-annotations/index.html

55 lines
142 KiB
HTML
Raw Blame History Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

<!doctype html><html lang=en class=no-js> <head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><meta name=description content="pwndbg (/paʊnˈdiˌbʌɡ/) is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers."><link href=https://pwndbg.re/stable/contributing/improving-annotations/ rel=canonical><link href=../adding-a-parameter/ rel=prev><link href=../making-a-gif/ rel=next><link rel=alternate type=application/rss+xml title="RSS feed" href=../../feed_rss_created.xml><link rel=alternate type=application/rss+xml title="RSS feed of updated content" href=../../feed_rss_updated.xml><link rel=icon href=../../assets/favicon.ico><meta name=generator content="mkdocs-1.6.1, mkdocs-material-9.6.19"><title>Improving Annotations - Documentation</title><link rel=stylesheet href=../../assets/stylesheets/main.7e37652d.min.css><link rel=stylesheet href=../../assets/stylesheets/palette.06af60db.min.css><link rel=preconnect href=https://fonts.gstatic.com crossorigin><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback"><style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style><link rel=stylesheet href=../../assets/_mkdocstrings.css><link rel=stylesheet href=../../stylesheets/extra.css><link rel=stylesheet href=../../stylesheets/mkdocstrings.css><script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script></head> <body dir=ltr data-md-color-scheme=slate data-md-color-primary=black data-md-color-accent=purple> <input class=md-toggle data-md-toggle=drawer type=checkbox id=__drawer autocomplete=off> <input class=md-toggle data-md-toggle=search type=checkbox id=__search autocomplete=off> <label class=md-overlay for=__drawer></label> <div data-md-component=skip> <a href=#improving-annotations class=md-skip> Skip to content </a> </div> <div data-md-component=announce> </div> <div data-md-color-scheme=default data-md-component=outdated hidden> </div> <header class=md-header data-md-component=header> <nav class="md-header__inner md-grid" aria-label=Header> <a href=../.. title=Documentation class="md-header__button md-logo" aria-label=Documentation data-md-component=logo> <img src=../../assets/logo.png alt=logo> </a> <label class="md-header__button md-icon" for=__drawer> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg> </label> <div class=md-header__title data-md-component=header-title> <div class=md-header__ellipsis> <div class=md-header__topic> <span class=md-ellipsis> Documentation </span> </div> <div class=md-header__topic data-md-component=header-topic> <span class=md-ellipsis> Improving Annotations </span> </div> </div> </div> <label class="md-header__button md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg> </label> <div class=md-search data-md-component=search role=dialog> <label class=md-search__overlay for=__search></label> <div class=md-search__inner role=search> <form class=md-search__form name=search> <input type=text class=md-search__input name=query aria-label=Search placeholder=Search autocapitalize=off autocorrect=off autocomplete=off spellcheck=false data-md-component=search-query required> <label class="md-search__icon md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg> </label> <nav class=md-search__options aria-label=Search> <a href=javascript:void(0) class="md-search__icon md-icon" title=Share aria-label=Share data-clipboard data-clipboard-text data-md-component=search-share tabindex=-1> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M18 16.08c-.76 0-1.44.3-1.96.77L8.91 12.7c.05-.23.09-.46.09-.7s-.04-.47-.09-.7l7.05-4.11c.54.5 1.25.81 2.04.81a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3c0 .24.04.47.09.7L8.04 9.81C7.5 9.31 6.79 9 6 9a3 3 0 0 0-3 3 3 3 0 0 0 3 3c.79 0 1.5-.31 2.04-.81l7.12 4.15c-.05.21-.08.43-.08.66 0 1.61 1.31 2.91 2.92 2.91s2.92-1.3 2.92-2.91A2.92 2.92 0 0 0 18 16.08"/></svg> </a> <button type=reset class="md-search__icon md-icon" title=Clear aria-label=Clear tabindex=-1> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg> </button> </nav> <div class=md-search__suggest data-md-component=search-suggest></div> </form> <div class=md-search__output> <div class=md-search__scrollwrap tabindex=0 data-md-scrollfix> <div class=md-search-result data-md-component=search-result> <div class=md-search-result__meta> Initializing search </div> <ol class=md-search-result__list role=presentation></ol> </div> </div> </div> </div> </div> <div class=md-header__source> <a href=https://github.com/pwndbg/pwndbg/ title="Go to repository" class=md-source data-md-component=source> <div class="md-source__icon md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 448 512"><!-- Font Awesome Free 7.0.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path fill=currentColor d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg> </div> <div class=md-source__repository> pwndbg/pwndbg </div> </a> </div> </nav> </header> <div class=md-container data-md-component=container> <nav class=md-tabs aria-label=Tabs data-md-component=tabs> <div class=md-grid> <ul class=md-tabs__list> <li class=md-tabs__item> <a href=../.. class=md-tabs__link> Home </a> </li> <li class=md-tabs__item> <a href=../../setup/ class=md-tabs__link> Setup </a> </li> <li class=md-tabs__item> <a href=../../features/ class=md-tabs__link> Features </a> </li> <li class=md-tabs__item> <a href=../../commands/ class=md-tabs__link> Commands </a> </li> <li class=md-tabs__item> <a href=../../functions/ class=md-tabs__link> Functions </a> </li> <li class=md-tabs__item> <a href=../../configuration/ class=md-tabs__link> Configuration </a> </li> <li class="md-tabs__item md-tabs__item--active"> <a href=../ class=md-tabs__link> Contributing </a> </li> <li class=md-tabs__item> <a href=../../tutorials/env-vars/ class=md-tabs__link> Tutorials </a> </li> <li class=md-tabs__item> <a href=../../reference/pwndbg/ class=md-tabs__link> Reference </a> </li> <li class=md-tabs__item> <a href=../../blog/ class=md-tabs__link> Blog </a> </li> </ul> </div> </nav> <main class=md-main data-md-component=main> <div class="md-main__inner md-grid"> <div class="md-sidebar md-sidebar--primary" data-md-component=sidebar data-md-type=navigation> <div class=md-sidebar__scrollwrap> <div class=md-sidebar__inner> <nav class="md-nav md-nav--primary md-nav--lifted" aria-label=Navigation data-md-level=0> <label class=md-nav__title for=__drawer> <a href=../.. title=Documentation class="md-nav__button md-logo" aria-label=Documentation data-md-component=logo> <img src=../../assets/logo.png alt=logo> </a> Documentation </label> <div class=md-nav__source> <a href=https://github.com/pwndbg/pwndbg/ title="Go to repository" class=md-source data-md-component=source> <div class="md-source__icon md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 448 512"><!-- Font Awesome Free 7.0.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path fill=currentColor d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg> </div> <div class=md-source__repository> pwndbg/pwndbg </div> </a> </div> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../.. class=md-nav__link> <span class=md-ellipsis> Home </span> </a> </li> <li class=md-nav__item> <a href=../../setup/ class=md-nav__link> <span class=md-ellipsis> Setup </span> </a> </li> <li class=md-nav__item> <a href=../../features/ class=md-nav__link> <span class=md-ellipsis> Features </span> </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4> <div class="md-nav__link md-nav__container"> <a href=../../commands/ class="md-nav__link "> <span class=md-ellipsis> Commands </span> </a> <label class="md-nav__link " for=__nav_4 id=__nav_4_label tabindex=0> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=1 aria-labelledby=__nav_4_label aria-expanded=false> <label class=md-nav__title for=__nav_4> <span class="md-nav__icon md-icon"></span> Commands </label> <ul class=md-nav__list data-md-scrollfix> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_2> <label class=md-nav__link for=__nav_4_2 id=__nav_4_2_label tabindex=0> <span class=md-ellipsis> Breakpoint </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_2_label aria-expanded=false> <label class=md-nav__title for=__nav_4_2> <span class="md-nav__icon md-icon"></span> Breakpoint </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../commands/breakpoint/break-if-not-taken/ class=md-nav__link> <span class=md-ellipsis> Break if not taken </span> </a> </li> <li class=md-nav__item> <a href=../../commands/breakpoint/break-if-taken/ class=md-nav__link> <span class=md-ellipsis> Break if taken </span> </a> </li> <li class=md-nav__item> <a href=../../commands/breakpoint/breakrva/ class=md-nav__link> <span class=md-ellipsis> Breakrva </span> </a> </li> <li class=md-nav__item> <a href=../../commands/breakpoint/ignore/ class=md-nav__link> <span class=md-ellipsis> Ignore </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_3> <label class=md-nav__link for=__nav_4_3 id=__nav_4_3_label tabindex=0> <span class=md-ellipsis> Context </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_3_label aria-expanded=false> <label class=md-nav__title for=__nav_4_3> <span class="md-nav__icon md-icon"></span> Context </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../commands/context/context/ class=md-nav__link> <span class=md-ellipsis> Context </span> </a> </li> <li class=md-nav__item> <a href=../../commands/context/contextnext/ class=md-nav__link> <span class=md-ellipsis> Contextnext </span> </a> </li> <li class=md-nav__item> <a href=../../commands/context/contextoutput/ class=md-nav__link> <span class=md-ellipsis> Contextoutput </span> </a> </li> <li class=md-nav__item> <a href=../../commands/context/contextprev/ class=md-nav__link> <span class=md-ellipsis> Contextprev </span> </a> </li> <li class=md-nav__item> <a href=../../commands/context/contextsearch/ class=md-nav__link> <span class=md-ellipsis> Contextsearch </span> </a> </li> <li class=md-nav__item> <a href=../../commands/context/contextunwatch/ class=md-nav__link> <span class=md-ellipsis> Contextunwatch </span> </a> </li> <li class=md-nav__item> <a href=../../commands/context/contextwatch/ class=md-nav__link> <span class=md-ellipsis> Contextwatch </span> </a> </li> <li class=md-nav__item> <a href=../../commands/context/regs/ class=md-nav__link> <span class=md-ellipsis> Regs </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_4> <label class=md-nav__link for=__nav_4_4 id=__nav_4_4_label tabindex=0> <span class=md-ellipsis> Darwin libsystem mach o </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_4_label aria-expanded=false> <label class=md-nav__title for=__nav_4_4> <span class="md-nav__icon md-icon"></span> Darwin libsystem mach o </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../commands/darwin_libsystem_mach-o/commpage/ class=md-nav__link> <span class=md-ellipsis> Commpage </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_5> <label class=md-nav__link for=__nav_4_5 id=__nav_4_5_label tabindex=0> <span class=md-ellipsis> Developer </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_5_label aria-expanded=false> <label class=md-nav__title for=__nav_4_5> <span class="md-nav__icon md-icon"></span> Developer </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../commands/developer/dev-dump-instruction/ class=md-nav__link> <span class=md-ellipsis> Dev dump instruction </span> </a> </li> <li class=md-nav__item> <a href=../../commands/developer/log-level/ class=md-nav__link> <span class=md-ellipsis> Log level </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_6> <label class=md-nav__link for=__nav_4_6 id=__nav_4_6_label tabindex=0> <span class=md-ellipsis> Disassemble </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_6_label aria-expanded=false> <label class=md-nav__title for=__nav_4_6> <span class="md-nav__icon md-icon"></span> Disassemble </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../commands/disassemble/emulate/ class=md-nav__link> <span class=md-ellipsis> Emulate </span> </a> </li> <li class=md-nav__item> <a href=../../commands/disassemble/nearpc/ class=md-nav__link> <span class=md-ellipsis> Nearpc </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_7> <label class=md-nav__link for=__nav_4_7 id=__nav_4_7_label tabindex=0> <span class=md-ellipsis> Glibc ptmalloc2 heap </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_7_label aria-expanded=false> <label class=md-nav__title for=__nav_4_7> <span class="md-nav__icon md-icon"></span> Glibc ptmalloc2 heap </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../commands/glibc_ptmalloc2_heap/arena/ class=md-nav__link> <span class=md-ellipsis> Arena </span> </a> </li> <li class=md-nav__item> <a href=../../commands/glibc_ptmalloc2_heap/arenas/ class=md-nav__link> <span class=md-ellipsis> Arenas </span> </a> </li> <li class=md-nav__item> <a href=../../commands/glibc_ptmalloc2_heap/bins/ class=md-nav__link> <span class=md-ellipsis> Bins </span> </a> </li> <li class=md-nav__item> <a href=../../commands/glibc_ptmalloc2_heap/fastbins/ class=md-nav__link> <span class=md-ellipsis> Fastbins </span> </a> </li> <li class=md-nav__item> <a href=../../commands/glibc_ptmalloc2_heap/find-fake-fast/ class=md-nav__link> <span class=md-ellipsis> Find fake fast </span> </a> </li> <li class=md-nav__item> <a href=../../commands/glibc_ptmalloc2_heap/heap/ class=md-nav__link> <span class=md-ellipsis> Heap </span> </a> </li> <li class=md-nav__item> <a href=../../commands/glibc_ptmalloc2_heap/hi/ class=md-nav__link> <span class=md-ellipsis> Hi </span> </a> </li> <li class=md-nav__item> <a href=../../commands/glibc_ptmalloc2_heap/largebins/ class=md-nav__link> <span class=md-ellipsis> Largebins </span> </a> </li> <li class=md-nav__item> <a href=../../commands/glibc_ptmalloc2_heap/malloc-chunk/ class=md-nav__link> <span class=md-ellipsis> Malloc chunk </span> </a> </li> <li class=md-nav__item> <a href=../../commands/glibc_ptmalloc2_heap/mp/ class=md-nav__link> <span class=md-ellipsis> Mp </span> </a> </li> <li class=md-nav__item> <a href=../../commands/glibc_ptmalloc2_heap/smallbins/ class=md-nav__link> <span class=md-ellipsis> Smallbins </span> </a> </li> <li class=md-nav__item> <a href=../../commands/glibc_ptmalloc2_heap/tcache/ class=md-nav__link> <span class=md-ellipsis> Tcache </span> </a> </li> <li class=md-nav__item> <a href=../../commands/glibc_ptmalloc2_heap/tcachebins/ class=md-nav__link> <span class=md-ellipsis> Tcachebins </span> </a> </li> <li class=md-nav__item> <a href=../../commands/glibc_ptmalloc2_heap/top-chunk/ class=md-nav__link> <span class=md-ellipsis> Top chunk </span> </a> </li> <li class=md-nav__item> <a href=../../commands/glibc_ptmalloc2_heap/try-free/ class=md-nav__link> <span class=md-ellipsis> Try free </span> </a> </li> <li class=md-nav__item> <a href=../../commands/glibc_ptmalloc2_heap/unsortedbin/ class=md-nav__link> <span class=md-ellipsis> Unsortedbin </span> </a> </li> <li class=md-nav__item> <a href=../../commands/glibc_ptmalloc2_heap/vis-heap-chunks/ class=md-nav__link> <span class=md-ellipsis> Vis heap chunks </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_8> <label class=md-nav__link for=__nav_4_8 id=__nav_4_8_label tabindex=0> <span class=md-ellipsis> Integrations </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_8_label aria-expanded=false> <label class=md-nav__title for=__nav_4_8> <span class="md-nav__icon md-icon"></span> Integrations </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../commands/integrations/ai/ class=md-nav__link> <span class=md-ellipsis> Ai </span> </a> </li> <li class=md-nav__item> <a href=../../commands/integrations/bn-sync/ class=md-nav__link> <span class=md-ellipsis> Bn sync </span> </a> </li> <li class=md-nav__item> <a href=../../commands/integrations/decomp/ class=md-nav__link> <span