{"id":16714038,"url":"https://github.com/therealdreg/lldb_reversing","last_synced_at":"2025-04-10T06:09:46.462Z","repository":{"id":237506996,"uuid":"794586662","full_name":"therealdreg/lldb_reversing","owner":"therealdreg","description":"Dreg's setup for lldb reversing. The simplest and easiest possible, without scripting. lldb debugging setup.","archived":false,"fork":false,"pushed_at":"2024-05-02T22:21:57.000Z","size":6,"stargazers_count":13,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-24T07:13:52.149Z","etag":null,"topics":["debugging","debugging-tools","freebsd","lldb","lldb-debugger","lldb-frontend","lldb-reversing","lldb-script","lldbinit","python","reverse-engineering","reversing"],"latest_commit_sha":null,"homepage":"https://rootkit.es","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/therealdreg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["therealdreg"],"patreon":"dreg","custom":["https://www.paypal.me/therealdreg","https://www.paypal.me/therealdreg"]}},"created_at":"2024-05-01T14:25:32.000Z","updated_at":"2025-03-05T02:17:43.000Z","dependencies_parsed_at":"2024-05-02T09:30:28.441Z","dependency_job_id":"813baa54-73c3-4556-a4e8-137555ba704e","html_url":"https://github.com/therealdreg/lldb_reversing","commit_stats":null,"previous_names":["therealdreg/lldb_reversing"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Flldb_reversing","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Flldb_reversing/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Flldb_reversing/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Flldb_reversing/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/therealdreg","download_url":"https://codeload.github.com/therealdreg/lldb_reversing/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248166925,"owners_count":21058481,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["debugging","debugging-tools","freebsd","lldb","lldb-debugger","lldb-frontend","lldb-reversing","lldb-script","lldbinit","python","reverse-engineering","reversing"],"created_at":"2024-10-12T20:48:56.297Z","updated_at":"2025-04-10T06:09:46.422Z","avatar_url":"https://github.com/therealdreg.png","language":null,"funding_links":["https://github.com/sponsors/therealdreg","https://patreon.com/dreg","https://www.paypal.me/therealdreg"],"categories":[],"sub_categories":[],"readme":"# lldb_reversing\nDreg's setup for lldb reversing. The simplest and easiest possible, without scripting. lldb debugging setup.\n\nFeatures: starti, hexdump, context layout (stack + disasm + regs), intel syntax, disasm including opcodes, rflags easy use...\n\n![image](https://github.com/therealdreg/lldb_reversing/assets/9882181/71e0effa-73a8-4103-8114-b757ef4e96e7)\n\nThis repository can serve as template for customizing your LLDB, creating your own Python scripts for LLDB, how to make LLDB aliases that accept arguments, etc...\n\n## Setup\n\nJust create this file: ~/.lldbinit \n\n### x32-bit setup:\n```\nsettings set stop-disassembly-display never\nsettings set target.x86-disassembly-flavor intel\ncommand alias starti process launch --stop-at-entry\ncommand alias regs register read eax ebx ecx edx edi esi ebp esp pc rflags\ncommand alias diss di -b -c 10 -A i386 -s $pc\ncommand alias dissn di -b -c %1 -A i386 -s $pc\ncommand regex dissp 's|(.+)|di -b -A i386 -c 10 -s %1|'\ncommand alias disspn di -b -A i386 -c %1\ncommand alias ss memory read -s 4 -c 10 -l 1 -f x $sp\ncommand alias ssn memory read -s 4 -c %1 -l 1 -f x $sp\ncommand regex ssp 's|(.