API Reference

All 146 MCP tools exposed by the server are documented below, auto-generated from the docstrings in pwndbg_lldb_mcp.py.

pwndbg-lldb MCP Server

An MCP (Model Context Protocol) server that exposes pwndbg commands running under LLDB as tools for AI assistants. This enables AI-driven binary analysis, exploit development, and reverse engineering through pwndbg’s enhanced debugging capabilities.

pwndbg-lldb documentation:

https://pwndbg.re/2025.05.30/reference/pwndbg/dbg/lldb/

Based on the conventions established by lldb-mcp:

https://github.com/stass/lldb-mcp

Architecture:

Communicates with LLDB+pwndbg via a PTY (pseudo-terminal) pair
Each debugging session is isolated with a unique UUID
All I/O is async with 30-second timeouts for pwndbg commands (longer than plain LLDB since pwndbg commands do more work)
The generic pwndbg_command tool serves as an escape hatch for any command not explicitly exposed as a dedicated tool

pwndbg_lldb_mcp.debug_log(message: str) → None[source]: Print debug messages only when DEBUG flag is enabled.

pwndbg_lldb_mcp.make_progress_callback(ctx: Context) → Callable[[str, float], Awaitable[None]][source]

Build a progress callback that sends MCP notifications via Context.

Uses ctx.report_progress() if a progress token is available, and always sends intermediate output via ctx.info() logging notifications.

Gracefully degrades: if no progress token exists, only logging is used. If logging fails, the error is silently ignored to avoid disrupting the debugger command execution.

class pwndbg_lldb_mcp.DebuggerEvent(timestamp: float, event_type: str, summary: str, raw_output: str)[source]

Bases: object

A debugger event detected from PTY output.

timestamp: float

event_type: str

summary: str

raw_output: str

to_dict() → dict[source]

pwndbg_lldb_mcp.classify_debugger_output(output: str) → DebuggerEvent | None[source]: Classify PTY output into a DebuggerEvent if it matches a known pattern.

class pwndbg_lldb_mcp.PwndbgSession(session_id: str, lldb_path: str, working_dir: str | None = None, pwndbg_path: str | None = None)[source]

Bases: object

Manages a single LLDB process with pwndbg loaded.

Communication happens over a PTY pair: the parent process holds the master fd and writes commands / reads output, while the LLDB child process uses the slave fd as its terminal.

The prompt pattern used to detect command completion is “(pwndbg-lldb)” which is what pwndbg sets when running under LLDB. We also fall back to “(lldb)” for the initial startup before pwndbg fully initializes.

PROMPT_PATTERNS = [b'(pwndbg-lldb)', b'pwndbg>', b'pwndbg-lldb>', b'(lldb)']

COMMAND_TIMEOUT = 30.0

event_log: deque[DebuggerEvent]

async start() → str[source]

Start the LLDB process with pwndbg loaded via PTY.

Creates a pseudo-terminal pair, spawns LLDB, disables terminal echo, and waits for the initial prompt. If a pwndbg_path is provided, it will be loaded via ‘command script import’.

async execute_command(command: str) → str[source]

Execute a command in the LLDB+pwndbg session and return output.

Writes the command string to the PTY master fd and reads until a known prompt pattern appears or the timeout is reached.

async execute_command_with_progress(command: str, callback: ~typing.Callable[[str, float], ~typing.Awaitable[None]] = <function _noop_callback>, timeout_override: float | None = None) → str[source]

Execute a command with progress callbacks on intermediate PTY output.

Like execute_command, but invokes callback(chunk, elapsed) each time new data arrives from the PTY. This enables MCP progress notifications and logging during long-running debugger operations (run, continue, etc.).

Parameters:

command – The LLDB/pwndbg command to execute.
callback – Async callable invoked with (chunk_text, elapsed_seconds).
timeout_override – Override the default COMMAND_TIMEOUT for this call.

async read_until_prompt() → str[source]

Read from the PTY until a known prompt pattern is detected.

Implements a polling loop with non-blocking reads and a global timeout. Returns accumulated output as a UTF-8 string.

get_recent_events(limit: int = 50, event_type: str | None = None) → List[DebuggerEvent][source]: Return recent events, optionally filtered by type.

start_monitor() → None[source]

Start the background PTY monitor task.

The monitor reads PTY output when no command is actively executing, classifying and recording debugger events (breakpoints, signals, etc.). This is a best-effort system — if the monitor fails, it does not affect normal command execution.

stop_monitor() → None[source]: Stop the background PTY monitor.

async cleanup()[source]: Clean up the LLDB+pwndbg session and all associated resources.

class pwndbg_lldb_mcp.AppContext(sessions: Dict[str, PwndbgSession])[source]

Bases: object

Holds all active pwndbg sessions keyed by UUID.

sessions: Dict[str, PwndbgSession]

pwndbg_lldb_mcp.app_lifespan(server: FastMCP) → AsyncIterator[AppContext][source]: Manage application lifecycle — create context on startup, clean up on shutdown.

pwndbg_lldb_mcp.get_session(ctx: Context, session_id: str) → PwndbgSession[source]: Retrieve a session by ID or raise ValueError if not found.

pwndbg_lldb_mcp.resource_sessions_list(ctx: Context) → str[source]: List all active debugging sessions as a JSON resource.

pwndbg_lldb_mcp.resource_session_events(session_id: str, ctx: Context) → str[source]

Recent debugger events for a session (breakpoints, signals, crashes, exits).

Returns the last 50 events as a JSON array. Each event includes: timestamp, event_type, summary, and raw_output.

Subscribe to this resource to receive notifications when new events occur.

pwndbg_lldb_mcp.resource_session_state(session_id: str, ctx: Context) → str[source]

Current state of a debugging session.

Returns session metadata including: target, working directory, process status, last output excerpt, and recent event summary.

async pwndbg_lldb_mcp.pwndbg_get_events(ctx: Context, session_id: str, limit: int = 50, event_type: str = None) → str[source]

Query debugger events recorded for a session.

Returns events such as breakpoint hits, signals, crashes, and process exits detected during command execution or by the background monitor.

Parameters:

session_id – The UUID of the session.
limit – Maximum number of events to return (default 50).
event_type – Filter by event type (e.g. “breakpoint_hit”, “signal”, “crash”, “exited”, “stopped”). None returns all types.

async pwndbg_lldb_mcp.pwndbg_start_monitor(ctx: Context, session_id: str) → str[source]

Start the background event monitor for a session.

The monitor watches for asynchronous debugger events (breakpoint hits, signals, crashes) between tool calls. Events are recorded in the session’s event log and trigger MCP resource-updated notifications.

This is optional — all core debugging functionality works without the monitor. The monitor is useful for long-running programs where events may occur outside of active tool calls.

Parameters:: session_id – The UUID of the session.

async pwndbg_lldb_mcp.pwndbg_stop_monitor(ctx: Context, session_id: str) → str[source]

Stop the background event monitor for a session.

Parameters:: session_id – The UUID of the session.

async pwndbg_lldb_mcp.pwndbg_start(ctx: Context, lldb_path: str = 'lldb', working_dir: str = None, pwndbg_path: str = None) → str[source]

Start a new LLDB session with pwndbg loaded.

Spawns an LLDB process, optionally loads pwndbg via command script import, and returns a session ID for subsequent commands.

Parameters:

lldb_path – Path to the LLDB binary (default: “lldb”).
working_dir – Working directory for the session.
pwndbg_path – Path to pwndbg’s lldbinit.py entry point. If provided, pwndbg will be loaded automatically via command script import.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/dbg/lldb/

async pwndbg_lldb_mcp.pwndbg_terminate(ctx: Context, session_id: str) → str[source]

Terminate a pwndbg session and free all resources.

Parameters:: session_id – The UUID of the session to terminate.

pwndbg_lldb_mcp.pwndbg_list_sessions(ctx: Context) → str[source]: List all active pwndbg sessions with their IDs, targets, and working directories.

async pwndbg_lldb_mcp.pwndbg_command(ctx: Context, session_id: str, command: str) → str[source]

Execute an arbitrary LLDB or pwndbg command (escape hatch).

Use this for any command not exposed as a dedicated tool. Both native LLDB commands and pwndbg-registered commands are supported.

Parameters:

session_id – The UUID of the session.
command – The full command string to execute.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/dbg/lldb/

async pwndbg_lldb_mcp.pwndbg_load(ctx: Context, session_id: str, program: str, arguments: List[str] = None) → str[source]

Load a program into the debugger.

Sets the target executable and optional arguments. The program path is resolved relative to the session’s working directory if not absolute.

Parameters:

session_id – The UUID of the session.
program – Path to the executable.
arguments – Optional list of program arguments.

async pwndbg_lldb_mcp.pwndbg_attach(ctx: Context, session_id: str, pid: int) → str[source]

Attach to a running process by PID.

Parameters:

session_id – The UUID of the session.
pid – Process ID to attach to.

async pwndbg_lldb_mcp.pwndbg_load_core(ctx: Context, session_id: str, program: str, core_path: str) → str[source]

Load a core dump file for post-mortem analysis.

