This is a hotfix release for the 2026.02.17 recent release.

This release brings A LOT: radare2-inspired branch visualization in nearpc disassembly, new decompiler integration (supporting IDA, Binary Ninja, Ghidra and angr), stack variable annotations from debug info, new kernel debugging commands: kmem-trace for tracing allocations, kcurrent/kfile/pagewalk to dump kernel tasks info or memory pages information; LLDB core file support, new compact register display modes and many fixes and improvements.

We also release:

• debuginfod client enabled by default in Pwndbg portable releases
• niche-elf, a fast library to build minimal ELFs with symbols, used in Pwndbg

The portable release also sets the DEBUGINFOD_URLS=debuginfod.pwndbg.re to a debuginfod server we developed which contains debug symbols from multiple different mainstream distros (ubuntu, centos, nix, debian, fedora, opensuse, systemtap, archlinux and others). We will open source the server soon.

Branch visualization showcase:

See What's changed below for more info. Big thanks to everyone who made this possible!

Also, please sponsor the project to let us keep improving!

Quick install

Install Pwndbg portable on Linux or macOS (choose one line for GDB or LLDB):

curl --proto '=https' --tlsv1.2 -LsSf 'https://install.pwndbg.re' | sh -s -- -t pwndbg-gdb
curl --proto '=https' --tlsv1.2 -LsSf 'https://install.pwndbg.re' | sh -s -- -t pwndbg-lldb

Homebrew package (macOS only; choose one line for GDB or LLDB):

brew install pwndbg/tap/pwndbg-gdb  # only allows for remote debugging of ELFs
brew install pwndbg/tap/pwndbg-lldb

Nix package manager (Linux/macOS; choose one line for GDB or LLDB):

nix shell github:pwndbg/pwndbg  # this is pwndbg-gdb
nix shell github:pwndbg/pwndbg#pwndbg-lldb

Other options:

• Want specific distro and architecture package? Check out setup docs and download the specific asset below.
• Want latest development version? See install from source.

What's changed

Breaking Changes

• Removed deprecated underscore command aliases (e.g. heap_config -> heap-config) (#3383)
• Replaced all pwndbg.aglib.regs["x"] bracket access with pwndbg.aglib.regs.read_reg("x") (#3440)
• Dropped ppc64 big-endian portable release (#3424)

Debuginfod Server

We developed and open-sourced our own debuginfod server and host it at debuginfod.pwndbg.re. It is now enabled by default in our gdb-for-pwndbg release and in portable releases. If you use your own system GDB, you can enable it manually by setting the DEBUGINFOD_URLS environment variable. This means debug symbols for system libraries are automatically fetched when available, making debugging significantly easier out of the box.

Disassembly

Branch visualization - visualize branch sources and targets in nearpc output using Unicode characters, inspired by radare2. Enabled by default, disable with -n | -no-branch flag (#3361)
Disassemble entire function - nearpc -f <funcname> can now display all instructions of a function at once (#3736)

• nearpc -r and nearpc -t parameters - control the number of previous instructions (-r) and total instructions (-t) displayed (#3357)

Decompiler Integration

We now use decomp2dbg for decompiler integration/synchronization - and support IDA, Binary Ninja, Ghidra and angr-management as decompiler backend. Symbols are added to the debugger, function locals appear in annotations and the stack, and the decompiled code is shown in the appropriate context panel. Works with both GDB and LLDB (#3401). See https://pwndbg.re/dev/tutorials/decompiler-integration/ for more information.

Context & Display

• Reworked compact register displays - Added set show-compact-regs very|harcut modes for a more condensed view (#3535)

set show-compact-regs very:

set show-compact-regs hardcut:

• Stack variables from debug info - when debug info is present, stack variable names and offsets are displayed in the context (#3451)

• Added ctx -a - to display all context sections at once (#3580)

• Added last signal context panel - to display the last signal received by the debugee (#3532)

• Added set context-backtrace-hex on - to configure offset values to be displayed in hexadecimal in the backtrace context panel (#3754)

• Added context-tui-adjust-height on|off for GDB - that determines if sections fill full height of terminal in TUI mode (#3511)

• Added set vis-skip-repeating-val on|off - that makes the vis command skip repeated lines with ... ↓ N repeated lines skipped text (#3504)

  Linux Kernel Debugging

• Added kmem-trace command - to trace allocations and frees for the SLUB and buddy Linux kernel allocators (#3379)