class=md-ellipsis> Decomp </span> </a> </li> <li class=md-nav__item> <a href=../../commands/integrations/j/ class=md-nav__link> <span class=md-ellipsis> J </span> </a> </li> <li class=md-nav__item> <a href=../../commands/integrations/r2/ class=md-nav__link> <span class=md-ellipsis> R2 </span> </a> </li> <li class=md-nav__item> <a href=../../commands/integrations/r2pipe/ class=md-nav__link> <span class=md-ellipsis> R2pipe </span> </a> </li> <li class=md-nav__item> <a href=../../commands/integrations/rop/ class=md-nav__link> <span class=md-ellipsis> Rop </span> </a> </li> <li class=md-nav__item> <a href=../../commands/integrations/ropper/ class=md-nav__link> <span class=md-ellipsis> Ropper </span> </a> </li> <li class=md-nav__item> <a href=../../commands/integrations/rz/ class=md-nav__link> <span class=md-ellipsis> Rz </span> </a> </li> <li class=md-nav__item> <a href=../../commands/integrations/rzpipe/ class=md-nav__link> <span class=md-ellipsis> Rzpipe </span> </a> </li> <li class=md-nav__item> <a href=../../commands/integrations/save-ida/ class=md-nav__link> <span class=md-ellipsis> Save ida </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_9> <label class=md-nav__link for=__nav_4_9 id=__nav_4_9_label tabindex=0> <span class=md-ellipsis> Jemalloc heap </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_9_label aria-expanded=false> <label class=md-nav__title for=__nav_4_9> <span class="md-nav__icon md-icon"></span> Jemalloc heap </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../commands/jemalloc_heap/jemalloc-extent-info/ class=md-nav__link> <span class=md-ellipsis> Jemalloc extent info </span> </a> </li> <li class=md-nav__item> <a href=../../commands/jemalloc_heap/jemalloc-find-extent/ class=md-nav__link> <span class=md-ellipsis> Jemalloc find extent </span> </a> </li> <li class=md-nav__item> <a href=../../commands/jemalloc_heap/jemalloc-heap/ class=md-nav__link> <span class=md-ellipsis> Jemalloc heap </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_10> <label class=md-nav__link for=__nav_4_10 id=__nav_4_10_label tabindex=0> <span class=md-ellipsis> Kernel </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_10_label aria-expanded=false> <label class=md-nav__title for=__nav_4_10> <span class="md-nav__icon md-icon"></span> Kernel </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../commands/kernel/binder/ class=md-nav__link> <span class=md-ellipsis> Binder </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/buddydump/ class=md-nav__link> <span class=md-ellipsis> Buddydump </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/kbase/ class=md-nav__link> <span class=md-ellipsis> Kbase </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/kbpf/ class=md-nav__link> <span class=md-ellipsis> Kbpf </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/kchecksec/ class=md-nav__link> <span class=md-ellipsis> Kchecksec </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/kcmdline/ class=md-nav__link> <span class=md-ellipsis> Kcmdline </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/kconfig/ class=md-nav__link> <span class=md-ellipsis> Kconfig </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/kdmabuf/ class=md-nav__link> <span class=md-ellipsis> Kdmabuf </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/kdmesg/ class=md-nav__link> <span class=md-ellipsis> Kdmesg </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/klookup/ class=md-nav__link> <span class=md-ellipsis> Klookup </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/kmod/ class=md-nav__link> <span class=md-ellipsis> Kmod </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/knft-dump/ class=md-nav__link> <span class=md-ellipsis> Knft dump </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/knft-list-chains/ class=md-nav__link> <span class=md-ellipsis> Knft list chains </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/knft-list-exprs/ class=md-nav__link> <span class=md-ellipsis> Knft list exprs </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/knft-list-flowtables/ class=md-nav__link> <span class=md-ellipsis> Knft list flowtables </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/knft-list-objects/ class=md-nav__link> <span class=md-ellipsis> Knft list objects </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/knft-list-rules/ class=md-nav__link> <span class=md-ellipsis> Knft list rules </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/knft-list-sets/ class=md-nav__link> <span class=md-ellipsis> Knft list sets </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/knft-list-tables/ class=md-nav__link> <span class=md-ellipsis> Knft list tables </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/ksyscalls/ class=md-nav__link> <span class=md-ellipsis> Ksyscalls </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/ktask/ class=md-nav__link> <span class=md-ellipsis> Ktask </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/kversion/ class=md-nav__link> <span class=md-ellipsis> Kversion </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/msr/ class=md-nav__link> <span class=md-ellipsis> Msr </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/p2v/ class=md-nav__link> <span class=md-ellipsis> P2v </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/pageinfo/ class=md-nav__link> <span class=md-ellipsis> Pageinfo </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/pagewalk/ class=md-nav__link> <span class=md-ellipsis> Pagewalk </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/slab/ class=md-nav__link> <span class=md-ellipsis> Slab </span> </a> </li> <li class=md-nav__item> <a href=../../commands/kernel/v2p/ class=md-nav__link> <span class=md-ellipsis> V2p </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_11> <label class=md-nav__link for=__nav_4_11 id=__nav_4_11_label tabindex=0> <span class=md-ellipsis> Linux libc elf </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_11_label aria-expanded=false> <label class=md-nav__title for=__nav_4_11> <span class="md-nav__icon md-icon"></span> Linux libc elf </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../commands/linux_libc_elf/argc/ class=md-nav__link> <span class=md-ellipsis> Argc </span> </a> </li> <li class=md-nav__item> <a href=../../commands/linux_libc_elf/argv/ class=md-nav__link> <span class=md-ellipsis> Argv </span> </a> </li> <li class=md-nav__item> <a href=../../commands/linux_libc_elf/aslr/ class=md-nav__link> <span class=md-ellipsis> Aslr </span> </a> </li> <li class=md-nav__item> <a href=../../commands/linux_libc_elf/auxv/ class=md-nav__link> <span class=md-ellipsis> Auxv </span> </a> </li> <li class=md-nav__item> <a href=../../commands/linux_libc_elf/auxv-explore/ class=md-nav__link> <span class=md-ellipsis> Auxv explore </span> </a> </li> <li class=md-nav__item> <a href=../../commands/linux_libc_elf/elfsections/ class=md-nav__link> <span class=md-ellipsis> Elfsections </span> </a> </li> <li class=md-nav__item> <a href=../../commands/linux_libc_elf/envp/ class=md-nav__link> <span class=md-ellipsis> Envp </span> </a> </li> <li class=md-nav__item> <a href=../../commands/linux_libc_elf/errno/ class=md-nav__link> <span class=md-ellipsis> Errno </span> </a> </li> <li class=md-nav__item> <a href=../../commands/linux_libc_elf/got/ class=md-nav__link> <span class=md-ellipsis> Got </span> </a> </li> <li class=md-nav__item> <a href=../../commands/linux_libc_elf/gotplt/ class=md-nav__link> <span class=md-ellipsis> Gotplt </span> </a> </li> <li class=md-nav__item> <a href=../../commands/linux_libc_elf/libcinfo/ class=md-nav__link> <span class=md-ellipsis> Libcinfo </span> </a> </li> <li class=md-nav__item> <a href=../../commands/linux_libc_elf/linkmap/ class=md-nav__link> <span class=md-ellipsis> Linkmap </span> </a> </li> <li class=md-nav__item> <a href=../../commands/linux_libc_elf/onegadget/ class=md-nav__link> <span class=md-ellipsis> Onegadget </span> </a> </li> <li class=md-nav__item> <a href=../../commands/linux_libc_elf/parse-seccomp/ class=md-nav__link> <span class=md-ellipsis> Parse seccomp </span> </a> </li> <li class=md-nav__item> <a href=../../commands/linux_libc_elf/piebase/ class=md-nav__link> <span class=md-ellipsis> Piebase </span> </a> </li> <li class=md-nav__item> <a href=../../commands/linux_libc_elf/plt/ class=md-nav__link> <span class=md-ellipsis> Plt </span> </a> </li> <li class=md-nav__item> <a href=../../commands/linux_libc_elf/strings/ class=md-nav__link> <span class=md-ellipsis> Strings </span> </a> </li> <li class=md-nav__item> <a href=../../commands/linux_libc_elf/threads/ class=md-nav__link> <span class=md-ellipsis> Threads </span> </a> </li> <li class=md-nav__item> <a href=../../commands/linux_libc_elf/tls/ class=md-nav__link> <span class=md-ellipsis> Tls </span> </a> </li> <li class=md-nav__item> <a href=../../commands/linux_libc_elf/track-got/ class=md-nav__link> <span class=md-ellipsis> Track got </span> </a> </li> <li class=md-nav__item> <a href=../../commands/linux_libc_elf/track-heap/ class=md-nav__link> <span class=md-ellipsis> Track heap </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_12> <label class=md-nav__link for=__nav_4_12 id=__nav_4_12_label tabindex=0> <span class=md-ellipsis> Memory </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_12_label aria-expanded=false> <label class=md-nav__title for=__nav_4_12> <span class="md-nav__icon md-icon"></span> Memory </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../commands/memory/distance/ class=md-nav__link> <span class=md-ellipsis> Distance </span> </a> </li> <li class=md-nav__item> <a href=../../commands/memory/dump-register-frame/ class=md-nav__link> <span class=md-ellipsis> Dump register frame </span> </a> </li> <li class=md-nav__item> <a href=../../commands/memory/gdt/ class=md-nav__link> <span class=md-ellipsis> Gdt </span> </a> </li> <li class=md-nav__item> <a href=../../commands/memory/go-dump/ class=md-nav__link> <span class=md-ellipsis> Go dump </span> </a> </li> <li class=md-nav__item> <a href=../../commands/memory/go-type/ class=md-nav__link> <span class=md-ellipsis> Go type </span> </a> </li> <li class=md-nav__item> <a href=../../commands/memory/hexdump/ class=md-nav__link> <span class=md-ellipsis> Hexdump </span> </a> </li> <li class=md-nav__item> <a href=../../commands/memory/leakfind/ class=md-nav__link> <span class=md-ellipsis> Leakfind </span> </a> </li> <li class=md-nav__item> <a href=../../commands/memory/memfrob/ class=md-nav__link> <span class=md-ellipsis> Memfrob </span> </a> </li> <li class=md-nav__item> <a href=../../commands/memory/mmap/ class=md-nav__link> <span class=md-ellipsis> Mmap </span> </a> </li> <li class=md-nav__item> <a href=../../commands/memory/mprotect/ class=md-nav__link> <span class=md-ellipsis> Mprotect </span> </a> </li> <li class=md-nav__item> <a href=../../commands/memory/p2p/ class=md-nav__link> <span class=md-ellipsis> P2p </span> </a> </li> <li class=md-nav__item> <a href=../../commands/memory/probeleak/ class=md-nav__link> <span class=md-ellipsis> Probeleak </span> </a> </li> <li class=md-nav__item> <a href=../../commands/memory/search/ class=md-nav__link> <span class=md-ellipsis> Search </span> </a> </li> <li class=md-nav__item> <a href=../../commands/memory/telescope/ class=md-nav__link> <span class=md-ellipsis> Telescope </span> </a> </li> <li class=md-nav__item> <a href=../../commands/memory/vmmap/ class=md-nav__link> <span class=md-ellipsis> Vmmap </span> </a> </li> <li class=md-nav__item> <a href=../../commands/memory/vmmap-add/ class=md-nav__link> <span class=md-ellipsis> Vmmap add </span> </a> </li> <li class=md-nav__item> <a href=../../commands/memory/vmmap-clear/ class=md-nav__link> <span class=md-ellipsis> Vmmap clear </span> </a> </li> <li class=md-nav__item> <a href=../../commands/memory/vmmap-explore/ class=md-nav__link> <span class=md-ellipsis> Vmmap explore </span> </a> </li> <li class=md-nav__item> <a href=../../commands/memory/xinfo/ class=md-nav__link> <span class=md-ellipsis> Xinfo </span> </a> </li> <li class=md-nav__item> <a href=../../commands/memory/xor/ class=md-nav__link> <span class=md-ellipsis> Xor </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_13> <label class=md-nav__link for=__nav_4_13 id=__nav_4_13_label tabindex=0> <span class=md-ellipsis> Misc </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_13_label aria-expanded=false> <label class=md-nav__title for=__nav_4_13> <span class="md-nav__icon md-icon"></span> Misc </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../commands/misc/asm/ class=md-nav__link> <span class=md-ellipsis> Asm </span> </a> </li> <li class=md-nav__item> <a href=../../commands/misc/checksec/ class=md-nav__link> <span class=md-ellipsis> Checksec </span> </a> </li> <li class=md-nav__item> <a href=../../commands/misc/comm/ class=md-nav__link> <span class=md-ellipsis> Comm </span> </a> </li> <li class=md-nav__item> <a href=../../commands/misc/cyclic/ class=md-nav__link> <span class=md-ellipsis> Cyclic </span> </a> </li> <li class=md-nav__item> <a href=../../commands/misc/cymbol/ class=md-nav__link> <span class=md-ellipsis> Cymbol </span> </a> </li> <li class=md-nav__item> <a href=../../commands/misc/down/ class=md-nav__link> <span class=md-ellipsis> Down </span> </a> </li> <li class=md-nav__item> <a href=../../commands/misc/dt/ class=md-nav__link> <span class=md-ellipsis> Dt </span> </a> </li> <li class=md-nav__item> <a href=../../commands/misc/dumpargs/ class=md-nav__link> <span class=md-ellipsis> Dumpargs </span> </a> </li> <li class=md-nav__item> <a href=../../commands/misc/getfile/ class=md-nav__link> <span class=md-ellipsis> Getfile </span> </a> </li> <li class=md-nav__item> <a href=../../commands/misc/hex2ptr/ class=md-nav__link> <span class=md-ellipsis> Hex2ptr </span> </a> </li> <li class=md-nav__item> <a href=../../commands/misc/hijack-fd/ class=md-nav__link> <span class=md-ellipsis> Hijack fd </span> </a> </li> <li class=md-nav__item> <a href=../../commands/misc/ipi/ class=md-nav__link> <span class=md-ellipsis> Ipi </span> </a> </li> <li class=md-nav__item> <a href=../../commands/misc/patch/ class=md-nav__link> <span class=md-ellipsis> Patch </span> </a> </li> <li class=md-nav__item> <a href=../../commands/misc/patch-list/ class=md-nav__link> <span class=md-ellipsis> Patch list </span> </a> </li> <li class=md-nav__item> <a href=../../commands/misc/patch-revert/ class=md-nav__link> <span class=md-ellipsis> Patch revert </span> </a> </li> <li class=md-nav__item> <a href=../../commands/misc/plist/ class=md-nav__link> <span class=md-ellipsis> Plist </span> </a> </li> <li class=md-nav__item> <a href=../../commands/misc/sigreturn/ class=md-nav__link> <span class=md-ellipsis> Sigreturn </span> </a> </li> <li class=md-nav__item> <a href=../../commands/misc/spray/ class=md-nav__link> <span class=md-ellipsis> Spray </span> </a> </li> <li class=md-nav__item> <a href=../../commands/misc/tips/ class=md-nav__link> <span class=md-ellipsis> Tips </span> </a> </li> <li class=md-nav__item> <a href=../../commands/misc/up/ class=md-nav__link> <span class=md-ellipsis> Up </span> </a> </li> <li class=md-nav__item> <a href=../../commands/misc/valist/ class=md-nav__link> <span class=md-ellipsis> Valist </span> </a> </li> <li class=md-nav__item> <a href=../../commands/misc/vmmap-load/ class=md-nav__link> <span class=md-ellipsis> Vmmap load </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_14> <label class=md-nav__link for=__nav_4_14 id=__nav_4_14_label tabindex=0> <span class=md-ellipsis> Musl </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_14_label aria-expanded=false> <label class=md-nav__title for=__nav_4_14> <span class="md-nav__icon md-icon"></span> Musl </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../commands/musl/mallocng-dump/ class=md-nav__link> <span class=md-ellipsis> Mallocng