Skip to content

memory ¤

Functions:

Attributes:

GdbDict module-attribute ¤

GdbDict = Dict[str, Union['GdbDict', int]]

MMAP_MIN_ADDR module-attribute ¤

MMAP_MIN_ADDR = 32768

read ¤

read(addr: int, count: int, partial: bool = False) -> bytearray

read(addr, count, partial=False) -> bytearray

Read memory from the program being debugged.

Parameters:

  • addr (int) –

    Address to read

  • count (int) –

    Number of bytes to read

  • partial (bool, default: False ) –

    Whether less than count bytes can be returned

Returns:

  • bytearray

    bytearray The memory at the specified address,

  • bytearray

    or None.

readtype ¤

readtype(type: Type, addr: int) -> int

readtype(type, addr) -> int

Reads an integer-type (e.g. uint64) and returns a Python native integer representation of the same.

Parameters:

  • type (Type) –

    GDB type to read

  • addr (int) –

    Address at which the value to be read resides

Returns:

  • int

    int

write ¤

write(addr: int, data: str | bytes | bytearray) -> None

write(addr, data)

Writes data into the memory of the process being debugged.

Parameters:

  • addr (int) –

    Address to write

  • data (str | bytes | bytearray) –

    Data to write

peek ¤

peek(address: int) -> bytearray | None

peek(address) -> bytearray

Read one byte from the specified address.

Parameters:

  • address (int) –

    Address to read

Returns:

  • bytearray | None

    bytearray A single byte of data, or None if the

  • bytearray | None

    address cannot be read.

is_readable_address ¤

is_readable_address(address: int) -> bool

is_readable_address(address) -> bool

Check if the address can be read by GDB.

Parameters:

  • address (int) –

    Address to read

Returns:

  • bool

    bool: Whether the address is readable.

poke ¤

poke(address: int) -> bool

poke(address)

Checks whether an address is writable.

Parameters:

  • address (int) –

    Address to check

Returns:

  • bool

    bool: Whether the address is writable.

string ¤

string(addr: int, max: int = 4096) -> bytearray

Reads a null-terminated string from memory.

Parameters:

  • addr (int) –

    Address to read from

  • max (int, default: 4096 ) –

    Maximum string length (default 4096)

Returns:

  • bytearray

    An empty bytearray, or a NULL-terminated bytearray.

byte ¤

byte(addr: int) -> int

byte(addr) -> int

Read one byte at the specified address

uchar ¤

uchar(addr: int) -> int

uchar(addr) -> int

Read one unsigned char at the specified address.

ushort ¤

ushort(addr: int) -> int

ushort(addr) -> int

Read one unisgned short at the specified address.

uint ¤

uint(addr: int) -> int

uint(addr) -> int

Read one unsigned int at the specified address.

pvoid ¤

pvoid(addr: int) -> int

pvoid(addr) -> int

Read one pointer from the specified address.

u8 ¤

u8(addr: int) -> int

u8(addr) -> int

Read one uint8_t from the specified address.

u16 ¤

u16(addr: int) -> int

u16(addr) -> int

Read one uint16_t from the specified address.

u32 ¤

u32(addr: int) -> int

u32(addr) -> int

Read one uint32_t from the specified address.

u64 ¤

u64(addr: int) -> int

u64(addr) -> int

Read one uint64_t from the specified address.

u ¤

u(addr: int, size: int | None = None) -> int

u(addr, size=None) -> int

Read one unsigned integer from the specified address, with the bit-width specified by size, which defaults to the pointer width.

s8 ¤

s8(addr: int) -> int

s8(addr) -> int

Read one int8_t from the specified address

s16 ¤

s16(addr: int) -> int

s16(addr) -> int

Read one int16_t from the specified address.

s32 ¤

s32(addr: int) -> int

s32(addr) -> int

Read one int32_t from the specified address.

s64 ¤

s64(addr: int) -> int

s64(addr) -> int

Read one int64_t from the specified address.

cast_pointer ¤

cast_pointer(type: Type, addr: int | Value) -> Value

Create a Value containing given address and cast it to the pointer of specified type

get_typed_pointer ¤

get_typed_pointer(type: str | Type, addr: int | Value) -> Value

Look up a type by name if necessary and return a Value of addr cast to that type

get_typed_pointer_value ¤

get_typed_pointer_value(type_name: str | Type, addr: int | Value) -> Value

Read the pointer value of addr cast to type specified by type_name

find_upper_boundary ¤

find_upper_boundary(addr: int, max_pages: int = 1024) -> int

find_upper_boundary(addr, max_pages=1024) -> int

Brute-force search the upper boundary of a memory mapping, by reading the first byte of each page, until an unmapped page is found.

find_lower_boundary ¤

find_lower_boundary(addr: int, max_pages: int = 1024) -> int

find_lower_boundary(addr, max_pages=1024) -> int

Brute-force search the lower boundary of a memory mapping, by reading the first byte of each page, until an unmapped page is found.

update_min_addr ¤

update_min_addr() -> None

fetch_struct_as_dictionary ¤

fetch_struct_as_dictionary(
    struct_name: str,
    struct_address: int | Value,
    include_only_fields: set[str] | None = None,
    exclude_fields: set[str] | None = None,
) -> GdbDict

pack_struct_into_dictionary ¤

pack_struct_into_dictionary(
    fetched_struct: Value,
    include_only_fields: set[str] | None = None,
    exclude_fields: set[str] | None = None,
) -> GdbDict

convert_pwndbg_value_to_python_value ¤

convert_pwndbg_value_to_python_value(dbg_value: Value) -> int | GdbDict

resolve_renamed_struct_field ¤

resolve_renamed_struct_field(
    struct_name: str, possible_field_names: set[str]
) -> str