def nearpc(pc=None, lines=None, to_string=False, emulate=False):
"""
Disassemble near a specified address.
"""
# Repeating nearpc (pressing enter) makes it show next addresses
# (writing nearpc explicitly again will reset its state)
if nearpc.repeat:
pc = nearpc.next_pc
result = []
# Fix the case where we only have one argument, and
# it's a small value.
if lines is None and (pc is None or int(pc) < 0x100):
lines = pc
pc = None
if pc is None:
pc = pwndbg.regs.pc
if lines is None:
lines = nearpc_lines // 2
pc = int(pc)
lines = int(lines)
# Check whether we can even read this address
if not pwndbg.memory.peek(pc):
result.append(message.error('Invalid address %#x' % pc))
# # Load source data if it's available
# pc_to_linenos = collections.defaultdict(lambda: [])
# lineno_to_src = {}
# frame = gdb.selected_frame()
# if frame:
# sal = frame.find_sal()
# if sal:
# symtab = sal.symtab
# objfile = symtab.objfile
# sourcefilename = symtab.filename
# with open(sourcefilename, 'r') as sourcefile:
# lineno_to_src = {i:l for i,l in enumerate(sourcefile.readlines())}
# for line in symtab.linetable():
# pc_to_linenos[line.pc].append(line.line)
instructions = pwndbg.disasm.near(pc,
lines,
emulate=emulate,
show_prev_insns=not nearpc.repeat)
if pwndbg.memory.peek(pc) and not instructions:
result.append(message.error('Invalid instructions at %#x' % pc))
# In case $pc is in a new map we don't know about,
# this will trigger an exploratory search.
pwndbg.vmmap.find(pc)
# Gather all addresses and symbols for each instruction
symbols = [pwndbg.symbol.get(i.address) for i in instructions]
addresses = ['%#x' % i.address for i in instructions]
nearpc.next_pc = instructions[-1].address + instructions[
-1].size if instructions else 0
# Format the symbol name for each instruction
symbols = ['<%s> ' % sym if sym else '' for sym in symbols]
# Pad out all of the symbols and addresses
if pwndbg.config.left_pad_disasm and not nearpc.repeat:
symbols = ljust_padding(symbols)
addresses = ljust_padding(addresses)
prev = None
first_pc = True
# Print out each instruction
for address_str, symbol, instr in zip(addresses, symbols, instructions):
asm = D.instruction(instr)
prefix_sign = pwndbg.config.nearpc_prefix
# Show prefix only on the specified address and don't show it while in repeat-mode
# or when showing current instruction for the second time
show_prefix = instr.address == pc and not nearpc.repeat and first_pc
prefix = ' %s' % (prefix_sign if show_prefix else ' ' *
len(prefix_sign))
prefix = N.prefix(prefix)
pre = pwndbg.ida.Anterior(instr.address)
if pre:
result.append(N.ida_anterior(pre))
# Colorize address and symbol if not highlighted
# symbol is fetched from gdb and it can be e.g. '<main+8>'
if instr.address != pc or not pwndbg.config.highlight_pc or nearpc.repeat:
address_str = N.address(address_str)
symbol = N.symbol(symbol)
elif pwndbg.config.highlight_pc and first_pc:
prefix = C.highlight(prefix)
address_str = C.highlight(address_str)
symbol = C.highlight(symbol)
first_pc = False
line = ' '.join((prefix, address_str, symbol, asm))
# If there was a branch before this instruction which was not
# contiguous, put in some ellipses.
if prev and prev.address + prev.size != instr.address:
result.append(N.branch_marker('%s' % nearpc_branch_marker))
# Otherwise if it's a branch and it *is* contiguous, just put
# and empty line.
elif prev and any(g in prev.groups
for g in (CS_GRP_CALL, CS_GRP_JUMP, CS_GRP_RET)):
if len('%s' % nearpc_branch_marker_contiguous) > 0:
result.append('%s' % nearpc_branch_marker_contiguous)
# For syscall instructions, put the name on the side
if instr.address == pc:
syscall_name = pwndbg.arguments.get_syscall_name(instr)
if syscall_name:
line += ' <%s>' % N.syscall_name(syscall_name)
# For Comment Function
try:
line += " " * 10 + C.comment(
pwndbg.commands.comments.file_lists[pwndbg.proc.exe][hex(
instr.address)])
except:
pass
result.append(line)
