mirror of https://github.com/pwndbg/pwndbg.git
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
283 lines
18 KiB
Markdown
283 lines
18 KiB
Markdown
<!-- THIS FILE IS AUTOGENERATED. DO NOT EDIT IT. See scripts/generate-docs.sh -->
|
|
|
|
|
|
|
|
|
|
# Commands
|
|
|
|
## Breakpoint
|
|
|
|
- [break-if-not-taken](breakpoint/break-if-not-taken.md) - Breaks on a branch if it is not taken.
|
|
- [break-if-taken](breakpoint/break-if-taken.md) - Breaks on a branch if it is taken.
|
|
- [breakrva](breakpoint/breakrva.md) - Break at RVA from PIE base.
|
|
- [ignore](breakpoint/ignore.md) - Set ignore-count of breakpoint number N to COUNT.
|
|
|
|
## Context
|
|
|
|
- [context](context/context.md) - Print out the currently enabled context sections.
|
|
- [contextnext](context/contextnext.md) - Select next entry in context history.
|
|
- [contextoutput](context/contextoutput.md) - Sets the output of a context section.
|
|
- [contextprev](context/contextprev.md) - Select previous entry in context history.
|
|
- [contextsearch](context/contextsearch.md) - Search for a string in the context history and select that entry.
|
|
- [contextunwatch](context/contextunwatch.md) - Removes an expression previously added to be watched.
|
|
- [contextwatch](context/contextwatch.md) - Adds an expression to be shown on context.
|
|
- [regs](context/regs.md) - Print out all registers and enhance the information.
|
|
|
|
## Darwin/libsystem/Mach-O
|
|
|
|
- [commpage](darwin_libsystem_mach-o/commpage.md) - Dumps all values from the macOS commpage.
|
|
|
|
## Developer
|
|
|
|
- [dev-dump-instruction](developer/dev-dump-instruction.md) - Dump internal PwndbgInstruction attributes.
|
|
- [log-level](developer/log-level.md) - Set the log level.
|
|
|
|
## Disassemble
|
|
|
|
- [emulate](disassemble/emulate.md) - Like nearpc, but will emulate instructions from the current $PC forward.
|
|
- [nearpc](disassemble/nearpc.md) - Disassemble near a specified address.
|
|
|
|
## GLibc ptmalloc2 Heap
|
|
|
|
- [arena](glibc_ptmalloc2_heap/arena.md) - Print the contents of an arena.
|
|
- [arenas](glibc_ptmalloc2_heap/arenas.md) - List this process's arenas.
|
|
- [bins](glibc_ptmalloc2_heap/bins.md) - Print the contents of all an arena's bins and a thread's tcache.
|
|
- [fastbins](glibc_ptmalloc2_heap/fastbins.md) - Print the contents of an arena's fastbins.
|
|
- [find-fake-fast](glibc_ptmalloc2_heap/find-fake-fast.md) - Find candidate fake fast or tcache chunks overlapping the specified address.
|
|
- [heap](glibc_ptmalloc2_heap/heap.md) - Iteratively print chunks on a heap.
|
|
- [hi](glibc_ptmalloc2_heap/hi.md) - Searches all heaps to find if an address belongs to a chunk. If yes, prints the chunk.
|
|
- [largebins](glibc_ptmalloc2_heap/largebins.md) - Print the contents of an arena's largebins.
|
|
- [malloc-chunk](glibc_ptmalloc2_heap/malloc-chunk.md) - Print a chunk.
|
|
- [mp](glibc_ptmalloc2_heap/mp.md) - Print the mp_ struct's contents.
|
|
- [smallbins](glibc_ptmalloc2_heap/smallbins.md) - Print the contents of an arena's smallbins.
|
|
- [tcache](glibc_ptmalloc2_heap/tcache.md) - Print a thread's tcache contents.
|
|
- [tcachebins](glibc_ptmalloc2_heap/tcachebins.md) - Print the contents of a tcache.