dump </span> </a> </li> <li class=md-nav__item> <a href=../../commands/musl/mallocng-explain/ class=md-nav__link> <span class=md-ellipsis> Mallocng explain </span> </a> </li> <li class=md-nav__item> <a href=../../commands/musl/mallocng-find/ class=md-nav__link> <span class=md-ellipsis> Mallocng find </span> </a> </li> <li class=md-nav__item> <a href=../../commands/musl/mallocng-group/ class=md-nav__link> <span class=md-ellipsis> Mallocng group </span> </a> </li> <li class=md-nav__item> <a href=../../commands/musl/mallocng-malloc-context/ class=md-nav__link> <span class=md-ellipsis> Mallocng malloc context </span> </a> </li> <li class=md-nav__item> <a href=../../commands/musl/mallocng-meta/ class=md-nav__link> <span class=md-ellipsis> Mallocng meta </span> </a> </li> <li class=md-nav__item> <a href=../../commands/musl/mallocng-meta-area/ class=md-nav__link> <span class=md-ellipsis> Mallocng meta area </span> </a> </li> <li class=md-nav__item> <a href=../../commands/musl/mallocng-slot-start/ class=md-nav__link> <span class=md-ellipsis> Mallocng slot start </span> </a> </li> <li class=md-nav__item> <a href=../../commands/musl/mallocng-slot-user/ class=md-nav__link> <span class=md-ellipsis> Mallocng slot user </span> </a> </li> <li class=md-nav__item> <a href=../../commands/musl/mallocng-visualize-slots/ class=md-nav__link> <span class=md-ellipsis> Mallocng visualize slots </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_15> <label class=md-nav__link for=__nav_4_15 id=__nav_4_15_label tabindex=0> <span class=md-ellipsis> Process </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_15_label aria-expanded=false> <label class=md-nav__title for=__nav_4_15> <span class="md-nav__icon md-icon"></span> Process </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../commands/process/killthreads/ class=md-nav__link> <span class=md-ellipsis> Killthreads </span> </a> </li> <li class=md-nav__item> <a href=../../commands/process/pid/ class=md-nav__link> <span class=md-ellipsis> Pid </span> </a> </li> <li class=md-nav__item> <a href=../../commands/process/procinfo/ class=md-nav__link> <span class=md-ellipsis> Procinfo </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_16> <label class=md-nav__link for=__nav_4_16 id=__nav_4_16_label tabindex=0> <span class=md-ellipsis> Pwndbg </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_16_label aria-expanded=false> <label class=md-nav__title for=__nav_4_16> <span class="md-nav__icon md-icon"></span> Pwndbg </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../commands/pwndbg/bugreport/ class=md-nav__link> <span class=md-ellipsis> Bugreport </span> </a> </li> <li class=md-nav__item> <a href=../../commands/pwndbg/config/ class=md-nav__link> <span class=md-ellipsis> Config </span> </a> </li> <li class=md-nav__item> <a href=../../commands/pwndbg/configfile/ class=md-nav__link> <span class=md-ellipsis> Configfile </span> </a> </li> <li class=md-nav__item> <a href=../../commands/pwndbg/heap-config/ class=md-nav__link> <span class=md-ellipsis> Heap config </span> </a> </li> <li class=md-nav__item> <a href=../../commands/pwndbg/memoize/ class=md-nav__link> <span class=md-ellipsis> Memoize </span> </a> </li> <li class=md-nav__item> <a href=../../commands/pwndbg/profiler/ class=md-nav__link> <span class=md-ellipsis> Profiler </span> </a> </li> <li class=md-nav__item> <a href=../../commands/pwndbg/pwndbg/ class=md-nav__link> <span class=md-ellipsis> Pwndbg </span> </a> </li> <li class=md-nav__item> <a href=../../commands/pwndbg/reinit-pwndbg/ class=md-nav__link> <span class=md-ellipsis> Reinit pwndbg </span> </a> </li> <li class=md-nav__item> <a href=../../commands/pwndbg/reload/ class=md-nav__link> <span class=md-ellipsis> Reload </span> </a> </li> <li class=md-nav__item> <a href=../../commands/pwndbg/theme/ class=md-nav__link> <span class=md-ellipsis> Theme </span> </a> </li> <li class=md-nav__item> <a href=../../commands/pwndbg/themefile/ class=md-nav__link> <span class=md-ellipsis> Themefile </span> </a> </li> <li class=md-nav__item> <a href=../../commands/pwndbg/version/ class=md-nav__link> <span class=md-ellipsis> Version </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_17> <label class=md-nav__link for=__nav_4_17 id=__nav_4_17_label tabindex=0> <span class=md-ellipsis> Register </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_17_label aria-expanded=false> <label class=md-nav__title for=__nav_4_17> <span class="md-nav__icon md-icon"></span> Register </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../commands/register/cpsr/ class=md-nav__link> <span class=md-ellipsis> Cpsr </span> </a> </li> <li class=md-nav__item> <a href=../../commands/register/fsbase/ class=md-nav__link> <span class=md-ellipsis> Fsbase </span> </a> </li> <li class=md-nav__item> <a href=../../commands/register/gsbase/ class=md-nav__link> <span class=md-ellipsis> Gsbase </span> </a> </li> <li class=md-nav__item> <a href=../../commands/register/setflag/ class=md-nav__link> <span class=md-ellipsis> Setflag </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_18> <label class=md-nav__link for=__nav_4_18 id=__nav_4_18_label tabindex=0> <span class=md-ellipsis> Stack </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_18_label aria-expanded=false> <label class=md-nav__title for=__nav_4_18> <span class="md-nav__icon md-icon"></span> Stack </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../commands/stack/canary/ class=md-nav__link> <span class=md-ellipsis> Canary </span> </a> </li> <li class=md-nav__item> <a href=../../commands/stack/retaddr/ class=md-nav__link> <span class=md-ellipsis> Retaddr </span> </a> </li> <li class=md-nav__item> <a href=../../commands/stack/stack/ class=md-nav__link> <span class=md-ellipsis> Stack </span> </a> </li> <li class=md-nav__item> <a href=../../commands/stack/stack-explore/ class=md-nav__link> <span class=md-ellipsis> Stack explore </span> </a> </li> <li class=md-nav__item> <a href=../../commands/stack/stackf/ class=md-nav__link> <span class=md-ellipsis> Stackf </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_19> <label class=md-nav__link for=__nav_4_19 id=__nav_4_19_label tabindex=0> <span class=md-ellipsis> Start </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_19_label aria-expanded=false> <label class=md-nav__title for=__nav_4_19> <span class="md-nav__icon md-icon"></span> Start </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../commands/start/attachp/ class=md-nav__link> <span class=md-ellipsis> Attachp </span> </a> </li> <li class=md-nav__item> <a href=../../commands/start/entry/ class=md-nav__link> <span class=md-ellipsis> Entry </span> </a> </li> <li class=md-nav__item> <a href=../../commands/start/sstart/ class=md-nav__link> <span class=md-ellipsis> Sstart </span> </a> </li> <li class=md-nav__item> <a href=../../commands/start/start/ class=md-nav__link> <span class=md-ellipsis> Start </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_20> <label class=md-nav__link for=__nav_4_20 id=__nav_4_20_label tabindex=0> <span class=md-ellipsis> Step next continue </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_20_label aria-expanded=false> <label class=md-nav__title for=__nav_4_20> <span class="md-nav__icon md-icon"></span> Step next continue </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../commands/step_next_continue/nextcall/ class=md-nav__link> <span class=md-ellipsis> Nextcall </span> </a> </li> <li class=md-nav__item> <a href=../../commands/step_next_continue/nextjmp/ class=md-nav__link> <span class=md-ellipsis> Nextjmp </span> </a> </li> <li class=md-nav__item> <a href=../../commands/step_next_continue/nextproginstr/ class=md-nav__link> <span class=md-ellipsis> Nextproginstr </span> </a> </li> <li class=md-nav__item> <a href=../../commands/step_next_continue/nextret/ class=md-nav__link> <span class=md-ellipsis> Nextret </span> </a> </li> <li class=md-nav__item> <a href=../../commands/step_next_continue/nextsyscall/ class=md-nav__link> <span class=md-ellipsis> Nextsyscall </span> </a> </li> <li class=md-nav__item> <a href=../../commands/step_next_continue/stepover/ class=md-nav__link> <span class=md-ellipsis> Stepover </span> </a> </li> <li class=md-nav__item> <a href=../../commands/step_next_continue/stepret/ class=md-nav__link> <span class=md-ellipsis> Stepret </span> </a> </li> <li class=md-nav__item> <a href=../../commands/step_next_continue/stepsyscall/ class=md-nav__link> <span class=md-ellipsis> Stepsyscall </span> </a> </li> <li class=md-nav__item> <a href=../../commands/step_next_continue/stepuntilasm/ class=md-nav__link> <span class=md-ellipsis> Stepuntilasm </span> </a> </li> <li class=md-nav__item> <a href=../../commands/step_next_continue/xuntil/ class=md-nav__link> <span class=md-ellipsis> Xuntil </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_21> <label class=md-nav__link for=__nav_4_21 id=__nav_4_21_label tabindex=0> <span class=md-ellipsis> Windbg </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_21_label aria-expanded=false> <label class=md-nav__title for=__nav_4_21> <span class="md-nav__icon md-icon"></span> Windbg </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../commands/windbg/bc/ class=md-nav__link> <span class=md-ellipsis> Bc </span> </a> </li> <li class=md-nav__item> <a href=../../commands/windbg/bd/ class=md-nav__link> <span class=md-ellipsis> Bd </span> </a> </li> <li class=md-nav__item> <a href=../../commands/windbg/be/ class=md-nav__link> <span class=md-ellipsis> Be </span> </a> </li> <li class=md-nav__item> <a href=../../commands/windbg/bl/ class=md-nav__link> <span class=md-ellipsis> Bl </span> </a> </li> <li class=md-nav__item> <a href=../../commands/windbg/bp/ class=md-nav__link> <span class=md-ellipsis> Bp </span> </a> </li> <li class=md-nav__item> <a href=../../commands/windbg/da/ class=md-nav__link> <span class=md-ellipsis> Da </span> </a> </li> <li class=md-nav__item> <a href=../../commands/windbg/db/ class=md-nav__link> <span class=md-ellipsis> Db </span> </a> </li> <li class=md-nav__item> <a href=../../commands/windbg/dc/ class=md-nav__link> <span class=md-ellipsis> Dc </span> </a> </li> <li class=md-nav__item> <a href=../../commands/windbg/dd/ class=md-nav__link> <span class=md-ellipsis> Dd </span> </a> </li> <li class=md-nav__item> <a href=../../commands/windbg/dds/ class=md-nav__link> <span class=md-ellipsis> Dds </span> </a> </li> <li class=md-nav__item> <a href=../../commands/windbg/dq/ class=md-nav__link> <span class=md-ellipsis> Dq </span> </a> </li> <li class=md-nav__item> <a href=../../commands/windbg/ds/ class=md-nav__link> <span class=md-ellipsis> Ds </span> </a> </li> <li class=md-nav__item> <a href=../../commands/windbg/dw/ class=md-nav__link> <span class=md-ellipsis> Dw </span> </a> </li> <li class=md-nav__item> <a href=../../commands/windbg/eb/ class=md-nav__link> <span class=md-ellipsis> Eb </span> </a> </li> <li class=md-nav__item> <a href=../../commands/windbg/ed/ class=md-nav__link> <span class=md-ellipsis> Ed </span> </a> </li> <li class=md-nav__item> <a href=../../commands/windbg/eq/ class=md-nav__link> <span class=md-ellipsis> Eq </span> </a> </li> <li class=md-nav__item> <a href=../../commands/windbg/ew/ class=md-nav__link> <span class=md-ellipsis> Ew </span> </a> </li> <li class=md-nav__item> <a href=../../commands/windbg/ez/ class=md-nav__link> <span class=md-ellipsis> Ez </span> </a> </li> <li class=md-nav__item> <a href=../../commands/windbg/eza/ class=md-nav__link> <span class=md-ellipsis> Eza </span> </a> </li> <li class=md-nav__item> <a href=../../commands/windbg/go/ class=md-nav__link> <span class=md-ellipsis> Go </span> </a> </li> <li class=md-nav__item> <a href=../../commands/windbg/k/ class=md-nav__link> <span class=md-ellipsis> K </span> </a> </li> <li class=md-nav__item> <a href=../../commands/windbg/ln/ class=md-nav__link> <span class=md-ellipsis> Ln </span> </a> </li> <li class=md-nav__item> <a href=../../commands/windbg/pc/ class=md-nav__link> <span class=md-ellipsis> Pc </span> </a> </li> <li class=md-nav__item> <a href=../../commands/windbg/peb/ class=md-nav__link> <span class=md-ellipsis> Peb </span> </a> </li> </ul> </nav> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_5> <div class="md-nav__link md-nav__container"> <a href=../../functions/ class="md-nav__link "> <span class=md-ellipsis> Functions </span> </a> </div> <nav class=md-nav data-md-level=1 aria-labelledby=__nav_5_label aria-expanded=false> <label class=md-nav__title for=__nav_5> <span class="md-nav__icon md-icon"></span> Functions </label> <ul class=md-nav__list data-md-scrollfix> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_6> <div class="md-nav__link md-nav__container"> <a href=../../configuration/ class="md-nav__link "> <span class=md-ellipsis> Configuration </span> </a> <label class="md-nav__link " for=__nav_6 id=__nav_6_label tabindex=0> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=1 aria-labelledby=__nav_6_label aria-expanded=false> <label class=md-nav__title for=__nav_6> <span class="md-nav__icon md-icon"></span> Configuration </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../configuration/config/ class=md-nav__link> <span class=md-ellipsis> Config </span> </a> </li> <li class=md-nav__item> <a href=../../configuration/heap/ class=md-nav__link> <span class=md-ellipsis> Heap </span> </a> </li> <li class=md-nav__item> <a href=../../configuration/theme/ class=md-nav__link> <span class=md-ellipsis> Theme </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_7 checked> <div class="md-nav__link md-nav__container"> <a href=../ class="md-nav__link "> <span class=md-ellipsis> Contributing </span> </a> <label class="md-nav__link " for=__nav_7 id=__nav_7_label tabindex> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=1 aria-labelledby=__nav_7_label aria-expanded=true> <label class=md-nav__title for=__nav_7> <span class="md-nav__icon md-icon"></span> Contributing </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../setup-pwndbg-dev/ class=md-nav__link> <span class=md-ellipsis> Setup Pwndbg for Development </span> </a> </li> <li class=md-nav__item> <a href=../dev-notes/ class=md-nav__link> <span class=md-ellipsis> Developer Notes </span> </a> </li> <li class=md-nav__item> <a href=../writing-tests/ class=md-nav__link> <span class=md-ellipsis> Writing Tests </span> </a> </li> <li class=md-nav__item> <a href=../adding-a-command/ class=md-nav__link> <span class=md-ellipsis> Adding a Command </span> </a> </li> <li class=md-nav__item> <a href=../adding-a-parameter/ class=md-nav__link> <span class=md-ellipsis> Adding a Configuration Option </span> </a> </li> <li class="md-nav__item md-nav__item--active"> <input class="md-nav__toggle md-toggle" type=checkbox id=__toc> <label class="md-nav__link md-nav__link--active" for=__toc> <span class=md-ellipsis> Improving Annotations </span> <span class="md-nav__icon md-icon"></span> </label> <a href=./ class="md-nav__link md-nav__link--active"> <span class=md-ellipsis> Improving Annotations </span> </a> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class=md-nav__title for=__toc> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class=md-nav__list data-md-component=toc data-md-scrollfix> <li class=md-nav__item> <a href=#enhancing class=md-nav__link> <span class=md-ellipsis> Enhancing </span> </a> </li> <li class=md-nav__item> <a href=#when-to-use-emulation-reasoning-about-process-state class=md-nav__link> <span class=md-ellipsis> When to use emulation / reasoning about process state </span> </a> </li> <li class=md-nav__item> <a href=#what-if-the-emulator-fails class=md-nav__link> <span class=md-ellipsis> What if the emulator fails? </span> </a> </li> <li class=md-nav__item> <a href=#caching-annotations class=md-nav__link> <span class=md-ellipsis> Caching annotations </span> </a> </li> <li