Skip to content

disasm ¤

Functionality for disassmebling code at an address, or at an address ± a few instructions.

Modules:

Functions:

Attributes:

CapstoneArch module-attribute ¤

CapstoneArch = {
    "arm": CS_ARCH_ARM,
    "armcm": CS_ARCH_ARM,
    "aarch64": CS_ARCH_ARM64,
    "i386": CS_ARCH_X86,
    "i8086": CS_ARCH_X86,
    "x86-64": CS_ARCH_X86,
    "powerpc": CS_ARCH_PPC,
    "mips": CS_ARCH_MIPS,
    "sparc": CS_ARCH_SPARC,
    "rv32": CS_ARCH_RISCV,
    "rv64": CS_ARCH_RISCV,
}

CapstoneEndian module-attribute ¤

CapstoneEndian = {'little': CS_MODE_LITTLE_ENDIAN, 'big': CS_MODE_BIG_ENDIAN}

CapstoneMode module-attribute ¤

CapstoneMode = {4: CS_MODE_32, 8: CS_MODE_64}

CapstoneSyntax module-attribute ¤

CapstoneSyntax = {'intel': CS_OPT_SYNTAX_INTEL, 'att': CS_OPT_SYNTAX_ATT}

VariableInstructionSizeMax module-attribute ¤

VariableInstructionSizeMax = {
    "i386": 16,
    "x86-64": 16,
    "i8086": 16,
    "mips": 8,
    "rv32": 22,
    "rv64": 22,
}

next_addresses_cache module-attribute ¤

next_addresses_cache: set[int] = set()

backward_cache module-attribute ¤

backward_cache: DefaultDict[int, int] = defaultdict(lambda: None)

computed_instruction_cache module-attribute ¤

computed_instruction_cache: DefaultDict[int, PwndbgInstruction] = defaultdict(
    lambda: None
)

emulated_arm_mode_cache module-attribute ¤

emulated_arm_mode_cache: DefaultDict[int, int] = defaultdict(lambda: None)

first_time_emulate module-attribute ¤

first_time_emulate = True

enhance_cache_listener ¤

enhance_cache_listener() -> None

clear_on_reg_mem_change ¤

clear_on_reg_mem_change() -> None

get_disassembler_cached ¤

get_disassembler_cached(arch, ptrsize: int, endian, extra=None)

get_disassembler ¤

get_disassembler(address)

get_one_instruction ¤

get_one_instruction(
    address,
    emu: Emulator = None,
    enhance=True,
    from_cache=False,
    put_cache=False,
) -> PwndbgInstruction

If passed an emulator, this will pass it to the DisassemblyAssistant which will single_step the emulator to determine the operand values before and after the instruction executes.

one ¤

one(
    address=None,
    emu: Emulator = None,
    enhance=True,
    from_cache=False,
    put_cache=False,
    put_backward_cache=True,
) -> PwndbgInstruction | None

one_raw ¤

one_raw(address=None) -> PwndbgInstruction | None

get ¤

get(
    address,
    instructions=1,
    emu: Emulator = None,
    enhance=True,
    from_cache=False,
    put_cache=False,
) -> list[PwndbgInstruction]

can_run_first_emulate ¤

can_run_first_emulate() -> bool

Disable the emulate config variable if we don't have enough memory to use it See #1534 And unicorn-engine/unicorn!1743

no_emulate_one ¤

no_emulate_one()

emulate_one ¤

emulate_one()

one_with_config ¤

one_with_config()

Returns a single Pwndbg Instruction at the current PC.

Emulation determined by the pwndbg.config.emulate setting.

near ¤

near(
    address,
    instructions=1,
    emulate=False,
    show_prev_insns=True,
    use_cache=False,
    linear=False,
) -> tuple[list[PwndbgInstruction], int]

Disasms instructions near given address. Passing emulate makes use of unicorn engine to emulate instructions to predict branches that will be taken. show_prev_insns makes this show previously cached instructions (this is mostly used by context's disasm display, so user see what was previously)