• Added kcurrent [pid] [-set], kfile [pid] [-fd [fd]] - to display info about current or given kernel task, file descriptors accessible by current or given kernel task (#3370)
• The pagewalk can now walk pagetables of different kernel tasks - when debug info exists (#3370)
• Speed up page table scanning (#3394)
• Added support for CONFIG_SLAB_VIRTUAL and SLUB for kernel >= 6.18 (#3689)
• Fixed kernel panicking due to GDB superblock bug (#3694)
• Added various kernel debugging performance and stability fixes (#3575, #3390)

LLDB

• Added support for core file loading and debugging (#3605)
• Added starti command (#3593)
• Added hint for System Integrity Protection (SIP) on macOS when launch/attach fails (#3710)

General

• Added support for Intel PKU (Memory Protection Keys for Userspace) violations - we now show detailed info message on protection key violations (#3531)
• Added hexdump -C {py,c} flag to dump memory as Python or C code arrays (#3337)
• The patch command now supports more architectures as we use Zig for that (#3419)
• Added libc abstraction layer to make it easier to add new libc implementations (#3637)
• Added syntax highlighting for decompiled code with IDA Pro (#3367)
• Improved ropgadget integration with colors etc. (#3528)
• **The vmmap now shows more pages when working with core files (#3544)
• Improved glibc 2.42 support (#3464)
• We now warn user when they try to run Pwndbg with LD_LIBRARY_PATH/LD_PRELOAD envvars that may break it (#3287)
• We now look for XDG_CONFIG_HOME envvar for the gdbinit file (#3462)

Architectures

• Added PowerPC branch resolution and emulation (#3426)
• Added Sparc branch following - follow branches for Sparc architecture (#3657)
• We now detect more MIPS architecture variants (#3664)
• Added support to ...

Please use 2026.02.18 release

This release brings improved disassembly and architecture handling (including fixes for s390x and ARM), enhanced page marker detection, new kernel BPF (kbpf) command, and various stability fixes and cleanups.

Want to support us or buy us a coffee? Visit our Pwndbg sponsors page!

Quick install

A portable version of Pwndbg can be installed as shown below.

Portable via Linux or macOS (choose one line for either GDB or LLDB):

curl -qsL 'https://install.pwndbg.re' | sh -s -- -t pwndbg-gdb
curl -qsL 'https://install.pwndbg.re' | sh -s -- -t pwndbg-lldb

Homebrew package (macOS only):

brew install pwndbg/tap/pwndbg-gdb
brew install pwndbg/tap/pwndbg-lldb

Note: On macOS the pwndbg-gdb only allows for remote debugging of ELFs.

Nix package manager (Linux/macOS):

nix shell github:pwndbg/pwndbg

Want a package for specific distro & arch? Check out setup docs and download the specific asset below.

Want latest development version? See install from source.

What's changed

Portable & Packaging

• Fixed No package metadata was found for prompt_toolkit crash on portable releases (#3343)

General

• Fixed missing function lookup in klookup command by adding proper existence checks (#3352, fixes #3349)
• Added new kbpf command for inspecting kernel BPF internals (#3354)

• Removed unnecessary debug symbol requirement for page marker detection, improving kernel debugging experience (#3346)
• Added documentation page about packaging and distribution (#3355)

Architectures & Disassembly

• Fixed branch checkmarks incorrectly appearing on certain s390x unconditional jumps (#3347)
• Fixed bugs in ARM conditional instruction annotations (#3358, fixes #3299)
• Improved register tracking during disassembly by manually propagating register values across instructions (#2963)

Full Changelog: 2025.10.10...2025.10.20

This release brings major improvements to LLDB support (Objective-C + Mach-O support on Darwin, better vmmap, commpage command, fzf tab completion & more), improved Linux kernel debugging without .debuginfo and other enhancements (better vmmap, new commands for dmesg/modules/config/syscall/task info dumping and paging helpers), support for dumping musl's mallocng allocators data, enhancements for disassembly, TUI, more architectures support and much more!

See What’s changed and New Contributors below for highlights of user-facing features and contributions.

Big thanks to everyone who made this possible! Support the project to help us keep improving.

Quick install

A portable version of Pwndbg can be installed as shown below.

Portable via Linux or macOS (choose one line for either GDB or LLDB):

curl -qsL 'https://install.pwndbg.re' | sh -s -- -t pwndbg-gdb
curl -qsL 'https://install.pwndbg.re' | sh -s -- -t pwndbg-lldb

Homebrew package (macOS only):

brew install pwndbg/tap/pwndbg-gdb
brew install pwndbg/tap/pwndbg-lldb

Note: On macOS the pwndbg-gdb only allows for remote debugging of ELFs.