class=md-nav__item> <a href=#other-random-annotation-details class=md-nav__link> <span class=md-ellipsis> Other random annotation details </span> </a> </li> <li class=md-nav__item> <a href=#adding-or-fixing-annotations class=md-nav__link> <span class=md-ellipsis> Adding or fixing annotations </span> </a> </li> <li class=md-nav__item> <a href=#bug-root-cause class=md-nav__link> <span class=md-ellipsis> Bug root cause </span> </a> </li> <li class=md-nav__item> <a href=#creating-small-cross-architecture-programs class=md-nav__link> <span class=md-ellipsis> Creating small cross-architecture programs </span> </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../making-a-gif/ class=md-nav__link> <span class=md-ellipsis> Making a Pwndbg gif </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_8> <label class=md-nav__link for=__nav_8 id=__nav_8_label tabindex=0> <span class=md-ellipsis> Tutorials </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=1 aria-labelledby=__nav_8_label aria-expanded=false> <label class=md-nav__title for=__nav_8> <span class="md-nav__icon md-icon"></span> Tutorials </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../tutorials/env-vars/ class=md-nav__link> <span class=md-ellipsis> Env vars </span> </a> </li> <li class=md-nav__item> <a href=../../tutorials/gdb-lldb-commands/ class=md-nav__link> <span class=md-ellipsis> GDB vs LLDB </span> </a> </li> <li class=md-nav__item> <a href=../../tutorials/gdb-tui/ class=md-nav__link> <span class=md-ellipsis> GDB TUI </span> </a> </li> <li class=md-nav__item> <a href=../../tutorials/go-debugging/ class=md-nav__link> <span class=md-ellipsis> Debugging Go with Pwndbg </span> </a> </li> <li class=md-nav__item> <a href=../../tutorials/packaging/ class=md-nav__link> <span class=md-ellipsis> Packaging Pwndbg </span> </a> </li> <li class=md-nav__item> <a href=../../tutorials/pwndbg-users/ class=md-nav__link> <span class=md-ellipsis> Pwndbg in the wild </span> </a> </li> <li class=md-nav__item> <a href=../../tutorials/pycharm-debugging/ class=md-nav__link> <span class=md-ellipsis> Debugging with PyCharm </span> </a> </li> <li class=md-nav__item> <a href=../../tutorials/splitting-the-context/ class=md-nav__link> <span class=md-ellipsis> Splitting / Layouting Context </span> </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_8_9> <label class=md-nav__link for=__nav_8_9 id=__nav_8_9_label tabindex=0> <span class=md-ellipsis> Decompiler integration </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_8_9_label aria-expanded=false> <label class=md-nav__title for=__nav_8_9> <span class="md-nav__icon md-icon"></span> Decompiler integration </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../tutorials/decompiler-integration/binja-integration/ class=md-nav__link> <span class=md-ellipsis> Binary Ninja </span> </a> </li> <li class=md-nav__item> <a href=../../tutorials/decompiler-integration/ghidra-integration/ class=md-nav__link> <span class=md-ellipsis> Ghidra </span> </a> </li> <li class=md-nav__item> <a href=../../tutorials/decompiler-integration/ida-integration/ class=md-nav__link> <span class=md-ellipsis> IDA </span> </a> </li> </ul> </nav> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_9> <label class=md-nav__link for=__nav_9 id=__nav_9_label tabindex=0> <span class=md-ellipsis> Reference </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=1 aria-labelledby=__nav_9_label aria-expanded=false> <label class=md-nav__title for=__nav_9> <span class="md-nav__icon md-icon"></span> Reference </label> <ul class=md-nav__list data-md-scrollfix> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_9_1> <div class="md-nav__link md-nav__container"> <a href=../../reference/pwndbg/ class="md-nav__link "> <span class=md-ellipsis> pwndbg </span> </a> <label class="md-nav__link " for=__nav_9_1 id=__nav_9_1_label tabindex=0> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_9_1_label aria-expanded=false> <label class=md-nav__title for=__nav_9_1> <span class="md-nav__icon md-icon"></span> pwndbg </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../reference/pwndbg/arguments/ class=md-nav__link> <span class=md-ellipsis> arguments </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/auxv/ class=md-nav__link> <span class=md-ellipsis> auxv </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/chain/ class=md-nav__link> <span class=md-ellipsis> chain </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/decorators/ class=md-nav__link> <span class=md-ellipsis> decorators </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/enhance/ class=md-nav__link> <span class=md-ellipsis> enhance </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/exception/ class=md-nav__link> <span class=md-ellipsis> exception </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/ghidra/ class=md-nav__link> <span class=md-ellipsis> ghidra </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/glibc/ class=md-nav__link> <span class=md-ellipsis> glibc </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/hexdump/ class=md-nav__link> <span class=md-ellipsis> hexdump </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/log/ class=md-nav__link> <span class=md-ellipsis> log </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/profiling/ class=md-nav__link> <span class=md-ellipsis> profiling </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/radare2/ class=md-nav__link> <span class=md-ellipsis> radare2 </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/rizin/ class=md-nav__link> <span class=md-ellipsis> rizin </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/search/ class=md-nav__link> <span class=md-ellipsis> search </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/ui/ class=md-nav__link> <span class=md-ellipsis> ui </span> </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_9_1_17> <div class="md-nav__link md-nav__container"> <a href=../../reference/pwndbg/aglib/ class="md-nav__link "> <span class=md-ellipsis> aglib </span> </a> <label class="md-nav__link " for=__nav_9_1_17 id=__nav_9_1_17_label tabindex=0> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=3 aria-labelledby=__nav_9_1_17_label aria-expanded=false> <label class=md-nav__title for=__nav_9_1_17> <span class="md-nav__icon md-icon"></span> aglib </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/arch/ class=md-nav__link> <span class=md-ellipsis> arch </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/argv/ class=md-nav__link> <span class=md-ellipsis> argv </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/asm/ class=md-nav__link> <span class=md-ellipsis> asm </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/commpage/ class=md-nav__link> <span class=md-ellipsis> commpage </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/ctypes/ class=md-nav__link> <span class=md-ellipsis> ctypes </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/dt/ class=md-nav__link> <span class=md-ellipsis> dt </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/dynamic/ class=md-nav__link> <span class=md-ellipsis> dynamic </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/elf/ class=md-nav__link> <span class=md-ellipsis> elf </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/file/ class=md-nav__link> <span class=md-ellipsis> file </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/godbg/ class=md-nav__link> <span class=md-ellipsis> godbg </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/macho/ class=md-nav__link> <span class=md-ellipsis> macho </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/memory/ class=md-nav__link> <span class=md-ellipsis> memory </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/nearpc/ class=md-nav__link> <span class=md-ellipsis> nearpc </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/next/ class=md-nav__link> <span class=md-ellipsis> next </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/objc/ class=md-nav__link> <span class=md-ellipsis> objc </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/onegadget/ class=md-nav__link> <span class=md-ellipsis> onegadget </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/proc/ class=md-nav__link> <span class=md-ellipsis> proc </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/qemu/ class=md-nav__link> <span class=md-ellipsis> qemu </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/regs/ class=md-nav__link> <span class=md-ellipsis> regs </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/remote/ class=md-nav__link> <span class=md-ellipsis> remote </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/saved_register_frames/ class=md-nav__link> <span class=md-ellipsis> saved_register_frames </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/shellcode/ class=md-nav__link> <span class=md-ellipsis> shellcode </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/stack/ class=md-nav__link> <span class=md-ellipsis> stack </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/strings/ class=md-nav__link> <span class=md-ellipsis> strings </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/symbol/ class=md-nav__link> <span class=md-ellipsis> symbol </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/tls/ class=md-nav__link> <span class=md-ellipsis> tls </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/typeinfo/ class=md-nav__link> <span class=md-ellipsis> typeinfo </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/vmmap/ class=md-nav__link> <span class=md-ellipsis> vmmap </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/vmmap_custom/ class=md-nav__link> <span class=md-ellipsis> vmmap_custom </span> </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_9_1_17_31> <div class="md-nav__link md-nav__container"> <a href=../../reference/pwndbg/aglib/disasm/ class="md-nav__link "> <span class=md-ellipsis> disasm </span> </a> <label class="md-nav__link " for=__nav_9_1_17_31 id=__nav_9_1_17_31_label tabindex=0> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=4 aria-labelledby=__nav_9_1_17_31_label aria-expanded=false> <label class=md-nav__title for=__nav_9_1_17_31> <span class="md-nav__icon md-icon"></span> disasm </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/disasm/aarch64/ class=md-nav__link> <span class=md-ellipsis> aarch64 </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/disasm/arch/ class=md-nav__link> <span class=md-ellipsis> arch </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/disasm/arm/ class=md-nav__link> <span class=md-ellipsis> arm </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/disasm/disassembly/ class=md-nav__link> <span class=md-ellipsis> disassembly </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/disasm/instruction/ class=md-nav__link> <span class=md-ellipsis> instruction </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/disasm/loongarch64/ class=md-nav__link> <span class=md-ellipsis> loongarch64 </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/disasm/mips/ class=md-nav__link> <span class=md-ellipsis> mips </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/disasm/ppc/ class=md-nav__link> <span class=md-ellipsis> ppc </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/disasm/riscv/ class=md-nav__link> <span class=md-ellipsis> riscv </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/disasm/sparc/ class=md-nav__link> <span class=md-ellipsis> sparc </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/disasm/x86/ class=md-nav__link> <span class=md-ellipsis> x86 </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_9_1_17_32> <div class="md-nav__link md-nav__container"> <a href=../../reference/pwndbg/aglib/heap/ class="md-nav__link "> <span class=md-ellipsis> heap </span> </a> <label class="md-nav__link " for=__nav_9_1_17_32 id=__nav_9_1_17_32_label tabindex=0> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=4 aria-labelledby=__nav_9_1_17_32_label aria-expanded=false> <label class=md-nav__title for=__nav_9_1_17_32> <span class="md-nav__icon md-icon"></span> heap </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/heap/heap/ class=md-nav__link> <span class=md-ellipsis> heap </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/heap/jemalloc/ class=md-nav__link> <span class=md-ellipsis> jemalloc </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/heap/mallocng/ class=md-nav__link> <span class=md-ellipsis> mallocng </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/heap/ptmalloc/ class=md-nav__link> <span class=md-ellipsis> ptmalloc </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/heap/structs/ class=md-nav__link> <span class=md-ellipsis> structs </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_9_1_17_33> <div class="md-nav__link md-nav__container"> <a href=../../reference/pwndbg/aglib/kernel/ class="md-nav__link "> <span class=md-ellipsis> kernel </span> </a> <label class="md-nav__link " for=__nav_9_1_17_33 id=__nav_9_1_17_33_label tabindex=0> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=4 aria-labelledby=__nav_9_1_17_33_label aria-expanded=false> <label class=md-nav__title for=__nav_9_1_17_33> <span class="md-nav__icon md-icon"></span> kernel </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/kernel/bpf/ class=md-nav__link> <span class=md-ellipsis> bpf </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/kernel/buddydump/ class=md-nav__link> <span class=md-ellipsis> buddydump </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/kernel/dmabuf/ class=md-nav__link> <span class=md-ellipsis> dmabuf </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/kernel/kallsyms/ class=md-nav__link> <span class=md-ellipsis> kallsyms </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/kernel/kmod/ class=md-nav__link> <span class=md-ellipsis> kmod </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/kernel/macros/ class=md-nav__link> <span class=md-ellipsis> macros </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/kernel/nftables/ class=md-nav__link> <span class=md-ellipsis> nftables </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/kernel/paging/ class=md-nav__link> <span class=md-ellipsis> paging </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/kernel/rbtree/ class=md-nav__link> <span class=md-ellipsis> rbtree </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/kernel/slab/ class=md-nav__link> <span class=md-ellipsis> slab </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/kernel/symbol/ class=md-nav__link> <span class=md-ellipsis> symbol </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/aglib/kernel/vmmap/ class=md-nav__link> <span class=md-ellipsis> vmmap </span> </a> </li> </ul> </nav> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_9_1_18> <div class="md-nav__link md-nav__container"> <a href=../../reference/pwndbg/color/ class="md-nav__link "> <span class=md-ellipsis> color </span> </a> <label class="md-nav__link " for=__nav_9_1_18 id=__nav_9_1_18_label tabindex=0> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=3 aria-labelledby=__nav_9_1_18_label aria-expanded=false> <label class=md-nav__title for=__nav_9_1_18> <span class="md-nav__icon md-icon"></span> color </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../reference/pwndbg/color/context/ class=md-nav__link> <span class=md-ellipsis> context </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/color/disasm/ class=md-nav__link> <span class=md-ellipsis> disasm </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/color/enhance/ class=md-nav__link> <span class=md-ellipsis> enhance </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/color/hexdump/ class=md-nav__link> <span class=md-ellipsis> hexdump </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/color/memory/ class=md-nav__link> <span class=md-ellipsis> memory </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/color/message/ class=md-nav__link> <span class=md-ellipsis> message </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/color/syntax_highlight/ class=md-nav__link> <span class=md-ellipsis> syntax_highlight </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/color/telescope/ class=md-nav__link> <span class=md-ellipsis> telescope </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/color/theme/ class=md-nav__link> <span class=md-ellipsis> theme </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_9_1_19> <div class="md-nav__link md-nav__container"> <a href=../../reference/pwndbg/commands/ class="md-nav__link "> <span class=md-ellipsis> commands </span> </a> <label class="md-nav__link " for=__nav_9_1_19 id=__nav_9_1_19_label tabindex=0> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=3 aria-labelledby=__nav_9_1_19_label aria-expanded=false> <label class=md-nav__title for=__nav_9_1_19> <span class="md-nav__icon md-icon"></span> commands </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/ai/ class=md-nav__link> <span class=md-ellipsis> ai </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/argv/ class=md-nav__link> <span class=md-ellipsis> argv </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/aslr/ class=md-nav__link> <span class=md-ellipsis> aslr </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/asm/ class=md-nav__link> <span class=md-ellipsis> asm </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/attachp/ class=md-nav__link> <span class=md-ellipsis> attachp </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/auxv/ class=md-nav__link> <span class=md-ellipsis> auxv </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/binder/ class=md-nav__link> <span class=md-ellipsis> binder </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/binja/ class=md-nav__link> <span class=md-ellipsis> binja </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/binja_functions/ class=md-nav__link> <span class=md-ellipsis> binja_functions </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/branch/ class=md-nav__link> <span class=md-ellipsis> branch </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/buddydump/ class=md-nav__link> <span class=md-ellipsis> buddydump </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/canary/ class=md-nav__link> <span class=md-ellipsis> canary </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/checksec/ class=md-nav__link> <span class=md-ellipsis> checksec </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/comments/ class=md-nav__link> <span class=md-ellipsis> comments </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/commpage/ class=md-nav__link> <span class=md-ellipsis> commpage </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/config/ class=md-nav__link> <span class=md-ellipsis> config </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/context/ class=md-nav__link> <span class=md-ellipsis> context </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/cpsr/ class=md-nav__link> <span class=md-ellipsis> cpsr </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/cyclic/ class=md-nav__link> <span class=md-ellipsis> cyclic </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/cymbol/ class=md-nav__link> <span class=md-ellipsis> cymbol </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/dev/ class=md-nav__link> <span class=md-ellipsis> dev </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/distance/ class=md-nav__link> <span class=md-ellipsis> distance </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/dt/ class=md-nav__link> <span class=md-ellipsis> dt </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/dumpargs/ class=md-nav__link> <span class=md-ellipsis> dumpargs </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/elf/ class=md-nav__link> <span class=md-ellipsis> elf </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/flags/ class=md-nav__link> <span class=md-ellipsis> flags </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/gdt/ class=md-nav__link> <span class=md-ellipsis> gdt </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/ghidra/ class=md-nav__link> <span class=md-ellipsis> ghidra </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/godbg/ class=md-nav__link> <span class=md-ellipsis> godbg </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/got/ class=md-nav__link> <span class=md-ellipsis> got </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/got_tracking/ class=md-nav__link> <span class=md-ellipsis> got_tracking </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/hex2ptr/ class=md-nav__link> <span class=md-ellipsis> hex2ptr </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/hexdump/ class=md-nav__link> <span class=md-ellipsis> hexdump </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/hijack_fd/ class=md-nav__link> <span class=md-ellipsis> hijack_fd </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/ida/ class=md-nav__link> <span class=md-ellipsis> ida </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/ignore/ class=md-nav__link> <span class=md-ellipsis> ignore </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/integration/ class=md-nav__link> <span class=md-ellipsis> integration </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/ipython_interactive/ class=md-nav__link> <span class=md-ellipsis> ipython_interactive </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/jemalloc/ class=md-nav__link> <span class=md-ellipsis> jemalloc </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/kbase/ class=md-nav__link> <span class=md-ellipsis> kbase </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/kbpf/ class=md-nav__link> <span class=md-ellipsis> kbpf </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/kchecksec/ class=md-nav__link> <span class=md-ellipsis> kchecksec </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/kcmdline/ class=md-nav__link> <span class=md-ellipsis> kcmdline </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/kconfig/ class=md-nav__link> <span class=md-ellipsis> kconfig </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/kdmabuf/ class=md-nav__link> <span class=md-ellipsis> kdmabuf </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/kdmesg/ class=md-nav__link> <span class=md-ellipsis> kdmesg </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/killthreads/ class=md-nav__link> <span class=md-ellipsis> killthreads </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/klookup/ class=md-nav__link> <span class=md-ellipsis> klookup </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/kmod/ class=md-nav__link> <span class=md-ellipsis> kmod </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/knft/ class=md-nav__link> <span class=md-ellipsis> knft </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/ksyscalls/ class=md-nav__link> <span class=md-ellipsis> ksyscalls </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/ktask/ class=md-nav__link> <span class=md-ellipsis> ktask </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/kversion/ class=md-nav__link> <span class=md-ellipsis> kversion </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/leakfind/ class=md-nav__link> <span class=md-ellipsis> leakfind </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/libcinfo/ class=md-nav__link> <span class=md-ellipsis> libcinfo </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/linkmap/ class=md-nav__link> <span class=md-ellipsis> linkmap </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/mallocng/ class=md-nav__link> <span class=md-ellipsis> mallocng </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/memoize/ class=md-nav__link> <span class=md-ellipsis> memoize </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/misc/ class=md-nav__link> <span class=md-ellipsis> misc </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/mmap/ class=md-nav__link> <span class=md-ellipsis> mmap </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/mprotect/ class=md-nav__link> <span class=md-ellipsis> mprotect </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/msr/ class=md-nav__link> <span class=md-ellipsis> msr </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/nearpc/ class=md-nav__link> <span class=md-ellipsis> nearpc </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/next/ class=md-nav__link> <span class=md-ellipsis> next </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/onegadget/ class=md-nav__link> <span class=md-ellipsis> onegadget </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/p2p/ class=md-nav__link> <span class=md-ellipsis> p2p </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/paging/ class=md-nav__link> <span class=md-ellipsis> paging </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/parse_seccomp/ class=md-nav__link> <span class=md-ellipsis> parse_seccomp </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/patch/ class=md-nav__link> <span class=md-ellipsis> patch </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/peda/ class=md-nav__link> <span class=md-ellipsis> peda </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/pie/ class=md-nav__link> <span class=md-ellipsis> pie </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/plist/ class=md-nav__link> <span class=md-ellipsis> plist </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/probeleak/ class=md-nav__link> <span class=md-ellipsis> probeleak </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/procinfo/ class=md-nav__link> <span class=md-ellipsis> procinfo </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/profiler/ class=md-nav__link> <span class=md-ellipsis> profiler </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/ptmalloc2/ class=md-nav__link> <span class=md-ellipsis> ptmalloc2 </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/ptmalloc2_tracking/ class=md-nav__link> <span class=md-ellipsis> ptmalloc2_tracking </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/radare2/ class=md-nav__link> <span class=md-ellipsis> radare2 </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/reload/ class=md-nav__link> <span class=md-ellipsis> reload </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/retaddr/ class=md-nav__link> <span class=md-ellipsis> retaddr </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/rizin/ class=md-nav__link> <span class=md-ellipsis> rizin </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/rop/ class=md-nav__link> <span class=md-ellipsis> rop </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/ropper/ class=md-nav__link> <span class=md-ellipsis> ropper </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/saved_register_frames/ class=md-nav__link> <span class=md-ellipsis> saved_register_frames </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/search/ class=md-nav__link> <span class=md-ellipsis> search </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/segments/ class=md-nav__link> <span class=md-ellipsis> segments </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/sigreturn/ class=md-nav__link> <span class=md-ellipsis> sigreturn </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/slab/ class=md-nav__link> <span class=md-ellipsis> slab </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/spray/ class=md-nav__link> <span class=md-ellipsis> spray </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/start/ class=md-nav__link> <span class=md-ellipsis> start </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/strings/ class=md-nav__link> <span class=md-ellipsis> strings </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/telescope/ class=md-nav__link> <span class=md-ellipsis> telescope </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/tips/ class=md-nav__link> <span class=md-ellipsis> tips </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/tls/ class=md-nav__link> <span class=md-ellipsis> tls </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/valist/ class=md-nav__link> <span class=md-ellipsis> valist </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/version/ class=md-nav__link> <span class=md-ellipsis> version </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/vmmap/ class=md-nav__link> <span class=md-ellipsis> vmmap </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/windbg/ class=md-nav__link> <span class=md-ellipsis> windbg </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/xinfo/ class=md-nav__link> <span class=md-ellipsis> xinfo </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/commands/xor/ class=md-nav__link> <span class=md-ellipsis> xor </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_9_1_20> <div class="md-nav__link md-nav__container"> <a href=../../reference/pwndbg/dbg/ class="md-nav__link "> <span class=md-ellipsis> dbg </span> </a> <label class="md-nav__link " for=__nav_9_1_20 id=__nav_9_1_20_label tabindex=0> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=3 aria-labelledby=__nav_9_1_20_label aria-expanded=false> <label class=md-nav__title for=__nav_9_1_20> <span class="md-nav__icon md-icon"></span> dbg </label> <ul class=md-nav__list data-md-scrollfix> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_9_1_20_2> <div class="md-nav__link md-nav__container"> <a href=../../reference/pwndbg/dbg/gdb/ class="md-nav__link "> <span class=md-ellipsis> gdb </span> </a> <label class="md-nav__link " for=__nav_9_1_20_2 id=__nav_9_1_20_2_label tabindex=0> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=4 aria-labelledby=__nav_9_1_20_2_label aria-expanded=false> <label class=md-nav__title for=__nav_9_1_20_2> <span class="md-nav__icon md-icon"></span> gdb </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../reference/pwndbg/dbg/gdb/debug_sym/ class=md-nav__link> <span class=md-ellipsis> debug_sym </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/dbg/gdb/symbol/ class=md-nav__link> <span class=md-ellipsis> symbol </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_9_1_20_3> <div class="md-nav__link md-nav__container"> <a href=../../reference/pwndbg/dbg/lldb/ class="md-nav__link "> <span class=md-ellipsis> lldb </span> </a> <label class="md-nav__link " for=__nav_9_1_20_3 id=__nav_9_1_20_3_label tabindex=0> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=4 aria-labelledby=__nav_9_1_20_3_label aria-expanded=false> <label class=md-nav__title for=__nav_9_1_20_3> <span class="md-nav__icon md-icon"></span> lldb </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../reference/pwndbg/dbg/lldb/hooks/ class=md-nav__link> <span class=md-ellipsis> hooks </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/dbg/lldb/pset/ class=md-nav__link> <span class=md-ellipsis> pset </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/dbg/lldb/util/ class=md-nav__link> <span class=md-ellipsis> util </span> </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_9_1_20_3_5> <div class="md-nav__link md-nav__container"> <a href=../../reference/pwndbg/dbg/lldb/repl/ class="md-nav__link "> <span class=md-ellipsis> repl </span> </a> <label class="md-nav__link " for=__nav_9_1_20_3_5 id=__nav_9_1_20_3_5_label tabindex=0> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=5 aria-labelledby=__nav_9_1_20_3_5_label aria-expanded=false> <label class=md-nav__title for=__nav_9_1_20_3_5> <span class="md-nav__icon md-icon"></span> repl </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../reference/pwndbg/dbg/lldb/repl/fuzzy/ class=md-nav__link> <span class=md-ellipsis> fuzzy </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/dbg/lldb/repl/io/ class=md-nav__link> <span class=md-ellipsis> io </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/dbg/lldb/repl/proc/ class=md-nav__link> <span