+)|memory read -s 4 -c 10 -l 1 -f x %1|'\ncommand alias sspn memory read -s 4 -c %1 -l 1 -f x\ncommand regex hexdump 's|(.+)|memory read -s 1 -c 128 -l 16 -f Y %1|'\ncommand alias hexdumpn memory read -s 1 -c %1 -l 16 -f Y\ncommand alias ctx script lldb.debugger.HandleCommand('regs'); lldb.debugger.HandleCommand('diss'); lldb.debugger.HandleCommand('ss');\nta st a -o \"ctx\"\n\n#uncomment for pfl support\n#command script import ~/pfl.py\n#command alias regs script lldb.debugger.HandleCommand('register read eax ebx ecx edx edi esi ebp esp pc') ; lldb.debugger.HandleCommand('pfl')\n```\n\n### x64-bit setup:\n```\nsettings set stop-disassembly-display never\nsettings set target.x86-disassembly-flavor intel\ncommand alias starti process launch --stop-at-entry\ncommand alias regs register read rax rbx rcx rdx rdi rsi rbp rsp r8 r9 r10 r11 r12 r13 r14 r15 pc rflags\ncommand alias diss di -b -c 10 -A x86_64  -s $pc\ncommand alias dissn di -b -c %1 -A x86_64  -s $pc\ncommand regex dissp 's|(.+)|di -b -A x86_64 -c 10 -s %1|'\ncommand alias disspn di -b -A x86_64 -c %1   \ncommand alias ss memory read -s 8 -c 10 -l 1 -f x $sp\ncommand alias ssn memory read -s 8 -c %1 -l 1 -f x $sp\ncommand regex ssp 's|(.+)|memory read -s 8 -c 10 -l 1 -f x %1|'\ncommand alias sspn memory read -s 8 -c %1 -l 1 -f x\ncommand regex hexdump 's|(.+)|memory read -s 1 -c 128 -l 16 -f Y %1|'\ncommand alias hexdumpn memory read -s 1 -c %1 -l 16 -f Y\ncommand alias ctx script lldb.debugger.HandleCommand('regs'); lldb.debugger.HandleCommand('diss'); lldb.debugger.HandleCommand('ss');\nta st a -o \"ctx\"\n\n#uncomment for pfl support\n#command script import ~/pfl.py\n#command alias regs script lldb.debugger.HandleCommand('register read rax rbx rcx rdx rdi rsi rbp rsp r8 r9 r10 r11 r12 r13 r14 r15 pc') ; lldb.debugger.HandleCommand('pfl')\n```\n\n-----\n\nThis script is super simple, customize it to your needs... \n\nIf you want to use both 32-bit and 64-bit on the same machine here a dirty trick: \n\nCreate different lldbinit files in your home directory, one for 32-bit ( ~/32_.lldbinit ) and one for 64-bit ( ~/64_.lldbinit ), and create two aliases in your ~/.bashrc:\n```\nalias lldb32=\"ln -f -s ~/32_.lldbinit ~/.lldbinit \u0026\u0026 lldb\"\nalias lldb64=\"ln -f -s ~/64_.lldbinit ~/.lldbinit \u0026\u0026 lldb\"\nsource ~/.bashrc\n```\n\nExample of use:\n\n```\nlldb32 -- ./program32bits firstparam secondparam\nlldb64 -- ./program64bits firstparam secondparam\n```\n\n----\n\n**NOTE**: I'm using 's|\n\nIn regular expressions, the forward slash / is often used as a delimiter. An alternative delimiter | is used. This allows the regex to cleanly separate the pattern from the rest of the command without misunderstanding the slashes as part of regex syntax. \n\nWhy? Because some GDB commands use /. For example: x/10x, and this way we can use the / character without any problem. For example:\n```\ncommand regex newcmd 's|(.+)|x/1xw %1+16|'\n```\n\nPractical example:\n```\nnewcmd $sp\n```\n\nExecuted LLDB Command:\n```\nx/1xw $sp+16\n```\n\n-----\n\nPython-chr() trick could also be used to avoid regex error. For example using: ' (ASCII 39):\n```\ncommand regex newcmd 's|(.