Parameters:

session_id – The UUID of the session.
program – Path to the executable that generated the core.
core_path – Path to the core dump file.

async pwndbg_lldb_mcp.pwndbg_run(ctx: Context, session_id: str, timeout: float = 30.0) → str[source]

Run the loaded program from the beginning.

Blocks until the process stops (breakpoint, signal, exit) or times out. Streams intermediate debugger output as MCP progress/log notifications.

Parameters:

session_id – The UUID of the session.
timeout – Maximum seconds to wait for the process to stop (default 30).

async pwndbg_lldb_mcp.pwndbg_entry(ctx: Context, session_id: str, timeout: float = 30.0) → str[source]

Start the program and stop at its ELF entry point address.

pwndbg command: entry Source: pwndbg/commands/start.py Category: Start

Unlike ‘start’ (GDB-only), ‘entry’ works on LLDB. It sets a temporary breakpoint at the binary’s entry point and runs.

Parameters:

session_id – The UUID of the session.
timeout – Maximum seconds to wait (default 30).

async pwndbg_lldb_mcp.pwndbg_continue(ctx: Context, session_id: str, timeout: float = 30.0) → str[source]

Continue program execution until the next breakpoint or exit.

Blocks until the process stops or times out. Streams intermediate debugger output as MCP progress/log notifications.

Parameters:

session_id – The UUID of the session.
timeout – Maximum seconds to wait for the process to stop (default 30).

async pwndbg_lldb_mcp.pwndbg_step(ctx: Context, session_id: str, instructions: bool = False) → str[source]

Step into the next source line or instruction.

Parameters:

session_id – The UUID of the session.
instructions – If True, step a single machine instruction (si) instead of a source line (s).

async pwndbg_lldb_mcp.pwndbg_next(ctx: Context, session_id: str, instructions: bool = False) → str[source]

Step over the next source line or instruction (does not enter calls).

Parameters:

session_id – The UUID of the session.
instructions – If True, step over a single machine instruction (ni) instead of a source line (n).

async pwndbg_lldb_mcp.pwndbg_finish(ctx: Context, session_id: str, timeout: float = 30.0) → str[source]

Execute until the current function returns.

Blocks until the function returns or times out. Streams intermediate debugger output as MCP progress/log notifications.

Parameters:

session_id – The UUID of the session.
timeout – Maximum seconds to wait (default 30).

async pwndbg_lldb_mcp.pwndbg_kill(ctx: Context, session_id: str) → str[source]

Kill the running process.

Parameters:: session_id – The UUID of the session.

async pwndbg_lldb_mcp.pwndbg_nextjmp(ctx: Context, session_id: str, timeout: float = 30.0) → str[source]

Break at the next jump instruction.

pwndbg command: nextjmp (alias: nextjump) Source: pwndbg/commands/next.py Category: Step/Next/Continue

Continues execution until the next jump-type instruction (jmp, je, jne, etc.) is reached, which is useful for tracing control flow decisions.

Parameters:

session_id – The UUID of the session.
timeout – Maximum seconds to wait (default 30).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/next/

async pwndbg_lldb_mcp.pwndbg_nextcall(ctx: Context, session_id: str, symbol_regex: str = None, timeout: float = 30.0) → str[source]

Break at the next call instruction, optionally filtered by symbol regex.

pwndbg command: nextcall Source: pwndbg/commands/next.py Category: Step/Next/Continue

Parameters:

session_id – The UUID of the session.
symbol_regex – Optional regex to match the call target symbol name.
timeout – Maximum seconds to wait (default 30).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/next/

async pwndbg_lldb_mcp.pwndbg_nextret(ctx: Context, session_id: str, timeout: float = 30.0) → str[source]

Break at the next return-like instruction (ret, retf, iret, sysret).

pwndbg command: nextret Source: pwndbg/commands/next.py Category: Step/Next/Continue

Parameters:

session_id – The UUID of the session.
timeout – Maximum seconds to wait (default 30).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/next/

async pwndbg_lldb_mcp.pwndbg_stepret(ctx: Context, session_id: str, timeout: float = 30.0) → str[source]

Step to the next return instruction (single-steps until ret is found).

pwndbg command: stepret Source: pwndbg/commands/next.py Category: Step/Next/Continue

Unlike nextret which sets a breakpoint, this command single-steps through every instruction until a return instruction is reached.

Parameters:

session_id – The UUID of the session.
timeout – Maximum seconds to wait (default 30).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/next/

async pwndbg_lldb_mcp.pwndbg_nextproginstr(ctx: Context, session_id: str, timeout: float = 30.0) → str[source]

Break at the next instruction belonging to the running program.

pwndbg command: nextproginstr Source: pwndbg/commands/next.py Category: Step/Next/Continue

Useful for skipping over library code to reach the next instruction that belongs to the main binary.

Parameters:

session_id – The UUID of the session.
timeout – Maximum seconds to wait (default 30).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/next/

async pwndbg_lldb_mcp.pwndbg_stepover(ctx: Context, session_id: str, addr: int = None, timeout: float = 30.0) → str[source]

Set a breakpoint on the instruction after the current one and continue.

pwndbg command: stepover (alias: so) Source: pwndbg/commands/next.py Category: Step/Next/Continue

This is pwndbg’s enhanced step-over that works at the instruction level by setting a breakpoint on the next instruction address.

Parameters:

session_id – The UUID of the session.
addr – Optional address to step over at (defaults to current PC).
timeout – Maximum seconds to wait (default 30).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/next/

async pwndbg_lldb_mcp.pwndbg_nextsyscall(ctx: Context, session_id: str, timeout: float = 30.0) → str[source]

Break at the next syscall instruction (without taking branches).

pwndbg command: nextsyscall (alias: nextsc) Source: pwndbg/commands/next.py Category: Step/Next/Continue

Parameters:

session_id – The UUID of the session.
timeout – Maximum seconds to wait (default 30).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/next/

async pwndbg_lldb_mcp.pwndbg_stepsyscall(ctx: Context, session_id: str, timeout: float = 30.0) → str[source]

Step to the next syscall instruction (follows branches).

pwndbg command: stepsyscall (alias: stepsc) Source: pwndbg/commands/next.py Category: Step/Next/Continue

Unlike nextsyscall, this follows branches by single-stepping through all instructions until a syscall is found.

Parameters:

session_id – The UUID of the session.
timeout – Maximum seconds to wait (default 30).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/next/

async pwndbg_lldb_mcp.pwndbg_stepuntilasm(ctx: Context, session_id: str, mnemonic: str, op_str: str = '', timeout: float = 60.0) → str[source]

Step until a specific assembly instruction is reached.

pwndbg command: stepuntilasm Source: pwndbg/commands/next.py Category: Step/Next/Continue

Single-steps until an instruction matching the given mnemonic (and optionally operand string) is found. This can be slow, so the default timeout is 60s.

Parameters:

session_id – The UUID of the session.
mnemonic – The instruction mnemonic to match (e.g. “syscall”, “call”, “mov”).
op_str – Optional operand string to match.
timeout – Maximum seconds to wait (default 60).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/next/

async pwndbg_lldb_mcp.pwndbg_set_breakpoint(ctx: Context, session_id: str, location: str, condition: str = None) → str[source]

Set a breakpoint at the given location, optionally with a condition.

Parameters:

session_id – The UUID of the session.
location – Function name, address, or file:line to break at.
condition – Optional condition expression for the breakpoint.

async pwndbg_lldb_mcp.pwndbg_breakpoint_list(ctx: Context, session_id: str) → str[source]

List all breakpoints in the current session.

Parameters:: session_id – The UUID of the session.

async pwndbg_lldb_mcp.pwndbg_breakpoint_delete(ctx: Context, session_id: str, breakpoint_id: int) → str[source]

Delete a breakpoint by its ID number.

Parameters:

session_id – The UUID of the session.
breakpoint_id – The numeric breakpoint ID to delete.

async pwndbg_lldb_mcp.pwndbg_set_breakpoint_advanced(ctx: Context, session_id: str, address: str = None, name: str = None, module: str = None, offset: str = None, auto_continue: bool = False, bp_name: str = None, condition: str = None, one_shot: bool = False) → str[source]

Set a breakpoint with full control over address, module, auto-continue, and naming.

Supports all common breakpoint styles:

By function name: name=”CreateXmlReader”
By address: address=”0x10027cacc”
By module+offset: module=”Xmllite”, offset=”0x3cf8”
By file+line: address=”file.c:42”

Parameters:

session_id – The UUID of the session.
address – Address or file:line expression. Mutually exclusive with name.
name – Symbol name to break on. Mutually exclusive with address.
module – Restrict breakpoint to this module (e.g., “Xmllite”).
offset – Module-relative offset (hex string). Requires module to be set.
auto_continue – If True, breakpoint auto-continues (counts hits without stopping).
bp_name – Assign a human-readable name to the breakpoint for later reference.
condition – Optional condition expression (breakpoint only fires if true).
one_shot – If True, breakpoint is deleted after first hit.

async pwndbg_lldb_mcp.pwndbg_breakpoint_list_parsed(ctx: Context, session_id: str) → str[source]

List all breakpoints with structured, machine-parseable output.