class=md-ellipsis> proc </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/dbg/lldb/repl/readline/ class=md-nav__link> <span class=md-ellipsis> readline </span> </a> </li> </ul> </nav> </li> </ul> </nav> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_9_1_21> <div class="md-nav__link md-nav__container"> <a href=../../reference/pwndbg/emu/ class="md-nav__link "> <span class=md-ellipsis> emu </span> </a> <label class="md-nav__link " for=__nav_9_1_21 id=__nav_9_1_21_label tabindex=0> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=3 aria-labelledby=__nav_9_1_21_label aria-expanded=false> <label class=md-nav__title for=__nav_9_1_21> <span class="md-nav__icon md-icon"></span> emu </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../reference/pwndbg/emu/emulator/ class=md-nav__link> <span class=md-ellipsis> emulator </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_9_1_22> <div class="md-nav__link md-nav__container"> <a href=../../reference/pwndbg/gdblib/ class="md-nav__link "> <span class=md-ellipsis> gdblib </span> </a> <label class="md-nav__link " for=__nav_9_1_22 id=__nav_9_1_22_label tabindex=0> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=3 aria-labelledby=__nav_9_1_22_label aria-expanded=false> <label class=md-nav__title for=__nav_9_1_22> <span class="md-nav__icon md-icon"></span> gdblib </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../reference/pwndbg/gdblib/bpoint/ class=md-nav__link> <span class=md-ellipsis> bpoint </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/gdblib/config/ class=md-nav__link> <span class=md-ellipsis> config </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/gdblib/events/ class=md-nav__link> <span class=md-ellipsis> events </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/gdblib/functions/ class=md-nav__link> <span class=md-ellipsis> functions </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/gdblib/got/ class=md-nav__link> <span class=md-ellipsis> got </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/gdblib/hooks/ class=md-nav__link> <span class=md-ellipsis> hooks </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/gdblib/info/ class=md-nav__link> <span class=md-ellipsis> info </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/gdblib/prompt/ class=md-nav__link> <span class=md-ellipsis> prompt </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/gdblib/ptmalloc2_tracking/ class=md-nav__link> <span class=md-ellipsis> ptmalloc2_tracking </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/gdblib/scheduler/ class=md-nav__link> <span class=md-ellipsis> scheduler </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/gdblib/shellcode/ class=md-nav__link> <span class=md-ellipsis> shellcode </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/gdblib/symbol/ class=md-nav__link> <span class=md-ellipsis> symbol </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/gdblib/vmmap/ class=md-nav__link> <span class=md-ellipsis> vmmap </span> </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_9_1_22_15> <div class="md-nav__link md-nav__container"> <a href=../../reference/pwndbg/gdblib/tui/ class="md-nav__link "> <span class=md-ellipsis> tui </span> </a> <label class="md-nav__link " for=__nav_9_1_22_15 id=__nav_9_1_22_15_label tabindex=0> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=4 aria-labelledby=__nav_9_1_22_15_label aria-expanded=false> <label class=md-nav__title for=__nav_9_1_22_15> <span class="md-nav__icon md-icon"></span> tui </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../reference/pwndbg/gdblib/tui/context/ class=md-nav__link> <span class=md-ellipsis> context </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/gdblib/tui/control/ class=md-nav__link> <span class=md-ellipsis> control </span> </a> </li> </ul> </nav> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_9_1_23> <div class="md-nav__link md-nav__container"> <a href=../../reference/pwndbg/integration/ class="md-nav__link "> <span class=md-ellipsis> integration </span> </a> <label class="md-nav__link " for=__nav_9_1_23 id=__nav_9_1_23_label tabindex=0> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=3 aria-labelledby=__nav_9_1_23_label aria-expanded=false> <label class=md-nav__title for=__nav_9_1_23> <span class="md-nav__icon md-icon"></span> integration </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../reference/pwndbg/integration/binja/ class=md-nav__link> <span class=md-ellipsis> binja </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/integration/ida/ class=md-nav__link> <span class=md-ellipsis> ida </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_9_1_24> <div class="md-nav__link md-nav__container"> <a href=../../reference/pwndbg/lib/ class="md-nav__link "> <span class=md-ellipsis> lib </span> </a> <label class="md-nav__link " for=__nav_9_1_24 id=__nav_9_1_24_label tabindex=0> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=3 aria-labelledby=__nav_9_1_24_label aria-expanded=false> <label class=md-nav__title for=__nav_9_1_24> <span class="md-nav__icon md-icon"></span> lib </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/abi/ class=md-nav__link> <span class=md-ellipsis> abi </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/android/ class=md-nav__link> <span class=md-ellipsis> android </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/arch/ class=md-nav__link> <span class=md-ellipsis> arch </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/cache/ class=md-nav__link> <span class=md-ellipsis> cache </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/common/ class=md-nav__link> <span class=md-ellipsis> common </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/config/ class=md-nav__link> <span class=md-ellipsis> config </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/elftypes/ class=md-nav__link> <span class=md-ellipsis> elftypes </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/exception/ class=md-nav__link> <span class=md-ellipsis> exception </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/funcparser/ class=md-nav__link> <span class=md-ellipsis> funcparser </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/functions/ class=md-nav__link> <span class=md-ellipsis> functions </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/functions_data/ class=md-nav__link> <span class=md-ellipsis> functions_data </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/memory/ class=md-nav__link> <span class=md-ellipsis> memory </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/net/ class=md-nav__link> <span class=md-ellipsis> net </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/pretty_print/ class=md-nav__link> <span class=md-ellipsis> pretty_print </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/regs/ class=md-nav__link> <span class=md-ellipsis> regs </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/stdio/ class=md-nav__link> <span class=md-ellipsis> stdio </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/strings/ class=md-nav__link> <span class=md-ellipsis> strings </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/tempfile/ class=md-nav__link> <span class=md-ellipsis> tempfile </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/tips/ class=md-nav__link> <span class=md-ellipsis> tips </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/version/ class=md-nav__link> <span class=md-ellipsis> version </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/which/ class=md-nav__link> <span class=md-ellipsis> which </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/zig/ class=md-nav__link> <span class=md-ellipsis> zig </span> </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_9_1_24_24> <div class="md-nav__link md-nav__container"> <a href=../../reference/pwndbg/lib/disasm/ class="md-nav__link "> <span class=md-ellipsis> disasm </span> </a> <label class="md-nav__link " for=__nav_9_1_24_24 id=__nav_9_1_24_24_label tabindex=0> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=4 aria-labelledby=__nav_9_1_24_24_label aria-expanded=false> <label class=md-nav__title for=__nav_9_1_24_24> <span class="md-nav__icon md-icon"></span> disasm </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/disasm/helpers/ class=md-nav__link> <span class=md-ellipsis> helpers </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_9_1_24_25> <div class="md-nav__link md-nav__container"> <a href=../../reference/pwndbg/lib/heap/ class="md-nav__link "> <span class=md-ellipsis> heap </span> </a> <label class="md-nav__link " for=__nav_9_1_24_25 id=__nav_9_1_24_25_label tabindex=0> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=4 aria-labelledby=__nav_9_1_24_25_label aria-expanded=false> <label class=md-nav__title for=__nav_9_1_24_25> <span class="md-nav__icon md-icon"></span> heap </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/heap/helpers/ class=md-nav__link> <span class=md-ellipsis> helpers </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_9_1_24_26> <div class="md-nav__link md-nav__container"> <a href=../../reference/pwndbg/lib/kernel/ class="md-nav__link "> <span class=md-ellipsis> kernel </span> </a> <label class="md-nav__link " for=__nav_9_1_24_26 id=__nav_9_1_24_26_label tabindex=0> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=4 aria-labelledby=__nav_9_1_24_26_label aria-expanded=false> <label class=md-nav__title for=__nav_9_1_24_26> <span class="md-nav__icon md-icon"></span> kernel </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/kernel/kconfig/ class=md-nav__link> <span class=md-ellipsis> kconfig </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/lib/kernel/structs/ class=md-nav__link> <span class=md-ellipsis> structs </span> </a> </li> </ul> </nav> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_9_1_25> <div class="md-nav__link md-nav__container"> <a href=../../reference/pwndbg/wrappers/ class="md-nav__link "> <span class=md-ellipsis> wrappers </span> </a> <label class="md-nav__link " for=__nav_9_1_25 id=__nav_9_1_25_label tabindex=0> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=3 aria-labelledby=__nav_9_1_25_label aria-expanded=false> <label class=md-nav__title for=__nav_9_1_25> <span class="md-nav__icon md-icon"></span> wrappers </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../reference/pwndbg/wrappers/checksec/ class=md-nav__link> <span class=md-ellipsis> checksec </span> </a> </li> <li class=md-nav__item> <a href=../../reference/pwndbg/wrappers/readelf/ class=md-nav__link> <span class=md-ellipsis> readelf </span> </a> </li> </ul> </nav> </li> </ul> </nav> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_10> <div class="md-nav__link md-nav__container"> <a href=../../blog/ class="md-nav__link "> <span class=md-ellipsis> Blog </span> </a> <label class="md-nav__link " for=__nav_10 id=__nav_10_label tabindex=0> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class=md-nav data-md-level=1 aria-labelledby=__nav_10_label aria-expanded=false> <label class=md-nav__title for=__nav_10> <span class="md-nav__icon md-icon"></span> Blog </label> <ul class=md-nav__list data-md-scrollfix> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_10_2> <label class=md-nav__link for=__nav_10_2 id=__nav_10_2_label tabindex=0> <span class=md-ellipsis> Archive </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_10_2_label aria-expanded=false> <label class=md-nav__title for=__nav_10_2> <span class="md-nav__icon md-icon"></span> Archive </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../blog/archive/2022/ class=md-nav__link> <span class=md-ellipsis> 2022 </span> </a> </li> </ul> </nav> </li> </ul> </nav> </li> </ul> </nav> </div> </div> </div> <div class="md-sidebar md-sidebar--secondary" data-md-component=sidebar data-md-type=toc> <div class=md-sidebar__scrollwrap> <div class=md-sidebar__inner> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class=md-nav__title for=__toc> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class=md-nav__list data-md-component=toc data-md-scrollfix> <li class=md-nav__item> <a href=#enhancing class=md-nav__link> <span class=md-ellipsis> Enhancing </span> </a> </li> <li class=md-nav__item> <a href=#when-to-use-emulation-reasoning-about-process-state class=md-nav__link> <span class=md-ellipsis> When to use emulation / reasoning about process state </span> </a> </li> <li class=md-nav__item> <a href=#what-if-the-emulator-fails class=md-nav__link> <span class=md-ellipsis> What if the emulator fails? </span> </a> </li> <li class=md-nav__item> <a href=#caching-annotations class=md-nav__link> <span class=md-ellipsis> Caching annotations </span> </a> </li> <li class=md-nav__item> <a href=#other-random-annotation-details class=md-nav__link> <span class=md-ellipsis> Other random annotation details </span> </a> </li> <li class=md-nav__item> <a href=#adding-or-fixing-annotations class=md-nav__link> <span class=md-ellipsis> Adding or fixing annotations </span> </a> </li> <li class=md-nav__item> <a href=#bug-root-cause class=md-nav__link> <span class=md-ellipsis> Bug root cause </span> </a> </li> <li class=md-nav__item> <a href=#creating-small-cross-architecture-programs class=md-nav__link> <span class=md-ellipsis> Creating small cross-architecture programs </span> </a> </li> </ul> </nav> </div> </div> </div> <div class=md-content data-md-component=content> <article class="md-content__inner md-typeset"> <h1 id=improving-annotations>Improving Annotations<a class=headerlink href=#improving-annotations title="Permanent link">¤</a></h1> <p>Alongside the disassembled instructions in the dashboard, Pwndbg also has the ability to display annotations - text that contains relevent information regarding the execution of the instruction. For example, on the x86 <code>MOV</code> instruction, we can display the concrete value that gets placed into the destination register. Likewise, we can indicate the results of mathematical operations and memory accesses. The annotation in question is always dependent on the exact instruction being annotated - we handle it in a case-by-case basis.</p> <p>The main hurdle in providing annotations is determining what each instruction does, getting the relevent CPU registers and memory that are accessed, and then resolving concrete values of the operands. We call the process of determining this information "enhancement", as we enhance the information provided natively by GDB.</p> <p>The Capstone Engine disassembly framework is used to statically determine information about instructions and their operands. Take the x86 instruction <code>sub rax, rdx</code>. Given the raw bytes of the machine instructions, Capstone creates an object that provides an API that, among many things, exposes the names of the operands and the fact that they are both 8-byte wide registers. It provides all the information necessary to describe each operand. It also tells the general 'group' that a instruction belongs to, like if its a JUMP-like instruction, a RET, or a CALL. These groups are architecture agnostic.</p> <p>However, the Capstone Engine doesn't fill in concrete values that those registers take on. It has no way of knowing the value in <code>rdx</code>, nor can it actually read from memory.</p> <p>To determine the actual values that the operands take on, and to determine the results of executing an instruction, we use the Unicorn Engine, a CPU emulator framework. The emulator has its own internal CPU register set and memory pages that mirror that of the host process, and it can execute instructions to mutate its internal state. Note that the Unicorn Engine cannot execute syscalls - it doesn't have knowledge of a kernel.