|
|
- [top-chunk](glibc_ptmalloc2_heap/top-chunk.md) - Print relevant information about an arena's top chunk.
|
|
- [try-free](glibc_ptmalloc2_heap/try-free.md) - Check what would happen if free was called with given address.
|
|
- [unsortedbin](glibc_ptmalloc2_heap/unsortedbin.md) - Print the contents of an arena's unsortedbin.
|
|
- [vis-heap-chunks](glibc_ptmalloc2_heap/vis-heap-chunks.md) - Visualize chunks on a heap.
|
|
|
|
## Integrations
|
|
|
|
- [ai](integrations/ai.md) - Ask GPT-3 a question about the current debugging context.
|
|
- [bn-sync](integrations/bn-sync.md) - Synchronize Binary Ninja's cursor with GDB.
|
|
- [decomp](integrations/decomp.md) - Use the current integration to decompile code near an address.
|
|
- [j](integrations/j.md) - Synchronize IDA's cursor with GDB.
|
|
- [r2](integrations/r2.md) - Launches radare2.
|
|
- [r2pipe](integrations/r2pipe.md) - Execute stateful radare2 commands through r2pipe.
|
|
- [rop](integrations/rop.md) - Dump ROP gadgets with Jon Salwan's ROPgadget tool.
|
|
- [ropper](integrations/ropper.md) - ROP gadget search with ropper.
|
|
- [rz](integrations/rz.md) - Launches rizin.
|
|
- [rzpipe](integrations/rzpipe.md) - Execute stateful rizin commands through rzpipe.
|
|
- [save-ida](integrations/save-ida.md) - Save the ida database.
|
|
|
|
## Kernel
|
|
|
|
- [binder](kernel/binder.md) - Show Android Binder information
|
|
- [buddydump](kernel/buddydump.md) - Displays metadata and freelists of the buddy allocator.
|
|
- [kbase](kernel/kbase.md) - Finds the kernel virtual base address.
|
|
- [kbpf](kernel/kbpf.md) - Prints information about the linux kernel bpf progs and maps.
|
|
- [kchecksec](kernel/kchecksec.md) - Checks for kernel hardening configuration options.
|
|
- [kcmdline](kernel/kcmdline.md) - Return the kernel commandline (/proc/cmdline).
|
|
- [kconfig](kernel/kconfig.md) - Outputs the kernel config.
|
|
- [kcurrent](kernel/kcurrent.md) - Displays the current kernel task debugged by the debugger (gdb/lldb) if pid == None
|
|
- [kdmabuf](kernel/kdmabuf.md) - Prints DMA buf info
|
|
- [kdmesg](kernel/kdmesg.md) - Displays the kernel ring buffer (dmesg) contents.
|
|
- [kfile](kernel/kfile.md) - Displays information about fds accessible by a kernel task.
|
|
- [klookup](kernel/klookup.md) - Lookup kernel symbols
|
|
- [kmod](kernel/kmod.md) - Displays the loaded Linux kernel modules.
|
|
- [knft-dump](kernel/knft-dump.md) - Dump all nftables: tables, chains, rules, expressions
|
|
- [knft-list-chains](kernel/knft-list-chains.md) - Dump netfilter chains form a specific table
|
|
- [knft-list-exprs](kernel/knft-list-exprs.md) - Dump only expressions from specific rule
|
|
- [knft-list-flowtables](kernel/knft-list-flowtables.md) - Dump netfilter flowtables from a specific table
|
|
- [knft-list-objects](kernel/knft-list-objects.md) - Dump netfilter objects from a specific table
|
|
- [knft-list-rules](kernel/knft-list-rules.md) - Dump netfilter rules form a specific chain
|
|
- [knft-list-sets](kernel/knft-list-sets.md) - Dump netfilter sets from a specific table
|
|
- [knft-list-tables](kernel/knft-list-tables.md) - Dump netfliter tables from a specific network namespace
|
|
- [ksyscalls](kernel/ksyscalls.md) - Displays Linux syscall table, including names and addresses of syscalls.