Returns a JSON-formatted list of breakpoints, each with:: id, name, address, module, resolved, hit_count, auto_continue, enabled

This is more reliable than parsing raw breakpoint list text output, especially for module-relative breakpoints which have inconsistent formatting across lldb versions.

Parameters:: session_id – The UUID of the session.

async pwndbg_lldb_mcp.pwndbg_command_batch(ctx: Context, session_id: str, commands: list[str]) → str[source]

Execute multiple LLDB/pwndbg commands sequentially in a single call.

This avoids multiple MCP round-trips for setup operations like setting several breakpoints, configuring settings, or running a sequence of inspection commands.

Parameters:

session_id – The UUID of the session.
commands – List of command strings to execute in order.

Returns:

Combined output from all commands, with clear separators.

async pwndbg_lldb_mcp.pwndbg_run_until_stop(ctx: Context, session_id: str, action: str = 'run', timeout: float = 30.0) → str[source]

Run or continue the program and block until it stops or exits.

Waits until the process reaches a stopped state (breakpoint, crash, signal) or exits, then returns the stop reason along with register context. Streams intermediate debugger output as MCP progress/log notifications so the client can observe execution in real-time.

Parameters:

session_id – The UUID of the session.
action – “run” to start from beginning, “continue” to resume.
timeout – Maximum seconds to wait for the process to stop.

async pwndbg_lldb_mcp.pwndbg_watchpoint(ctx: Context, session_id: str, expression: str, watch_type: str = 'write') → str[source]

Set a watchpoint on a memory address or variable.

Parameters:

session_id – The UUID of the session.
expression – The variable or address expression to watch.
watch_type – Type of access to watch — “read”, “write”, or “read_write”.

async pwndbg_lldb_mcp.pwndbg_context(ctx: Context, session_id: str, sections: str = None) → str[source]

Display the pwndbg context — registers, disassembly, stack, backtrace, etc.

pwndbg command: context (alias: ctx) Source: pwndbg/commands/context.py Category: Context

This is pwndbg’s signature command. It shows a unified view of the current debugger state including registers, nearby disassembly, stack contents, backtrace, and any additional context sections configured by the user.

Parameters:

session_id – The UUID of the session.
sections – Optional space-separated list of sections to show (e.g. “regs disasm stack backtrace”).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/context/

async pwndbg_lldb_mcp.pwndbg_contextoutput(ctx: Context, session_id: str, section: str, value: str) → str[source]

Configure where a context section’s output is sent.

pwndbg command: contextoutput (alias: ctx-out) Source: pwndbg/commands/context.py Category: Context

Parameters:

session_id – The UUID of the session.
section – The context section name (e.g. “regs”, “disasm”, “stack”).
value – The output target or configuration value.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/context/

async pwndbg_lldb_mcp.pwndbg_contextwatch(ctx: Context, session_id: str, expression: str, cmd: str = None) → str[source]

Add a watched expression to the context display.

pwndbg command: contextwatch (alias: ctx-watch, cwatch) Source: pwndbg/commands/context.py Category: Context

Adds an expression that will be evaluated and displayed every time the context refreshes.

Parameters:

session_id – The UUID of the session.
expression – The expression to watch (e.g. “$rax”, “(int)$rsp”).
cmd – Optional command to use for display (e.g. “hexdump”, “telescope”).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/context/

async pwndbg_lldb_mcp.pwndbg_contextunwatch(ctx: Context, session_id: str, num: int) → str[source]

Remove a watched expression from the context display.

pwndbg command: contextunwatch (alias: ctx-unwatch, cunwatch) Source: pwndbg/commands/context.py Category: Context

Parameters:

session_id – The UUID of the session.
num – The watch number to remove.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/context/

async pwndbg_lldb_mcp.pwndbg_telescope(ctx: Context, session_id: str, address: str = None, count: int = None, reverse: bool = False) → str[source]

Recursively dereference pointers starting at an address (default: $sp).

pwndbg command: telescope Source: pwndbg/commands/telescope.py Category: Memory

Telescope is one of pwndbg’s most useful commands. It reads pointer-sized values from memory and follows the chain of dereferences, showing the ultimate value (string, address, symbol, etc.).

Parameters:

session_id – The UUID of the session.
address – Starting address or register (default: $sp).
count – Number of pointer-sized entries to show.
reverse – If True, show entries in reverse order.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/telescope/

async pwndbg_lldb_mcp.pwndbg_stack(ctx: Context, session_id: str, count: int = 8, offset: int = 0) → str[source]

Show stack contents using telescope-style dereference display.

pwndbg command: stack Source: pwndbg/commands/telescope.py Category: Stack

Equivalent to telescope $sp with extra stack-aware formatting.

Parameters:

session_id – The UUID of the session.
count – Number of entries to show (default: 8).
offset – Offset from $sp in pointer-sized units.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/telescope/

async pwndbg_lldb_mcp.pwndbg_stackf(ctx: Context, session_id: str) → str[source]

Show the entire current stack frame contents.

pwndbg command: stackf Source: pwndbg/commands/telescope.py Category: Stack

Dereferences the stack from $sp to $bp, showing the entire current stack frame.

Parameters:: session_id – The UUID of the session.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/telescope/

async pwndbg_lldb_mcp.pwndbg_hexdump(ctx: Context, session_id: str, address: str = None, count: int = None, code: str = None) → str[source]

Hex dump memory at the specified address.

pwndbg command: hexdump Source: pwndbg/commands/hexdump.py Category: Memory

Shows memory in canonical hex+ASCII format, similar to xxd/hexdump.

Parameters:

session_id – The UUID of the session.
address – Address or register to dump from (default: $sp).
count – Number of bytes to dump.
code – Output format — “py” for Python bytes literal, “c” for C array.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/hexdump/

async pwndbg_lldb_mcp.pwndbg_vmmap(ctx: Context, session_id: str, filter_str: str = None, writable: bool = False, executable: bool = False) → str[source]

Print the virtual memory map of the process.

pwndbg command: vmmap (aliases: lm, address, vprot, libs) Source: pwndbg/commands/vmmap.py Category: Memory

Shows all memory regions with their start/end addresses, permissions, and mapped file names. Can be filtered by address, module name, or permission flags.

Parameters:

session_id – The UUID of the session.
filter_str – Optional filter — an address or module name substring.
writable – If True, only show writable regions.
executable – If True, only show executable regions.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/vmmap/

async pwndbg_lldb_mcp.pwndbg_search(ctx: Context, session_id: str, value: str, type: str = 'bytes', hex_encoded: bool = False, executable: bool = False, writable: bool = False) → str[source]

Search process memory for byte sequences, strings, pointers, or integers.

pwndbg command: search Source: pwndbg/commands/search.py Category: Memory

Searches all mapped memory regions for the given value. Supports multiple search types and can be filtered to specific permission regions.

Parameters:

session_id – The UUID of the session.
value – The value to search for.
type – Search type — “bytes”, “byte”, “short”, “dword”, “qword”, “pointer”, “string”.
hex_encoded – If True, interpret value as hex-encoded bytes.
executable – If True, only search executable regions.
writable – If True, only search writable regions.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/search/

async pwndbg_lldb_mcp.pwndbg_xinfo(ctx: Context, session_id: str, address: str = None) → str[source]

Show extended information about an address — offsets from useful locations.

pwndbg command: xinfo Source: pwndbg/commands/xinfo.py Category: Memory

Displays what memory region the address belongs to, along with offsets from the base of the containing page, binary, stack, heap, etc.

Parameters:

session_id – The UUID of the session.
address – Address to inspect (default: $pc).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/xinfo/

async pwndbg_lldb_mcp.pwndbg_distance(ctx: Context, session_id: str, a: str, b: str = None) → str[source]

Calculate the distance between two addresses.

pwndbg command: distance Source: pwndbg/commands/distance.py Category: Memory

If only one argument is given, prints the offset from the address’s page base. Useful for calculating offsets for exploits.

Parameters:

session_id – The UUID of the session.
a – First address or expression.
b – Optional second address or expression.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/distance/

async pwndbg_lldb_mcp.pwndbg_probeleak(ctx: Context, session_id: str, address: str = None, count: int = 64, max_distance: int = 0) → str[source]

Pointer-scan memory for possible information leaks.

pwndbg command: probeleak Source: pwndbg/commands/probeleak.py Category: Memory

Scans memory at the given address for values that look like pointers into known regions (stack, heap, libc, binary, etc.), which could indicate exploitable information leaks.

Parameters:

session_id – The UUID of the session.
address – Address to start scanning (default: $sp).
count – Number of bytes to scan (default: 0x40).
max_distance – Maximum distance for pointer matching (0 = unlimited).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/probeleak/

async pwndbg_lldb_mcp.pwndbg_leakfind(ctx: Context, session_id: str, address: str = None, page_name: str = None, max_depth: int = 4) → str[source]

Attempt to find a pointer leak chain from a starting address.

pwndbg command: leakfind Source: pwndbg/commands/leakfind.py Category: Memory

Walks pointer chains to find paths from a controlled region to interesting targets (libc, stack, etc.). Extremely useful for exploit development.