+)|script lldb.debugger.HandleCommand(\"memory read -s 1 -c 128 -l 16 -f Y \" + chr(39) + \"(char *)(%1+8)\" + chr(39));|'\n```\n\nchr(39) is used to insert single quotes, ensuring that it is correctly interpreted as a string without breaking the overall command syntax due to unescaped quotes\n\nPractical example:\n```\nnewcmd $sp\n```\n\nExecuted LLDB Command:\n```\nscript lldb.debugger.HandleCommand(\"memory read -s 1 -c 128 -l 16 -f Y '(char *)($sp+8)'\")\n```\n\nFinal command:\n```\nmemory read -s 1 -c 128 -l 16 -f Y '(char *)($sp+8)'\n```\n\n## Commands\n\n- **pfl** (disabled by default): Displays the state of register flags\n```\n(lldb) pfl\nrflags: 0x0000000000000202 [IF]\n```\n- **spfl** +zf -pf (disabled by default): Sets register flags according to the provided modifiers: + or -\n```\nrflags: 0x0000000000000246 [PF ZF IF]\n(lldb) spfl +CF -ZF\n(lldb) pfl\nrflags: 0x0000000000000207 [CF PF IF]\n```\n- **ctx**:  Displays the current context, including registers, disassembly, and stack\n```\n(lldb) ctx\n     eax = 0x00000000\n     ebx = 0xffffdff0\n     ecx = 0x00000000\n     edx = 0x00000000\n     edi = 0x00000000\n     esi = 0x00000000\n     ebp = 0x00000000\n     esp = 0xffffd67c\n     rip = 0x0000000008048080\n-\u003e  0x8048080: 6a 26           push   0x26\n    0x8048082: 68 9c 90 04 08  push   0x804909c\n    0x8048087: 6a 01           push   0x1\n    0x8048089: b8 04 00 00 00  mov    eax, 0x4\n    0x804808e: 50              push   eax\n    0x804808f: cd 80           int    0x80\n    0x8048091: 6a 00           push   0x0\n    0x8048093: b8 01 00 00 00  mov    eax, 0x1\n    0x8048098: 50              push   eax\n    0x8048099: cd 80           int    0x80\n0xffffd67c: 0x00000001\n0xffffd680: 0xffffd8b0\n0xffffd684: 0x00000000\n0xffffd688: 0xffffd8ca\n0xffffd68c: 0xffffd8d4\n0xffffd690: 0xffffd90a\n0xffffd694: 0xffffd917\n0xffffd698: 0xffffd927\n0xffffd69c: 0xffffd943\n0xffffd6a0: 0xffffd958\nrflags: 0x0000000000000207 [CF PF IF]\n```\n- **ss**: Displays a summary of the stack\n```\n     esp = 0xffffd67c\n(lldb) ss\n0xffffd67c: 0x00000001\n0xffffd680: 0xffffd8b0\n0xffffd684: 0x00000000\n0xffffd688: 0xffffd8ca\n0xffffd68c: 0xffffd8d4\n0xffffd690: 0xffffd90a\n0xffffd694: 0xffffd917\n0xffffd698: 0xffffd927\n0xffffd69c: 0xffffd943\n0xffffd6a0: 0xffffd958\n```\n- **ssn** 4: Displays a user-specified number of entries from the stack pointer\n```\n     esp = 0xffffd67c\n(lldb) ssn 4\n0xffffd67c: 0x00000001\n0xffffd680: 0xffffd8b0\n0xffffd684: 0x00000000\n0xffffd688: 0xffffd8ca\n```\n- **ssp** $pc+4: Displays a list of pointers (stack-style) at the specified address\n```\n     rip = 0x0000000008048080\n(lldb) ssp $pc+4\n0x08048084: 0x6a080490\n0x08048088: 0x0004b801\n0x0804808c: 0xcd500000\n0x08048090: 0xb8006a80\n0x08048094: 0x00000001\n0x08048098: 0x0080cd50\n0x0804809c: 0x6c6c6548\n0x080480a0: 0x7244206f\n0x080480a4: 0x66206765\n0x080480a8: 0x206d6f72\n```\n- **sspn** 3 $pc+4: Displays a user-specified number list of pointers (stack-style) at the specified address\n```\n     rip = 0x0000000008048080\n(lldb) sspn 3 $pc+4\n0x08048084: 0x6a080490\n0x08048088: 0x0004b801\n0x0804808c: 0xcd500000\n```\n- **hexdump** $pc+2: Displays the content in hexadecimal+ascii format at the specified address\n```\n     rip = 0x0000000008048080\n(lldb) hexdump $pc+2\n0x08048082: 68 9c 90 04 08 6a 01 b8 04 00 00 00 50 cd 80 6a  h....j......P..j\n0x08048092: 00 b8 01 00 00 00 50 cd 80 00 48 65 6c 6c 6f 20  ......P...Hello \n0x080480a2: 44 72 65 67 20 66 72 6f 6d 20 33 32 20 62 69 74  Dreg from 32 bit\n0x080480b2: 20 63 6f 64 65 20 46 72 65 65 42 53 44 21 21 0a   code FreeBSD!!.\n0x080480c2: 00 2e 73 68 73 74 72 74 61 62 00 2e 74 65 78 74  ..shstrtab..text\n0x080480d2: 00 2e 64 61 74 61 00 00 00 00 00 00 00 00 00 00  ..data..........