libdebug.architectures.amd64 package#

Submodules#

libdebug.architectures.amd64.amd64_ptrace_hw_bp_helper module#

class libdebug.architectures.amd64.amd64_ptrace_hw_bp_helper.Amd64PtraceHardwareBreakpointManager(thread: ThreadContext, peek_user: Callable[[int, int], int], poke_user: Callable[[int, int, int], None])[source]#

Bases: PtraceHardwareBreakpointManager

A hardware breakpoint manager for the amd64 architecture.

thread#

The target thread.

Type:: ThreadContext

peek_user#

A function that reads a number of bytes from the target thread registers.

Type:: callable

poke_user#

A function that writes a number of bytes to the target thread registers.

Type:: callable

breakpoint_count#

The number of hardware breakpoints set.

Type:: int

install_breakpoint(bp: Breakpoint) → None[source]#: Installs a hardware breakpoint at the provided location.

remove_breakpoint(bp: Breakpoint) → None[source]#: Removes a hardware breakpoint at the provided location.

available_breakpoints() → int[source]#: Returns the number of available hardware breakpoint registers.

is_watchpoint_hit() → Breakpoint | None[source]#

Checks if a watchpoint has been hit.

Returns:: The watchpoint that has been hit, or None if no watchpoint has been hit.
Return type:: Breakpoint | None

libdebug.architectures.amd64.amd64_ptrace_register_holder module#

class libdebug.architectures.amd64.amd64_ptrace_register_holder.Amd64PtraceRegisterHolder(register_file: object)[source]#

Bases: PtraceRegisterHolder

A class that provides views and setters for the registers of an x86_64 process.

provide_regs_class() → type[source]#: Provide a class to hold the register accessors.

apply_on_regs(target: Amd64Registers, target_class: type) → None[source]#: Apply the register accessors to the Amd64Registers class.

apply_on_thread(target: ThreadContext, target_class: type) → None[source]#: Apply the register accessors to the thread class.

libdebug.architectures.amd64.amd64_registers module#

class libdebug.architectures.amd64.amd64_registers.Amd64Registers[source]#

Bases: Registers

This class holds the state of the architectural-dependent registers of a process.

libdebug.architectures.amd64.amd64_stack_unwinder module#

class libdebug.architectures.amd64.amd64_stack_unwinder.Amd64StackUnwinder[source]#

Bases: StackUnwindingManager

Class that provides stack unwinding for the x86_64 architecture.

unwind(target: ThreadContext) → list[source]#

Unwind the stack of a process.

Parameters:: target (ThreadContext) – The target ThreadContext.
Returns:: A list of return addresses.
Return type:: list

get_return_address(target: ThreadContext) → int[source]#

Get the return address of the current function.

Parameters:: target (ThreadContext) – The target ThreadContext.
Returns:: The return address.
Return type:: int

libdebug.architectures.amd64.amd64_syscall_hijacker module#

class libdebug.architectures.amd64.amd64_syscall_hijacker.Amd64SyscallHijacker[source]#

Bases: SyscallHijackingManager

Class that provides syscall hijacking for the x86_64 architecture.

allowed_args: set[str] = frozenset({'syscall_arg0', 'syscall_arg1', 'syscall_arg2', 'syscall_arg3', 'syscall_arg4', 'syscall_arg5', 'syscall_number'})#

create_hijacker(new_syscall: int, **kwargs: int) → Callable[[ThreadContext, int], None][source]#

Create a new hijacker for the given syscall.

Parameters:

new_syscall (int) – The new syscall number.
**kwargs – The keyword arguments.