Parameters:

session_id – The UUID of the session.
address – Starting address (default: $sp).
page_name – Target page name to reach.
max_depth – Maximum chain depth (default: 4).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/leakfind/

async pwndbg_lldb_mcp.pwndbg_p2p(ctx: Context, session_id: str, mapping_names: str = None) → str[source]

Pointer-to-pointer chain search across memory mappings.

pwndbg command: p2p Source: pwndbg/commands/p2p.py Category: Memory

Finds chains of pointers between different memory regions, useful for discovering pivot chains in exploit development.

Parameters:

session_id – The UUID of the session.
mapping_names – Optional comma-separated list of mapping name ranges to search.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/p2p/

async pwndbg_lldb_mcp.pwndbg_mprotect(ctx: Context, session_id: str, addr: str, length: int, prot: str) → str[source]

Call the mprotect syscall to change memory permissions.

pwndbg command: mprotect Source: pwndbg/commands/mprotect.py Category: Memory

Directly invokes mprotect(2) on the target process. Useful for making regions writable or executable during exploit development.

Parameters:

session_id – The UUID of the session.
addr – Address of the memory region.
length – Length of the region in bytes.
prot – Protection flags (e.g. “7” for rwx, “5” for r-x).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/mprotect/

async pwndbg_lldb_mcp.pwndbg_mmap(ctx: Context, session_id: str, addr: str = '0', length: int = 4096, prot: str = '7', flags: str = '0x22') → str[source]

Call the mmap syscall to allocate new memory in the target process.

pwndbg command: mmap Source: pwndbg/commands/mmap.py Category: Memory

Directly invokes mmap(2) on the target. Useful for creating executable shellcode regions or scratch memory during exploitation.

Parameters:

session_id – The UUID of the session.
addr – Desired address (0 for OS-chosen).
length – Size of mapping (default: 0x1000).
prot – Protection flags (default: “7” = rwx).
flags – mmap flags (default: “0x22” = MAP_PRIVATE | MAP_ANONYMOUS).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/mmap/

async pwndbg_lldb_mcp.pwndbg_info_registers(ctx: Context, session_id: str, register: str = None) → str[source]

Display CPU registers.

Parameters:

session_id – The UUID of the session.
register – Optional specific register name to read.

async pwndbg_lldb_mcp.pwndbg_cpsr(ctx: Context, session_id: str, cpsr_value: str = None) → str[source]

Display ARM CPSR / xPSR / PSTATE register bits.

pwndbg command: cpsr (aliases: xpsr, pstate) Source: pwndbg/commands/cpsr.py Category: Register Arch: ARM, AArch64 only

Decodes the ARM condition flags register into individual flag bits with human-readable names.

Parameters:

session_id – The UUID of the session.
cpsr_value – Optional CPSR value to decode (default: read from register).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/cpsr/

async pwndbg_lldb_mcp.pwndbg_setflag(ctx: Context, session_id: str, flag: str, value: int) → str[source]

Modify a CPU flag in the flags register.

pwndbg command: setflag (alias: flag) Source: pwndbg/commands/flags.py Category: Register

Allows setting individual flag bits (ZF, CF, SF, OF, etc.) without modifying the entire flags register.

Parameters:

session_id – The UUID of the session.
flag – Flag name (e.g. “ZF”, “CF”, “SF”, “OF”).
value – Value to set (0 or 1).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/flags/

async pwndbg_lldb_mcp.pwndbg_nearpc(ctx: Context, session_id: str, address: str = None, lines: int = None, emulate: bool = False) → str[source]

Disassemble instructions near the PC with enhanced annotation.

pwndbg command: nearpc (aliases: pdisass, u) Source: pwndbg/commands/nearpc.py Category: Disassemble

pwndbg’s enhanced disassembler that shows resolved symbols, register values, memory dereferences, and branch target annotations inline with the disassembly.

Parameters:

session_id – The UUID of the session.
address – Address to disassemble at (default: $pc).
lines – Number of instructions to show.
emulate – If True, emulate instructions to show predicted register values.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/nearpc/

async pwndbg_lldb_mcp.pwndbg_emulate(ctx: Context, session_id: str, address: str = None, lines: int = None) → str[source]

Disassemble with instruction emulation to predict register/memory state.

pwndbg command: emulate Source: pwndbg/commands/nearpc.py Category: Disassemble

Like nearpc but with emulation enabled by default. Shows what registers and memory values would be after each instruction executes, without actually executing them.

Parameters:

session_id – The UUID of the session.
address – Address to start emulation (default: $pc).
lines – Number of instructions to emulate.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/nearpc/

async pwndbg_lldb_mcp.pwndbg_disassemble(ctx: Context, session_id: str, location: str = None, count: int = 10) → str[source]

Disassemble code using LLDB’s native disassembler.

Parameters:

session_id – The UUID of the session.
location – Function name or address to disassemble.
count – Number of instructions (default: 10).

async pwndbg_lldb_mcp.pwndbg_argc(ctx: Context, session_id: str) → str[source]

Print the argument count (argc) of the running program.

pwndbg command: argc Source: pwndbg/commands/argv.py Category: Linux/libc/ELF

Parameters:: session_id – The UUID of the session.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/argv/

async pwndbg_lldb_mcp.pwndbg_argv(ctx: Context, session_id: str, index: int = None) → str[source]

Print the argument vector (argv) of the running program.

pwndbg command: argv Source: pwndbg/commands/argv.py Category: Linux/libc/ELF

Parameters:

session_id – The UUID of the session.
index – Optional specific argv index to print.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/argv/

async pwndbg_lldb_mcp.pwndbg_envp(ctx: Context, session_id: str, name: str = None) → str[source]

Print environment variables of the running program.

pwndbg command: envp (aliases: env, environ) Source: pwndbg/commands/argv.py Category: Linux/libc/ELF

Parameters:

session_id – The UUID of the session.
name – Optional specific environment variable name.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/argv/

async pwndbg_lldb_mcp.pwndbg_dumpargs(ctx: Context, session_id: str, force: bool = False) → str[source]

Dump determined arguments for the current call/syscall instruction.

pwndbg command: dumpargs (alias: args) Source: pwndbg/commands/dumpargs.py Category: Misc

Automatically detects the calling convention and displays function arguments with their resolved values at the current call site.

Parameters:

session_id – The UUID of the session.
force – If True, force argument dumping even if not at a call site.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/dumpargs/

async pwndbg_lldb_mcp.pwndbg_retaddr(ctx: Context, session_id: str) → str[source]

Print stack addresses that contain return addresses.

pwndbg command: retaddr Source: pwndbg/commands/retaddr.py Category: Stack

Scans the stack for values that look like return addresses (pointers into executable regions), useful for finding ROP pivot targets.

Parameters:: session_id – The UUID of the session.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/retaddr/

async pwndbg_lldb_mcp.pwndbg_canary(ctx: Context, session_id: str, show_all: bool = False) → str[source]

Display the stack canary value.

pwndbg command: canary Source: pwndbg/commands/canary.py Category: Stack

Shows the current stack canary (stack guard) value. The canary is used by stack-smashing protection (SSP / -fstack-protector) to detect buffer overflows.

Parameters:

session_id – The UUID of the session.
show_all – If True, show canary for all threads.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/canary/

async pwndbg_lldb_mcp.pwndbg_sigreturn(ctx: Context, session_id: str, address: str = None) → str[source]

Display the SigreturnFrame at a specific address.

pwndbg command: sigreturn Source: pwndbg/commands/sigreturn.py Category: Misc Arch: x86-64, i386, aarch64, arm

Parses and displays a sigreturn frame structure, which is used in SROP (Sigreturn-Oriented Programming) exploits.

Parameters:

session_id – The UUID of the session.
address – Address of the sigreturn frame (default: auto-detect).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/sigreturn/

async pwndbg_lldb_mcp.pwndbg_valist(ctx: Context, session_id: str, addr: str, count: int = 8) → str[source]

Dump the arguments of a va_list (variadic argument list).

pwndbg command: valist Source: pwndbg/commands/valist.py Category: Misc

Parameters:

session_id – The UUID of the session.
addr – Address of the va_list structure.
count – Number of arguments to dump (default: 8).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/valist/

async pwndbg_lldb_mcp.pwndbg_checksec(ctx: Context, session_id: str, file: str = None) → str[source]

Check binary security properties (RELRO, NX, canary, PIE, RPATH, etc.).

pwndbg command: checksec Source: pwndbg/commands/checksec.py Category: Misc

Analyzes the ELF binary for security mitigations. Shows RELRO level, stack canary, NX (non-executable stack), PIE (position-independent), RPATH/RUNPATH, Fortify, and other compiler/linker security features.

Parameters:

session_id – The UUID of the session.
file – Optional path to check (default: loaded binary).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/checksec/

async pwndbg_lldb_mcp.pwndbg_elfsections(ctx: Context, session_id: str, no_rebase: bool = False) → str[source]

Print ELF section mappings from the binary header.

pwndbg command: elfsections Source: pwndbg/commands/elf.py Category: Linux/libc/ELF

Shows all ELF sections (.text, .data, .bss, .got, .plt, etc.) with their addresses, sizes, and flags.