|
|
- [ktask](kernel/ktask.md) - Displays information about kernel tasks.
|
|
- [kversion](kernel/kversion.md) - Outputs the kernel version (/proc/version).
|
|
- [msr](kernel/msr.md) - Read or write to Model Specific Register (MSR)
|
|
- [p2v](kernel/p2v.md) - Translate physical address to its corresponding virtual address.
|
|
- [pageinfo](kernel/pageinfo.md) - Convert a pointer to a `struct page` to its corresponding virtual address.
|
|
- [pagewalk](kernel/pagewalk.md) - Performs pagewalk.
|
|
- [slab](kernel/slab.md) - Prints information about the linux kernel's slab allocator SLUB.
|
|
- [v2p](kernel/v2p.md) - Translate virtual address to its corresponding physmap address.
|
|
|
|
## Linux/libc/ELF
|
|
|
|
- [argc](linux_libc_elf/argc.md) - Prints out the number of arguments.
|
|
- [argv](linux_libc_elf/argv.md) - Prints out the contents of argv.
|
|
- [aslr](linux_libc_elf/aslr.md) - Check the current ASLR status, or turn it on/off.
|
|
- [auxv-explore](linux_libc_elf/auxv-explore.md) - Explore and print information from the Auxiliary ELF Vector.
|
|
- [auxv](linux_libc_elf/auxv.md) - Print information from the Auxiliary ELF Vector.
|
|
- [elfsections](linux_libc_elf/elfsections.md) - Prints the section mappings contained in the ELF header.
|
|
- [envp](linux_libc_elf/envp.md) - Prints out the contents of the environment.
|
|
- [errno](linux_libc_elf/errno.md) - Converts errno (or argument) to its string representation.
|
|
- [got](linux_libc_elf/got.md) - Show the state of the Global Offset Table.
|
|
- [gotplt](linux_libc_elf/gotplt.md) - Prints any symbols found in the .got.plt section if it exists.
|
|
- [libcinfo](linux_libc_elf/libcinfo.md) - Show libc version and link to its sources
|
|
- [linkmap](linux_libc_elf/linkmap.md) - Show the state of the Link Map
|
|
- [onegadget](linux_libc_elf/onegadget.md) - Find gadgets which single-handedly give code execution.
|
|
- [parse-seccomp](linux_libc_elf/parse-seccomp.md) - Parse a struct sock_fprog from memory and dump its filter
|
|
- [piebase](linux_libc_elf/piebase.md) - Calculate VA of RVA from PIE base.
|
|
- [plt](linux_libc_elf/plt.md) - Prints any symbols found in Procedure Linkage Table sections if any exist.
|
|
- [strings](linux_libc_elf/strings.md) - Extracts and displays ASCII strings from readable memory pages of the debugged process.
|
|
- [threads](linux_libc_elf/threads.md) - List all threads belonging to the selected inferior.
|
|
- [tls](linux_libc_elf/tls.md) - Print out base address of the current Thread Local Storage (TLS).
|
|
- [track-got](linux_libc_elf/track-got.md) - Controls GOT tracking
|
|
- [track-heap](linux_libc_elf/track-heap.md) - Manages the heap tracker.
|
|
|
|
## Memory
|
|
|
|
- [distance](memory/distance.md) - Print the distance between the two arguments, or print the offset to the address's page base.
|
|
- [dump-register-frame](memory/dump-register-frame.md) - Display the registers saved to memory for a certain frame type
|
|
- [gdt](memory/gdt.md) - Decode X86-64 GDT entries at address
|
|
- [go-dump](memory/go-dump.md) - Dumps a Go value of a given type at a specified address.
|
|
- [go-type](memory/go-type.md) - Dumps a Go runtime reflection type at a specified address.