Nix package manager (Linux/macOS):

nix shell github:pwndbg/pwndbg

Want a package for specific distro & arch? Check out setup docs and download the specific asset below.

Want latest development version? See install from source.

What’s changed

⚠️ Breaking Changes

• Drop PWNDBG_PLEASE_SKIP_VENV option (#3139)
• Drop PWNDBG_DISABLE_COLORS in favor of NO_COLOR (#3239)

Kernel Debugging

• Improved vmmap output across kernel (#3020, #3086)

• Added commands for kernel debugging:
  • kdmesg (#3097)
  • ktask – task info (#3099)
  • kmod – module info (#3106)
  • ksyscall – syscall info (#3103)
  • kdmabuf – DMA buf info (#3312)
• Improved slab commands (#3135, #3204)
• Improved paging helpers and added custom address markers (#3051, #3146, #3123)

• Improved kconfig, kmod, syscall detection, kernel type recovery (#3145, #3254, #3240)

Musl allocator (mallocng) Support

• New commands:
  • ng-explain – explain slot layout (#3104)
  • ng-find – locate slot/group/meta by address (#3113)
  • ng-slots – inspect slots (#3144)
  • ng-metaarea, ng-ctx – inspect mallocng internals (#3164)
  • ng-vis – visualize mallocng heap (#3234)
  • ng-dump – dump heap state (#3256)
• Added pretty printer refactor and various fixups (#3273, #3180)

Go Support

• Fixed Go dump commands for Go 1.24+ types that rely on Go swissmaps (#3127)
• Improved Go binaries architecture support - add mips, loongarch64, and s390x, #3128)

General

• Added --detect flag for cyclic command to detect cyclic sequences in registers and memory (#3162)
• Improved function variadic arguments display (#3244)
• Added max-decimal-number that configures the max value that is displayed in decimal (bigger are displayed in hex) in the context and command outputs (#3259)
• Add theme options for branch jump markers (disasm-branch-on, disasm-branch-off) (#3242)

GDB

• Fix AT&T disassembly-flavor breaking non-x86 architectures (#3077)
• Added a workaround for GDB crash when using target extended-remote + attach (#3232)

LLDB

• Added Objective-C and Mach-O support on Darwin (#3249)
• Improved vmmap output on Darwin (taking DYLD Shared Cache into account) (#3255)

• Added commpage command to dump Apple commpage memory mapping (#3263)
• Added support for arm64e (#3126)
• Refined error/warning messages in CLI (#3070)
• Added help set (#3068)
• Improved argument parsing, launch handling, and "unknown setting" messages (#3081, #3089)
• Improved thread selection on STOP (#3066)
• Fixed entry command that missed run -s being executed (#3069)
• Added fuzzy finder tab (fzf) completion (#3075)
• Added full LLDB test driver and Debugger API tests (#3120)
• Numerous smaller enhancements and bug fixes (#3190)

Disassembly

• Added disasm-reg-alias config that if set, forces the disassembly to use register aliases (e.g. aarch64 x29 -> fp) (#3257)
• Updated to Capstone 6 alpha5 (#3274)
• Correctly disable emulation on selected instructions (#3155)
• Fixed a bug with RISC-V ret instruction resolution (#3211)

Portable Builds

• Fixed the install.sh script on PPC64 (#3060)
• Include zig in portable releases (which is needed e.g. for cyclic command) (#3279)

New Contributors

• @AC01010 made their first contribution in #3079
• @zhouzq-thu made their first contribution in #3075
• @ethauber made their first contribution in #3148
• @sh4dowkey made their first contribution in #3157
• @AalbatrossGuy made their first contribution in #3158
• @chunzhennn made their first contribution in #3177
• @armoredvortex made their first contribution in #3162
• @anshu129 made their first contribution in #3239
• @akamikado made their first contribution in #3244
• @gregbartell made their first contribution in #3242
• @jacksonkvandyke made their first contribution in #3176
• @piers-taylor-1994 made their first contribution in #3309
• @dbgbgtf1 made their first contribution in #3310

Also big thanks to @k4lizen, @mbrla0 and @magnified103 for their Python Summer of Code (PSF @ GSoC 2025) contributions!