Parameters:

session_id – The UUID of the session.
no_rebase – If True, show file offsets instead of rebased addresses.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/elf/

async pwndbg_lldb_mcp.pwndbg_gotplt(ctx: Context, session_id: str) → str[source]

Print symbols found in the .got.plt section.

pwndbg command: gotplt Source: pwndbg/commands/elf.py Category: Linux/libc/ELF

Shows the GOT/PLT entries with their current resolved values. Useful for identifying which library functions have been resolved by the dynamic linker.

Parameters:: session_id – The UUID of the session.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/elf/

async pwndbg_lldb_mcp.pwndbg_plt(ctx: Context, session_id: str, all_symbols: bool = False) → str[source]

Print symbols found in Procedure Linkage Table sections.

pwndbg command: plt Source: pwndbg/commands/elf.py Category: Linux/libc/ELF

Parameters:

session_id – The UUID of the session.
all_symbols – If True, show all PLT symbols including internal ones.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/elf/

async pwndbg_lldb_mcp.pwndbg_got(ctx: Context, session_id: str, filter_str: str = '') → str[source]

Show the state of the Global Offset Table.

pwndbg command: got Source: pwndbg/commands/got.py Category: Linux/libc/ELF

Displays GOT entries with their current values, showing which entries point to the PLT stub (unresolved) vs actual library addresses (resolved).

Parameters:

session_id – The UUID of the session.
filter_str – Optional filter string to match symbol names.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/got/

async pwndbg_lldb_mcp.pwndbg_piebase(ctx: Context, session_id: str, offset: int = 0, module: str = '') → str[source]

Calculate the virtual address from a PIE-relative offset.

pwndbg command: piebase Source: pwndbg/commands/pie.py Category: Linux/libc/ELF

For PIE binaries, converts a file offset (RVA) to a runtime virtual address by adding the PIE base.

Parameters:

session_id – The UUID of the session.
offset – Offset from PIE base to calculate (default: 0 = show base).
module – Optional module name (default: main binary).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/pie/

async pwndbg_lldb_mcp.pwndbg_linkmap(ctx: Context, session_id: str) → str[source]

Show the dynamic linker’s link map (loaded shared objects).

pwndbg command: linkmap Source: pwndbg/commands/linkmap.py Category: Linux/libc/ELF

Displays the linked list of loaded shared objects maintained by the dynamic linker (ld.so), showing base addresses and file paths.

Parameters:: session_id – The UUID of the session.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/linkmap/

async pwndbg_lldb_mcp.pwndbg_dt(ctx: Context, session_id: str, typename: str, address: str = None) → str[source]

Dump type information, optionally overlaid on a memory address.

pwndbg command: dt Source: pwndbg/commands/dt.py Category: Misc

Displays the fields, offsets, and sizes of a struct/type. If an address is provided, reads the memory at that address and displays actual values for each field.

Parameters:

session_id – The UUID of the session.
typename – The type name to inspect (e.g. “struct malloc_chunk”).
address – Optional memory address to overlay the type onto.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/dt/

async pwndbg_lldb_mcp.pwndbg_heap(ctx: Context, session_id: str, addr: str = None, verbose: bool = False) → str[source]

Iteratively print chunks on a heap.

pwndbg command: heap Source: pwndbg/commands/ptmalloc2.py Category: GLibc ptmalloc2 Heap

Walks the heap and prints each chunk’s metadata (size, flags, fd/bk pointers for freed chunks). Defaults to the current thread’s active heap.

Parameters:

session_id – The UUID of the session.
addr – Optional arena or heap address.
verbose – If True, show extended chunk details.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/ptmalloc2/

async pwndbg_lldb_mcp.pwndbg_arena(ctx: Context, session_id: str, addr: str = None) → str[source]

Print the contents of a malloc arena.

pwndbg command: arena Source: pwndbg/commands/ptmalloc2.py Category: GLibc ptmalloc2 Heap

Shows the malloc_state structure fields including top chunk, bins, system_mem, and other arena metadata. Defaults to the current thread’s arena.

Parameters:

session_id – The UUID of the session.
addr – Optional arena address (default: current thread’s arena).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/ptmalloc2/

async pwndbg_lldb_mcp.pwndbg_arenas(ctx: Context, session_id: str) → str[source]

List all arenas in the process.

pwndbg command: arenas Source: pwndbg/commands/ptmalloc2.py Category: GLibc ptmalloc2 Heap

Parameters:: session_id – The UUID of the session.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/ptmalloc2/

async pwndbg_lldb_mcp.pwndbg_bins(ctx: Context, session_id: str, addr: str = None, tcache_addr: str = None) → str[source]

Print all bin contents — fast, small, large, unsorted, and tcache.

pwndbg command: bins Source: pwndbg/commands/ptmalloc2.py Category: GLibc ptmalloc2 Heap

Displays a unified view of all bin types in the ptmalloc2 allocator.

Parameters:

session_id – The UUID of the session.
addr – Optional arena address.
tcache_addr – Optional tcache address.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/ptmalloc2/

async pwndbg_lldb_mcp.pwndbg_fastbins(ctx: Context, session_id: str, addr: str = None, verbose: bool = False) → str[source]

Print the contents of an arena’s fastbins.

pwndbg command: fastbins Source: pwndbg/commands/ptmalloc2.py Category: GLibc ptmalloc2 Heap

Fastbins are singly-linked LIFO free lists for small allocations (up to 0x80 bytes on 64-bit). Shows each fastbin index with its chain.

Parameters:

session_id – The UUID of the session.
addr – Optional arena address.
verbose – If True, show extended details.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/ptmalloc2/

async pwndbg_lldb_mcp.pwndbg_unsortedbin(ctx: Context, session_id: str, addr: str = None, verbose: bool = False) → str[source]

Print the contents of an arena’s unsorted bin.

pwndbg command: unsortedbin Source: pwndbg/commands/ptmalloc2.py Category: GLibc ptmalloc2 Heap

The unsorted bin is a doubly-linked list where freed chunks go before being sorted into small/large bins. A key target for heap exploits.

Parameters:

session_id – The UUID of the session.
addr – Optional arena address.
verbose – If True, show extended details.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/ptmalloc2/

async pwndbg_lldb_mcp.pwndbg_smallbins(ctx: Context, session_id: str, addr: str = None, verbose: bool = False) → str[source]

Print the contents of an arena’s small bins.

pwndbg command: smallbins Source: pwndbg/commands/ptmalloc2.py Category: GLibc ptmalloc2 Heap

Small bins hold chunks from 0x20 to 0x3F0 bytes (64-bit) in doubly-linked lists sorted by size.

Parameters:

session_id – The UUID of the session.
addr – Optional arena address.
verbose – If True, show extended details.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/ptmalloc2/

async pwndbg_lldb_mcp.pwndbg_largebins(ctx: Context, session_id: str, addr: str = None, verbose: bool = False) → str[source]

Print the contents of an arena’s large bins.

pwndbg command: largebins Source: pwndbg/commands/ptmalloc2.py Category: GLibc ptmalloc2 Heap

Large bins hold chunks >= 0x400 bytes (64-bit) in doubly-linked lists sorted by size within each bin.

Parameters:

session_id – The UUID of the session.
addr – Optional arena address.
verbose – If True, show extended details.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/ptmalloc2/

async pwndbg_lldb_mcp.pwndbg_tcache(ctx: Context, session_id: str, addr: str = None) → str[source]

Print tcache contents for the current thread.

pwndbg command: tcache Source: pwndbg/commands/ptmalloc2.py Category: GLibc ptmalloc2 Heap

Thread-local caching (tcache) was introduced in glibc 2.26. Each thread has 64 singly-linked bins for small allocations, providing fast thread-local allocation without arena locks.

Parameters:

session_id – The UUID of the session.
addr – Optional tcache address.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/ptmalloc2/

async pwndbg_lldb_mcp.pwndbg_tcachebins(ctx: Context, session_id: str, addr: str = None, verbose: bool = False) → str[source]

Print tcache bin entries (free list chains per size class).

pwndbg command: tcachebins Source: pwndbg/commands/ptmalloc2.py Category: GLibc ptmalloc2 Heap

Parameters:

session_id – The UUID of the session.
addr – Optional tcache address.
verbose – If True, show extended details.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/ptmalloc2/

async pwndbg_lldb_mcp.pwndbg_malloc_chunk(ctx: Context, session_id: str, addr: str) → str[source]

Display detailed information about a specific malloc chunk.

pwndbg command: malloc_chunk Source: pwndbg/commands/ptmalloc2.py Category: GLibc ptmalloc2 Heap

Shows the chunk header fields (prev_size, size, flags) and for freed chunks, the fd/bk pointers.

Parameters:

session_id – The UUID of the session.
addr – Address of the malloc chunk.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/ptmalloc2/

async pwndbg_lldb_mcp.pwndbg_top_chunk(ctx: Context, session_id: str, addr: str = None) → str[source]

Print information about the top chunk (wilderness) of an arena.

pwndbg command: top_chunk Source: pwndbg/commands/ptmalloc2.py Category: GLibc ptmalloc2 Heap

The top chunk is the last chunk in the heap, used to service allocations when no suitable freed chunk is available.

