Skip to content

disassembly ¤

Functionality for disassmebling code at an address, or at an address ± a few instructions.

Functions:

Attributes:

CapstoneEndian module-attribute ¤

CapstoneEndian = {'little': CS_MODE_LITTLE_ENDIAN, 'big': CS_MODE_BIG_ENDIAN}

CapstoneSyntax module-attribute ¤

CapstoneSyntax = {'intel': CS_OPT_SYNTAX_INTEL, 'att': CS_OPT_SYNTAX_ATT}

next_addresses_cache module-attribute ¤

next_addresses_cache: set[int] = set()

backward_cache module-attribute ¤

backward_cache: DefaultDict[int, int] = defaultdict(lambda: None)

computed_instruction_cache module-attribute ¤

computed_instruction_cache: DefaultDict[int, PwndbgInstruction] = defaultdict(
    lambda: None
)

emulated_arm_mode_cache module-attribute ¤

emulated_arm_mode_cache: DefaultDict[int, int | None] = defaultdict(
    lambda: None
)

first_time_emulate module-attribute ¤

first_time_emulate = True

ALL_DISASSEMBLY_ASSISTANTS module-attribute ¤

ALL_DISASSEMBLY_ASSISTANTS: dict[
    PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, Callable[[], DisassemblyAssistant]
] = {
    "aarch64": lambda: AArch64DisassemblyAssistant("aarch64"),
    "i386": lambda: X86DisassemblyAssistant("i386"),
    "x86-64": lambda: X86DisassemblyAssistant("x86-64"),
    "arm": lambda: ArmDisassemblyAssistant("arm", "cpsr"),
    "armcm": lambda: ArmDisassemblyAssistant("armcm", "xpsr"),
    "mips": lambda: MipsDisassemblyAssistant("mips"),
    "rv32": lambda: RISCVDisassemblyAssistant("rv32"),
    "rv64": lambda: RISCVDisassemblyAssistant("rv64"),
    "loongarch64": lambda: Loong64DisassemblyAssistant("loongarch64"),
}

enhance_cache_listener ¤

enhance_cache_listener() -> None

clear_on_reg_mem_change ¤

clear_on_reg_mem_change() -> None

get_disassembler ¤

get_disassembler(address: int, cs_info: tuple[int, int] = None)

get_one_instruction ¤

get_one_instruction(
    address,
    emu: Emulator = None,
    enhance=True,
    from_cache=False,
    put_cache=False,
    assistant: DisassemblyAssistant = None,
) -> PwndbgInstruction

If passed an emulator, this will pass it to the DisassemblyAssistant which will single_step the emulator to determine the operand values before and after the instruction executes.

one ¤

one(
    address=None,
    emu: Emulator = None,
    enhance=True,
    from_cache=False,
    put_cache=False,
    put_backward_cache=True,
    assistant: DisassemblyAssistant = None,
) -> PwndbgInstruction | None

one_raw ¤

one_raw(address=None) -> PwndbgInstruction | None

get ¤

get(
    address,
    instructions=1,
    emu: Emulator = None,
    enhance=True,
    from_cache=False,
    put_cache=False,
    assistant: DisassemblyAssistant = None,
) -> list[PwndbgInstruction]

can_run_first_emulate ¤

can_run_first_emulate() -> bool

Disable the emulate config variable if we don't have enough memory to use it See #1534 And unicorn-engine/unicorn!1743

no_emulate_one ¤

no_emulate_one()

emulate_one ¤

emulate_one()

one_with_config ¤

one_with_config()

Returns a single Pwndbg Instruction at the current PC.

Emulation determined by the pwndbg.config.emulate setting.

near ¤

near(
    address,
    instructions=1,
    emulate=False,
    show_prev_insns=True,
    use_cache=False,
    linear=False,
) -> tuple[list[PwndbgInstruction], int]

Disasms instructions near given address. Passing emulate makes use of unicorn engine to emulate instructions to predict branches that will be taken. show_prev_insns makes this show previously cached instructions (this is mostly used by context's disasm display, so user see what was previously)

get_disassembly_assistant_for_current_arch ¤

get_disassembly_assistant_for_current_arch() -> DisassemblyAssistant

arch_has_disassembly_assistant ¤

arch_has_disassembly_assistant(
    arch: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE | None = None,
) -> bool