Full Changelog: 2025.05.30...2025.10.10

This release brings an "✘" marker for branches that won't be taken, new Linux kernel debugging commands (buddydump, msr) and improvements to the slab command, new dump-register-frame command helpful when dealing with ARM Cortex-M exceptions, improved disassembly for LoongArch64, ARM, MIPS architectures as well as initial s390x architecture support. It also comes with a lot of documentation updates and performance improvements!

The ✘ marker showcase when branch will not be taken:

The portable version of Pwndbg can now be installed on Linux and macOS with a one liner:

$ curl -qsL 'https://install.pwndbg.re' | sh -s -- -t pwndbg-gdb
$ curl -qsL 'https://install.pwndbg.re' | sh -s -- -t pwndbg-lldb

Note: On macOS the pwndbg-gdb only allows for remote debugging of ELFs.

See Quick install and What’s changed below or the full changelog here.

Want to support us or buy us a coffee? Visit our Pwndbg sponsors page!

Quick install

Want to download Pwndbg portable or a package for specific distro & arch? Check out the Which version to download? section at the end!

Portable via Linux or macOS (choose one line for either GDB or LLDB):

curl -qsL 'https://install.pwndbg.re' | sh -s -- -t pwndbg-gdb
curl -qsL 'https://install.pwndbg.re' | sh -s -- -t pwndbg-lldb

Homebrew package (macOS only):

brew install pwndbg/tap/pwndbg-gdb
brew install pwndbg/tap/pwndbg-lldb

Nix package manager (Linux/macOS):

nix shell github:pwndbg/pwndbg

What’s changed

General

• Upgraded Capstone to version 6 – required for new architectures and disassembly improvements (#2766)
• Improved documentation and rewrote much of pwndbg.re
• Deprecated the pcplist command (#3015)
• Removed passthrough for shell commands due to stability and security concerns (#2919)
• The disassembly will show emulated branches that won't be taken with the ✘ marker (#3027)

New Commands

• buddydump – Inspect Linux kernel buddy allocator state
• msr – Read/write model-specific registers when in ring0 (during kernel debugging)
• dump-register-frame – Dump saved register frame (useful for exception/interrupt debugging)

Kernel Debugging

• Added full support for buddy allocator inspection on x86-64 Linux kernels (#2980)
• Improved slab command output and handling (#2988)
• Added msr command to inspect Model-Specific Registers (#2836)
• Exposed additional x64 registers for QEMU-system kernel debugging (#2932)

Architectures

s390x

• Initial support for the IBM s390x architecture (#2873)

LoongArch64

• Capstone disassembler support for LoongArch64 (#2885)
• Added heap (TLS) support for LoongArch64 (#2888)

Disassembly (ARM, MIPS, General)

• Fixed ARM IT blocks in disassembly (#2922)
• Improved behavior of MIPS disassembly after branches (#2921)
• Fixed decoding of unknown syscall ABIs and MIPS disassembly edge cases (#2898)
• Added Cortex-M exception return address resolution and context handling (#2807)
• Optimized disassembly performance for several architectures (#2979)

IDA Integration

• Added support for stack variable lookup via $ida("var_name") (#2926)

Portable Build Fixes

• Made libiconv static for better portability (#2911)
• Fixed .gdbinit handling in portable builds (#2947)

Which version to download?

Don't know which version to download? Here are two helpful tables: the first one, with portable packages and the second one with packages for each Linux distro.

All of those builds include and use the same version of all Pwndbg dependencies (GDB 16.2, LLDB 20.1, Python 3.12.9, latest Pwndbg, Capstone 6.0.0a4, Unicorn Engine 2.1.3, Pwntools 4.14.0, OneGadget etc.).

For install instructions see our README. Pwndbg can also be installed with Nix package manager as detailed here.

| Linux distros | Pwndbg GDB - x86_64 ...

This is a hotfix release for the 2025.04.13 recent release. Since we made a breaking change of renaming commands with _ to -, we added the previous command name aliases which inform about it (#2891, #2878).

We also bumped the LLDB version to 20 (#2880). This is also the last release with Capstone v5.

In short this and previous (2025.04.13) release adds displaying of breakpoints in disasm view (shown as "b+" by default), new command (libcinfo), improved LLDB support (CTRL+C cancellation and programmatic controls of debugger) as well as better docs and commands & UI fixes and improvements. We now also publish portable builds for:

• GDB and LLDB *_loongarch64-portable.tar.xz build for LoongArch64 Linux
• Native GDB build for Apple Silicon (remote ELF debugging only)

Below, we list a more detailed changelog from 2025.04.13. For installation, see the "Which version to download?" section.