# For call instructions, attempt to resolve the target and
# determine the number of arguments.
if show_args:
result.extend([
'%8s%s' % ('', arg)
for arg in pwndbg.arguments.format_args(instruction=instr)
])
prev = instr
if not to_string:
print('\n'.join(result))
return result
def nearpc(pc=None, lines=None, to_string=False, emulate=False):
"""
Disassemble near a specified address.
"""
# Fix the case where we only have one argument, and
# it's a small value.
if lines is None and (pc is None or int(pc) < 0x100):
lines = pc
pc = None
if pc is None:
pc = pwndbg.regs.pc
if lines is None:
lines = 5
pc = int(pc)
lines = int(lines)
# # Load source data if it's available
# pc_to_linenos = collections.defaultdict(lambda: [])
# lineno_to_src = {}
# frame = gdb.selected_frame()
# if frame:
# sal = frame.find_sal()
# if sal:
# symtab = sal.symtab
# objfile = symtab.objfile
# sourcefilename = symtab.filename
# with open(sourcefilename, 'r') as sourcefile:
# lineno_to_src = {i:l for i,l in enumerate(sourcefile.readlines())}
# for line in symtab.linetable():
# pc_to_linenos[line.pc].append(line.line)
result = []
instructions = pwndbg.disasm.near(pc, lines, emulate=emulate)
# In case $pc is in a new map we don't know about,
# this will trigger an exploratory search.
pwndbg.vmmap.find(pc)
# Gather all addresses and symbols for each instruction
symbols = [pwndbg.symbol.get(i.address) for i in instructions]
addresses = ['%#x' % i.address for i in instructions]
# Format the symbol name for each instruction
symbols = ['<%s> ' % sym if sym else '' for sym in symbols]
# Pad out all of the symbols and addresses
if pwndbg.config.left_pad_disasm:
symbols = ljust_padding(symbols)
addresses = ljust_padding(addresses)
prev = None
# Print out each instruction
for address_str, s, i in zip(addresses, symbols, instructions):
asm = D.instruction(i)
prefix = ' %s' % (pwndbg.config.nearpc_prefix if i.address == pc else ' ' * len(pwndbg.config.nearpc_prefix.value))
prefix = N.prefix(prefix)
if pwndbg.config.highlight_pc:
prefix = C.highlight(prefix)
pre = pwndbg.ida.Anterior(i.address)
if pre:
result.append(N.ida_anterior(pre))
# Colorize address and symbol if not highlighted
if i.address != pc or not pwndbg.config.highlight_pc:
address_str = N.address(address_str)
s = N.symbol(s)
elif pwndbg.config.highlight_pc:
address_str = C.highlight(address_str)
s = C.highlight(s)
line = ' '.join((prefix, address_str, s, asm))
# If there was a branch before this instruction which was not
# contiguous, put in some ellipses.
if prev and prev.address + prev.size != i.address:
result.append(N.branch_marker('%s' % nearpc_branch_marker))
# Otherwise if it's a branch and it *is* contiguous, just put
# and empty line.
elif prev and any(g in prev.groups for g in (CS_GRP_CALL, CS_GRP_JUMP, CS_GRP_RET)):
if len('%s' % nearpc_branch_marker_contiguous) > 0:
result.append('%s' % nearpc_branch_marker_contiguous)
# For syscall instructions, put the name on the side
if i.address == pc:
syscall_name = pwndbg.arguments.get_syscall_name(i)
if syscall_name:
line += ' <%s>' % N.syscall_name(syscall_name)
result.append(line)
# For call instructions, attempt to resolve the target and
# determine the number of arguments.
for arg, value in pwndbg.arguments.get(i):
code = False if arg.type == 'char' else True
pretty = pwndbg.chain.format(value, code=code)
result.append('%8s%-10s %s' % ('', N.argument(arg.name) + ':', pretty))
prev = i
if not to_string:
print('\n'.join(result))
return result
def nearpc(pc=None, lines=None, to_string=False, emulate=False):
"""
Disassemble near a specified address.
