Skip to content

lldb ¤

Modules:

  • hooks

    Code that sets up hooks for LLDB events.

  • pset
  • repl

    The Pwndbg REPL that is the interface to all debugging on LLDB.

  • util

Classes:

Functions:

  • rename_register

    Some register names differ between Pwndbg/GDB and LLDB. This function takes

  • map_type_code

    Determines the type code of a given LLDB SBType.

Attributes:

T module-attribute ¤

T = TypeVar('T')

LLDB_VERSION module-attribute ¤

LLDB_VERSION: tuple[int, int] = None

EXECUTION_CONTROLLER module-attribute ¤

EXECUTION_CONTROLLER = LLDBExecutionController()

LLDBArch ¤

LLDBArch(
    name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE,
    ptrsize: int,
    endian: Literal["little", "big"],
)

Bases: Arch

Attributes:

endian property ¤

endian: Literal['little', 'big']

name property ¤

name: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE

ptrsize property ¤

ptrsize: int

LLDBRegisters ¤

LLDBRegisters(groups: SBValueList, proc: LLDBProcess)

Bases: Registers

Methods:

Attributes:

groups instance-attribute ¤

groups: SBValueList = groups

proc instance-attribute ¤

proc: LLDBProcess = proc

by_name ¤

by_name(name: str) -> Value | None

LLDBFrame ¤

LLDBFrame(inner: SBFrame, proc: LLDBProcess)

Bases: Frame

Methods:

Attributes:

inner instance-attribute ¤

inner: SBFrame = inner

proc instance-attribute ¤

proc: LLDBProcess = proc

lookup_symbol ¤

lookup_symbol(name: str, *, type: SymbolLookupType = ANY) -> Value | None

evaluate_expression ¤

evaluate_expression(expression: str, lock_scheduler: bool = False) -> Value

regs ¤

regs() -> Registers

reg_write ¤

reg_write(name: str, val: int) -> bool

pc ¤

pc() -> int

sp ¤

sp() -> int

parent ¤

parent() -> Frame | None

child ¤

child() -> Frame | None

sal ¤

sal() -> tuple[str, int] | None

__eq__ ¤

__eq__(rhs: object) -> bool

LLDBThread ¤

LLDBThread(inner: SBThread, proc: LLDBProcess)

Bases: Thread

Methods:

Attributes:

inner instance-attribute ¤

inner: SBThread = inner

proc instance-attribute ¤

proc: LLDBProcess = proc

bottom_frame ¤

bottom_frame() -> Iterator[Frame]

ptid ¤

ptid() -> int | None

index ¤

index() -> int

LLDBType ¤

LLDBType(inner: SBType)

Bases: Type

Methods:

Attributes:

inner instance-attribute ¤

inner: SBType = inner

name_identifier property ¤

name_identifier: str | None

name_to_human_readable property ¤

name_to_human_readable: str

sizeof property ¤

sizeof: int

alignof property ¤

alignof: int

code property ¤

code: TypeCode

__eq__ ¤

__eq__(rhs: object) -> bool

func_arguments ¤

func_arguments() -> list[Type] | None

fields ¤

fields() -> list[TypeField]

array ¤

array(count: int) -> Type

pointer ¤

pointer() -> Type

strip_typedefs ¤

strip_typedefs() -> Type

target ¤

target() -> Type

has_field ¤

has_field(name: str) -> bool

Whether this type has a field with the given name.

keys ¤

keys() -> list[str]

Returns a list containing all the field names of this type.

enum_member ¤

enum_member(field_name: str) -> int | None

Retrieve the integer value of an enum member.

It returns: - integer value, when found field - returns None, If the field does not exist

offsetof ¤

offsetof(field_name: str) -> int | None

Calculate the byte offset of a field within a struct or union.

This method recursively traverses nested structures and unions, and it computes the byte-aligned offset for the specified field.

