Skip to content

lldb ¤

Modules:

  • hooks

    Code that sets up hooks for LLDB events.

  • pset
  • repl

    The Pwndbg REPL that is the interface to all debugging on LLDB.

  • util

Classes:

Functions:

  • rename_register

    Some register names differ between Pwndbg/GDB and LLDB. This function takes

  • map_type_code

    Determines the type code of a given LLDB SBType.

Attributes:

T module-attribute ¤

T = TypeVar('T')

LLDB_VERSION module-attribute ¤

LLDB_VERSION: tuple[int, int] = None

EXECUTION_CONTROLLER module-attribute ¤

EXECUTION_CONTROLLER = LLDBExecutionController()

LLDBRegisters ¤

LLDBRegisters(groups: SBValueList, proc: LLDBProcess)

Bases: Registers

Methods:

Attributes:

groups instance-attribute ¤

groups: SBValueList = groups

proc instance-attribute ¤

proc: LLDBProcess = proc

by_name ¤

by_name(name: str) -> Value | None

LLDBFrame ¤

LLDBFrame(inner: SBFrame, proc: LLDBProcess)

Bases: Frame

Methods:

Attributes:

inner instance-attribute ¤

inner: SBFrame = inner

proc instance-attribute ¤

proc: LLDBProcess = proc

lookup_symbol ¤

lookup_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None

evaluate_expression ¤

evaluate_expression(expression: str, lock_scheduler: bool = False) -> Value

regs ¤

regs() -> Registers

reg_write ¤

reg_write(name: str, val: int) -> bool

pc ¤

pc() -> int

sp ¤

sp() -> int

parent ¤

parent() -> Frame | None

child ¤

child() -> Frame | None

sal ¤

sal() -> tuple[str, int] | None

__eq__ ¤

__eq__(rhs: object) -> bool

LLDBThread ¤

LLDBThread(inner: SBThread, proc: LLDBProcess)

Bases: Thread

Methods:

Attributes:

inner instance-attribute ¤

inner: SBThread = inner

proc instance-attribute ¤

proc: LLDBProcess = proc

bottom_frame ¤

bottom_frame() -> Iterator[Frame]

ptid ¤

ptid() -> int | None

index ¤

index() -> int

LLDBType ¤

LLDBType(inner: SBType)

Bases: Type

Methods:

Attributes:

inner instance-attribute ¤

inner: SBType = inner

name_identifier property ¤

name_identifier: str | None

name_to_human_readable property ¤

name_to_human_readable: str

sizeof property ¤

sizeof: int

alignof property ¤

alignof: int

code property ¤

code: TypeCode

array_len property ¤

array_len: int

Get array length of this type.

__eq__ ¤

__eq__(rhs: object) -> bool

func_arguments ¤

func_arguments() -> list[Type] | None

fields ¤

fields() -> list[TypeField]

array ¤

array(count: int) -> Type

pointer ¤

pointer() -> Type

strip_typedefs ¤

strip_typedefs() -> Type

target ¤

target() -> Type

has_field ¤

has_field(name: str) -> bool

Whether this type has a field with the given name.

keys ¤

keys() -> list[str]

Returns a list containing all the field names of this type.

enum_member ¤

enum_member(field_name: str) -> int | None

Retrieve the integer value of an enum member.

It returns: - integer value, when found field - returns None, If the field does not exist

offsetof ¤

offsetof(field_name: str) -> int | None

Calculate the byte offset of a field within a struct or union.

This method recursively traverses nested structures and unions, and it computes the byte-aligned offset for the specified field.

It returns: - offset in bytes if found - None if the field doesn't exist or if an unsupported alignment/bit-field is encountered

LLDBValue ¤

LLDBValue(inner: SBValue, proc: LLDBProcess)

Bases: Value

Methods:

Attributes:

proc instance-attribute ¤

proc = proc

inner instance-attribute ¤

inner = inner

address property ¤

address: Value | None

is_optimized_out property ¤

is_optimized_out: bool

type property ¤

type: Type

dereference ¤

dereference() -> Value

string ¤

string() -> str

value_to_human_readable ¤

value_to_human_readable() -> str

fetch_lazy ¤

fetch_lazy() -> None

__int__ ¤

__int__() -> int

cast ¤

cast(type: Type | Any) -> Value

__add__ ¤

__add__(rhs: int) -> Value

__sub__ ¤

__sub__(rhs: int) -> Value

__getitem__ ¤

__getitem__(key: str | int) -> Value

LLDBMemoryMap ¤

LLDBMemoryMap(pages: list[Page])

Bases: MemoryMap

Methods:

Attributes:

pages instance-attribute ¤

pages: tuple[Page, ...] = tuple(pages)

is_qemu ¤

is_qemu() -> bool

ranges ¤

ranges() -> Sequence[Page]

Returns all ranges in this memory map.

lookup_page ¤

lookup_page(address: int) -> Page | None

LLDBStopPoint ¤

LLDBStopPoint(
    inner: SBBreakpoint | SBWatchpoint,
    proc: LLDBProcess,
    stop_handler_name: str | None,
)

Bases: StopPoint

Methods:

Attributes:

inner instance-attribute ¤

inner: SBBreakpoint | SBWatchpoint = inner

proc instance-attribute ¤

proc: LLDBProcess = proc

stop_handler_name instance-attribute ¤

stop_handler_name: str | None = stop_handler_name

remove ¤

remove() -> None

set_enabled ¤

set_enabled(enabled: bool) -> None

__enter__ ¤

__enter__() -> StopPoint

__exit__ ¤

__exit__(exc_type, exc_value, traceback) -> None

Automatic breakpoint removal.