</p> <p>We have the ability to single-step the emulator - tell it to execute the instruction at the program counter inside the emulator. After doing so, we can inspect the state of the emulator - read from its registers and memory. The Unicorn Engine itself doesn't expose information regarding what each instruction is doing - what is the instruction (is it an <code>add</code>, <code>mov</code>, <code>push</code>?) and what registers/memory locations is it reading to and writing from? - which is why we use the Capstone engine to statically determine this information.</p> <p>Using what we know about the instruction based on the Capstone engine - such as that it was a <code>sub</code> instruction and <code>rax</code> was written to - we query the emulator after stepping in to determine the results of the instruction.</p> <p>We also read the program counter from the emulator to determine jumps and so we can display the instructions that will actually be executed, as opposed to displaying the instructions that follow consecutively in memory.</p> <h2 id=enhancing>Enhancing<a class=headerlink href=#enhancing title="Permanent link">¤</a></h2> <p>Everytime the inferior process stops (and when the <code>disasm</code> context section is displayed), we display the next handful of assembly instructions in the dashboard so the user can understand where the process is headed. The exact amount is determined by the <code>context-disasm-lines</code> setting.</p> <p>We will be enhancing the instruction at the current program counter, as well as all the future instructions that are displayed. The end result of enhancement is that we get a list of <code>PwndbgInstruction</code> objects, each encapsulating relevent information regarding the instructions execution.</p> <p>When the process stops, we instantiate the emulator from scratch. We copy all the registers from the host process into the emulator. For performance purposes, we register a handler to the Unicorn Engine to lazily map memory pages from the host to the emulator when they are accessed (a page fault from within the emulator), instead of immediately copying all the memory from the host to the emulator.</p> <p>The enhancement is broken into a couple stops:</p> <ol> <li>First, we resolve the values of all the operands of the instruction before stepping the emulator. This means we read values from registers and dereference memory depending on the operand type. This gives us the values of operands before the instruction executes.</li> <li>Then, we step the emulator, executing a single instruction.</li> <li>We resolve the values of all operands again, giving us the <code>after_value</code> of each operand.</li> <li>Then, we enhance the "condition" field of PwndbgInstructions, where we determine if the instruction is conditional (conditional branch or conditional mov are common) and if the action is taken.</li> <li>We then determine the <code>next</code> and <code>target</code> fields of PwndbgInstructions. <code>next</code> is the address that the program counter will take on after using the GDB command <code>nexti</code>, and <code>target</code> indicates the target address of branch/jump/PC-changing instructions.</li> <li>With all this information determined, we now effectively have a big switch statement, matching on the instruction type, where we set the <code>annotation</code> string value, which is the text that will be printed alongside the instruction in question.</li> </ol> <p>We go through the enhancement process for the instruction at the program counter and then ensuing handful of instructions that are shown in the dashboard.</p> <h2 id=when-to-use-emulation-reasoning-about-process-state>When to use emulation / reasoning about process state<a class=headerlink href=#when-to-use-emulation-reasoning-about-process-state title="Permanent link">¤</a></h2> <p>In general, the code aims to be organized in a way as to allow as many features as possible even in the absence of emulation. If there is information that can be determined statically, then we try to expose it as an alternative to emulation. This is so we can display annotations even when the Unicorn Engine is disabled. For example, say we come to a stop, and are faced with enhancing the following three instructions in the dashboard:</p> <div class="language-asm highlight"><pre><span></span><code><span id=__span-0-1><a id=__codelineno-0-1 name=__codelineno-0-1 href=#__codelineno-0-1></a><span class=err>1.</span><span class=w> </span><span class=nf>lea</span><span class=w> </span><span class=no>rax</span><span class=p>,</span><span class=w> </span><span class=p>[</span><span class=no>rip</span><span class=w> </span><span class=err>+</span><span class=w> </span><span class=mi>0xd55</span><span class=p>]</span>
</span><span id=__span-0-2><a id=__codelineno-0-2 name=__codelineno-0-2 href=#__codelineno-0-2></a><span class=err>2.</span><span class=w> </span><span class=err>&gt;</span><span class=w> </span><span class=nf>mov</span><span class=w> </span><span class=no>rsi</span><span class=p>,</span><span class=w> </span><span class=no>rax</span><span class=w> </span><span class=c1># The host process program counter is here</span>
</span><span id=__span-0-3><a id=__codelineno-0-3 name=__codelineno-0-3 href=#__codelineno-0-3></a><span class=err>3.</span><span class=w> </span><span class=nf>mov</span><span class=w> </span><span class=no>rax</span><span class=p>,</span><span class=w> </span><span class=no>rsi</span>
</span></code></pre></div> <p>Instruction 1, the <code>lea</code> instruction, is already in the past - we pull our enhanced PwndbgInstruction for it from a cache.</p> <p>Instruction 2, the first <code>mov</code> instruction, is where the host process program counter is at. If we did <code>stepi</code> in GDB, this instruction would be executed. In this case, there is two ways we can determine the value that gets written to <code>rsi</code>.</p> <ol> <li>After stepping the emulator, read from the emulators <code>rsi</code> register.</li> <li>Given the context of the instruction, we know the value in <code>rsi</code> will come from <code>rax</code>. We can just read the <code>rax</code> register from the host. This avoids emulation.</li> </ol> <p>The decision on which option to take is implemented in the annotation handler for the specific instruction. When possible, we have a preference for the second option, because it makes the annotations work even when emulation is off.</p> <p>The reason we could do the second option, in this case, is because we could reason about the process state at the time this instruction would execute. This instruction is about to be executed (<code>Program PC == instruction.address</code>). We can safely read from <code>rax</code> from the host, knowing that the value we get is the true value it takes on when the instruction will execute. It must - there are no instructions in-between that could have mutated <code>rax</code>.</p> <p>However, this will not be the case while enhancing instruction 3 while we are paused at instruction 2. This instruction is in the future, and without emulation, we cannot safely reason about the operands in question. It is reading from <code>rsi</code>, which might be mutated from the current value that <code>rsi</code> has in the stopped process (and in this case, we happen to know that it will be mutated). We must use emulation to determine the <code>before_value</code> of <code>rsi</code> in this case, and can't just read from the host processes register set. This principle applies in general - future instructions must be emulated to be fully annotated. When emulation is disable, the annotations are not as detailed since we can't fully reason about process state for future instructions.</p> <h2 id=what-if-the-emulator-fails>What if the emulator fails?<a class=headerlink href=#what-if-the-emulator-fails title="Permanent link">¤</a></h2> <p>It is possible for the emulator to fail to execute an instruction - either due to a restrictions in the engine itself, or the instruction inside segfaults and cannot continue. If the Unicorn Engine fails, there is no real way we can recover. When this happens, we simply stop emulating for the current step, and we try again the next time the process stops when we instantiate the emulator from scratch again.</p> <h2 id=caching-annotations>Caching annotations<a class=headerlink href=#caching-annotations title="Permanent link">¤</a></h2> <p>When we are stepping through the emulator, we want to remember the annotations of the past couple instructions. We don't want to <code>nexti</code>, and suddenly have the annotation of the previously executed instruction deleted. At the same time, we also never want stale annotations that might result from coming back to point in the program to which we have stepped before, such as the middle of a loop via a breakpoint.</p> <p>New annotations are only created when the process stops, and we create annotations for next handful of instructions to be executed. If we <code>continue</code> in GDB and stop at a breakpoint, we don't want annotations to appear behind the PC that are from a previous time we were near the location in question. To avoid stale annotations while still remembering them when stepping, we have a simple caching method:</p> <p>While we are doing our enhancement, we create a list containing the addresses of the future instructions that are displayed.</p> <p>For example, say we have the following instructions with the first number being the memory address:</p> <div class="language-text highlight"><pre><span></span><code><span id=__span-1-1><a id=__codelineno-1-1 name=__codelineno-1-1 href=#__codelineno-1-1></a> 0x555555556259 &lt;main+553&gt; lea rax, [rsp + 0x90]
</span><span id=__span-1-2><a id=__codelineno-1-2 name=__codelineno-1-2 href=#__codelineno-1-2></a> 0x555555556261 &lt;main+561&gt; mov edi, 1 EDI =&gt; 1
</span><span id=__span-1-3><a id=__codelineno-1-3 name=__codelineno-1-3 href=#__codelineno-1-3></a> 0x555555556266 &lt;main+566&gt; mov rsi, rax
</span><span id=__span-1-4><a id=__codelineno-1-4 name=__codelineno-1-4 href=#__codelineno-1-4></a> 0x555555556269 &lt;main+569&gt; mov qword ptr [rsp + 0x78], rax
</span><span id=__span-1-5><a id=__codelineno-1-5 name=__codelineno-1-5 href=#__codelineno-1-5></a> 0x55555555626e &lt;main+574&gt; call qword ptr [rip + 0x6d6c] &lt;fstat64&gt;
</span><span id=__span-1-6><a id=__codelineno-1-6 name=__codelineno-1-6 href=#__codelineno-1-6></a>
</span><span id=__span-1-7><a id=__codelineno-1-7 name=__codelineno-1-7 href=#__codelineno-1-7></a> ► 0x555555556274 &lt;main+580&gt; mov edx, 5 EDX =&gt; 5
</span><span id=__span-1-8><a id=__codelineno-1-8 name=__codelineno-1-8 href=#__codelineno-1-8></a> 0x555555556279 &lt;main+585&gt; lea rsi, [rip + 0x3f30] RSI =&gt; 0x55555555a1b0 ◂— &#39;standard output&#39;
</span><span id=__span-1-9><a id=__codelineno-1-9 name=__codelineno-1-9 href=#__codelineno-1-9></a> 0x555555556280 &lt;main+592&gt; test eax, eax
</span><span id=__span-1-10><a id=__codelineno-1-10 name=__codelineno-1-10 href=#__codelineno-1-10></a> 0x555555556282 &lt;main+594&gt; js main+3784 &lt;main+3784&gt;
</span><span id=__span-1-11><a id=__codelineno-1-11 name=__codelineno-1-11 href=#__codelineno-1-11></a>
</span><span id=__span-1-12><a id=__codelineno-1-12 name=__codelineno-1-12 href=#__codelineno-1-12></a> 0x555555556288 &lt;main+600&gt; mov rsi, qword ptr [rsp + 0xc8]
</span><span id=__span-1-13><a id=__codelineno-1-13 name=__codelineno-1-13 href=#__codelineno-1-13></a> 0x555555556290 &lt;main+608&gt; mov edi, dword ptr [rsp + 0xa8]
</span></code></pre></div> <p>In this case, our <code>next_addresses_cache</code> would be <code>[0x555555556279, 0x555555556280, 0x555555556282, 0x555555556288, 0x555555556290]</code>.</p> <p>Then, the next time our program comes to a stop (after using <code>si</code>, <code>n</code>, or any GDB command that continues the process), we immediately check if the current program counter is in this list. If it is, then we can infer that the annotations are still valid, as the program has only executed a couple instructions. In all other cases, we delete our cache of annotated instructions.</p> <p>We might think "why not just check if it's the next address - 0x555555556279 in this case? Why a list of the next couple addresses?". This is because when source code is available, <code>step</code> and <code>next</code> often skip a couple instructions. It would be jarring to remove the annotations in this case. Likewise, this method has the added benefit that if we stop somewhere, and there happens to be a breakpoint only a couple instructions in front of us that we <code>continue</code> to, then previous couple annotations won't be wiped.</p> <h2 id=other-random-annotation-details>Other random annotation details<a class=headerlink href=#other-random-annotation-details title="Permanent link">¤</a></h2> <ul> <li>We don't emulate through CALL instructions. This is because the function might be very long.</li> <li>We resolve symbols during the enhancement stage for operand values.</li> <li>The folder <a href=https://github.com/pwndbg/pwndbg/tree/dev/pwndbg/aglib/disasm><code>pwndbg/aglib/disasm</code></a> contains the code for enhancement. It follows an object-oriented model, with <code>arch.py</code> implementing the parent class with shared functionality, and the per-architecture implementations are implemented as subclasses in their own files.</li> <li><code>pwndbg/aglib/nearpc.py</code> is responsible for getting the list of enhanced PwndbgInstruction objects and converting them to the output seen in the 'disasm' view of the dashboard.</li> </ul> <h2 id=adding-or-fixing-annotations>Adding or fixing annotations<a class=headerlink href=#adding-or-fixing-annotations title="Permanent link">¤</a></h2> <p>We annotate on an instruction-by-instruction basis. Effectively, imagine a giant <code>switch</code> statement that selects the correct handler to create an annotation based on the specific instruction. Many instruction types can be grouped and annotated using the same logic, such as <code>load</code>, <code>store</code>, and <code>arithmetic</code> instructions.</p> <p>See <a href=https://github.com/pwndbg/pwndbg/tree/dev/pwndbg/aglib/disasm/aarch64.py><code>pwndbg/aglib/disasm/aarch64.py</code></a> as an example. We define sets that group instructions using the unique Capstone ID for each instruction, and inside the constructor of <code>DisassemblyAssistant</code> we have a mapping of instructions to a specific handler. The <code>_set_annotation_string</code> function will match the instruction to the correct handler, which set the <code>instruction.annotation</code> field.</p> <p>If there is a bug in an annotation, the first order of business is finding its annotation handler. To track down where we are handling the instruction, you can search for its Capstone constant. For example, the RISC-V store byte instruction, <code>sb</code>, is represented as the Capstone constant <code>RISCV_INS_SB</code>. Or, if you are looking for the handler for the AArch64 instruction SUB, you can search the disasm code for <code>_INS_SUB</code> to find where we reference the appropriate Capstone constant for the instruction and following the code to the function that ultimately sets the annotation.</p> <p>If an annotation is causing a crash, is it most likely due to a handler making an incorrect assumption on the number of operands, leading to a <code>list index out of range</code> error. One possible source of this is that a given instruction has multiple different disassembly representations. Take the RISC-V <code>JALR</code> instruction. It can be represented in 3 ways:</p> <div class="language-asm highlight"><pre><span></span><code><span id=__span-2-1><a id=__codelineno-2-1 name=__codelineno-2-1 href=#__codelineno-2-1></a><span class=nf>jalr</span><span class=w> </span><span class=no>rs1</span><span class=w> </span><span class=c1># return register is implied as ra, and imm is implied as 0</span>