Also, want to support us? See our Pwndbg sponsors page!

Full Changelog for this release: 2025.04.13...2025.04.18

What's changed (in 2025.04.13)

Breaking Changes

• Pwndbg now consistently uses dashes (-) in command names instead of underscores (_), e.g., heap-config instead of heap_config (#2857)
• The telescope-skip-repeating-val-minimum config parameter has been renamed to telescope-skip-repeating-val-min (#2856)

General

• The context disasm panel now marks/highlights breakpoints set by the user (#2828)
• Updated the GDB from 15.2 to 16.2 in the portable release (#2765)
• Added native Apple Silicon GDB build on macOS (remote ELF debugging only) (#2770)
• New libcinfo command that displays the glibc version used by the program and link to its sources (#2842)
• The tls command now dumps thread-local storage using a structured tcbhead_t view and has a -a flag to show full output (#2847)
• The hexdump command:
  • Now checks for invalid addresses before dumping (#2833)
  • Is now configured with a max memory read limit of 10MB (changed with hexdump-limit-mb) to prevent GDB from getting out-of-memory (#2803)
• UI improvements: fixed section alignment (#2764), reduced shaking (#2758), fixed wrong coloring in TUI (#2782)
• Fixed vfile API handling in QEMU 9.1+ - fixing qemu-user vmmap (#2810)
• Documentation and development setup improvements (#2846, #2844, #2853, #2851, #2777, #2823)

GDB

• Improved attachp command by:
  • Setting its target to a process with a name same as currently loaded binary by default (#2819)
  • Adding an --exact flag for precise process matching (#2821)
• Fixed setting of glibc version for heap inspection commands (set glibc 2.31) (#2871)
• Fixed bp alias (for WinDbg users) (#2798)
• Fixed memory reading issues across page boundaries and during remote debugging (#2795, #2840)
• Fixed broken remote debugging behavior for context-related commands (#2732)
• Added test for mixed-case handling in hex2ptr_common (#2778)

LLDB

• Fixed cancellation of operations with Ctrl+C (#2805)
• Added programmatic controls of the debugger - useful for tests, maybe for users as API (#2785)
• Fixed process lifecycle handling when using remote connections (#2763)
• Special handling for version command in LLDB (#2804)
• Compatibility fixes for LLDB on Windows platforms (#2855)

...and many other improvements to internal structure, CI workflows, cleanup, installation scripts, and more!

A full changelog since previous release (2025.02.19): can be seen here:
👉 2025.02.19...2025.04.13

Which version to download?

Don't know which version to download? Here are two helpful tables: the first one, with portable packages and the second one with packages for each Linux distro.

All of those builds include and use the same version of all Pwndbg dependencies (GDB 16.2, LLDB 20.1, Python 3.12.9, latest Pwndbg, Capstone 5.0.5, Unicorn Engine 2.1.3, Pwntools 4.14.0, OneGadget etc.).

For install instructions see our README. Pwndbg can also be installed with Nix package manager as detailed here.

This release introduces breakpoints display in disasm view (shown as "b+" by default), new command (libcinfo), improved LLDB support (CTRL+C cancellation and programmatic controls of debugger) as well as better docs and commands & UI fixes and improvements.

This is also the first release that ships a portable build for:

• GDB and LLDB *_loongarch64-portable.tar.xz build for LoongArch64 Linux
• Native GDB build for Apple Silicon (remote ELF debugging only)

Want to support us or buy us a coffee? See our Pwndbg sponsors page!

Read below for a more detailed summary of changes. See also Which version to download? below.

What's changed

Breaking Changes

• Pwndbg now consistently uses dashes (-) in command names instead of underscores (_), e.g., heap-config instead of heap_config (#2857)
• The telescope-skip-repeating-val-minimum config parameter has been renamed to telescope-skip-repeating-val-min (#2856)

General

• The context disasm panel now marks/highlights breakpoints set by the user (#2828)
• Updated the GDB from 15.2 to 16.2 in the portable release (#2765)
• Added native Apple Silicon GDB build on macOS (remote ELF debugging only) (#2770)
• New libcinfo command that displays the glibc version used by the program and link to its sources (#2842)
• The tls command now dumps thread-local storage using a structured tcbhead_t view and has a -a flag to show full output (#2847)
• The hexdump command:
  • Now checks for invalid addresses before dumping (#2833)
  • Is now configured with a max memory read limit of 10MB (changed with hexdump-limit-mb) to prevent GDB from getting out-of-memory (#2803)
• UI improvements: fixed section alignment (#2764), reduced shaking (#2758), fixed wrong coloring in TUI (#2782)
• Fixed vfile API handling in QEMU 9.1+ - fixing qemu-user vmmap (#2810)
• Documentation and development setup improvements (#2846, #2844, #2853, #2851, #2777, #2823)

