Skip to content

heap ¤

Modules:

Functions:

Attributes:

current module-attribute ¤

current: MemoryAllocator | None = None

main_arena module-attribute ¤

main_arena = add_heap_param('main-arena', '0', 'the address of main_arena')

thread_arena module-attribute ¤

thread_arena = add_heap_param(
    "thread-arena", "0", "the address pointed by thread_arena"
)

mp_ module-attribute ¤

mp_ = add_heap_param('mp', '0', 'the address of mp_')

tcache module-attribute ¤

tcache = add_heap_param('tcache', '0', 'the address pointed by tcache')

global_max_fast module-attribute ¤

global_max_fast = add_heap_param(
    "global-max-fast", "0", "the address of global_max_fast"
)

symbol_list module-attribute ¤

symbol_list = [main_arena, thread_arena, mp_, tcache, global_max_fast]

heap_chain_limit module-attribute ¤

heap_chain_limit = add_heap_param(
    "heap-dereference-limit",
    8,
    "number of chunks to dereference in each bin",
    param_class=PARAM_UINTEGER,
)

heap_corruption_check_limit module-attribute ¤

heap_corruption_check_limit = add_heap_param(
    "heap-corruption-check-limit",
    64,
    "amount of chunks to traverse for the bin corruption check",
    param_class=PARAM_UINTEGER,
    help_docstring="\nThe bins are traversed both forwards and backwards.\n",
)

resolve_heap_via_heuristic module-attribute ¤

resolve_heap_via_heuristic = add_heap_param(
    "resolve-heap-via-heuristic",
    "auto",
    "the strategy to resolve heap via heuristic",
    help_docstring="resolve-heap-via-heuristic can be:\nauto    - pwndbg will try to use heuristics if debug symbols are missing\nforce   - pwndbg will always try to use heuristics, even if debug symbols are available\nnever   - pwndbg will never use heuristics to resolve the heap\n\nIf the output of the heap related command produces errors with heuristics, you can try manually setting the libc symbol addresses.\nFor this, see the `heap-config` command output and set the `main_arena`, `mp_`, `global_max_fast`, `tcache` and `thread_arena` addresses.\n\nNote: pwndbg will generate more reliable results with proper debug symbols.\nTherefore, when debug symbols are missing, you should try to install them first if you haven't already.\n\nThey can probably be installed via the package manager of your choice.\nSee also: https://sourceware.org/gdb/onlinedocs/gdb/Separate-Debug-Files.html\n\nE.g. on Ubuntu/Debian you might need to do the following steps (for 64-bit and 32-bit binaries):\nsudo apt-get install libc6-dbg\nsudo dpkg --add-architecture i386\nsudo apt-get install libc-dbg:i386\n\nIf you used setup.sh on Arch based distro you'll need to do a power cycle or set environment variable manually like this: export DEBUGINFOD_URLS=https://debuginfod.archlinux.org\n",
    param_class=PARAM_ENUM,
    enum_sequence=["auto", "force", "never"],
)

add_heap_param ¤

add_heap_param(
    name: str,
    default: Any,
    set_show_doc: str,
    *,
    help_docstring: str = "",
    param_class: int | None = None,
    enum_sequence: Sequence[str] | None = None,
)

update ¤

update() -> None

reset ¤

reset() -> None

resolve_heap ¤

resolve_heap(is_first_run: bool = False) -> None