It returns: - offset in bytes if found - None if the field doesn't exist or if an unsupported alignment/bit-field is encountered

LLDBValue ¤

LLDBValue(inner: SBValue, proc: LLDBProcess)

Bases: Value

Methods:

Attributes:

proc instance-attribute ¤

proc = proc

inner instance-attribute ¤

inner = inner

address property ¤

address: Value | None

is_optimized_out property ¤

is_optimized_out: bool

type property ¤

type: Type

dereference ¤

dereference() -> Value

string ¤

string() -> str

value_to_human_readable ¤

value_to_human_readable() -> str

fetch_lazy ¤

fetch_lazy() -> None

__int__ ¤

__int__() -> int

cast ¤

cast(type: Type | Any) -> Value

__add__ ¤

__add__(rhs: int) -> Value

__sub__ ¤

__sub__(rhs: int) -> Value

__getitem__ ¤

__getitem__(key: str | int) -> Value

LLDBMemoryMap ¤

LLDBMemoryMap(pages: list[Page])

Bases: MemoryMap

Methods:

Attributes:

pages instance-attribute ¤

pages = pages

is_qemu ¤

is_qemu() -> bool

ranges ¤

ranges() -> list[Page]

LLDBStopPoint ¤

LLDBStopPoint(
    inner: SBBreakpoint | SBWatchpoint,
    proc: LLDBProcess,
    stop_handler_name: str | None,
)

Bases: StopPoint

Methods:

Attributes:

inner instance-attribute ¤

inner: SBBreakpoint | SBWatchpoint = inner

proc instance-attribute ¤

proc: LLDBProcess = proc

stop_handler_name instance-attribute ¤

stop_handler_name: str | None = stop_handler_name

remove ¤

remove() -> None

set_enabled ¤

set_enabled(enabled: bool) -> None

__enter__ ¤

__enter__() -> StopPoint

__exit__ ¤

__exit__(exc_type, exc_value, traceback) -> None

Automatic breakpoint removal.

OneShotAwaitable ¤

OneShotAwaitable(value: Any)

Used as part of the logic for the execution controller. This is an Awaitable object that yields the value passed to its constructor exactly once.

Methods:

Attributes:

value instance-attribute ¤

value = value

__await__ ¤

__await__() -> Generator[Any, Any, Any]

YieldContinue ¤

YieldContinue(target: LLDBStopPoint)

Continues execution of the process until the breakpoint or watchpoint given in the constructor is hit or the operation is cancelled.

This class is part of the execution controller system, so it is intented to be yielded by the async function with access to an execution controller, and caught and hanlded by the event loop in the LLDB Pwndbg CLI.

Attributes:

target instance-attribute ¤

target: LLDBStopPoint = target

YieldSingleStep ¤

Moves execution of the process being debugged forward by one instruction.

This class is part of the execution controller system, so it is intented to be yielded by the async function with access to an execution controller, and caught and hanlded by the event loop in the LLDB Pwndbg CLI.

LLDBExecutionController ¤

Bases: ExecutionController

Methods:

single_step ¤

single_step() -> Awaitable[None]

cont ¤

cont(target: StopPoint) -> Awaitable[None]

LLDBProcess ¤

LLDBProcess(
    dbg: LLDB, process: SBProcess, target: SBTarget, is_gdb_remote: bool
)

Bases: Process

Methods:

Attributes:

dbg instance-attribute ¤

dbg = dbg

process instance-attribute ¤

process = process

target instance-attribute ¤

target = target

threads ¤

threads() -> list[Thread]

pid ¤

pid() -> int | None

alive ¤

alive() -> bool

stopped_with_signal ¤

stopped_with_signal() -> bool

evaluate_expression ¤

evaluate_expression(expression: str) -> Value

get_known_pages ¤

get_known_pages() -> list[Page]

vmmap ¤

vmmap() -> MemoryMap

find_largest_range_len ¤

find_largest_range_len(
    min_search: int, max_search: int, test: Callable[[int], bool]
) -> int

Finds the largest memory range given a minimum and a maximum value for the size of the rage. This is a binary search, so it should do on the order of log2(max_search - min_search) attempts before it arrives at an answer.