|
|
- [hexdump](memory/hexdump.md) - Hexdumps data at the specified address or module name.
|
|
- [leakfind](memory/leakfind.md) - Attempt to find a leak chain given a starting address.
|
|
- [memfrob](memory/memfrob.md) - Memfrobs a region of memory (xor with '*').
|
|
- [mmap](memory/mmap.md) - Calls the mmap syscall and prints its resulting address.
|
|
- [mprotect](memory/mprotect.md) - Calls the mprotect syscall and prints its result value.
|
|
- [p2p](memory/p2p.md) - Pointer to pointer chain search. Searches given mapping for all pointers that point to specified mapping.
|
|
- [probeleak](memory/probeleak.md) - Pointer scan for possible offset leaks.
|
|
- [search](memory/search.md) - Search memory for byte sequences, strings, pointers, and integer values.
|
|
- [telescope](memory/telescope.md) - Recursively dereferences pointers starting at the specified address.
|
|
- [vmmap-add](memory/vmmap-add.md) - Add virtual memory map page.
|
|
- [vmmap-clear](memory/vmmap-clear.md) - Clear the vmmap cache.
|
|
- [vmmap-explore](memory/vmmap-explore.md) - Explore a page, trying to guess permissions.
|
|
- [vmmap](memory/vmmap.md) - Print virtual memory map pages.
|
|
- [xinfo](memory/xinfo.md) - Shows offsets of the specified address from various useful locations.
|
|
- [xor](memory/xor.md) - XOR `count` bytes at `address` with the key `key`.
|
|
|
|
## Misc
|
|
|
|
- [asm](misc/asm.md) - Assemble shellcode into bytes
|
|
- [checksec](misc/checksec.md) - Prints out the binary security settings using `checksec`.
|
|
- [comm](misc/comm.md) - Put comments in assembly code.
|
|
- [cyclic](misc/cyclic.md) - Cyclic pattern creator/finder.
|
|
- [cymbol](misc/cymbol.md) - Manage custom C structures in pwndbg. Supports project-specific auto-loading from .gdbinit.
|
|
- [down](misc/down.md) - Select and print stack frame called by this one.
|
|
- [dt](misc/dt.md) - Dump out information on a type (e.g. ucontext_t).
|
|
- [dumpargs](misc/dumpargs.md) - Prints determined arguments for call/syscall instruction.
|
|
- [getfile](misc/getfile.md) - Gets the current file.
|
|
- [hex2ptr](misc/hex2ptr.md) - Converts a space-separated hex string to a little-endian address.
|
|
- [hijack-fd](misc/hijack-fd.md) - Replace a file descriptor of a debugged process.
|
|
- [ipi](misc/ipi.md) - Start an interactive IPython prompt.
|
|
- [patch-list](misc/patch-list.md) - List all patches.
|
|
- [patch-revert](misc/patch-revert.md) - Revert patch at given address.
|
|
- [patch](misc/patch.md) - Patches given instruction with given code or bytes.
|
|
- [plist](misc/plist.md) - Dumps the elements of a linked list.
|
|
- [sigreturn](misc/sigreturn.md) - Display the SigreturnFrame at the specific address
|
|
- [spray](misc/spray.md) - Spray memory with cyclic() generated values
|
|
- [tips](misc/tips.md) - Shows tips.
|
|
- [up](misc/up.md) - Select and print stack frame that called this one.
|
|
- [valist](misc/valist.md) - Dumps the arguments of a va_list.
|
|
- [vmmap-load](misc/vmmap-load.md) - Load virtual memory map pages from ELF file.
|
|
|
|
## Process
|
|
|
|
- [killthreads](process/killthreads.md) - Kill all or given threads.
|
|
- [pid](process/pid.md) - Gets the pid.
|
|
- [procinfo](process/procinfo.md) - Display information about the running process.
