Debugger¶

class debugger.Debugger(path: str, parameters: List[str], aslr: bool = False)¶

The base debugger class, never instantiated. Do not use Debugger constructor, use Debugger.debug() instead.

static debug(path: str, parameters: List[str] = [], aslr: bool = False)¶

Starts debugging a file

Parameters

path (str) – The absolute or relative path to the executable.
parameters (List[str]) – Commands line arguments to be passed to the program.
aslr (bool) – Weither or not the ASLR will be enabled for the child process, True = enable, False = disabled

Returns

Debugger32 or Debugger64

Raises

ValueError - if the file is not an ELF file or if it’s not a supported architecture.

breakpoint(addr: int, enabled: bool = True, relative: bool = False)¶

Adds a breakpoint

Parameters

addr (int) – The address of the breakpoint.
enabled (bool) – Weither or not the breakpoint is enabled.

Returns

None

get_breakpoint_at(addr: int) → ldbg.breakpoint.Breakpoint¶

Returns the breakpoint at address

Parameters: addr (int) – The address of the breakpoint.
Returns: breakpoint.Breakpoint – The breakpoint if found, else None.

delete_breakpoint(bp: ldbg.breakpoint.Breakpoint)¶

Deletes a breakpoint

Parameters: bp (breakpoint.Breakpoint) – The breakpoint to delete.

make_snapshot() → ldbg.snapshot.Snapshot¶

Returns a memory snapshot of the process

Returns: snapshot.Snapshot – the memory snapshot

restore_snapshot(snapshot: ldbg.snapshot.Snapshot) → None¶

Restores a memory snapshot

Returns: None

pcontinue()¶

Continues process execution until it stops

Returns: None

step()¶

Executes a single instruction

Returns: None

syscall()¶

Continues process execution until a syscall occur, call it a second time to watch syscall return value

Returns: None

read_memory(addr: int, size: int) → bytes¶

Reads bytes at address of current process

Parameters

addr (int) – The address from where bytes will be read.
size (int) – The number of bytes to read.

Returns

bytes – The bytes read

Raises

MemoryException - if the address is invalid

read_string(addr: int) → bytes¶

Reads bytes at address until a null bytes is found

Parameters: addr (int) – The address from where bytes will be read.
Returns: bytes – the bytes read
Raises: MemoryException - if the address is invalid

get_function_by_name(name: str) → ldbg.function.Function¶

Returns the function with name name

Parameters: name (str) – The function name.
Returns: function.Function – the function

abstract get_regs() → Dict¶

Gets all registers

Returns: Dict – A dict associating the register name with its value.

abstract get_reg(regname: str) → int¶

Gets a register value by name

Parameters: regname (str) – The name of the register to read.
Returns: int – The value of register.
Raises: KeyError - if the register doesn’t exist.

abstract get_instruction_pointer() → int¶

Gets the instruction pointer

Returns: int – The instruction pointer register value.

abstract set_reg(regname: str, value: int) → None¶

Sets a register value

Parameters

regname (str) – The name of the register.
value (int) – The value to write to the register.

Returns

None

Raises

KeyError - if the register doesn’t exist.

property pid¶

Returns the PID of the currently attached process

Type: int

property breakpoints¶

Returns a list of all breakpoints

Type: List[breakpoint.Breakpoint]

property stdin¶

Returns the stream.Stream associated with stdin for the attached process

Type: Stream

property stdout¶

Returns the stream.Stream associated with stdout for the attached process

Type: Stream

property stderr¶

Returns the stream.Stream associated with stderr for the attached process

Type: Stream

property binary¶

Returns the binary

Type: lief.ELF.Binary

property base_address¶

Returns the binary base address

Type: int

property functions¶

Returns the list of defined functions

Type: List[function.Function]

class debugger.Debugger32(path: str, parameters: List[str], aslr: bool = False)¶

The debugger class for 32 bits process, do not instantiate manualy, use Debugger.debug().

get_regs() → Dict¶: Gets all registers for a 32 bits process, see Debugger.get_regs().

get_reg(regname: str) → int¶: Gets a register value by name for a 32 bits process, see Debugger.get_reg().

get_instruction_pointer() → int¶: Gets the instruction pointer for a 32 bits process, eip, see Debugger.get_instruction_pointer().

set_reg(regname: str, value: int) → None¶: Sets a register value for a 32 bits process, see Debugger.set_reg().

class debugger.Debugger64(path: str, parameters: List[str], aslr: bool = False)¶

The debugger class for 64 bits process, do not instantiate manualy, use Debugger.debug().

get_regs() → Dict¶: Gets all registers for a 64 bits process, see Debugger.get_regs().

get_reg(regname: str) → int¶: Gets a register value by name for a 64 bits process, see Debugger.get_reg().

get_instruction_pointer() → int¶: Gets the instruction pointer for a 64 bits process, rip, see Debugger.get_instruction_pointer().

set_reg(regname: str, value: int) → None¶: Sets a register value for a 64 bits process, see Debugger.set_reg().