\n0x080480e2: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n0x080480f2: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n```\n- **hexdumpn** 30 $pc+0x10: Displays a user-specified number of bytes in hexadecimal+ascii format at the specified address\n```\n     rip = 0x0000000008048080\n(lldb) hexdumpn 30 $pc+0x10\n0x08048090: 80 6a 00 b8 01 00 00 00 50 cd 80 00 48 65 6c 6c  .j......P...Hell\n0x080480a0: 6f 20 44 72 65 67 20 66 72 6f 6d 20 33 32        o Dreg from 32\n```\n- **regs**: Displays the values of registers\n```\n(lldb) regs\n     eax = 0x00000000\n     ebx = 0xffffdff0\n     ecx = 0x00000000\n     edx = 0x00000000\n     edi = 0x00000000\n     esi = 0x00000000\n     ebp = 0x00000000\n     esp = 0xffffd67c\n     rip = 0x0000000008048080\nrflags: 0x0000000000000207 [CF PF IF]\n```\n- **diss**: Displays the disassembly of instructions + opcodes\n```\n     rip = 0x0000000008048080\n(lldb) diss\n-\u003e  0x8048080: 6a 26           push   0x26\n    0x8048082: 68 9c 90 04 08  push   0x804909c\n    0x8048087: 6a 01           push   0x1\n    0x8048089: b8 04 00 00 00  mov    eax, 0x4\n    0x804808e: 50              push   eax\n    0x804808f: cd 80           int    0x80\n    0x8048091: 6a 00           push   0x0\n    0x8048093: b8 01 00 00 00  mov    eax, 0x1\n    0x8048098: 50              push   eax\n    0x8048099: cd 80           int    0x80\n```\n- **dissn** 2: Displays a user-specified number of instructions + opcodes\n```\n     rip = 0x0000000008048080\n(lldb) dissn 2\n-\u003e  0x8048080: 6a 26           push   0x26\n    0x8048082: 68 9c 90 04 08  push   0x804909c\n```\n- **dissp** $pc-10: Displays the disassembly of instructions + opcodes at the specified address\n```\n     rip = 0x0000000008048080\n(lldb) dissp $pc-10\n    0x8048076: 00 00           add    byte ptr [eax], al\n    0x8048078: 00 00           add    byte ptr [eax], al\n    0x804807a: 00 00           add    byte ptr [eax], al\n    0x804807c: 00 00           add    byte ptr [eax], al\n    0x804807e: 00 00           add    byte ptr [eax], al\n-\u003e  0x8048080: 6a 26           push   0x26\n    0x8048082: 68 9c 90 04 08  push   0x804909c\n    0x8048087: 6a 01           push   0x1\n    0x8048089: b8 04 00 00 00  mov    eax, 0x4\n    0x804808e: 50              push   eax\n```\n- **disspn** 5 -s $pc+2: Displays a user-specified number of instructions + opcodes at the specified address\n```\n     rip = 0x0000000008048080\n(lldb) disspn 5 -s $pc+2\n    0x8048082: 68 9c 90 04 08  push   0x804909c\n    0x8048087: 6a 01           push   0x1\n    0x8048089: b8 04 00 00 00  mov    eax, 0x4\n    0x804808e: 50              push   eax\n    0x804808f: cd 80           int    0x80\n```\n- **starti**: Initiates program execution and stops at the first entry point\n```\ndreg@~$ lldb asm/helloworld\nStop hook #1 added.\nwarning: Overwriting existing definition for 'regs'.\n(lldb) target create \"asm/helloworld\"\nCurrent executable set to '/home/dreg/asm/helloworld' (i386).\n(lldb) starti\n     eax = 0x00000000\n     ebx = 0xffffdff0\n....\n```\n\nOnce the execution is finished, if you want to use starti again, you must rerun the target command, for example: \n```\ntarget create asm/helloworld\nstarti\n```\n\n### spfl \u0026 pfl (format \u0026 set rflags)\n\nI'm making an exception by adding this script because visualizing+set the rflags in a simple way is something fundamental...