Skip to content

Structs

BINMAPSIZE = 4 module-attribute

C2GDB_MAPPING = {ctypes.c_char: pwndbg.aglib.typeinfo.char, ctypes.c_int8: pwndbg.aglib.typeinfo.int8, ctypes.c_int16: pwndbg.aglib.typeinfo.int16, ctypes.c_int32: pwndbg.aglib.typeinfo.int32, ctypes.c_int64: pwndbg.aglib.typeinfo.int64, ctypes.c_uint8: pwndbg.aglib.typeinfo.uint8, ctypes.c_uint16: pwndbg.aglib.typeinfo.uint16, ctypes.c_uint32: pwndbg.aglib.typeinfo.uint32, ctypes.c_uint64: pwndbg.aglib.typeinfo.uint64, c_pvoid: pwndbg.aglib.typeinfo.pvoid, c_size_t: pwndbg.aglib.typeinfo.size_t} module-attribute

DEFAULT_MMAP_MAX = 65536 module-attribute

DEFAULT_MMAP_THRESHOLD = 128 * 1024 module-attribute

DEFAULT_MP_ = MallocPar._c_struct() module-attribute

DEFAULT_PAGE_SIZE = 4096 module-attribute

DEFAULT_TOP_PAD = 131072 module-attribute

DEFAULT_TRIM_THRESHOLD = 128 * 1024 module-attribute

GLIBC_VERSION = pwndbg.glibc.get_version() module-attribute

MALLOC_ALIGN = 16 module-attribute

MALLOC_ALIGN_MASK = MALLOC_ALIGN - 1 module-attribute

MAX_FAST_SIZE = 80 * SIZE_SZ // 4 module-attribute

MINSIZE = pwndbg.aglib.arch.ptrsize * 4 module-attribute

NBINS = 128 module-attribute

NFASTBINS = fastbin_index(request2size(MAX_FAST_SIZE)) + 1 module-attribute

PTR = ctypes.c_uint32 module-attribute

SIZE_SZ = pwndbg.aglib.arch.ptrsize module-attribute

SIZE_T = ctypes.c_uint32 module-attribute

TCACHE_FILL_COUNT = 7 module-attribute

TCACHE_MAX_BINS = 64 module-attribute

long_double_alignment = pwndbg.aglib.typeinfo.lookup_types('long double').alignof module-attribute

CStruct2GDB

address = address instance-attribute

code = pwndbg.dbg_mod.TypeCode.STRUCT class-attribute instance-attribute

type property

Returns type(self) to make it compatible with the pwndbg.dbg_mod.Value interface.

__eq__(other)

__getattr__(key)

Returns the value of the specified field as a pwndbg.dbg_mod.Value.

__getitem__(key)

Returns the value of the specified field as a pwndbg.dbg_mod.Value.

__init__(address)

__int__()

Returns the address of the C struct.

__str__()

Returns a string representation of the C struct like pwndbg.dbg_mod.Value does.

fields() classmethod

Return fields of the struct to make it compatible with the pwndbg.dbg_mod.Type interface.

get_field_address(field)

Returns the address of the specified field.

get_field_offset(field) classmethod

Returns the offset of the specified field.

has_field(field) classmethod

Checks whether a field exists to make it compatible with the pwndbg.dbg_mod.Type interface.

items()

Returns a tuple of (field name, field value) pairs.

keys() classmethod

Return a list of the names of the fields in the struct to make it compatible with the pwndbg.dbg_mod.Type interface.

read_field(field)

Returns the value of the specified field as a pwndbg.dbg_mod.Value.

unqualified() classmethod

Returns cls to make it compatible with the gdb.types.has_field() interface.

FakeGDBField

Fake gdb.Field for compatibility

artificial = artificial instance-attribute

bitpos = bitpos instance-attribute

bitsize = bitsize instance-attribute

enumval = enumval instance-attribute

is_base_class = is_base_class instance-attribute

name = name instance-attribute

parent_type = parent_type instance-attribute

type = type instance-attribute

__init__(bitpos, name, type, parent_type, enumval=None, artificial=False, is_base_class=False, bitsize=0)

HeapInfo

Bases: CStruct2GDB

This class represents heap_info struct with interface compatible with pwndbg.dbg_mod.Value.

sizeof = ctypes.sizeof(_c_struct) class-attribute instance-attribute

MallocChunk

Bases: CStruct2GDB

This class represents malloc_chunk struct with interface compatible with pwndbg.dbg_mod.Value.