Parameters:

session_id – The UUID of the session.
addr – Optional arena address.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/ptmalloc2/

async pwndbg_lldb_mcp.pwndbg_mp(ctx: Context, session_id: str) → str[source]

Print the mp_ (malloc parameters) struct contents.

pwndbg command: mp Source: pwndbg/commands/ptmalloc2.py Category: GLibc ptmalloc2 Heap

Shows global malloc tuning parameters like mmap_threshold, trim_threshold, top_pad, etc.

Parameters:: session_id – The UUID of the session.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/ptmalloc2/

async pwndbg_lldb_mcp.pwndbg_vis_heap_chunks(ctx: Context, session_id: str, addr: str = None) → str[source]

Visualize heap chunks with a colorful graphical representation.

pwndbg command: vis_heap_chunks (alias: vis) Source: pwndbg/commands/ptmalloc2.py Category: GLibc ptmalloc2 Heap

Renders heap chunks as a visual map with color-coded regions showing chunk boundaries, headers, and data. One of pwndbg’s most distinctive features for heap analysis.

Parameters:

session_id – The UUID of the session.
addr – Optional starting address.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/ptmalloc2/

async pwndbg_lldb_mcp.pwndbg_try_free(ctx: Context, session_id: str, addr: str) → str[source]

Simulate what would happen if free() were called on an address.

pwndbg command: try_free Source: pwndbg/commands/ptmalloc2.py Category: GLibc ptmalloc2 Heap

Walks through glibc’s free() logic and reports which checks would pass or fail. Invaluable for debugging heap exploits — shows exactly why a crafted chunk would or wouldn’t pass free()’s validation.

Parameters:

session_id – The UUID of the session.
addr – Address to simulate freeing.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/ptmalloc2/

async pwndbg_lldb_mcp.pwndbg_find_fake_fast(ctx: Context, session_id: str, target_address: str) → str[source]

Find fake fastbin chunk candidates near a target address.

pwndbg command: find_fake_fast Source: pwndbg/commands/ptmalloc2.py Category: GLibc ptmalloc2 Heap

Searches memory near the target for byte sequences that could be interpreted as valid fastbin chunk headers. Used to find targets for fastbin attacks (e.g. overwriting __malloc_hook).

Parameters:

session_id – The UUID of the session.
target_address – Address to search near.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/ptmalloc2/

async pwndbg_lldb_mcp.pwndbg_hi(ctx: Context, session_id: str, addr: str, verbose: bool = False) → str[source]

Display heap information for a specific chunk address.

pwndbg command: hi Source: pwndbg/commands/ptmalloc2.py Category: GLibc ptmalloc2 Heap

Shows which bin a chunk belongs to, its neighbors, and allocation status.

Parameters:

session_id – The UUID of the session.
addr – Address of the chunk.
verbose – If True, show extended details.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/ptmalloc2/

async pwndbg_lldb_mcp.pwndbg_thread_list(ctx: Context, session_id: str) → str[source]

List all threads in the current process (LLDB native).

Parameters:: session_id – The UUID of the session.

async pwndbg_lldb_mcp.pwndbg_thread_select(ctx: Context, session_id: str, thread_id: int) → str[source]

Select a specific thread and show its backtrace.

Parameters:

session_id – The UUID of the session.
thread_id – The thread index to select.

async pwndbg_lldb_mcp.pwndbg_threads(ctx: Context, session_id: str) → str[source]

List all threads with pwndbg’s enhanced formatting.

pwndbg command: threads Source: pwndbg/commands/tls.py Category: Linux/libc/ELF

Shows threads with their IDs, names, and current PC locations using pwndbg’s enhanced display format.

Parameters:: session_id – The UUID of the session.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/tls/

async pwndbg_lldb_mcp.pwndbg_tls(ctx: Context, session_id: str) → str[source]

Print the Thread Local Storage (TLS) base address.

pwndbg command: tls Source: pwndbg/commands/tls.py Category: Linux/libc/ELF

Shows the TLS base address and optionally the full TLS structure contents. The TLS contains thread-local variables, the stack canary, and other per-thread data.

Parameters:: session_id – The UUID of the session.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/tls/

async pwndbg_lldb_mcp.pwndbg_cyclic(ctx: Context, session_id: str, length: int = None, lookup: str = None, detect: bool = False, count: int = 100) → str[source]

Generate or look up a cyclic (De Bruijn) pattern for offset calculation.

pwndbg command: cyclic Source: pwndbg/commands/cyclic.py Category: Misc

Generates patterns where every N-byte subsequence is unique, making it easy to determine crash offsets. Can also look up a value in the pattern to find the offset.

Parameters:

session_id – The UUID of the session.
length – Length of pattern to generate (mutually exclusive with lookup).
lookup – Value to look up in the pattern (finds offset).
detect – If True, auto-detect the crash offset from registers.
count – Pattern element count (default: 100).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/cyclic/

async pwndbg_lldb_mcp.pwndbg_rop(ctx: Context, session_id: str, grep: str = None) → str[source]

Find ROP gadgets using ROPgadget.

pwndbg command: rop (alias: ropgadget) Source: pwndbg/commands/rop.py Category: Integrations

Searches the loaded binary for useful ROP gadgets. Requires ROPgadget to be installed.

Parameters:

session_id – The UUID of the session.
grep – Optional regex to filter gadgets.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/rop/

async pwndbg_lldb_mcp.pwndbg_onegadget(ctx: Context, session_id: str, verbose: bool = False) → str[source]

Find one-gadget (magic gadget) RCE gadgets in libc.

pwndbg command: onegadget Source: pwndbg/commands/onegadget.py Category: Linux/libc/ELF Arch: x86-64, i386, aarch64

Searches for single-gadget code paths in libc that directly call execve(“/bin/sh”, …). These are the holy grail for exploitation since overwriting a single function pointer gives a shell.

Parameters:

session_id – The UUID of the session.
verbose – If True, show constraint details.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/onegadget/

async pwndbg_lldb_mcp.pwndbg_patch(ctx: Context, session_id: str, address: str, instruction: str) → str[source]

Patch an instruction at the given address with new code or bytes.

pwndbg command: patch Source: pwndbg/commands/patch.py Category: Misc

Assembles the given instruction and writes the bytes at the target address. Useful for live-patching binaries during analysis.

Parameters:

session_id – The UUID of the session.
address – Address to patch.
instruction – Assembly instruction or hex bytes to write.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/patch/

async pwndbg_lldb_mcp.pwndbg_patch_list(ctx: Context, session_id: str) → str[source]

List all applied patches.

pwndbg command: patch-list Source: pwndbg/commands/patch.py Category: Misc

Parameters:: session_id – The UUID of the session.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/patch/

async pwndbg_lldb_mcp.pwndbg_patch_revert(ctx: Context, session_id: str, address: str) → str[source]

Revert a patch at the given address.

pwndbg command: patch-revert Source: pwndbg/commands/patch.py Category: Misc

Parameters:

session_id – The UUID of the session.
address – Address of the patch to revert.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/patch/

async pwndbg_lldb_mcp.pwndbg_asm(ctx: Context, session_id: str, shellcode: str, format: str = 'hex') → str[source]

Assemble shellcode into bytes.

pwndbg command: asm Source: pwndbg/commands/asm.py Category: Misc

Assembles the given assembly code and outputs the resulting bytes in the requested format.

Parameters:

session_id – The UUID of the session.
shellcode – Assembly code to assemble (e.g. “nop; ret”).
format – Output format — “hex” or “string” (default: “hex”).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/asm/

async pwndbg_lldb_mcp.pwndbg_xor(ctx: Context, session_id: str, address: str, key: str, count: int) → str[source]

XOR memory at the given address with a key.

pwndbg command: xor Source: pwndbg/commands/xor.py Category: Memory

XORs count bytes at address with the repeating key byte(s). Useful for decoding XOR-encoded payloads in memory.

Parameters:

session_id – The UUID of the session.
address – Address of the data to XOR.
key – XOR key (hex string).
count – Number of bytes to XOR.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/xor/

async pwndbg_lldb_mcp.pwndbg_spray(ctx: Context, session_id: str, addr: str, length: int = 0) → str[source]

Spray memory with cyclic pattern values.

pwndbg command: spray Source: pwndbg/commands/spray.py Category: Misc

Writes cyclic() generated values to memory, useful for identifying which offset in a buffer overwrites a target.

Parameters:

session_id – The UUID of the session.
addr – Address to start spraying.
length – Number of bytes to spray (0 = auto).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/spray/

async pwndbg_lldb_mcp.pwndbg_hex2ptr(ctx: Context, session_id: str, hex_string: str) → str[source]

Convert a space-separated hex string to a little-endian address.

pwndbg command: hex2ptr Source: pwndbg/commands/hex2ptr.py Category: Misc

Parameters:

session_id – The UUID of the session.
hex_string – Hex bytes separated by spaces (e.g. “41 42 43 44”).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/hex2ptr/

async pwndbg_lldb_mcp.pwndbg_parse_seccomp(ctx: Context, session_id: str, addr: str) → str[source]

Parse a seccomp BPF filter from memory and dump its rules.

pwndbg command: parse-seccomp Source: pwndbg/commands/parse_seccomp.py Category: Linux/libc/ELF

Reads a struct sock_fprog from memory and disassembles the BPF filter program to show which syscalls are allowed/denied.