</span><span id=__span-2-2><a id=__codelineno-2-2 name=__codelineno-2-2 href=#__codelineno-2-2></a><span class=nf>jalr</span><span class=w> </span><span class=no>rs1</span><span class=p>,</span><span class=w> </span><span class=no>imm</span><span class=w> </span><span class=c1># return register is implied as ra</span>
</span><span id=__span-2-3><a id=__codelineno-2-3 name=__codelineno-2-3 href=#__codelineno-2-3></a><span class=nf>jalr</span><span class=w> </span><span class=no>rd</span><span class=p>,</span><span class=w> </span><span class=no>rs1</span><span class=p>,</span><span class=w> </span><span class=no>imm</span>
</span></code></pre></div> <p>Capstone will expose the most "simplified" one possible, and the underlying list of register operands will change. If the handler doesn't take these different options into account, and rather assumes that <code>jalr</code> always has 3 operands, then an index error can occur if the handler accesses <code>instruction.operands[2]</code>.</p> <h2 id=bug-root-cause>Bug root cause<a class=headerlink href=#bug-root-cause title="Permanent link">¤</a></h2> <p>When encountering an instruction that is behaving strangely (incorrect annotation, or there is a jump target when one shouldn't exist, or the target is incorrect), there are a couple routine things to check.</p> <p>1. Use the <code>dev-dump-instruction</code> command to print all the enhancement information. With no arguments, it will dump the info from the instruction at the current address. If given an address, it will pull from the instruction cache at the corresponding location.</p> <p>If the issue is not related to branches, check the operands and the resolved values for registers and memory accesses. Verify that the values are correct - are the resolved memory locations correct? Step past the instruction and use instructions like <code>telescope</code> and <code>regs</code> to read memory and verify if the claim that the annotation is making is correct. For things like memory operands, you can try to look around the resolved memory location in memory to see the actual value that the instruction dereferenced, and see if the resolved memory location is simply off by a couple bytes.</p> <p>Example output of dumping a <code>mov</code> instruction:</p> <div class="language-text highlight"><pre><span></span><code><span id=__span-3-1><a id=__codelineno-3-1 name=__codelineno-3-1 href=#__codelineno-3-1></a>mov qword ptr [rsp], rsi at 0x55555555706c (size=4) (arch: x86)
</span><span id=__span-3-2><a id=__codelineno-3-2 name=__codelineno-3-2 href=#__codelineno-3-2></a> ID: 460, mov
</span><span id=__span-3-3><a id=__codelineno-3-3 name=__codelineno-3-3 href=#__codelineno-3-3></a> Raw asm: mov qword ptr [rsp], rsi
</span><span id=__span-3-4><a id=__codelineno-3-4 name=__codelineno-3-4 href=#__codelineno-3-4></a> New asm: mov qword ptr [rsp], rsi
</span><span id=__span-3-5><a id=__codelineno-3-5 name=__codelineno-3-5 href=#__codelineno-3-5></a> Next: 0x555555557070
</span><span id=__span-3-6><a id=__codelineno-3-6 name=__codelineno-3-6 href=#__codelineno-3-6></a> Target: 0x555555557070, Target string=, const=None
</span><span id=__span-3-7><a id=__codelineno-3-7 name=__codelineno-3-7 href=#__codelineno-3-7></a> Condition: UNDETERMINED
</span><span id=__span-3-8><a id=__codelineno-3-8 name=__codelineno-3-8 href=#__codelineno-3-8></a> Groups: []
</span><span id=__span-3-9><a id=__codelineno-3-9 name=__codelineno-3-9 href=#__codelineno-3-9></a> Annotation: [0x7fffffffe000] =&gt; 0x7fffffffe248 —▸ 0x7fffffffe618 ◂— &#39;/usr/bin/ls&#39;
</span><span id=__span-3-10><a id=__codelineno-3-10 name=__codelineno-3-10 href=#__codelineno-3-10></a> Operands: [[&#39;[0x7fffffffe000]&#39;: Symbol: None, Before: 0x7fffffffe000, After: 0x7fffffffe000, type=CS_OP_MEM, size=8, access=CS_AC_WRITE]] [&#39;RSI&#39;: Symbol: None, Before: 0x7fffffffe248, After: 0x7fffffffe248, type=CS_OP_REG, size=8, access=CS_AC_READ]]]
</span><span id=__span-3-11><a id=__codelineno-3-11 name=__codelineno-3-11 href=#__codelineno-3-11></a> Conditional jump: False. Taken: False
</span><span id=__span-3-12><a id=__codelineno-3-12 name=__codelineno-3-12 href=#__codelineno-3-12></a> Unconditional jump: False
</span><span id=__span-3-13><a id=__codelineno-3-13 name=__codelineno-3-13 href=#__codelineno-3-13></a> Declare unconditional: None
</span><span id=__span-3-14><a id=__codelineno-3-14 name=__codelineno-3-14 href=#__codelineno-3-14></a> Can change PC: False
</span><span id=__span-3-15><a id=__codelineno-3-15 name=__codelineno-3-15 href=#__codelineno-3-15></a> Syscall: N/A
</span><span id=__span-3-16><a id=__codelineno-3-16 name=__codelineno-3-16 href=#__codelineno-3-16></a> Causes Delay slot: False
</span><span id=__span-3-17><a id=__codelineno-3-17 name=__codelineno-3-17 href=#__codelineno-3-17></a> Split: NO_SPLIT
</span><span id=__span-3-18><a id=__codelineno-3-18 name=__codelineno-3-18 href=#__codelineno-3-18></a> Call-like: False
</span></code></pre></div> <p>2. Use the Capstone disassembler to verify the number of operands the instruction groups.</p> <p>Taken the raw instruction bytes and pass them to <code>cstool</code> to see the information that we are working with:</p> <div class="language-sh highlight"><pre><span></span><code><span id=__span-4-1><a id=__codelineno-4-1 name=__codelineno-4-1 href=#__codelineno-4-1></a>cstool<span class=w> </span>-d<span class=w> </span>mips<span class=w> </span>0x0400000c
</span></code></pre></div> <p>The number of operands may not match the visual appearance. You might also check the instruction groups, and verify that an instruction that we might consider a <code>call</code> has the Capstone <code>call</code> group. Capstone is not 100% correct in every single case in all architectures, so it's good to verify. Report a bug to Capstone if there appears to be an error, and in the meanwhile we can create a fix in Pwndbg to work around the current behavior.</p> <p>3. Check the state of the emulator.</p> <p>Go to <a href=https://github.com/pwndbg/pwndbg/tree/dev/pwndbg/emu/emulator.py>pwndbg/emu/emulator.py</a> and uncomment the <code>DEBUG = -1</code> line. This will enable verbose debug printing. The emulator will print it's current <code>pc</code> at every step, and indicate important events, like memory mappings. Likewise, in <a href=https://github.com/pwndbg/pwndbg/tree/dev/pwndbg/aglib/disasm/arch.py>pwndbg/aglib/disasm/arch.py</a> you can set <code>DEBUG_ENHANCEMENT = True</code> to print register accesses to verify they are sane values.</p> <p>Potential bugs:</p> <ul> <li>A register is 0 (may also be the source of a Unicorn segfault if used as a memory operand) - often means we are not copying the host processes register into the emulator. By default, we map register by name - if in Pwndbg, it's called <code>rax</code>, then we find the UC constant named <code>U.x86_const.UC_X86_REG_RAX</code>. Sometimes, this default mapping doesn't work, sometimes do to differences in underscores (<code>FSBASE</code> vs <code>FS_BASE</code>). In these cases, we have to manually add the mapping.</li> <li>Unexpected crash - the instruction at hand might require a 'coprocessor', or some information that is unavailable to Unicorn (it's QEMU under the hood).</li> <li>Instructions are just no executing - we've seen this in the case of Arm Thumb instructions. There might be some specific API/way to invoke the emulator that is required for a certain processor state.</li> </ul> <h2 id=creating-small-cross-architecture-programs>Creating small cross-architecture programs<a class=headerlink href=#creating-small-cross-architecture-programs title="Permanent link">¤</a></h2> <p>If you are encountering a strange behavior with a certain instruction or scenario in a non-native-architecture program, you can use some great functions from <code>pwntools</code> to handle the compilation and debugging. This is a great way to create a small reproducible example to isolate an issue.</p> <p>The following Python program, when run from inside a <code>tmux</code> session, will take some AArch64 assembly, compile it, and run it with GDB attached in a new <code>tmux</code> pane. It will search your system for the appropriate cross compiler for the architecture at hand, and run the compiled binary with QEMU.</p> <div class="language-python highlight"><pre><span></span><code><span id=__span-5-1><a id=__codelineno-5-1 name=__codelineno-5-1 href=#__codelineno-5-1></a><span class=kn>from</span><span class=w> </span><span class=nn>pwn</span><span class=w> </span><span class=kn>import</span> <span class=o>*</span>
</span><span id=__span-5-2><a id=__codelineno-5-2 name=__codelineno-5-2 href=#__codelineno-5-2></a>
</span><span id=__span-5-3><a id=__codelineno-5-3 name=__codelineno-5-3 href=#__codelineno-5-3></a><span class=n>context</span><span class=o>.</span><span class=n>arch</span> <span class=o>=</span> <span class=s2>&quot;aarch64&quot;</span>
</span><span id=__span-5-4><a id=__codelineno-5-4 name=__codelineno-5-4 href=#__codelineno-5-4></a>
</span><span id=__span-5-5><a id=__codelineno-5-5 name=__codelineno-5-5 href=#__codelineno-5-5></a><span class=n>AARCH64_GRACEFUL_EXIT</span> <span class=o>=</span> <span class=s2>&quot;&quot;&quot;</span>
</span><span id=__span-5-6><a id=__codelineno-5-6 name=__codelineno-5-6 href=#__codelineno-5-6></a><span class=s2>mov x0, 0</span>
</span><span id=__span-5-7><a id=__codelineno-5-7 name=__codelineno-5-7 href=#__codelineno-5-7></a><span class=s2>mov x8, 93</span>
</span><span id=__span-5-8><a id=__codelineno-5-8 name=__codelineno-5-8 href=#__codelineno-5-8></a><span class=s2>svc 0</span>
</span><span id=__span-5-9><a id=__codelineno-5-9 name=__codelineno-5-9 href=#__codelineno-5-9></a><span class=s2>&quot;&quot;&quot;</span>
</span><span id=__span-5-10><a id=__codelineno-5-10 name=__codelineno-5-10 href=#__codelineno-5-10></a>
</span><span id=__span-5-11><a id=__codelineno-5-11 name=__codelineno-5-11 href=#__codelineno-5-11></a><span class=n>out</span> <span class=o>=</span> <span class=n>make_elf_from_assembly</span><span class=p>(</span><span class=n>STORE</span><span class=p>)</span>
</span><span id=__span-5-12><a id=__codelineno-5-12 name=__codelineno-5-12 href=#__codelineno-5-12></a><span class=c1># Debug info</span>
</span><span id=__span-5-13><a id=__codelineno-5-13 name=__codelineno-5-13 href=#__codelineno-5-13></a><span class=nb>print</span><span class=p>(</span><span class=n>out</span><span class=p>)</span>
</span><span id=__span-5-14><a id=__codelineno-5-14 name=__codelineno-5-14 href=#__codelineno-5-14></a><span class=n>gdb</span><span class=o>.</span><span class=n>debug</span><span class=p>(</span><span class=n>out</span><span class=p>)</span>
</span><span id=__span-5-15><a id=__codelineno-5-15 name=__codelineno-5-15 href=#__codelineno-5-15></a>
</span><span id=__span-5-16><a id=__codelineno-5-16 name=__codelineno-5-16 href=#__codelineno-5-16></a><span class=n>pause</span><span class=p>()</span>
</span></code></pre></div> </article> </div> <script>var tabs=__md_get("__tabs");if(Array.isArray(tabs))e:for(var set of document.querySelectorAll(".tabbed-set")){var labels=set.querySelector(".tabbed-labels");for(var tab of tabs)for(var label of labels.getElementsByTagName("label"))if(label.innerText.trim()===tab){var input=document.getElementById(label.htmlFor);input.checked=!0;continue e}}</script> <script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script> </div> <button type=button class="md-top md-icon" data-md-component=top hidden> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z"/></svg> Back to top </button> </main> <footer class=md-footer> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class=md-copyright> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a> </div> <div class=md-social> <a href=https://github.com/pwndbg target=_blank rel=noopener title=github.com class=md-social__link> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 512 512"><!-- Font Awesome Free 7.0.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path fill=currentColor d="M173.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M252.8 8C114.1 8 8 113.3 8 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C436.2 457.8 504 362.9 504 252 504 113.3 391.5 8 252.8 8M105.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1m-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7m32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1m-11.4-14.7c-1.6 1-1.6 3.6 0 5.9s4.3 3.3 5.6 2.3c1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2"/></svg> </a> <a href=https://pypi.org/project/pwndbg/ target=_blank rel=noopener title=pypi.org class=md-social__link> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 448 512"><!-- Font Awesome Free 7.0.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path fill=currentColor d="M439.8 200.5c-7.7-30.9-22.3-54.2-53.4-54.2h-40.1v47.4c0 36.8-31.2 67.8-66.8 67.8H172.7c-29.2 0-53.4 25-53.4 54.3v101.8c0 29 25.2 46 53.4 54.3 33.8 9.9 66.3 11.7 106.8 0 26.9-7.8 53.4-23.5 53.4-54.3v-40.7H226.2v-13.6h160.2c31.1 0 42.6-21.7 53.4-54.2 11.2-33.5 10.7-65.7 0-108.6M286.2 444.7a20.4 20.4 0 1 1 0-40.7 20.4 20.4 0 1 1 0 40.7M167.8 248.1h106.8c29.7 0 53.4-24.5 53.4-54.3V91.9c0-29-24.4-50.7-53.4-55.6-35.8-5.9-74.7-5.6-106.8.1-45.2 8-53.4 24.7-53.4 55.6v40.7h106.9v13.6h-147c-31.1 0-58.3 18.7-66.8 54.2-9.8 40.7-10.2 66.1 0 108.6 7.6 31.6 25.7 54.2 56.8 54.2H101v-48.8c0-35.3 30.5-66.4 66.8-66.4m-6.6-183.4a20.4 20.4 0 1 1 0 40.8 20.4 20.4 0 1 1 0-40.8"/></svg> </a> <a href=https://discord.gg/x47DssnGwm target=_blank rel=noopener title=discord.gg class=md-social__link> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 576 512"><!-- Font Awesome Free 7.0.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path fill=currentColor d="M492.5 69.8c-.2-.3-.4-.6-.8-.7-38.1-17.5-78.4-30-119.7-37.1-.4-.1-.8 0-1.1.1s-.6.4-.8.8c-5.5 9.9-10.5 20.2-14.9 30.6-44.6-6.8-89.9-6.8-134.4 0-4.5-10.5-9.5-20.7-15.1-30.6-.2-.3-.5-.6-.8-.8s-.7-.2-1.1-.2C162.5 39 122.2 51.5 84.1 69c-.3.1-.6.4-.8.7C7.1 183.5-13.8 294.6-3.6 404.2c0 .3.1.5.2.8s.3.4.5.6c44.4 32.9 94 58 146.8 74.2.4.1.8.1 1.1 0s.7-.4.9-.7c11.3-15.4 21.4-31.8 30-48.8.1-.2.2-.5.2-.8s0-.5-.1-.8-.2-.5-.4-.6-.4-.3-.7-.4c-15.8-6.1-31.2-13.4-45.9-21.9-.3-.2-.5-.4-.7-.6s-.3-.6-.3-.9 0-.6.2-.9.3-.5.6-.7c3.1-2.3 6.2-4.7 9.1-7.1.3-.2.6-.4.9-.4s.7 0 1 .1c96.2 43.9 200.4 43.9 295.5 0 .3-.1.7-.2 1-.2s.7.2.9.4c2.9 2.4 6 4.9 9.1 7.2.2.2.4.4.6.7s.2.6.2.9-.1.6-.3.9-.4.5-.6.6c-14.7 8.6-30 15.9-45.9 21.8-.2.1-.5.2-.7.4s-.3.4-.4.7-.1.5-.1.8.1.5.2.8c8.8 17 18.8 33.3 30 48.8.2.3.6.6.9.7s.8.1 1.1 0c52.9-16.2 102.6-41.3 147.1-74.2.2-.2.4-.4.5-.6s.2-.5.2-.8c12.3-126.8-20.5-236.9-86.9-334.5zm-302 267.7c-29 0-52.8-26.6-52.8-59.2s23.4-59.2 52.8-59.2c29.7 0 53.3 26.8 52.8 59.2 0 32.7-23.4 59.2-52.8 59.2m195.4 0c-29 0-52.8-26.6-52.8-59.2s23.4-59.2 52.8-59.2c29.7 0 53.3 26.8 52.8 59.2 0 32.7-23.2 59.2-52.8 59.2"/></svg> </a> </div> </div> </div> </footer> </div> <div class=md-dialog data-md-component=dialog> <div class="md-dialog__inner md-typeset"></div> </div> <div class=md-progress data-md-component=progress role=progressbar></div> <script id=__config type=application/json>{"base": "../..", "features": ["content.code.annotate", "navigation.instant", "navigation.instant.progress", "navigation.tabs", "navigation.sections", "navigation.indexes", "navigation.top", "search.suggest", "search.share", "content.tabs.link"], "search": "../../assets/javascripts/workers/search.973d3a69.min.js", "tags": null, "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"provider": "mike"}}</script> <script src=../../assets/javascripts/bundle.92b07e13.min.js></script> <script src=../../js/prompt-highlighter.js></script> </body> </html>
View Git Blame Copy Permalink