Windows CE ARM debugger

The Windows CE ARM debugger has the following particularities and limitations:

- There is no need to start the debugger server manually. IDA will use the existing ActiveSync connnection to communicate with the device, and download the debugger server to it.

- Since there is no support for "single step" on generic ARM, it is emulated in the software. IDA uses software breakpoints to emulate single step. While it works in most cases, the drawback is that it is not possible to single step into system areas and coredll.dll

- A breakpoint in coredll.dll or in the system area freezes the device, so that only a hard reset will help. It happens because the breakpoint is visible by all processes and there is nobody to handle it except in the context of the debugger process. To avoid such problems, the debugger server does not allow any writes into coredll.dll or any address >= 0x80000000.

- Since it is impossible to put a breakpoint in the forbidden areas (see the previous point) the chances of breaking into (pausing) a running application when it is in the kernel or in coredll.dll are slim. Currently, IDA checks if the PC of the process is in the allowed range, and creates a breakpoint to pause the process only in this case. Otherwise, the pause process command fails.

- Hardware data breakpoints on Intel xScale are supported (max 2). It is possible to set such a breakpoint even on the addresses shared between several applications. IDA uses a kernel debugger stub to achieve this. The task of the stub is to ignore exceptions generated by the hardware breakpoints in the applications other than the debugged application. NOTE: starting with IDA v5.4 one should manually activate hardware breakpoints if they are needed. For that, please edit the cfg\dbg_wince.cfg and change the key "HWBPTS_ENABLED" value to "YES".

- Only read and read/write hardware breakpoints are available.

- The debugger uses the kernel memory tables to find out the memory layout. It supposes that the kernel memory layout (addresses greater than 0x80000000) never change, so this information is gathered only once at the beginning of the debugging session.

- On Windows CE, the running process is mapped to two different areas: to the process slot and slot #0. IDA uses slot#0 as the main image of the process and does not know about this memory mapping.

- The THUMB mode is not supported

- The WinCE debugger is supported only in the 32-bit Windows version of IDA since the ActiveSync API is available only on this platform

- WinCE v5.0: If the debugger complains 'Access denied', modifying the registry on the PocketPC device could help. To change the security policy, set the key '00001001' to dword:1 in HKLM\Security\Policies\Policies.

- Toolhelp.dll is required for the WinCE debugger module, but it is not available on all Windows CE devices, thus if it was absent then please copy it from C:\Program Files\CE Remote Tools\5.01\target\wce500\armv4\toolhelp.dll

- WinCE v6.0 or higher is not supported

 See also Start process
          Debugger submenu
          How to launch remote debugging
Index | Previous topic | Next topic