Module ida_dbg
[frames] | no frames]

Module ida_dbg

IDA Plugin SDK API wrapper: dbg

Classes
  bpt_vec_t
Proxy of C++ qvector<(bpt_t)> class
  tev_reg_values_t
Proxy of C++ qvector<(tev_reg_value_t)> class
  tevinforeg_vec_t
Proxy of C++ qvector<(tev_info_reg_t)> class
  memreg_infos_t
Proxy of C++ qvector<(memreg_info_t)> class
  bpt_location_t
Proxy of C++ bpt_location_t class
  bpt_t
Proxy of C++ bpt_t class
  tev_info_t
Proxy of C++ tev_info_t class
  memreg_info_t
Proxy of C++ memreg_info_t class
  tev_reg_value_t
Proxy of C++ tev_reg_value_t class
  tev_info_reg_t
Proxy of C++ tev_info_reg_t class
  eval_ctx_t
Proxy of C++ eval_ctx_t class
  DBG_Hooks
Proxy of C++ DBG_Hooks class
Functions
bool
run_to(ea, pid=pid_t(-1), tid=0)
Execute the process until the given address is reached.
bool
request_run_to(ea, pid=pid_t(-1), tid=0)
Post a 'run_to()' request.
 
set_debugger_event_cond(nonnul_cond)
bool
diff_trace_file(nonnul_filename)
Show difference between the current trace and the one from 'filename'.
bool
run_requests()
Execute requests until all requests are processed or an asynchronous function is called.
ui_notification_t
get_running_request()
Get the current running request.
bool
is_request_running()
Is a request currently running?
dbg_notification_t
get_running_notification()
Get the notification associated (if any) with the current running request.
 
clear_requests_queue()
Clear the queue of waiting requests.
int
get_process_state()
Return the state of the currently debugged process.
int
set_process_state(newstate, p_thid, dbginv)
Set new state for the debugged process.
int
invalidate_dbg_state(dbginv)
Invalidate cached debugger information.
int
start_process(path=None, args=None, sdir=None)
Start a process in the debugger.
int
request_start_process(path=None, args=None, sdir=None)
Post a 'start_process()' request.
bool
suspend_process()
Suspend the process in the debugger.
bool
request_suspend_process()
Post a 'suspend_process()' request.
bool
continue_process()
Continue the execution of the process in the debugger.
bool
request_continue_process()
Post a 'continue_process()' request.This requires an explicit call to 'run_requests()'
bool
exit_process()
Terminate the debugging of the current process.
bool
request_exit_process()
Post an 'exit_process()' request.
ssize_t
get_processes(proclist)
Take a snapshot of running processes and return their description.
int
attach_process(pid=pid_t(-1), event_id=-1)
Attach the debugger to a running process.
int
request_attach_process(pid, event_id)
Post an 'attach_process()' request.
bool
detach_process()
Detach the debugger from the debugged process.
bool
request_detach_process()
Post a 'detach_process()' request.
bool
is_debugger_busy()
Is the debugger busy?.
int
get_thread_qty()
Get number of threads.
thid_t
getn_thread(n)
Get the ID of a thread.
thid_t
get_current_thread()
Get current thread ID.
char const *
getn_thread_name(n)
Get the NAME of a thread \sq{Type, Synchronous function, Notification, none (synchronous function)}
bool
select_thread(tid)
Select the given thread as the current debugged thread.
bool
request_select_thread(tid)
Post a 'select_thread()' request.
int
suspend_thread(tid)
Suspend thread.
int
request_suspend_thread(tid)
Post a 'suspend_thread()' request.
int
resume_thread(tid)
Resume thread.
int
request_resume_thread(tid)
Post a 'resume_thread()' request.
bool
get_first_module(modinfo)
bool
get_next_module(modinfo)
bool
step_into()
Execute one instruction in the current thread.
bool
request_step_into()
Post a 'step_into()' request.
bool
step_over()
Execute one instruction in the current thread, but without entering into functions.
bool
request_step_over()
Post a 'step_over()' request.
bool
step_until_ret()
Execute instructions in the current thread until a function return instruction is executed (aka "step out").
bool
request_step_until_ret()
Post a 'step_until_ret()' request.
bool
set_resume_mode(tid, mode)
How to resume the application.
bool
request_set_resume_mode(tid, mode)
Post a 'set_resume_mode()' request.
bool
get_dbg_reg_info(regname, ri)
Get register information \sq{Type, Synchronous function, Notification, none (synchronous function)}
bool
get_sp_val()
Get value of the SP register for the current thread.
bool
get_ip_val()
Get value of the IP (program counter) register for the current thread.
bool
is_reg_integer(regname)
Does a register contain an integer value? \sq{Type, Synchronous function, Notification, none (synchronous function)}
bool
is_reg_float(regname)
Does a register contain a floating point value? \sq{Type, Synchronous function, Notification, none (synchronous function)}
bool
is_reg_custom(regname)
Does a register contain a value of a custom data type? \sq{Type, Synchronous function, Notification, none (synchronous function)}
int
set_bptloc_string(s)
Helper function for 'bpt_location_t' .
char const *
get_bptloc_string(i)
Helper function for 'bpt_location_t' .
int
get_bpt_qty()
Get number of breakpoints.
bool
getn_bpt(n, bpt)
Get the characteristics of a breakpoint.
bool
get_bpt(ea, bpt)
Get the characteristics of a breakpoint.
bool
exist_bpt(ea)
Does a breakpoint exist at the given location?
bool
add_bpt(ea, size=0, type=BPT_DEFAULT)
add_bpt(bpt) -> bool
bool
request_add_bpt(ea, size=0, type=BPT_DEFAULT)
request_add_bpt(bpt) -> bool
bool
del_bpt(ea)
del_bpt(bptloc) -> bool
bool
request_del_bpt(ea)
request_del_bpt(bptloc) -> bool
bool
update_bpt(bpt)
Update modifiable characteristics of an existing breakpoint.
bool
find_bpt(bptloc, bpt)
Find a breakpoint by location.
bool
enable_bpt(ea, enable=True)
enable_bpt(bptloc, enable=True) -> bool
bool
disable_bpt(ea)
disable_bpt(bptloc) -> bool
bool
request_enable_bpt(ea, enable=True)
request_enable_bpt(bptloc, enable=True) -> bool
bool
request_disable_bpt(ea)
request_disable_bpt(bptloc) -> bool
int
check_bpt(ea)
Check the breakpoint at the specified address.
bool
set_trace_size(size)
Specify the new size of the circular buffer.
 