OneShotAwaitable ¤

OneShotAwaitable(value: Any)

Used as part of the logic for the execution controller. This is an Awaitable object that yields the value passed to its constructor exactly once.

Methods:

Attributes:

value instance-attribute ¤

value = value

__await__ ¤

__await__() -> Generator[Any, Any, Any]

YieldContinue ¤

YieldContinue(target: LLDBStopPoint, selected_thread: bool = False)

Continues execution of the process until the breakpoint or watchpoint given in the constructor is hit or the operation is cancelled.

This class is part of the execution controller system, so it is intented to be yielded by the async function with access to an execution controller, and caught and hanlded by the event loop in the LLDB Pwndbg CLI.

Attributes:

target instance-attribute ¤

target: LLDBStopPoint = target

selected_thread instance-attribute ¤

selected_thread: bool = selected_thread

YieldSingleStep ¤

Moves execution of the process being debugged forward by one instruction.

This class is part of the execution controller system, so it is intented to be yielded by the async function with access to an execution controller, and caught and hanlded by the event loop in the LLDB Pwndbg CLI.

LLDBExecutionController ¤

Bases: ExecutionController

Methods:

single_step ¤

single_step() -> Awaitable[None]

cont ¤

cont(target: StopPoint) -> Awaitable[None]

cont_selected_thread ¤

cont_selected_thread(target: StopPoint) -> Awaitable[None]

LLDBProcess ¤

LLDBProcess(
    dbg: LLDB, process: SBProcess, target: SBTarget, is_gdb_remote: bool
)

Bases: Process

Methods:

Attributes:

dbg instance-attribute ¤

dbg = dbg

process instance-attribute ¤

process = process

target instance-attribute ¤

target = target

threads ¤

threads() -> list[Thread]

pid ¤

pid() -> int | None

alive ¤

alive() -> bool

stopped_with_signal ¤

stopped_with_signal() -> bool

evaluate_expression ¤

evaluate_expression(expression: str) -> Value

get_known_pages ¤

get_known_pages() -> list[Page]

vmmap ¤

vmmap() -> MemoryMap

find_largest_range_len ¤

find_largest_range_len(
    min_search: int, max_search: int, test: Callable[[int], bool]
) -> int

Finds the largest memory range given a minimum and a maximum value for the size of the rage. This is a binary search, so it should do on the order of log2(max_search - min_search) attempts before it arrives at an answer.

read_memory ¤

read_memory(address: int, size: int, partial: bool = False) -> bytearray

write_memory ¤

write_memory(address: int, data: bytearray, partial: bool = False) -> int

find_in_memory ¤

find_in_memory(
    pattern: bytearray,
    start: int,
    size: int,
    align: int,
    max_matches: int = -1,
    step: int = -1,
) -> Generator[int, None, None]

is_remote ¤

is_remote() -> bool

send_remote ¤

send_remote(packet: str) -> bytes

send_monitor ¤

send_monitor(cmd: str) -> str

download_remote_file ¤

download_remote_file(remote_path: str, local_path: str) -> None

create_value ¤

create_value(value: int, type: Type | None = None) -> Value

symbol_name_at_address ¤

symbol_name_at_address(address: int) -> str | None

lookup_symbol ¤

lookup_symbol(
    name: str,
    *,
    prefer_static: bool = False,
    type: SymbolLookupType = ANY,
    objfile_endswith: str | None = None,
) -> Value | None

types_with_name ¤

types_with_name(name: str) -> Sequence[Type]

arch ¤

arch() -> ArchDefinition

break_at ¤

break_at(
    location: BreakpointLocation | WatchpointLocation,
    stop_handler: Callable[[StopPoint], bool] | None = None,
    internal: bool = False,
) -> StopPoint

trace_ret ¤

trace_ret(
    stop_handler: Callable[[], bool] | None = None, internal: bool = False
)

disasm ¤

disasm(address: int) -> DisassembledInstruction | None

is_linux ¤

is_linux() -> bool

module_section_locations ¤

module_section_locations() -> list[tuple[int, int, str, str]]

main_module_name ¤

main_module_name() -> str

main_module_entry ¤

main_module_entry() -> int | None

is_dynamically_linked ¤

is_dynamically_linked() -> bool

dispatch_execution_controller ¤

dispatch_execution_controller(
    procedure: Callable[[ExecutionController], Coroutine[Any, Any, None]],
)

runcmd ¤

runcmd(cmd) -> str

add_symbol_file ¤

add_symbol_file(path, base=None)

Adds a symbol file at base

LLDBCommand ¤

LLDBCommand(handler_name: str, command_name: str)

Bases: CommandHandle

Methods:

  • remove

    Removes this command from the command palette of the debugger.