Parameters:

session_id – The UUID of the session.
addr – Address of the sock_fprog structure.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/parse_seccomp/

async pwndbg_lldb_mcp.pwndbg_pid(ctx: Context, session_id: str) → str[source]

Get the PID of the running process.

pwndbg command: pid (alias: getpid) Source: pwndbg/commands/procinfo.py Category: Process

Parameters:: session_id – The UUID of the session.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/procinfo/

async pwndbg_lldb_mcp.pwndbg_procinfo(ctx: Context, session_id: str) → str[source]

Display detailed process information.

pwndbg command: procinfo Source: pwndbg/commands/procinfo.py Category: Process

Shows process details including PID, executable path, architecture, endianness, and other metadata.

Parameters:: session_id – The UUID of the session.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/procinfo/

async pwndbg_lldb_mcp.pwndbg_aslr(ctx: Context, session_id: str, state: str = None) → str[source]

Check or set the ASLR status.

pwndbg command: aslr Source: pwndbg/commands/aslr.py Category: Linux/libc/ELF

Without arguments, shows the current ASLR setting. With “on” or “off”, changes it for the current debugging session.

Parameters:

session_id – The UUID of the session.
state – Optional “on” or “off” to change ASLR state.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/aslr/

async pwndbg_lldb_mcp.pwndbg_auxv(ctx: Context, session_id: str) → str[source]

Print the ELF Auxiliary Vector.

pwndbg command: auxv Source: pwndbg/commands/auxv.py Category: Linux/libc/ELF

Shows the auxiliary vector passed to the process by the kernel, containing info like page size, entry point, platform, UID/GID, etc.

Parameters:: session_id – The UUID of the session.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/auxv/

async pwndbg_lldb_mcp.pwndbg_libcinfo(ctx: Context, session_id: str) → str[source]

Show information about the loaded libc (version, build, offsets).

pwndbg command: libcinfo Source: pwndbg/commands/libcinfo.py Category: Linux/libc/ELF

Displays the libc version, build ID, and paths. Useful for identifying the exact libc for exploit development.

Parameters:: session_id – The UUID of the session.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/libcinfo/

async pwndbg_lldb_mcp.pwndbg_errno(ctx: Context, session_id: str, err: int = None) → str[source]

Convert errno to its string representation.

pwndbg command: errno Source: pwndbg/commands/errno.py Category: Linux/libc/ELF

Without arguments, shows the current errno value. With a number, shows the name and description for that error code.

Parameters:

session_id – The UUID of the session.
err – Optional error code to look up.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/errno/

async pwndbg_lldb_mcp.pwndbg_strings(ctx: Context, session_id: str, n: int = 4) → str[source]

Extract ASCII strings from readable memory pages.

pwndbg command: strings Source: pwndbg/commands/strings.py Category: Linux/libc/ELF

Scans all readable memory pages for printable ASCII strings, similar to the strings Unix utility but operating on the live process memory.

Parameters:

session_id – The UUID of the session.
n – Minimum string length (default: 4).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/strings/

async pwndbg_lldb_mcp.pwndbg_hijack_fd(ctx: Context, session_id: str, fdnum: int, newfile: str) → str[source]

Replace a file descriptor of the debugged process.

pwndbg command: hijack-fd Source: pwndbg/commands/hijack_fd.py Category: Misc

Redirects an open file descriptor to a new file or socket, useful for redirecting stdin/stdout/stderr during exploitation.

Parameters:

session_id – The UUID of the session.
fdnum – File descriptor number to replace.
newfile – New file path or socket specification.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/hijack_fd/

async pwndbg_lldb_mcp.pwndbg_db(ctx: Context, session_id: str, address: str, count: int = 64) → str[source]

Dump N bytes at address (WinDbg-style).

pwndbg command: db Source: pwndbg/commands/windbg.py Category: WinDbg

Parameters:

session_id – The UUID of the session.
address – Address to dump.
count – Number of bytes (default: 64).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/windbg/

async pwndbg_lldb_mcp.pwndbg_dw(ctx: Context, session_id: str, address: str, count: int = 32) → str[source]

Dump N words (2-byte) at address (WinDbg-style).

pwndbg command: dw Source: pwndbg/commands/windbg.py Category: WinDbg

Parameters:

session_id – The UUID of the session.
address – Address to dump.
count – Number of words (default: 32).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/windbg/

async pwndbg_lldb_mcp.pwndbg_dd(ctx: Context, session_id: str, address: str, count: int = 16) → str[source]

Dump N dwords (4-byte) at address (WinDbg-style).

pwndbg command: dd Source: pwndbg/commands/windbg.py Category: WinDbg

Parameters:

session_id – The UUID of the session.
address – Address to dump.
count – Number of dwords (default: 16).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/windbg/

async pwndbg_lldb_mcp.pwndbg_dq(ctx: Context, session_id: str, address: str, count: int = 8) → str[source]

Dump N qwords (8-byte) at address (WinDbg-style).

pwndbg command: dq Source: pwndbg/commands/windbg.py Category: WinDbg

Parameters:

session_id – The UUID of the session.
address – Address to dump.
count – Number of qwords (default: 8).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/windbg/

async pwndbg_lldb_mcp.pwndbg_dc(ctx: Context, session_id: str, address: str, count: int = 8) → str[source]

Hexdump with ASCII at address (WinDbg-style).

pwndbg command: dc Source: pwndbg/commands/windbg.py Category: WinDbg

Parameters:

session_id – The UUID of the session.
address – Address to dump.
count – Number of entries (default: 8).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/windbg/

async pwndbg_lldb_mcp.pwndbg_eb(ctx: Context, session_id: str, address: str, data: str) → str[source]

Write hex bytes at address (WinDbg-style).

pwndbg command: eb Source: pwndbg/commands/windbg.py Category: WinDbg

Parameters:

session_id – The UUID of the session.
address – Address to write to.
data – Space-separated hex bytes (e.g. “90 90 90”).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/windbg/

async pwndbg_lldb_mcp.pwndbg_ed(ctx: Context, session_id: str, address: str, data: str) → str[source]

Write hex dwords at address (WinDbg-style).

pwndbg command: ed Source: pwndbg/commands/windbg.py Category: WinDbg

Parameters:

session_id – The UUID of the session.
address – Address to write to.
data – Space-separated hex dwords.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/windbg/

async pwndbg_lldb_mcp.pwndbg_eq(ctx: Context, session_id: str, address: str, data: str) → str[source]

Write hex qwords at address (WinDbg-style).

pwndbg command: eq Source: pwndbg/commands/windbg.py Category: WinDbg

Parameters:

session_id – The UUID of the session.
address – Address to write to.
data – Space-separated hex qwords.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/windbg/

async pwndbg_lldb_mcp.pwndbg_dds(ctx: Context, session_id: str, addr: str) → str[source]

Dump pointers and resolve symbols at address (WinDbg-style).

pwndbg command: dds (aliases: kd, dps, dqs) Source: pwndbg/commands/windbg.py Category: WinDbg

Shows pointer-sized values with symbol resolution, similar to telescope but in WinDbg format.

Parameters:

session_id – The UUID of the session.
addr – Address to dump.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/windbg/

async pwndbg_lldb_mcp.pwndbg_da(ctx: Context, session_id: str, address: str, max_len: int = 256) → str[source]

Dump a string at address (WinDbg-style).

pwndbg command: da Source: pwndbg/commands/windbg.py Category: WinDbg

Parameters:

session_id – The UUID of the session.
address – Address of the string.
max_len – Maximum length to display (default: 256).

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/windbg/

async pwndbg_lldb_mcp.pwndbg_ln(ctx: Context, session_id: str, value: str = None) → str[source]

List the symbols nearest to the provided value.

pwndbg command: ln Source: pwndbg/commands/windbg.py Category: WinDbg

Parameters:

session_id – The UUID of the session.
value – Address or value to look up symbols near.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/windbg/

async pwndbg_lldb_mcp.pwndbg_commpage(ctx: Context, session_id: str, verbose: bool = False) → str[source]

Dump values from the macOS commpage.

pwndbg command: commpage Source: pwndbg/commands/commpage.py Category: Darwin/libsystem/Mach-O

The commpage is a shared memory page on macOS that contains kernel-provided data accessible from userspace without syscalls (CPU features, timestamps, etc.).

Parameters:

session_id – The UUID of the session.
verbose – If True, show all commpage fields.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/commpage/

async pwndbg_lldb_mcp.pwndbg_plist(ctx: Context, session_id: str, path: str, next_field: str, count: int = None) → str[source]

Dump elements of a linked list structure.

pwndbg command: plist Source: pwndbg/commands/plist.py Category: Misc

Walks a linked list starting at path, following the next field, and displaying each element.