clear_trace()
Clear all events in the trace buffer.
 
request_clear_trace()
Post a 'clear_trace()' request.
bool
is_step_trace_enabled()
Get current state of step tracing.
bool
enable_step_trace(enable=True)
bool
disable_step_trace()
bool
request_enable_step_trace(enable=True)
bool
request_disable_step_trace()
int
get_step_trace_options()
Get current step tracing options.
 
set_step_trace_options(options)
Modify step tracing options.
 
request_set_step_trace_options(options)
Post a 'set_step_trace_options()' request.
bool
is_insn_trace_enabled()
Get current state of instructions tracing.
bool
enable_insn_trace(enable=True)
bool
disable_insn_trace()
bool
request_enable_insn_trace(enable=True)
bool
request_disable_insn_trace()
int
get_insn_trace_options()
Get current instruction tracing options.
 
set_insn_trace_options(options)
Modify instruction tracing options.
 
request_set_insn_trace_options(options)
Post a 'set_insn_trace_options()' request.
bool
is_func_trace_enabled()
Get current state of functions tracing.
bool
enable_func_trace(enable=True)
bool
disable_func_trace()
bool
request_enable_func_trace(enable=True)
bool
request_disable_func_trace()
int
get_func_trace_options()
Get current function tracing options.
 
set_func_trace_options(options)
Modify function tracing options.
 
request_set_func_trace_options(options)
Post a 'set_func_trace_options()' request.
bool
enable_bblk_trace(enable=True)
bool
disable_bblk_trace()
bool
request_enable_bblk_trace(enable=True)
bool
request_disable_bblk_trace()
bool
is_bblk_trace_enabled()
int
get_bblk_trace_options()
Get current basic block tracing options.
 
