Dwarf¶

class revenge.plugins.dwarf.Dwarf(process, module=None)[source]¶

Bases: revenge.plugins.Plugin

Lookup Dwarf debugging information from the file.

Examples

dwarf = process.modules['*libc'].dwarf

# Show all known function names and their address and size
print(dwarf.functions)

# Print the first instruction block in main
print(dwarf.functions['main'].instruction_block)

add_source_path(path)[source]¶

Adds the given path to the list of directories to look for source code in.

Parameters: path (str, bytes) – Path to add to our search

property base_address¶

What is the binary’s defined base address.

Type: int

decompile_address(address)[source]¶

Lookup the corresponding decompiled code for a given address.

Parameters: address (int) – The address to look up decompiled code.
Returns: Decompiled output or None if no corresponding decompile was found.
Return type: revenge.plugins.decompiler.decompiled.Decompiled

decompile_function(address)[source]¶

property decompiler¶: ‘Decompiler’ using dwarf.

property functions¶

Dictionary of function_name -> MemoryBytes.

Type: dict

property has_debug_info¶

Does this module actually have debugging info?

Type: bool

lookup_file_line(address)[source]¶

Given the address, try to resolve what the source file name and line are

Parameters: address (int) – Address to lookup file line info
Returns: (filename,line) or None, None if it wasn’t found.
Return type: tuple

Example

mybin = process.module['mybin']
filename, line = mybin.dwarf.lookup_file_line(mybin.dwarf.functions[b'main'].address)

lookup_function(address)[source]¶

Lookup corresponding function that contains this address.

Parameters: address (int) – Address inside function
Returns: The name of the function or None if lookup fails.
Return type: bytes