read_memory ¤

read_memory(address: int, size: int, partial: bool = False) -> bytearray

write_memory ¤

write_memory(address: int, data: bytearray, partial: bool = False) -> int

find_in_memory ¤

find_in_memory(
    pattern: bytearray,
    start: int,
    size: int,
    align: int,
    max_matches: int = -1,
    step: int = -1,
) -> Generator[int, None, None]

is_remote ¤

is_remote() -> bool

send_remote ¤

send_remote(packet: str) -> bytes

send_monitor ¤

send_monitor(cmd: str) -> str

download_remote_file ¤

download_remote_file(remote_path: str, local_path: str) -> None

create_value ¤

create_value(value: int, type: Type | None = None) -> Value

symbol_name_at_address ¤

symbol_name_at_address(address: int) -> str | None

lookup_symbol ¤

lookup_symbol(
    name: str,
    *,
    prefer_static: bool = False,
    type: SymbolLookupType = ANY,
    objfile_endswith: str | None = None,
) -> Value | None

types_with_name ¤

types_with_name(name: str) -> Sequence[Type]

arch ¤

arch() -> Arch

break_at ¤

break_at(
    location: BreakpointLocation | WatchpointLocation,
    stop_handler: Callable[[StopPoint], bool] | None = None,
    internal: bool = False,
) -> StopPoint

disasm ¤

disasm(address: int) -> DisassembledInstruction | None

is_linux ¤

is_linux() -> bool

module_section_locations ¤

module_section_locations() -> list[tuple[int, int, str, str]]

main_module_name ¤

main_module_name() -> str

main_module_entry ¤

main_module_entry() -> int | None

is_dynamically_linked ¤

is_dynamically_linked() -> bool

dispatch_execution_controller ¤

dispatch_execution_controller(
    procedure: Callable[[ExecutionController], Coroutine[Any, Any, None]],
)

LLDBCommand ¤

LLDBCommand(handler_name: str, command_name: str)

Bases: CommandHandle

Methods:

  • remove

    Removes this command from the command palette of the debugger.

Attributes:

handler_name instance-attribute ¤

handler_name = handler_name

command_name instance-attribute ¤

command_name = command_name

remove ¤

remove() -> None

Removes this command from the command palette of the debugger.

LLDB ¤

Bases: Debugger

Methods:

Attributes:

exec_states instance-attribute ¤

exec_states: list[SBExecutionState]

event_handlers instance-attribute ¤

event_handlers: dict[EventType, list[Callable[..., T]]]

suspended_events instance-attribute ¤

suspended_events: dict[EventType, bool]

prompt_hook instance-attribute ¤

prompt_hook: Callable[[], None]

controllers instance-attribute ¤

controllers: list[tuple[LLDBProcess, Coroutine[Any, Any, None]]]

pre_ctx_lines property ¤

pre_ctx_lines: int

setup ¤

setup(*args, **kwargs)

add_command ¤

add_command(
    command_name: str,
    handler: Callable[[Debugger, str, bool], None],
    doc: str | None,
) -> CommandHandle

history ¤

history(last: int = 10) -> list[tuple[int, str]]

commands ¤

commands() -> list[str]

lex_args ¤

lex_args(command_line: str) -> list[str]

selected_inferior ¤

selected_inferior() -> Process | None

selected_thread ¤

selected_thread() -> Thread | None

selected_frame ¤

selected_frame() -> Frame | None

has_event_type ¤

has_event_type(ty: EventType) -> bool

event_handler ¤

event_handler(
    ty: EventType,
) -> Callable[[Callable[..., T]], Callable[..., T]]

suspend_events ¤

suspend_events(ty: EventType) -> None

resume_events ¤

resume_events(ty: EventType) -> None

set_sysroot ¤

set_sysroot(sysroot: str) -> bool

supports_breakpoint_creation_during_stop_handler ¤

supports_breakpoint_creation_during_stop_handler() -> bool

breakpoint_locations ¤

breakpoint_locations() -> list[BreakpointLocation]

name ¤

name() -> DebuggerType

x86_disassembly_flavor ¤

x86_disassembly_flavor() -> Literal['att', 'intel']

string_limit ¤

string_limit() -> int

get_cmd_window_size ¤

get_cmd_window_size() -> tuple[int, int]

is_gdblib_available ¤

is_gdblib_available()

addrsz ¤

addrsz(address: Any) -> str

set_python_diagnostics ¤

set_python_diagnostics(enabled: bool) -> None

rename_register ¤

rename_register(name: str, proc: LLDBProcess) -> str

Some register names differ between Pwndbg/GDB and LLDB. This function takes in a register name in the Pwndbg/GDB convention and returns the equivalent LLDB name for the register.

map_type_code ¤

map_type_code(type: SBType) -> TypeCode

Determines the type code of a given LLDB SBType.