set_bblk_trace_options(options)
Modify basic block tracing options (see 'BT_LOG_INSTS' )
 
request_set_bblk_trace_options(options)
Post a 'set_bblk_trace_options()' request.
int
get_tev_qty()
Get number of trace events available in trace buffer.
bool
get_tev_info(n, tev_info)
Get main information about a trace event.
bool
get_insn_tev_reg_val(n, regname, regval)
Read a register value from an instruction trace event.
bool
get_insn_tev_reg_mem(n, memmap)
Read the memory pointed by register values from an instruction trace event.
bool
get_insn_tev_reg_result(n, regname, regval)
Read the resulting register value from an instruction trace event.
ea_t
get_call_tev_callee(n)
Get the called function from a function call trace event.
ea_t
get_ret_tev_return(n)
Get the return address from a function return trace event.
ea_t
get_bpt_tev_ea(n)
Get the address associated to a read, read/write or execution trace event.
bool
get_tev_memory_info(n, mi)
Get the memory layout, if any, for the specified tev object.
bool
get_tev_event(n, d)
Get the corresponding debug event, if any, for the specified tev object.
ea_t
get_trace_base_address()
Get the base address of the current trace.
 
set_trace_base_address(ea)
Set the base address of the current trace.
 
dbg_add_thread(tid)
Add a thread to the current trace.
 
dbg_del_thread(tid)
Delete a thread from the current trace.
 
dbg_add_tev(type, tid, address)
Add a new trace element to the current trace.
bool
dbg_add_many_tevs(new_tevs)
Add many new trace elements to the current trace.
bool
dbg_add_insn_tev(tid, ea, save=SAVE_DIFF)
Add a new instruction trace element to the current trace.
bool
dbg_add_bpt_tev(tid, ea, bp)
Add a new breakpoint trace element to the current trace.
 
dbg_add_call_tev(tid, caller, callee)
Add a new call trace element to the current trace.
 
dbg_add_ret_tev(tid, ret_insn, return_to)
Add a new return trace element to the current trace.
 
dbg_add_debug_event(event)
Add a new debug event to the current trace.
bool
load_trace_file(filename)
Load a recorded trace file in the trace window.
bool
save_trace_file(filename, description)
Save the current trace in the specified file.
bool
is_valid_trace_file(filename)
Is the specified file a valid trace file for the current database?
bool
set_trace_file_desc(filename, description)
Change the description of the specified trace file.
bool
get_trace_file_desc(filename)
Get the file header of the specified trace file.
bool
choose_trace_file()
Show the choose trace dialog.
bool
graph_trace()
Show the trace callgraph.
 
set_highlight_trace_options(hilight, color, diff)
Set highlight trace parameters.
 
set_trace_platform(platform)
Set platform name of current trace.
char const *
get_trace_platform()
Get platform name of current trace.
dbg_event_code_t
wait_for_next_event(wfne, timeout)
Wait for the next event.This function (optionally) resumes the process execution, and waits for a debugger event until a possible timeout occurs.
debug_event_t
get_debug_event()
Get the current debugger event.
uint
set_debugger_options(options)
Set debugger options.
 
set_remote_debugger(host, _pass, port=-1)
Set remote debugging options.
 
get_process_options(path, args, sdir, host, _pass, port)
Get process options.
 
set_process_options(path, args, sdir, host, _pass, port)
Set process options.
excvec_t
retrieve_exceptions()
Retrieve the exception information.
bool
store_exceptions()
Update the exception information stored in the debugger module by invoking its dbg->set_exception_info callback
char const *
define_exception(code, name, desc, flags)
Convenience function: define new exception code.
source_view_t *
create_source_viewer(out_ccv, parent, custview, sf, lines, lnnum, colnum, flags)
Create a source code view.
bool
get_dbg_byte(x, ea)
Get one byte of the debugged process memory.
bool
put_dbg_byte(ea, x)
Change one byte of the debugged process memory.
 
invalidate_dbgmem_config()
Invalidate the debugged process memory configuration.
 