GDB

• Improved attachp command by:
  • Setting its target to a process with a name same as currently loaded binary by default (#2819)
  • Adding an --exact flag for precise process matching (#2821)
• Fixed setting of glibc version for heap inspection commands (set glibc 2.31) (#2871)
• Fixed bp alias (for WinDbg users) (#2798)
• Fixed memory reading issues across page boundaries and during remote debugging (#2795, #2840)
• Fixed broken remote debugging behavior for context-related commands (#2732)
• Added test for mixed-case handling in hex2ptr_common (#2778)

LLDB

• Fixed cancellation of operations with Ctrl+C (#2805)
• Added programmatic controls of the debugger - useful for tests, maybe for users as API (#2785)
• Fixed process lifecycle handling when using remote connections (#2763)
• Special handling for version command in LLDB (#2804)
• Compatibility fixes for LLDB on Windows platforms (#2855)

...and many other improvements to internal structure, CI workflows, cleanup, installation scripts, and more!

A full changelog since previous release (2025.02.19): can be seen here:
👉 2025.02.19...2025.04.13

Community Contributions

Big thanks to our new contributors:

• @saturnines (#2778)
• @may3rr (#2773)
• @Gaurav23V (#2803)
• @tesuji (#2822)
• @dkvhr (#2833)
• @RocketMaDev (#2850)
• @codexlynx (#2861)
• @yadunand-kamath (#2823)

You’re all awesome – welcome to the Pwndbg community! 🎉

Which version to download?

Don't know which version to download? Here are two helpful tables: the first one, with portable packages and the second one with packages for each Linux distro.

All of those builds include and use the same version of all Pwndbg dependencies (GDB 16.2, LLDB 19.1, Python 3.12.9, latest Pwndbg, Capstone 5.0.5, Unicorn Engine 2.1.3, Pwntools 4.14.0, OneGadget etc.).

For install instructions see our README. Pwndbg can also be installed with Nix package manager as detailed here.

This release features commands for dumping Linux kernel nftables internals, initial support for LoongArch64 architecture, fix for GDB 16+, improved LLDB support, few commands improvements as well as lots of fixes!

See What's changed and Community Contributions for a summary of user-facing changes from this release and a list of other relevant contributions from the Pwndbg team and contributors.

Want to support us or buy us a coffee? See our Pwndbg sponsors page!

What's changed

General

• Added commands for dumping Linux kernel nftables internals: knft_dump, knft_list_tables, knft_list_chains, knft_list_rules, knft_list_exprs, knft_list_sets, knft_list_objects and knft_list_flowtables (#2679)
• Added initial support for LoongArch64 architecture
  • Native GDB/LLDB disassemblers are used to display the code in "disasm" context section (#2693)
  • Capstone disassembly, Unicorn Engine emulation or Pwnlib related features are not there yere (we wait for upstream libraries releases support this arch which should happen in Capstone 6 and Unicorn 2.20)
• The cymbol command can now load symbols from header files with the -f header-filepath.h flag (#2661)
• The dumpargs command can now display formatted bit flags - currently only for mmap flags (#2740)
• The IDA/Binary Ninja integration server can now be configured via PWNDBG_{BINJA,IDA}_SERVER_HOST and PWNDBG_{BINJA,IDA}_SERVER_PORT environment variables (#2746)
• Speed up installation by moving to uv package manager - useful for CI builds (#2726)
• Updated Unicorn Engine to 2.1.2 (#2731)
• Argparse parsing errors are now displayed more user-friendly (#2711)
• Fixed aglib's reg_write API when writing to PC register (#2539)
• Fixed procinfo and xinfo commands when remote debugging (#2732)
• Fixed the onegadget command printing redundant memory access errors (#2682)
• Fixed the mp, arena and tcache ptmalloc2 glibc heap inspection commands (#2724, #2729)
• Fixed IPython autocompletion in ipi command on portable installation (#2739)
• Fixed PowerPC rs6000 architecture (#2741)