Parameters:

session_id – The UUID of the session.
path – Starting address or expression for the list head.
next_field – Name of the ‘next’ pointer field.
count – Optional maximum number of elements to show.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/plist/

async pwndbg_lldb_mcp.pwndbg_config(ctx: Context, session_id: str, filter_pattern: str = None) → str[source]

Show or set pwndbg configuration options.

pwndbg command: config Source: pwndbg/commands/config.py Category: Pwndbg

Without arguments, shows all pwndbg configuration options. With a filter, shows only matching options.

Parameters:

session_id – The UUID of the session.
filter_pattern – Optional pattern to filter config options.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/config/

async pwndbg_lldb_mcp.pwndbg_theme(ctx: Context, session_id: str, filter_pattern: str = None) → str[source]

Show or set pwndbg theme/color configuration.

pwndbg command: theme Source: pwndbg/commands/config.py Category: Pwndbg

Parameters:

session_id – The UUID of the session.
filter_pattern – Optional pattern to filter theme options.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/config/

async pwndbg_lldb_mcp.pwndbg_heap_config(ctx: Context, session_id: str, filter_pattern: str = None) → str[source]

Show heap-related pwndbg configuration.

pwndbg command: heap-config Source: pwndbg/commands/config.py Category: Pwndbg

Parameters:

session_id – The UUID of the session.
filter_pattern – Optional pattern to filter config options.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/config/

async pwndbg_lldb_mcp.pwndbg_pwndbg(ctx: Context, session_id: str, filter_pattern: str = None) → str[source]

List all available pwndbg commands.

pwndbg command: pwndbg Source: pwndbg/commands/pwndbg_.py Category: Pwndbg

Shows a categorized list of all registered pwndbg commands with brief descriptions.

Parameters:

session_id – The UUID of the session.
filter_pattern – Optional pattern to filter commands.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/pwndbg_/

async pwndbg_lldb_mcp.pwndbg_tips(ctx: Context, session_id: str) → str[source]

Show pwndbg usage tips.

pwndbg command: tips Source: pwndbg/commands/tips.py Category: Misc

Parameters:: session_id – The UUID of the session.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/tips/

async pwndbg_lldb_mcp.pwndbg_bugreport(ctx: Context, session_id: str) → str[source]

Generate a bug report with environment information.

pwndbg command: bugreport Source: pwndbg/commands/version.py Category: Pwndbg

Parameters:: session_id – The UUID of the session.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/version/

async pwndbg_lldb_mcp.pwndbg_comm(ctx: Context, session_id: str, addr: str = None, comment: str = None) → str[source]

Add or view comments on assembly addresses.

pwndbg command: comm Source: pwndbg/commands/comments.py Category: Misc

Without arguments, lists all comments. With an address and comment, annotates that address.

Parameters:

session_id – The UUID of the session.
addr – Optional address to comment.
comment – Optional comment text to add.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/comments/

async pwndbg_lldb_mcp.pwndbg_print(ctx: Context, session_id: str, expression: str) → str[source]

Print value of an expression (LLDB native).

Parameters:

session_id – The UUID of the session.
expression – The expression to evaluate and print.

async pwndbg_lldb_mcp.pwndbg_examine(ctx: Context, session_id: str, expression: str, format: str = 'x', count: int = 1) → str[source]

Examine memory at an address with a specified format (LLDB native).

Parameters:

session_id – The UUID of the session.
expression – Address expression to examine.
format – Format — x (hex), d (decimal), u (unsigned), o (octal), t (binary), i (instruction), c (char), f (float), s (string).
count – Number of elements to display.

async pwndbg_lldb_mcp.pwndbg_backtrace(ctx: Context, session_id: str, full: bool = False, limit: int = None) → str[source]

Show call stack backtrace (LLDB native).

Parameters:

session_id – The UUID of the session.
full – If True, show all frames including library frames.
limit – Optional limit on frame count.

async pwndbg_lldb_mcp.pwndbg_frame_info(ctx: Context, session_id: str, frame_index: int = 0) → str[source]

Get detailed information about a stack frame (LLDB native).

Parameters:

session_id – The UUID of the session.
frame_index – Frame index (0 = current frame).

async pwndbg_lldb_mcp.pwndbg_expression(ctx: Context, session_id: str, expression: str) → str[source]

Evaluate an expression in the current frame (LLDB native).

Parameters:

session_id – The UUID of the session.
expression – The expression to evaluate.

async pwndbg_lldb_mcp.pwndbg_process_info(ctx: Context, session_id: str) → str[source]

Get LLDB process status and info (LLDB native).

Parameters:: session_id – The UUID of the session.

async pwndbg_lldb_mcp.pwndbg_help(ctx: Context, session_id: str, command: str = None) → str[source]

Get help for a command (LLDB native or pwndbg).

Parameters:

session_id – The UUID of the session.
command – Optional command name to get help for.

async pwndbg_lldb_mcp.pwndbg_r2(ctx: Context, session_id: str, args: str = '') → str[source]

Execute a radare2 command on the current binary.

pwndbg command: r2 Source: pwndbg/commands/radare2.py Category: Integrations

Requires radare2 (r2) to be installed. Passes the command to r2 for analysis of the loaded binary.

Parameters:

session_id – The UUID of the session.
args – radare2 command arguments.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/radare2/

async pwndbg_lldb_mcp.pwndbg_rz(ctx: Context, session_id: str, args: str = '') → str[source]

Execute a Rizin command on the current binary.

pwndbg command: rz Source: pwndbg/commands/rizin.py Category: Integrations

Requires Rizin to be installed.

Parameters:

session_id – The UUID of the session.
args – Rizin command arguments.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/rizin/

async pwndbg_lldb_mcp.pwndbg_kbase(ctx: Context, session_id: str) → str[source]

Show the kernel base address.

pwndbg command: kbase Source: pwndbg/commands/kbase.py Category: Kernel

Parameters:: session_id – The UUID of the session.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/kbase/

async pwndbg_lldb_mcp.pwndbg_kchecksec(ctx: Context, session_id: str) → str[source]

Check kernel security configuration (KASLR, SMEP, SMAP, etc.).

pwndbg command: kchecksec Source: pwndbg/commands/kchecksec.py Category: Kernel

Parameters:: session_id – The UUID of the session.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/kchecksec/

async pwndbg_lldb_mcp.pwndbg_kcmdline(ctx: Context, session_id: str) → str[source]

Show the kernel command line.

pwndbg command: kcmdline Source: pwndbg/commands/kcmdline.py Category: Kernel

Parameters:: session_id – The UUID of the session.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/kcmdline/

async pwndbg_lldb_mcp.pwndbg_kconfig(ctx: Context, session_id: str, filter_str: str = None) → str[source]

Show kernel config options.

pwndbg command: kconfig Source: pwndbg/commands/kconfig.py Category: Kernel

Parameters:

session_id – The UUID of the session.
filter_str – Optional pattern to filter config entries.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/kconfig/

async pwndbg_lldb_mcp.pwndbg_kdmesg(ctx: Context, session_id: str) → str[source]

Show kernel log messages (dmesg).

pwndbg command: kdmesg Source: pwndbg/commands/kdmesg.py Category: Kernel

Parameters:: session_id – The UUID of the session.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/kdmesg/

async pwndbg_lldb_mcp.pwndbg_kmod(ctx: Context, session_id: str, filter_str: str = None) → str[source]

Show loaded kernel modules.

pwndbg command: kmod Source: pwndbg/commands/kmod.py Category: Kernel

Parameters:

session_id – The UUID of the session.
filter_str – Optional pattern to filter modules.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/kmod/

async pwndbg_lldb_mcp.pwndbg_ksyscalls(ctx: Context, session_id: str) → str[source]

Show syscall table information.

pwndbg command: ksyscalls Source: pwndbg/commands/ksyscalls.py Category: Kernel

Parameters:: session_id – The UUID of the session.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/ksyscalls/

async pwndbg_lldb_mcp.pwndbg_slab(ctx: Context, session_id: str, cache_name: str = None) → str[source]

Display kernel slab cache information.

pwndbg command: slab Source: pwndbg/commands/slab.py Category: Kernel

Parameters:

session_id – The UUID of the session.
cache_name – Optional slab cache name to inspect.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/slab/

async pwndbg_lldb_mcp.pwndbg_pagewalk(ctx: Context, session_id: str, address: str) → str[source]

Walk page tables for a virtual address.

pwndbg command: pagewalk Source: pwndbg/commands/paging.py Category: Kernel

Shows the full page table walk: PGD → P4D → PUD → PMD → PTE, with the physical frame number and page flags at each level.

Parameters:

session_id – The UUID of the session.
address – Virtual address to walk.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/paging/

async pwndbg_lldb_mcp.pwndbg_ktask(ctx: Context, session_id: str, pid: int = None) → str[source]

Show kernel task/process information.

pwndbg command: ktask Source: pwndbg/commands/ktask.py Category: Kernel

Parameters:

session_id – The UUID of the session.
pid – Optional PID to show info for.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/ktask/

async pwndbg_lldb_mcp.pwndbg_kversion(ctx: Context, session_id: str) → str[source]

Show kernel version.

pwndbg command: kversion Source: pwndbg/commands/kversion.py Category: Kernel

Parameters:: session_id – The UUID of the session.

See: https://pwndbg.re/2025.05.30/reference/pwndbg/commands/kversion/