invalidate_dbgmem_contents(ea, size)
Invalidate the debugged process memory contents.
bool
is_debugger_on()
Is the debugger currently running?
bool
is_debugger_memory(ea)
Is the address mapped to debugger memory?
ea_t
get_tev_ea(n)
int
get_tev_type(n)
int
get_tev_tid(n)
bool
get_module_info(ea, modinfo)
 
bring_debugger_to_front()
bool
collect_stack_trace(tid, trace)
char const *
get_debugger_event_cond()
bool
load_debugger(dbgname, use_remote)
 
set_manual_regions(ranges)
 
edit_manual_regions()
 
enable_manual_regions(enable)
int
hide_all_bpts()
int
handle_debug_event(ev, rqflags)
bool
add_virt_module(mod)
bool
del_virt_module(base)
int
internal_ioctl(fn, buf, poutbuf, poutsize)
ssize_t
read_dbg_memory(ea, buffer, size)
int
get_reg_vals(tid, clsmask, values)
int
get_dbg_memory_info(ranges)
 
set_bpt_group(bpt, grp_name)
bool
set_bptloc_group(bptloc, grp_name)
bool
get_bpt_group(bptloc)
bool
rename_bptgrp(old_name, new_name)
bool
del_bptgrp(name)
ssize_t
get_grp_bpts(bpts, grp_name)
srcinfo_provider_t *
get_srcinfo_provider(name)
bool
get_global_var(prov, ea, name, out)
bool
get_local_var(prov, ea, name, out)
bool
get_local_vars(prov, ea, out)
 
add_path_mapping(src, dst)
bool
get_current_source_file(path)
int
get_current_source_line()
bool
srcdbg_step_into()
bool
srcdbg_request_step_into()
bool
srcdbg_step_over()
bool
srcdbg_request_step_over()
bool
srcdbg_step_until_ret()
bool
srcdbg_request_step_until_ret()
drc_t
dbg_bin_search(start_ea, end_ea, data, srch_flags)
bool
dbg_can_query()
This function can be used to check if the debugger can be queried:
 
get_manual_regions(ranges)
get_manual_regions() -> PyObject *
bool
dbg_is_loaded()
Checks if a debugger is loaded
PyObject *
refresh_debugger_memory()
Refreshes the debugger memory
size_t
list_bptgrps(bptgrps)
list_bptgrps() -> PyObject *
 
move_bpt_to_grp(bpt, grp_name)
Sets new group for the breakpoint
ea_t
internal_get_sreg_base(tid, sreg_value)
Get the sreg base, for the given thread.
ssize_t
write_dbg_memory(ea, py_buf, size=size_t(-1))
PyObject
set_reg_val(regname, o)
set_reg_val(tid, regidx, o) -> PyObject *
PyObject *
request_set_reg_val(regname, o)
Post a 'set_reg_val()' request.
bool
get_reg_val(regname, regval)
get_reg_val(regname, ival) -> bool get_reg_val(regname) -> PyObject *
 
get_tev_reg_val(tev, reg)
 
get_tev_reg_mem_qty(tev)
 
get_tev_reg_mem(tev, idx)
 
get_tev_reg_mem_ea(tev, idx)
 