\n\nTo enable pfl+spfl command uncomment the last two lines of the file: ~/.lldbinit:\n\nNow, create ~/pfl.py file:\n```\n# mod by Dreg from: https://gist.github.com/stek29/cdbbbe018f0aaf0b2a9a58c9173becb8\n# show rflags: pfl\n# set rflags: spfl +zf -pf\n\nimport lldb\nimport shlex\n\nFLAGS = [\n\t['CF', 'Carry Flag'],\n\t[None, 'Reserved'],\n\t['PF', 'Parity Flag'],\n\t[None, 'Reserved'],\n\t['AF', 'Adjust Flag'],\n\t[None, 'Reserved'],\n\t['ZF', 'Zero Flag'],\n\t['SF', 'Sign Flag'],\n\t['TF', 'Trap Flag'],\n\t['IF', 'Interrupt Enable Flag'],\n\t['DF', 'Direction Flag'],\n\t['OF', 'Overflow Flag'],\n\t['IOPL_H', 'I/O privilege level High bit'],\n\t['IOPL_L', 'I/O privilege level Low bit'],\n\t['NT', 'Nested Task Flag'],\n\t[None, 'Reserved'],\n\n\t# eflags\n\t['RF', 'Resume Flag'],\n\t['VM', 'Virtual 8086 mode flag'],\n\t['AC', 'Alignment check'],\n\t['VIF', 'Virtual interrupt flag'],\n\t['VIP', 'Virtual interrupt pending'],\n\t['ID', 'Able to use CPUID instruction'],\n\t# 22-31 reserved\n\n\t# rflags 32-63 reserved\n]\n\ndef parse_flags(val):\n\t\"\"\" Returns list of set flags \"\"\"\n\tset_flags = list()\n\n\tfor bit, desc in enumerate(FLAGS):\n\t\tif val \u0026 (1 \u003c\u003c bit) and desc[0] is not None:\n\t\t\tset_flags.append(desc)\n\n\treturn set_flags\n\ndef flag_list_to_str(l):\n\treturn ' '.join((desc[0] for desc in l))\n\ndef get_flags_reg(frame):\n\tgrs = list()\n\t\n\tfor rs in frame.GetRegisters():\n\t\tif rs.GetName().lower() == 'general purpose registers':\n\t\t\tgrs = rs\n\t\t\tbreak\n\n\tfor reg in grs:\n\t\tif 'flags' in reg.GetName():\n\t\t\treturn reg\n\n\treturn None\n\ndef fmt_lst(fl_reg, lst):\n\tval = fl_reg.GetValueAsUnsigned()\n\tlst = [x.upper() for x in lst]\n\tfound = list()\n\n\tfor bit, desc in enumerate(FLAGS):\n\t\tif desc[0] is not None and desc[0] in lst:\n\t\t\tlst.remove(desc[0])\n\t\t\tfound.append([desc[0], bool(val \u0026 (1 \u003c\u003c bit))])\n\n\tret = list()\n\t# lst must be empty at this point\n\t# anything left wasn't found\n\tif lst:\n\t\tret.append('ERROR: Unknown flags: [%s]' % ' '.join(lst))\n\n\tfor x in found:\n\t\tret.append('%s: %d'%(x[0], int(x[1])))\n\n\treturn '\\n'.join(ret)\n\ndef fmt_short(fl_reg):\n\tval = fl_reg.GetValueAsUnsigned()\n\treg_print_width = fl_reg.GetByteSize() * 2\n\tdescs = parse_flags(val)\n\n\treturn ('%s: 0x%.*x [%s]' % (\n\t\tfl_reg.GetName(), \t\t# register name\n\t\treg_print_width, \t\t# how many hex digits to print\n\t\tval, \t\t\t\t\t# value\n\t\tflag_list_to_str(descs) # parsed value (list of set flags)\n\t))\n\ndef modify_flags(debugger, fl_reg, modifications):\n    val = fl_reg.GetValueAsUnsigned()\n    for mod in modifications:\n        if mod[0] == '+':\n            # Set the flag\n            flag_bit = [desc[0] for desc in FLAGS].index(mod[1:].upper())\n            val |= (1 \u003c\u003c flag_bit)\n        elif mod[0] == '-':\n            # Clear the flag\n            flag_bit = [desc[0] for desc in FLAGS].index(mod[1:].upper())\n            val \u0026= ~(1 \u003c\u003c flag_bit)\n    debugger.HandleCommand('register write rflags ' + hex(val))\n\ndef spfl(debugger, command, result, internal_dict):\n    target = debugger.GetSelectedTarget()\n    process = target.GetProcess()\n    thread = process.GetSelectedThread()\n    frame = thread.GetSelectedFrame()\n\n    fl_reg = get_flags_reg(frame)\n    if fl_reg is None:\n        print(\"ERROR: Cant find flags register!\")\n        return\n\n    lst = shlex.split(command)\n\n    if lst:\n        modifications = lst[0:]\n        modify_flags(debugger, fl_reg, modifications)\n\ndef pfl(debugger, command, result, internal_dict):\n\ttarget = debugger.GetSelectedTarget()\n\tprocess = target.GetProcess()\n\tthread = process.GetSelectedThread()\n\tframe = thread.GetSelectedFrame()\n\n\tfl_reg = get_flags_reg(frame)\n\tif fl_reg is None:\n\t\tprint(\"ERROR: Cant find flags register!