|
|
|
|
## Pwndbg
|
|
|
|
- [bugreport](pwndbg/bugreport.md) - Generate a bug report.
|
|
- [config](pwndbg/config.md) - Shows Pwndbg-specific configuration.
|
|
- [configfile](pwndbg/configfile.md) - Generates a configuration file for the current Pwndbg options.
|
|
- [heap-config](pwndbg/heap-config.md) - Shows heap related configuration.
|
|
- [memoize](pwndbg/memoize.md) - Toggles memoization (caching).
|
|
- [profiler](pwndbg/profiler.md) - Utilities for profiling Pwndbg.
|
|
- [pwndbg](pwndbg/pwndbg.md) - Prints out a list of all Pwndbg commands.
|
|
- [reinit-pwndbg](pwndbg/reinit-pwndbg.md) - Makes Pwndbg reinitialize all state.
|
|
- [reload](pwndbg/reload.md) - Reload Pwndbg.
|
|
- [theme](pwndbg/theme.md) - Shows Pwndbg-specific theme configuration.
|
|
- [themefile](pwndbg/themefile.md) - Generates a configuration file for the current Pwndbg theme options.
|
|
- [version](pwndbg/version.md) - Displays Pwndbg and its important deps versions.
|
|
|
|
## Register
|
|
|
|
- [cpsr](register/cpsr.md) - Print out ARM CPSR or xPSR register.
|
|
- [fsbase](register/fsbase.md) - Prints out the FS base address. See also $fsbase.
|
|
- [gsbase](register/gsbase.md) - Prints out the GS base address. See also $gsbase.
|
|
- [setflag](register/setflag.md) - Modify the flags register.
|
|
|
|
## Stack
|
|
|
|
- [canary](stack/canary.md) - Print out the current stack canary.
|
|
- [retaddr](stack/retaddr.md) - Print out the stack addresses that contain return addresses.
|
|
- [stack-explore](stack/stack-explore.md) - Explore stack from all threads.
|
|
- [stack](stack/stack.md) - Dereferences on stack data with specified count and offset.
|
|
- [stackf](stack/stackf.md) - Dereferences on stack data, printing the entire stack frame with specified count and offset .
|
|
|
|
## Start
|
|
|
|
- [attachp](start/attachp.md) - Attaches to a given pid, process name, process found with partial argv match or to a device file.
|
|
- [entry](start/entry.md) - Start the debugged program stopping at its entrypoint address.
|
|
- [sstart](start/sstart.md) - Alias for 'tbreak __libc_start_main; run'.
|
|
- [start](start/start.md) - Start the debugged program stopping at the first convenient location
|
|
|
|
## Step/Next/Continue
|
|
|
|
- [nextcall](step_next_continue/nextcall.md) - Breaks at the next call instruction.
|
|
- [nextjmp](step_next_continue/nextjmp.md) - Breaks at the next jump instruction.
|
|
- [nextproginstr](step_next_continue/nextproginstr.md) - Breaks at the next instruction that belongs to the running program.
|
|
- [nextret](step_next_continue/nextret.md) - Breaks at next return-like instruction.
|
|
- [nextsyscall](step_next_continue/nextsyscall.md) - Breaks at the next syscall not taking branches.
|
|
- [stepover](step_next_continue/stepover.md) - Breaks on the instruction after this one.
|
|
- [stepret](step_next_continue/stepret.md) - Breaks at next return-like instruction by 'stepping' to it.
|
|
- [stepsyscall](step_next_continue/stepsyscall.md) - Breaks at the next syscall by taking branches.
|
|
- [stepuntilasm](step_next_continue/stepuntilasm.md) - Breaks on the next matching instruction.
|
|
- [xuntil](step_next_continue/xuntil.md) - Continue execution until an address or expression.
|
|
|
|
## WinDbg
|
|
|
|
- [bc](windbg/bc.md) - Clear the breakpoint with the specified index.
