vmmap ¤

Classes:

QemuMachine –

Functions:

kernel_vmmap_via_page_tables –
kernel_vmmap_via_monitor_info_mem –

Returns Linux memory maps information by parsing monitor info mem output
kernel_vmmap –

Attributes:

monitor_info_mem_not_warned –
kernel_vmmap_mode –

monitor_info_mem_not_warned `module-attribute` ¤

monitor_info_mem_not_warned = True

kernel_vmmap_mode `module-attribute` ¤

kernel_vmmap_mode = add_param(
    "kernel-vmmap",
    "page-tables",
    "the method to get vmmap information when debugging via QEMU kernel",
    help_docstring="Values explained:\n\n+ `page-tables` - read /proc/$qemu-pid/mem to parse kernel page tables to render vmmap\n+ `monitor` - use QEMU's `monitor info mem` to render vmmap\n+ `none` - disable vmmap rendering; useful if rendering is particularly slow\n\nNote that the page-tables method will require the QEMU kernel process to be on the same machine and within the same PID namespace. Running QEMU kernel and GDB in different Docker containers will not work. Consider running both containers with --pid=host (meaning they will see and so be able to interact with all processes on the machine).\n",
    param_class=PARAM_ENUM,
    enum_sequence=["page-tables", "monitor", "none"],
)

QemuMachine ¤

QemuMachine()

Bases: Machine

Methods:

__del__ –
search_pids_for_file –
get_qemu_pid –
read_physical_memory –
read_register –

Attributes:

pid –
file –

pid `instance-attribute` ¤

pid = get_qemu_pid()

file `instance-attribute` ¤

file = open(f'/proc/{pid}/mem', O_RDONLY)

del ¤

__del__()

search_pids_for_file `staticmethod` ¤

search_pids_for_file(pids: list[str], filename: str) -> str | None

get_qemu_pid `staticmethod` ¤

get_qemu_pid()

read_physical_memory ¤

read_physical_memory(physical_address: int, length: int) -> bytes

read_register ¤

read_register(register_name: str) -> int

kernel_vmmap_via_page_tables ¤

kernel_vmmap_via_page_tables() -> tuple[Page, ...]

kernel_vmmap_via_monitor_info_mem ¤

kernel_vmmap_via_monitor_info_mem() -> tuple[Page, ...]

Returns Linux memory maps information by parsing monitor info mem output from QEMU kernel GDB stub. Works only on X86/X64/RISC-V as this is what QEMU supports.

Consider using the kernel_vmmap_via_page_tables method as it is probably more reliable/better.

See also: !685 (TODO: revisit with future QEMU versions)

Example output from the command:¤

pwndbg> monitor info mem¤

ffff903580000000-ffff903580099000 0000000000099000 -rw¤

ffff903580099000-ffff90358009b000 0000000000002000 -r-¤

ffff90358009b000-ffff903582200000 0000000002165000 -rw¤

ffff903582200000-ffff903582803000 0000000000603000 -r-¤

kernel_vmmap ¤

kernel_vmmap() -> tuple[Page, ...]