GDB

• Added support for GDB 16+ (#2686)
• Added a workaround for GDB TUI ANSI escape sequence translation bug (#2721)
• Fixed pwndbg.aglib.file.get_file corrupting downloaded files due to incorrect gdbstub data decoding (#2730)
• Fixed setting/syncing of parameters set via set <param> <value> (#2749)
• Fixed gdb.Value format failure in when context sections displayed the last_signal section (#2753)

LLDB

• Added fallback/support for architectures supported by LLDB but not supported by Capstone disassembly engine like LoongArch64 (#2693)
• Fixed process handling when attaching to process and added support for attach <pid|name> (#2685, #2705)
• Fixed behavior on detach (#2709)
• Ported version and bugreport commands (#2708)

...and many many others (updates to docs, developer docs, installation, CI workflows, refactorings etc)

Also thanks to new contributors: @podd0 (#2715), @0xRavenspar (#2661) and @LorenVS (#2740)!

Full Changelog since previous release (2025.01.20) can be found at: 2025.01.20...2025.02.19

Community Contributions

Our team and Pwndbg contributors are actively contributing to the broader open-source ecosystem. Here are some of their contributions:

• We reported two QEMU bugs with its gdbstub and fixed the one impacting us by @disconnect3d.
• @disconnect3d sent a patch to GDB to fix an info proc mapping bug reported a year ago.
• @disconnect3d fixed a PPC target compilation error in Unicorn Engine.
• @k4lizen optimized the glibc heap which got released in glibc 2.41.
• @k4lizen reported a few bugs in GDB recently: incorrect GOT entries, an assertion failure and an UAF when deleting breakpoints.
• @patryk4815 fixed a bug in esp32-openocd downstream fork concerning incorrect sending of RISC-V registers in its gdbstub.
• @patryk4815 debugged programs on rp2350 with OpenOCD and found several bugs related to gdb server protocol packets, reported her here.
• @patryk4815 reported two issues in LLDB: missing aliases for registers in RISC-V and LoongArch architectures; and also missing files in Capstone PyPi packages.
• @OBarronCS sent a fix for MIPS64 architecture to Unicorn Engine.
• @OBarronCS sent a feature request to Pwntools so that its asm function would allow specifying extensions of a target architecture (e.g. "Zbs" extension of RISC-V)

Which version to download?

Don't know which version to download? Here are two helpful tables: the first one, with portable packages and the second one with packages for each Linux distro.

All of those builds include and use the same version of all Pwndbg dependencies (GDB 15.2, Python 3.12.8, latest Pwndbg, Capstone 5.0.5, Unicorn Engine 2.1.2, Pwntools 4.14.0, OneGadget etc.).

For install instructions see our README. Pwndbg can also be installed with Nix package manager as detailed here.

This release features LLDB support, improved performance, bug fixes and enhanced embedded systems experience. Pwndbg can now run on macOS (both Intel & Apple Silicon) and allows for debugging Mach-O binaries.

Thanks to everyone who made it happen, especially (for most commits) to @patryk4815, @mbrla0, @peace-maker, and @fidgetingbits!

Want to support us or buy us a coffee? See our Pwndbg sponsors page!

Also, want to split Pwndbg context displays with tmux? See jcfg's blog post!

Major changes

• New features
  • Added LLDB support. Most of Pwndbg functionality was ported to a debugger-agnostic library (aglib) that supports both GDB and LLDB. See also "When to use GDB or LLDB" and GDB vs LLDB commands.
  • Added macOS and Mach-O support via LLDB (Intel & Apple Silicon)
    • pwndbg-gdb also works on macOS, but only for remote debugging (e.g., target remote 0:1337)
  • Added support for text user interface (TUI) in GDB (set with tui layout pwndbg or tui layout pwndbg_code)
  • Added context history. The displayed contexts are saved in history and can be re-seen with contextprev and contextnext commands
• New commands added:
  • gdt <addr> - dumps Global Descriptor Table entries from a given address
  • strings - search memory for readable strings, like with the strings CLI utility
  • jemalloc_heap, jemalloc_extent_info, jemalloc_find_extent - inspect jemalloc heap allocator structures
  • hijack-fd <fd> <newfile> - modify the process file descriptor
  • kallsyms and klookup - added Linux kernel debugging helpers for looking up symbol tables
  • profiler {start,stop} - added a profiler command to benchmark Pwndbg performance/bottlenecks
• Improvements
  • Improved the experience with embedded systems debugging (better vmmap detection; improved vmmap_add and vmmap_load commands)
  • The ropgadget command now dumps memory and finds gadgets in all executable regions
  • context <section[s]> now has --on|--off toggle to temporarily disable sub-sections
  • plist now supports --offset and --count to limit the linked list elements to be printed
  • Added vmmap -C <N> <filter> command to display N pages before/after the filtered one
  • Speed up syntax highlighting via pygments and Pwndbg startup time
• Others
  • Dropped Python 3.8 / Ubuntu 20.04 / Debian 11 support
  • Lots and lots of bug fixes