|
|
- [bd](windbg/bd.md) - Disable the breakpoint with the specified index.
|
|
- [be](windbg/be.md) - Enable the breakpoint with the specified index.
|
|
- [bl](windbg/bl.md) - List breakpoints.
|
|
- [bp](windbg/bp.md) - Set a breakpoint at the specified address.
|
|
- [da](windbg/da.md) - Dump a string at the specified address.
|
|
- [db](windbg/db.md) - Starting at the specified address, dump N bytes.
|
|
- [dc](windbg/dc.md) - Starting at the specified address, hexdump.
|
|
- [dd](windbg/dd.md) - Starting at the specified address, dump N dwords.
|
|
- [dds](windbg/dds.md) - Dump pointers and symbols at the specified address.
|
|
- [dq](windbg/dq.md) - Starting at the specified address, dump N qwords.
|
|
- [ds](windbg/ds.md) - Dump a string at the specified address.
|
|
- [dw](windbg/dw.md) - Starting at the specified address, dump N words.
|
|
- [eb](windbg/eb.md) - Write hex bytes at the specified address.
|
|
- [ed](windbg/ed.md) - Write hex dwords at the specified address.
|
|
- [eq](windbg/eq.md) - Write hex qwords at the specified address.
|
|
- [ew](windbg/ew.md) - Write hex words at the specified address.
|
|
- [ez](windbg/ez.md) - Write a string at the specified address.
|
|
- [eza](windbg/eza.md) - Write a string at the specified address.
|
|
- [go](windbg/go.md) - WinDbg compatibility alias for 'continue' command.
|
|
- [k](windbg/k.md) - Print a backtrace (alias 'bt').
|
|
- [ln](windbg/ln.md) - List the symbols nearest to the provided value.
|
|
- [pc](windbg/pc.md) - WinDbg compatibility alias for 'nextcall' command.
|
|
- [peb](windbg/peb.md) - Not be windows.
|
|
|
|
## jemalloc Heap
|
|
|
|
- [jemalloc-extent-info](jemalloc_heap/jemalloc-extent-info.md) - Prints extent information for the given address
|
|
- [jemalloc-find-extent](jemalloc_heap/jemalloc-find-extent.md) - Returns extent information for pointer address allocated by jemalloc
|
|
- [jemalloc-heap](jemalloc_heap/jemalloc-heap.md) - Prints all extents information
|
|
|
|
## musl
|
|
|
|
- [mallocng-dump](musl/mallocng-dump.md) - Dump the mallocng heap.
|
|
- [mallocng-explain](musl/mallocng-explain.md) - Gives a quick explanation of musl's mallocng allocator.
|
|
- [mallocng-find](musl/mallocng-find.md) - Find slot which contains the given address.
|
|
- [mallocng-group](musl/mallocng-group.md) - Print out information about a mallocng group at the given address.
|
|
- [mallocng-malloc-context](musl/mallocng-malloc-context.md) - Print out the mallocng __malloc_context (ctx) object.
|
|
- [mallocng-meta-area](musl/mallocng-meta-area.md) - Print out a mallocng meta_area object at the given address.
|
|
- [mallocng-meta](musl/mallocng-meta.md) - Print out information about a mallocng group given the address of its meta.
|
|
- [mallocng-slot-start](musl/mallocng-slot-start.md) - Dump information about a mallocng slot, given its start address.
|
|
- [mallocng-slot-user](musl/mallocng-slot-user.md) - Dump information about a mallocng slot, given its user address.
|
|
- [mallocng-visualize-slots](musl/mallocng-visualize-slots.md) - Visualize slots in a group.
|
|
|
|
<!-- END OF AUTOGENERATED PART. Do not modify this line or the line below, they mark the end of the auto-generated part of the file. If you want to extend the documentation in a way which cannot easily be done by adding to the command help description, write below the following line. -->
|
|
<!-- ------------\>8---- ----\>8---- ----\>8------------ -->
|