sizeof = ctypes.sizeof(_c_struct) class-attribute instance-attribute

MallocPar

Bases: CStruct2GDB

This class represents the malloc_par struct with interface compatible with pwndbg.dbg_mod.Value.

sizeof = ctypes.sizeof(_c_struct) class-attribute instance-attribute

MallocState

Bases: CStruct2GDB

This class represents malloc_state struct with interface compatible with pwndbg.dbg_mod.Value.

sizeof = ctypes.sizeof(_c_struct) class-attribute instance-attribute

TcacheEntry

Bases: CStruct2GDB

This class represents the tcache_entry struct with interface compatible with pwndbg.dbg_mod.Value.

sizeof = ctypes.sizeof(_c_struct) class-attribute instance-attribute

TcachePerthreadStruct

Bases: CStruct2GDB

This class represents tcache_perthread_struct with interface compatible with pwndbg.dbg_mod.Value.

sizeof = ctypes.sizeof(_c_struct) class-attribute instance-attribute

c_heap_info

Bases: Structure

This class represents heap_info struct as a ctypes struct.

https://github.com/bminor/glibc/blob/glibc-2.34/malloc/arena.c#L53

typedef struct _heap_info { mstate ar_ptr; /* Arena for this heap. / struct _heap_info *prev; / Previous heap. / size_t size; / Current size in bytes. / size_t mprotect_size; / Size in bytes that has been mprotected PROT_READ|PROT_WRITE. / / Make sure the following data is properly aligned, particularly that sizeof (heap_info) + 2 * SIZE_SZ is a multiple of MALLOC_ALIGNMENT. */ char pad[-6 * SIZE_SZ & MALLOC_ALIGN_MASK]; } heap_info;

c_malloc_chunk

Bases: Structure

This class represents malloc_chunk struct as a ctypes struct.

https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L1154

struct malloc_chunk {

Text Only
1
2
3
4
5
6
7
8
9
INTERNAL_SIZE_T      mchunk_prev_size;  /* Size of previous chunk (if free).  */
INTERNAL_SIZE_T      mchunk_size;       /* Size in bytes, including overhead. */

struct malloc_chunk* fd;         /* double links -- used only if free. */
struct malloc_chunk* bk;

/* Only used for large blocks: pointer to next larger size.  */
struct malloc_chunk* fd_nextsize; /* double links -- used only if free. */
struct malloc_chunk* bk_nextsize;

};

c_malloc_par_2_12

Bases: Structure

This class represents the malloc_par struct for GLIBC < 2.15 as a ctypes struct.

https://github.com/bminor/glibc/blob/glibc-2.12/malloc/malloc.c#L2402-L2433

struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold;

ifdef PER_THREAD

INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;

endif

/* Memory map support / int n_mmaps; int n_mmaps_max; int max_n_mmaps; / the mmap_threshold is dynamic, until the user sets it manually, at which point we need to disable any dynamic behavior. */ int no_dyn_threshold;

/* Cache malloc_getpagesize */ unsigned int pagesize;

/* Statistics / INTERNAL_SIZE_T mmapped_mem; /*INTERNAL_SIZE_T sbrked_mem;/ /INTERNAL_SIZE_T max_sbrked_mem;/ INTERNAL_SIZE_T max_mmapped_mem; INTERNAL_SIZE_T max_total_mem; /* only kept for NO_THREADS */

/* First address handed out by MORECORE/sbrk. / char sbrk_base; };

c_malloc_par_2_23

Bases: Structure

This class represents the malloc_par struct for GLIBC < 2.24 as a ctypes struct.

https://github.com/bminor/glibc/blob/glibc-2.23/malloc/malloc.c#L1726

struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold; INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;

/* Memory map support / int n_mmaps; int n_mmaps_max; int max_n_mmaps; / the mmap_threshold is dynamic, until the user sets it manually, at which point we need to disable any dynamic behavior. */ int no_dyn_threshold;

/* Statistics / INTERNAL_SIZE_T mmapped_mem; /*INTERNAL_SIZE_T sbrked_mem;/ /INTERNAL_SIZE_T max_sbrked_mem;/ INTERNAL_SIZE_T max_mmapped_mem; INTERNAL_SIZE_T max_total_mem; /* only kept for NO_THREADS */

/* First address handed out by MORECORE/sbrk. */ char *sbrk_base; };

c_malloc_par_2_24

Bases: Structure

This class represents the malloc_par struct for GLIBC >= 2.24 as a ctypes struct.

https://github.com/bminor/glibc/blob/glibc-2.25/malloc/malloc.c#L1690 https://github.com/bminor/glibc/blob/glibc-2.24/malloc/malloc.c#L1719

struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold; INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;