"""
# Fix the case where we only have one argument, and
# it's a small value.
if lines is None and (pc is None or int(pc) < 0x100):
lines = pc
pc = None
if pc is None:
pc = pwndbg.regs.pc
if lines is None:
lines = 5
pc = int(pc)
lines = int(lines)
# # Load source data if it's available
# pc_to_linenos = collections.defaultdict(lambda: [])
# lineno_to_src = {}
# frame = gdb.selected_frame()
# if frame:
# sal = frame.find_sal()
# if sal:
# symtab = sal.symtab
# objfile = symtab.objfile
# sourcefilename = symtab.filename
# with open(sourcefilename, 'r') as sourcefile:
# lineno_to_src = {i:l for i,l in enumerate(sourcefile.readlines())}
# for line in symtab.linetable():
# pc_to_linenos[line.pc].append(line.line)
result = []
instructions = pwndbg.disasm.near(pc, lines, emulate=emulate)
# In case $pc is in a new map we don't know about,
# this will trigger an exploratory search.
pwndbg.vmmap.find(pc)
# Gather all addresses and symbols for each instruction
symbols = [pwndbg.symbol.get(i.address) for i in instructions]
addresses = ['%#x' % i.address for i in instructions]
# Format the symbol name for each instruction
symbols = ['<%s> ' % sym if sym else '' for sym in symbols]
# Pad out all of the symbols and addresses
if pwndbg.config.left_pad_disasm:
symbols = ljust_padding(symbols)
addresses = ljust_padding(addresses)
prev = None
# Print out each instruction
for address_str, s, i in zip(addresses, symbols, instructions):
asm = D.instruction(i)
prefix = ' %s' % (pwndbg.config.nearpc_prefix if i.address == pc else
' ' * len(pwndbg.config.nearpc_prefix.value))
prefix = N.prefix(prefix)
if pwndbg.config.highlight_pc:
prefix = C.highlight(prefix)
pre = pwndbg.ida.Anterior(i.address)
if pre:
result.append(N.ida_anterior(pre))
# Colorize address and symbol if not highlighted
if i.address != pc or not pwndbg.config.highlight_pc:
address_str = N.address(address_str)
s = N.symbol(s)
elif pwndbg.config.highlight_pc:
address_str = C.highlight(address_str)
s = C.highlight(s)
line = ' '.join((prefix, address_str, s, asm))
# If there was a branch before this instruction which was not
# contiguous, put in some ellipses.
if prev and prev.address + prev.size != i.address:
result.append(N.branch_marker('%s' % nearpc_branch_marker))
# Otherwise if it's a branch and it *is* contiguous, just put
# and empty line.
elif prev and any(g in prev.groups
for g in (CS_GRP_CALL, CS_GRP_JUMP, CS_GRP_RET)):
if len('%s' % nearpc_branch_marker_contiguous) > 0:
result.append('%s' % nearpc_branch_marker_contiguous)
# For syscall instructions, put the name on the side
if i.address == pc:
syscall_name = pwndbg.arguments.get_syscall_name(i)
if syscall_name:
line += ' <%s>' % N.syscall_name(syscall_name)
result.append(line)
# For call instructions, attempt to resolve the target and
# determine the number of arguments.
for arg, value in pwndbg.arguments.get(i):
code = False if arg.type == 'char' else True
pretty = pwndbg.chain.format(value, code=code)
result.append('%8s%-10s %s' %
('', N.argument(arg.name) + ':', pretty))
prev = i
if not to_string:
print('\n'.join(result))
return result
def nearpc(pc=None, lines=None, to_string=False, emulate=False):
"""
Disassemble near a specified address.
