Wait for the next event
This function (optionally) resumes the process
execution and wait for a debugger event until timeout
wfne - combination of WFNE_... constants
timeout - number of seconds to wait, -1-infinity
returns: debugger event codes, see below
long wait_for_next_event(long wfne, long timeout);
// convenience function
#define resume_process() wait_for_next_event(WFNE_CONT|WFNE_NOWAIT, 0)
// wfne flag is combination of the following:
#define WFNE_ANY 0x0001 // return the first event (even if it doesn't suspend the process)
// if the process is still running, the database
// does not reflect the memory state. you might want
// to call refresh_debugger_memory() in this case
#define WFNE_SUSP 0x0002 // wait until the process gets suspended
#define WFNE_SILENT 0x0004 // 1: be slient, 0:display modal boxes if necessary
#define WFNE_CONT 0x0008 // continue from the suspended state
#define WFNE_NOWAIT 0x0010 // do not wait for any event, immediately return DEC_TIMEOUT
// (to be used with WFNE_CONT)
#define WFNE_USEC 0x0020 // timeout is specified in microseconds
// (minimum non-zero timeout is 40000us)
// debugger event codes
#define NOTASK -2 // process does not exist
#define DBG_ERROR -1 // error (e.g. network problems)
#define DBG_TIMEOUT 0 // timeout
#define PROCESS_STARTED 0x00000001 // New process started
#define PROCESS_EXITED 0x00000002 // Process stopped
#define THREAD_STARTED 0x00000004 // New thread started
#define THREAD_EXITED 0x00000008 // Thread stopped
#define BREAKPOINT 0x00000010 // Breakpoint reached
#define STEP 0x00000020 // One instruction executed
#define EXCEPTION 0x00000040 // Exception
#define LIB_LOADED 0x00000080 // New library loaded
#define LIB_UNLOADED 0x00000100 // Library unloaded
#define INFORMATION 0x00000200 // User-defined information
#define PROCESS_ATTACHED 0x00000400 // Attached to running process
#define PROCESS_DETACHED 0x00000800 // Detached from process
#define PROCESS_SUSPENDED 0x00001000 // Process has been suspended
// refresh_idaview_anyway debugger memory
// Upon this call IDA will forget all cached information
// about the debugged process. This includes the segmentation
// information and memory contents (register cache is managed
// automatically). Also, this function refreshes exported name
// from loaded DLLs.
// You must call this function before using the segmentation
// information, memory contents, or names of a non-suspended process.
// This is an expensive call.
void refresh_debugger_memory();
// Get debugged process state
// returns: one of the DSTATE_... constants (see below)
long get_process_state();
#define DSTATE_SUSP -1 // process is suspended
#define DSTATE_NOTASK 0 // no process is currently debugged
#define DSTATE_RUN 1 // process is running
// ***********************************************
// Get various information about the current debug event
// These function are valid only when the current event exists
// (the process is in the suspended state)
// For all events:
long get_event_id();
long get_event_pid();
long get_event_tid();
long get_event_ea();
long is_event_handled();
// For PROCESS_STARTED, PROCESS_ATTACHED, LIB_LOADED events:
string get_event_module_name();
long get_event_module_base();
long get_event_module_size();
// For PROCESS_EXITED, THREAD_EXITED events
long get_event_exit_code();
// For THREAD_STARTED (thread name)
// For LIB_UNLOADED (unloaded library name)
// For INFORMATION (message to display)
string get_event_info();
// For BREAKPOINT event
long get_event_bpt_hea();
// For EXCEPTION event
long get_event_exc_code();
long get_event_exc_ea();
long can_exc_continue();
string get_event_exc_info();