Text Only
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
/* Memory map support */
int n_mmaps;
int n_mmaps_max;
int max_n_mmaps;
/* the mmap_threshold is dynamic, until the user sets
    it manually, at which point we need to disable any
    dynamic behavior. */
int no_dyn_threshold;

/* Statistics */
INTERNAL_SIZE_T mmapped_mem;
INTERNAL_SIZE_T max_mmapped_mem;

/* First address handed out by MORECORE/sbrk.  */
char *sbrk_base;

};

c_malloc_par_2_26

Bases: Structure

This class represents the malloc_par struct for GLIBC >= 2.26 as a ctypes struct.

https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L1875

struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold; INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;

Text Only
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
/* Memory map support */
int n_mmaps;
int n_mmaps_max;
int max_n_mmaps;
/* the mmap_threshold is dynamic, until the user sets
    it manually, at which point we need to disable any
    dynamic behavior. */
int no_dyn_threshold;

/* Statistics */
INTERNAL_SIZE_T mmapped_mem;
INTERNAL_SIZE_T max_mmapped_mem;

/* First address handed out by MORECORE/sbrk.  */
char *sbrk_base;

if USE_TCACHE

Text Only
1
2
3
4
5
6
7
8
/* Maximum number of buckets to use.  */
size_t tcache_bins;
size_t tcache_max_bytes;
/* Maximum number of chunks in each bucket.  */
size_t tcache_count;
/* Maximum number of chunks to remove from the unsorted list, which
    aren't used to prefill the cache.  */
size_t tcache_unsorted_limit;

endif

};

c_malloc_par_2_35

Bases: Structure

This class represents the malloc_par struct for GLIBC >= 2.35 as a ctypes struct.

https://github.com/bminor/glibc/blob/glibc-2.35/malloc/malloc.c#L1874

struct malloc_par { /* Tunable parameters */ unsigned long trim_threshold; INTERNAL_SIZE_T top_pad; INTERNAL_SIZE_T mmap_threshold; INTERNAL_SIZE_T arena_test; INTERNAL_SIZE_T arena_max;

if HAVE_TUNABLES

Text Only
1
2
3
4
5
6
/* Transparent Large Page support.  */
INTERNAL_SIZE_T thp_pagesize;
/* A value different than 0 means to align mmap allocation to hp_pagesize
    add hp_flags on flags.  */
INTERNAL_SIZE_T hp_pagesize;
int hp_flags;

endif

Text Only
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
/* Memory map support */
int n_mmaps;
int n_mmaps_max;
int max_n_mmaps;
/* the mmap_threshold is dynamic, until the user sets
    it manually, at which point we need to disable any
    dynamic behavior. */
int no_dyn_threshold;

/* Statistics */
INTERNAL_SIZE_T mmapped_mem;
INTERNAL_SIZE_T max_mmapped_mem;

/* First address handed out by MORECORE/sbrk.  */
char *sbrk_base;

if USE_TCACHE

Text Only
1
2
3
4
5
6
7
8
/* Maximum number of buckets to use.  */
size_t tcache_bins;
size_t tcache_max_bytes;
/* Maximum number of chunks in each bucket.  */
size_t tcache_count;
/* Maximum number of chunks to remove from the unsorted list, which
    aren't used to prefill the cache.  */
size_t tcache_unsorted_limit;

endif

};

c_malloc_state_2_12

Bases: Structure

This class represents malloc_state struct for GLIBC < 2.22 as a ctypes struct.

https://github.com/bminor/glibc/blob/glibc-2.12/malloc/malloc.c#L2362-L2400

struct malloc_state { /* Serialize access. */ mutex_t mutex;

/* Flags (formerly in max_fast). */ int flags;

if THREAD_STATS

/* Statistics for locking. Only used if THREAD_STATS is defined. */ long stat_lock_direct, stat_lock_loop, stat_lock_wait;

endif

/* Fastbins */ mfastbinptr fastbinsY[NFASTBINS];

/* Base of the topmost chunk -- not otherwise kept in a bin */ mchunkptr top;

/* The remainder from the most recent split of a small request */ mchunkptr last_remainder;

/* Normal bins packed as described above */ mchunkptr bins[NBINS * 2 - 2];

/* Bitmap of bins */ unsigned int binmap[BINMAPSIZE];

/* Linked list */ struct malloc_state *next;

ifdef PER_THREAD

/* Linked list for free arenas. */ struct malloc_state *next_free;

endif

/* Memory allocated from the system in this arena. */ INTERNAL_SIZE_T system_mem; INTERNAL_SIZE_T max_system_mem; };

c_malloc_state_2_26

Bases: Structure

This class represents malloc_state struct for GLIBC < 2.27 as a ctypes struct.

