zhkl0228/unidbg

tools

• assemble

  Assemble instruction text to machine code

• call_function

  Call native function by address with typed arguments (hex, string, bytes, null). Returns value with symbol resolution and memory preview

• call_symbol

  Call exported function by module + symbol name, e.g. libc.so + malloc

• check_connection

  Emulator status: Family, architecture, backend capabilities, isRunning, loaded modules

• continue_execution

  Resume execution. Use poll_events to wait for breakpoint_hit or execution_completed

• disassemble

  Disassemble instructions at address (branch targets auto-annotated with symbol names)

• dump_gpb_protobuf

  Dump GPB protobuf message schema as .proto format (64-bit only)

• dump_objc_class

  Dump ObjC class definition (properties, methods, protocols, ivars)

• find_symbol

  Find symbol by name or find nearest symbol at address

• get_callstack

  Get current call stack (backtrace)

• get_objc_class_name

  Get ObjC class name of an object at a given address (pure memory parsing, no state change)

• get_threads

  List all threads/tasks in the emulator

• inspect_objc_msg

  Inspect objc_msgSend call: show receiver class name and selector, e.g. -[NSString length]

• list_exports

  List exported/dynamic symbols of a module with optional filter and C++ demangling

• list_memory_map

  List all memory mappings with permissions

• next_block

  Break at next basic block (Unicorn only)

• patch

  Write assembled instructions to memory

• poll_events

  Poll for breakpoint_hit, execution_completed, trace events

• read_pointer

  Read pointer chain with symbol resolution

• read_typed

  Read memory as typed values (int8–int64, float, double, pointer)

• search_memory

  Search memory for byte patterns with scope/permission filters

• step_until_mnemonic

  Break at next instruction matching mnemonic, e.g. bl, ret (Unicorn only)

• trace_code

  Trace instructions with register read/write values (regs_read, prev_write)