Full changelog

The full changelog can be found here: 2024.08.29...2025.01.20

New Contributors

• @itaysnir made their first contribution in #2408
• @AadishJ made their first contribution in #2433
• @gfelber made their first contribution in #2431
• @MY7H404 made their first contribution in #2460
• @Polaris-Snowfall made their first contribution in #2466
• @jkub6 made their first contribution in #2482
• @giuseppelettieri made their first contribution in #2484
• @AndersFelde made their first contribution in #2478
• @kapiw04 made their first contribution in #2505
• @koalajoe23 made their first contribution in #2599
• @ksen-lin made their first contribution in #2595
• @JasonnnW3000 made their first contribution in #2660
• @beatweichsler made their first contribution in #2668
• @richyliu made their first contribution in #2670

2024.08.29 Release

Since last release we got a lot of new features and improvements done in Pwndbg.

Among others, we now show register/memory values in disasm view for different architectures, added Binary Ninja integration, added commands helping with Go debugging, added glibc heap
UAF tracking and refactored lots of Pwndbg code for future LLDB port.

Some of this work was paid thanks to the Python Summer of Code program (@OBarronCS, @mbrla0 and @jetchirag's projects) and thanks to Trail of Bits' internships (@Aplet123 and @mbrla0 projects). Here are hightlights from their work:

• @OBarronCS extended the disasm context panel to display the values of registers and memory, fetched statically or through emulation. Read about this work on his personal blog.
• @Aplet123 developed a script to synchronize Binary Ninja view and symbols with Pwndbg as well as added new commands for dumping Go types. He detailed those features on a Trail of Bits blog post.
• @mbrla0 developed glibc heap tracking and UAF detection
• @mbrla0 works on making Pwndbg debugger-agnostic and porting it to LLDB. Read his gist about this work.

Major changes

• The prompt is now colored green if process is alive and red if it is dead (#2326)
• The disassembly context view now resolves and displays register and memory values on the right. Some values are resolved statically (such as xor eax, eax) and some through emulation (requires set emulation on).
  • It also displays future syscalls for syscall instructions
  • We now also honor MIPS delay slots

• We now underline WX memory instead of (previous) RWX

• The disasm banner now displays ARM mode (ARM vs Thumb) (#2281)

• Added go-dump <type> <address> command to dump Go types. Note that the any type below works only for addresses of Go interface objects. (read more in blog post)

• Added go-type <address> command to dump Go type infromation (read more in blog post):

• Added option to search to look for assembly instructions (search --asm <code>) and to set breakpoints on found instructions (search --asmbp <code>)
• Added vmmap --gaps which displays mapped memory with gaps instead of the normal vmmap display:

• Added commands to display Android Binder driver info (experimental; #1488), and a pcp command to print Linux kernel per-cpu page cache (#1487)

Full changelog

The full changelog can be found here: 2024.02.14...2024.08.29

New Contributors

• @rajpratik71 made their first contribution in #2068
• @knowanegg made their first contribution in #2072
• @Tcc100 made their first contribution in #2069
• @diivi made their first contribution in #2076
• @urosh1g made their first contribution in #2083
• @RoboSchmied made their first contribution in #2088
• @jetchirag made their first contribution in #2092
• @TheLazron made their first contribution in #2103
• @chrf01 made their first contribution in #2097
• @Ordoviz made their first contribution in #2141
• @MatejKafka made their first contribution in #2147
• @B1N4RY-P4R45173 made their first contribution in #2198
• @k4lizen made their first contribution in #2226
• @raffifu made their first contribution in #2228
• @Aplet123 made their first contribution in #2252
• @cfreal made their first contribution in #2321
• @Costinteo made their first contribution in #2326
• @wwwXOX made their first contribution in #2331
• @0xhebi made their first contribution in #2360
• @dguerri made their first contribution in #2395

Also thanks to @patryk4815 for all the help with packaging and releases.