https://github.com/bminor/glibc/blob/1c9a5c270d8b66f30dcfaf1cb2d6cf39d3e18369/malloc/malloc.c#L1678-L1716

struct malloc_state { /* Serialize access. */ __libc_lock_define (, mutex);

Text Only
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
/* Flags (formerly in max_fast).  */
int flags;

/* Fastbins */
mfastbinptr fastbinsY[NFASTBINS];

/* Base of the topmost chunk -- not otherwise kept in a bin */
mchunkptr top;

/* The remainder from the most recent split of a small request */
mchunkptr last_remainder;

/* Normal bins packed as described above */
mchunkptr bins[NBINS * 2 - 2];

/* Bitmap of bins */
unsigned int binmap[BINMAPSIZE];

/* Linked list */
struct malloc_state *next;

/* Linked list for free arenas.  Access to this field is serialized
    by free_list_lock in arena.c.  */
struct malloc_state *next_free;

/* Number of threads attached to this arena.  0 if the arena is on
    the free list.  Access to this field is serialized by
    free_list_lock in arena.c.  */
INTERNAL_SIZE_T attached_threads;

/* Memory allocated from the system in this arena.  */
INTERNAL_SIZE_T system_mem;
INTERNAL_SIZE_T max_system_mem;

};

c_malloc_state_2_27

Bases: Structure

This class represents malloc_state struct for GLIBC >= 2.27 as a ctypes struct.

https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L1831

struct malloc_state { /* Serialize access. */ __libc_lock_define (, mutex);

Text Only
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
/* Flags (formerly in max_fast).  */
int flags;

/* Set if the fastbin chunks contain recently inserted free blocks.  */
/* Note this is a bool but not all targets support atomics on booleans.  */
int have_fastchunks;

/* Fastbins */
mfastbinptr fastbinsY[NFASTBINS];

/* Base of the topmost chunk -- not otherwise kept in a bin */
mchunkptr top;

/* The remainder from the most recent split of a small request */
mchunkptr last_remainder;

/* Normal bins packed as described above */
mchunkptr bins[NBINS * 2 - 2];

/* Bitmap of bins */
unsigned int binmap[BINMAPSIZE];

/* Linked list */
struct malloc_state *next;

/* Linked list for free arenas.  Access to this field is serialized
    by free_list_lock in arena.c.  */
struct malloc_state *next_free;

/* Number of threads attached to this arena.  0 if the arena is on
    the free list.  Access to this field is serialized by
    free_list_lock in arena.c.  */
INTERNAL_SIZE_T attached_threads;

/* Memory allocated from the system in this arena.  */
INTERNAL_SIZE_T system_mem;
INTERNAL_SIZE_T max_system_mem;

};

c_pvoid

Bases: PTR

Represents a pointer.

c_size_t

Bases: SIZE_T

Represents a size_t.

c_tcache_entry_2_28

Bases: Structure

This class represents the tcache_entry struct for GLIBC < 2.29 as a ctypes struct.

https://github.com/bminor/glibc/blob/glibc-2.28/malloc/malloc.c#L2888

typedef struct tcache_entry { struct tcache_entry *next; } tcache_entry;

c_tcache_entry_2_29

Bases: Structure

This class represents the tcache_entry struct for GLIBC >= 2.29 as a ctypes struct.

https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L3013

typedef struct tcache_entry { struct tcache_entry next; / This field exists to detect double frees. */ uintptr_t key; } tcache_entry;

c_tcache_perthread_struct_2_29

Bases: Structure

This class represents tcache_perthread_struct for GLIBC < 2.30 as a ctypes struct.

https://github.com/bminor/glibc/blob/glibc-2.29/malloc/malloc.c#L2916

typedef struct tcache_perthread_struct { char counts[TCACHE_MAX_BINS]; tcache_entry *entries[TCACHE_MAX_BINS]; } tcache_perthread_struct;

c_tcache_perthread_struct_2_30

Bases: Structure

This class represents the tcache_perthread_struct for GLIBC >= 2.30 as a ctypes struct.

https://github.com/bminor/glibc/blob/glibc-2.34/malloc/malloc.c#L3025

typedef struct tcache_perthread_struct { uint16_t counts[TCACHE_MAX_BINS]; tcache_entry *entries[TCACHE_MAX_BINS]; } tcache_perthread_struct;

fastbin_index(size)

request2size(req)