"""
# Repeating nearpc (pressing enter) makes it show next addresses
# (writing nearpc explicitly again will reset its state)
if nearpc.repeat:
pc = nearpc.next_pc
result = []
# Fix the case where we only have one argument, and
# it's a small value.
if lines is None and (pc is None or int(pc) < 0x100):
lines = pc
pc = None
if pc is None:
pc = pwndbg.regs.pc
if lines is None:
lines = nearpc_lines // 2
pc = int(pc)
lines = int(lines)
# Check whether we can even read this address
if not pwndbg.memory.peek(pc):
result.append(message.error('Invalid address %#x' % pc))
# # Load source data if it's available
# pc_to_linenos = collections.defaultdict(lambda: [])
# lineno_to_src = {}
# frame = gdb.selected_frame()
# if frame:
# sal = frame.find_sal()
# if sal:
# symtab = sal.symtab
# objfile = symtab.objfile
# sourcefilename = symtab.filename
# with open(sourcefilename, 'r') as sourcefile:
# lineno_to_src = {i:l for i,l in enumerate(sourcefile.readlines())}
# for line in symtab.linetable():
# pc_to_linenos[line.pc].append(line.line)
instructions = pwndbg.disasm.near(pc, lines, emulate=emulate, show_prev_insns=not nearpc.repeat)
if pwndbg.memory.peek(pc) and not instructions:
result.append(message.error('Invalid instructions at %#x' % pc))
# In case $pc is in a new map we don't know about,
# this will trigger an exploratory search.
pwndbg.vmmap.find(pc)
# Gather all addresses and symbols for each instruction
symbols = [pwndbg.symbol.get(i.address) for i in instructions]
addresses = ['%#x' % i.address for i in instructions]
nearpc.next_pc = instructions[-1].address + instructions[-1].size if instructions else 0
# Format the symbol name for each instruction
symbols = ['<%s> ' % sym if sym else '' for sym in symbols]
# Pad out all of the symbols and addresses
if pwndbg.config.left_pad_disasm and not nearpc.repeat:
symbols = ljust_padding(symbols)
addresses = ljust_padding(addresses)
prev = None
# Print out each instruction
for address_str, symbol, instr in zip(addresses, symbols, instructions):
asm = D.instruction(instr)
prefix_sign = pwndbg.config.nearpc_prefix
# Show prefix only on the specified address and don't show it while in repeat-mode
show_prefix = instr.address == pc and not nearpc.repeat
prefix = ' %s' % (prefix_sign if show_prefix else ' ' * len(prefix_sign))
prefix = N.prefix(prefix)
pre = pwndbg.ida.Anterior(instr.address)
if pre:
result.append(N.ida_anterior(pre))
# Colorize address and symbol if not highlighted
# symbol is fetched from gdb and it can be e.g. '<main+8>'
if instr.address != pc or not pwndbg.config.highlight_pc or nearpc.repeat:
address_str = N.address(address_str)
symbol = N.symbol(symbol)
elif pwndbg.config.highlight_pc:
prefix = C.highlight(prefix)
address_str = C.highlight(address_str)
symbol = C.highlight(symbol)
line = ' '.join((prefix, address_str, symbol, asm))
# If there was a branch before this instruction which was not
# contiguous, put in some ellipses.
if prev and prev.address + prev.size != instr.address:
result.append(N.branch_marker('%s' % nearpc_branch_marker))
# Otherwise if it's a branch and it *is* contiguous, just put
# and empty line.
elif prev and any(g in prev.groups for g in (CS_GRP_CALL, CS_GRP_JUMP, CS_GRP_RET)):
if len('%s' % nearpc_branch_marker_contiguous) > 0:
result.append('%s' % nearpc_branch_marker_contiguous)
# For syscall instructions, put the name on the side
if instr.address == pc:
syscall_name = pwndbg.arguments.get_syscall_name(instr)
if syscall_name:
line += ' <%s>' % N.syscall_name(syscall_name)
result.append(line)
# For call instructions, attempt to resolve the target and
# determine the number of arguments.
if show_args:
result.extend(['%8s%s' % ('', arg) for arg in pwndbg.arguments.format_args(instruction=instr)])
prev = instr
if not to_string:
print('\n'.join(result))
return result