Attributes:

handler_name instance-attribute ¤

handler_name = handler_name

command_name instance-attribute ¤

command_name = command_name

remove ¤

remove() -> None

Removes this command from the command palette of the debugger.

LLDBPythonState ¤

Bases: Enum

State of LLDB Python execution.

Unlike in pwndbg-gdb, in pwndbg-lldb the responsibility of driving execution of Python code forward is shared between Pwndbg and LLDB. Knowing which one is in charge is crucial to the correct functioning of the Pwndbg REPL.

This class defines the different kinds of states we can be in.

Attributes:

  • PWNDBG

    Pwndbg is driving execution of Python code

  • LLDB_COMMAND_HANDLER

    Python code is executing from inside an LLDB command handler

  • LLDB_STOP_HANDLER

    Python code is executing from an LLDB breakpoint/watchpoint hook handler

PWNDBG class-attribute instance-attribute ¤

PWNDBG = 1

Pwndbg is driving execution of Python code

LLDB_COMMAND_HANDLER class-attribute instance-attribute ¤

LLDB_COMMAND_HANDLER = 0

Python code is executing from inside an LLDB command handler

LLDB_STOP_HANDLER class-attribute instance-attribute ¤

LLDB_STOP_HANDLER = 2

Python code is executing from an LLDB breakpoint/watchpoint hook handler

LLDB ¤

Bases: Debugger

Methods:

Attributes:

exec_states instance-attribute ¤

exec_states: list[SBExecutionState]

event_handlers instance-attribute ¤

event_handlers: dict[EventType, list[Callable[..., T]]]

suspended_events instance-attribute ¤

suspended_events: dict[EventType, bool]

prompt_hook instance-attribute ¤

prompt_hook: Callable[[], None]

controllers instance-attribute ¤

controllers: list[tuple[LLDBProcess, Coroutine[Any, Any, None]]]

lldb_python_state_callback instance-attribute ¤

lldb_python_state_callback: Callable[[LLDBPythonState], None]

Callback to the REPL, used to notify it of LLDB driving Python code

should_suspend_ctx instance-attribute ¤

should_suspend_ctx: bool

pre_ctx_lines property ¤

pre_ctx_lines: int

setup ¤

setup(*args, **kwargs)

relay_exceptions ¤

relay_exceptions() -> None

Relay an exception raised during an LLDB command handler.

add_command ¤

add_command(
    command_name: str,
    handler: Callable[[Debugger, str, bool], None],
    doc: str | None,
) -> CommandHandle

history ¤

history(last: int = 10) -> list[tuple[int, str]]

commands ¤

commands() -> list[str]

lex_args ¤

lex_args(command_line: str) -> list[str]

selected_inferior ¤

selected_inferior() -> Process | None

selected_thread ¤

selected_thread() -> Thread | None

selected_frame ¤

selected_frame() -> Frame | None

has_event_type ¤

has_event_type(ty: EventType) -> bool

event_handler ¤

event_handler(
    ty: EventType,
) -> Callable[[Callable[..., T]], Callable[..., T]]

ctx_suspend_once ¤

ctx_suspend_once()

suspend_events ¤

suspend_events(ty: EventType) -> None

resume_events ¤

resume_events(ty: EventType) -> None

set_sysroot ¤

set_sysroot(sysroot: str) -> bool

supports_breakpoint_creation_during_stop_handler ¤

supports_breakpoint_creation_during_stop_handler() -> bool

breakpoint_locations ¤

breakpoint_locations() -> list[BreakpointLocation]

name ¤

name() -> DebuggerType

x86_disassembly_flavor ¤

x86_disassembly_flavor() -> Literal['att', 'intel']

string_limit ¤

string_limit() -> int

get_cmd_window_size ¤

get_cmd_window_size() -> tuple[int, int]

is_gdblib_available ¤

is_gdblib_available()

addrsz ¤

addrsz(address: Any) -> str

set_python_diagnostics ¤

set_python_diagnostics(enabled: bool) -> None

ctx_suspend_events ¤

ctx_suspend_events(ty: EventType) -> Iterator[None]

Context manager for temporarily suspending and resuming the delivery of events of a given type.

rename_register ¤

rename_register(name: str, proc: LLDBProcess) -> str

Some register names differ between Pwndbg/GDB and LLDB. This function takes in a register name in the Pwndbg/GDB convention and returns the equivalent LLDB name for the register.

map_type_code ¤

map_type_code(type: SBType) -> TypeCode

Determines the type code of a given LLDB SBType.