\")\n\t\treturn\n\n\tlst = shlex.split(command)\n\n\tret = ''\n\n\tif lst:\n\t\t# dirty argparse hack\n\t\t# XXX handle flags and eflags diff for fun? :)\n\t\tif '-l' in lst:\n\t\t\tlst = [desc[0] for desc in FLAGS if desc[0] is not None]\n\n\t\tret = fmt_lst(fl_reg, lst)\n\telse:\n\t\tret = fmt_short(fl_reg)\n\n\tprint(ret)\n\nif __name__ == '__main__':\n    lldb.SBDebugger.Initialize()\n    debugger = lldb.SBDebugger.Create()\n    \n    lldb.SBDebugger.Destroy(debugger)\n    lldb.SBDebugger.Terminate()\n\ndef __lldb_init_module(debugger, internal_dict):\n\tdebugger.HandleCommand('command script add -f pfl.pfl pfl')\n\tdebugger.HandleCommand('command script add -f pfl.spfl spfl')\n```\n\nDone!\n\n----\n\n**WARNING**: I'll only accept PRs that maintain the spirit of keeping it super simple. If you want something more advanced, use llef \n\nhttps://github.com/foundryzero/llef\n\n![image](https://github.com/therealdreg/lldb_reversing/assets/9882181/7301e1ed-637b-4059-a32f-1f2985a6125b)\n\n----\n\n# Tips \u0026 tricks\n\nSet register:\n```\nregister write $eax `$ebx+2`\n```\n\nDereference pointer:\n```\nhexdump '*(char **)($sp+4)'\n```\n\nConditional breakpoint:\n```\nbr set -a `$pc+2` -c '$eax==4'\n```\n\nHexdump a big chunk:\n```\nhexdumpn 3000 $sp --force\n```\n\nPython args (two):\n```\nscript lldb.debugger.HandleCommand(\"process launch --stop-at-entry -- {0} {1}\".format(\"\\x41\"*90, \"/home/dreg/AAA\"))\n```\n\nstdin from file (~ char can cause problems):\n```\nprocess launch --stop-at-entry --stdin /home/dreg/poc.txt\n```\n\n# Good doc\n\n- GDB to LLDB command map: https://lldb.llvm.org/use/map.html\n- https://stackoverflow.com/questions/10198975/how-can-i-create-a-lldb-alias-that-evaluates-its-argument-using-expression\n- https://stackoverflow.com/questions/7690181/i-cant-get-this-simple-lldb-alias-to-work/12195214#12195214\n```\nIt seems arguments (%1, %2, etc) doesn't work to alias an expression. There is a workaround by using a regular expression instead:\n\ncommand regex ps 's/(.+)/print [self %1]/'\n\nIn \"command alias\" the %N substitutions only work for complete argument or option values and not for parts of an argument or option value. That limitation, and not something specific to expressions, is why the examples in this question don't work. –\nJim Ingham Jan 14, 2014 at 18:25\n```\n\n# Tested\n\n```\ndreg@~$ uname -a\nFreeBSD rootkit 14.0-RELEASE FreeBSD 14.0-RELEASE #0 releng/14.0-n265380-f9716eee8ab4: Fri Nov 10 05:57:23 UTC 2023     root@releng1.nyi.freebsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64\ndreg@~$ lldb --version\nlldb version 15.0.7\ndreg@~$ lldb -P\n/usr/local/llvm15/lib/python3.9/site-packages\n\n(lldb) script import sys\n(lldb) script sys.version\n'3.9.18 (main, Apr  9 2024, 01:10:56) \\n[Clang 16.0.6 (https://github.com/llvm/llvm-project.git llvmorg-16.0.6-0-g7cbf1'\n(lldb) script sys.path\n['/usr/local/llvm15/lib', '/home/dreg', '/usr/local/llvm15/lib/python3.9/site-packages', '/usr/local/lib/python39.zip', '/usr/local/lib/python3.9', '/usr/local/lib/python3.9/lib-dynload', '/usr/local/lib/python3.9/site-packages', '.']\n```\n \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftherealdreg%2Flldb_reversing","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftherealdreg%2Flldb_reversing","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftherealdreg%2Flldb_reversing/lists"}