send_dbg_command(command)
Send a direct command to the debugger backend, and retrieve the result as a string.
Variables
  dbg_null = 0
  dbg_process_start = 1
  dbg_process_exit = 2
  dbg_process_attach = 3
  dbg_process_detach = 4
  dbg_thread_start = 5
  dbg_thread_exit = 6
  dbg_library_load = 7
  dbg_library_unload = 8
  dbg_information = 9
  dbg_exception = 10
  dbg_suspend_process = 11
  dbg_bpt = 12
  dbg_trace = 13
  dbg_request_error = 14
  dbg_step_into = 15
  dbg_step_over = 16
  dbg_run_to = 17
  dbg_step_until_ret = 18
  dbg_bpt_changed = 19
  dbg_started_loading_bpts = 20
  dbg_finished_loading_bpts = 21
  dbg_last = 22
  BPTEV_ADDED = 0
Breakpoint has been added.
  BPTEV_REMOVED = 1
Breakpoint has been removed.
  BPTEV_CHANGED = 2
Breakpoint has been modified.
  DSTATE_SUSP = -1
process is suspended and will not continue
  DSTATE_NOTASK = 0
no process is currently debugged
  DSTATE_RUN = 1
process is running
  DBGINV_MEMORY = 1
invalidate cached memory contents
  DBGINV_MEMCFG = 2
invalidate cached process segmentation
  DBGINV_REGS = 4
invalidate cached register values
  DBGINV_ALL = 32767
invalidate everything
  DBGINV_REDRAW = 32768
refresh the screen
  DBGINV_NONE = 0
invalidate nothing
  BPLT_ABS = 0
  BPLT_REL = 1
  BPLT_SYM = 2
  BPLT_SRC = 3
  BPT_BRK = 1
suspend execution upon hit
  BPT_TRACE = 2
add trace information upon hit
  BPT_UPDMEM = 4
refresh the memory layout and contents before evaluating bpt condition
  BPT_ENABLED = 8
enabled?
  BPT_LOWCND = 16
condition is calculated at low level (on the server side)
  BPT_TRACEON = 32
enable tracing when the breakpoint is reached
  BPT_TRACE_INSN = 64
instruction tracing
  BPT_TRACE_FUNC = 128
function tracing
  BPT_TRACE_BBLK = 256
basic block tracing
  BPT_TRACE_TYPES = 448
trace insns, functions, and basic blocks.
  BPT_ELANG_MASK = 4026531840
  BPT_ELANG_SHIFT = 28
index of the extlang (scripting language) of the condition
  BKPT_BADBPT = 1
failed to write the bpt to the process memory (at least one location)
  BKPT_LISTBPT = 2
include in bpt list (user-defined bpt)
  BKPT_TRACE = 4
trace bpt; should not be deleted when the process gets suspended
  BKPT_ACTIVE = 8
active?
  BKPT_PARTIAL = 16
partially active? (some locations were not written yet)
  BKPT_CNDREADY = 32
condition has been compiled
  BKPT_FAKEPEND = 64
bpt of the same type is active at the same address(es)
  BKPT_PAGE = 128
only after writing the bpt to the process.
  MOVBPT_OK = 0
  MOVBPT_NOT_FOUND = 1
  MOVBPT_DEST_BUSY = 2
  MOVBPT_BAD_TYPE = 3
  BPTCK_NONE = -1
breakpoint does not exist
  BPTCK_NO = 0
breakpoint is disabled
  BPTCK_YES = 1
breakpoint is enabled
  BPTCK_ACT = 2
breakpoint is active (written to the process)
  ST_OVER_DEBUG_SEG = 1
step tracing will be disabled when IP is in a debugger segment
  ST_OVER_LIB_FUNC = 2
step tracing will be disabled when IP is in a library function
  ST_ALREADY_LOGGED = 4
step tracing will be disabled when IP is already logged
  ST_SKIP_LOOPS = 8
step tracing will try to skip loops already recorded
  ST_DIFFERENTIAL = 16
tracing: log only new instructions
  ST_OPTIONS_MASK = 31
mask of available options, to ensure compatibility with newer IDA versions
  ST_OPTIONS_DEFAULT = 3
  FT_LOG_RET = 1
function tracing will log returning instructions
  BT_LOG_INSTS = 1
log all instructions in the current basic block
  IT_LOG_SAME_IP = 1
instruction tracing will log instructions whose IP doesn't change
  tev_none = 0
  tev_insn = 1
  tev_call = 2
  tev_ret = 3
  tev_bpt = 4
  tev_mem = 5
  tev_event = 6
  tev_max = 7
  SAVE_ALL_VALUES = 0
  SAVE_DIFF = 1
  SAVE_NONE = 2
  DEC_NOTASK = -2
  DEC_ERROR = -1
  DEC_TIMEOUT = 0
  WFNE_ANY = 1
return the first event (even if it doesn't suspend the process)
  WFNE_SUSP = 2
wait until the process gets suspended
  WFNE_SILENT = 4
1: be slient, 0:display modal boxes if necessary
  WFNE_CONT = 8
continue from the suspended state
  WFNE_NOWAIT = 16
(to be used with 'WFNE_CONT' )
  WFNE_USEC = 32
(minimum non-zero timeout is 40000us)
  DOPT_SEGM_MSGS = 1
log debugger segments modifications
  DOPT_START_BPT = 2
break on process start
  DOPT_THREAD_MSGS = 4
log thread starts/exits
  DOPT_THREAD_BPT = 8
break on thread start/exit
  DOPT_BPT_MSGS = 16
log breakpoints
  DOPT_LIB_MSGS = 64
log library loads/unloads
  DOPT_LIB_BPT = 128
break on library load/unload
  DOPT_INFO_MSGS = 256
log debugging info events
  DOPT_INFO_BPT = 512
break on debugging information
  DOPT_REAL_MEMORY = 1024
do not hide breakpoint instructions
  DOPT_REDO_STACK = 2048
reconstruct the stack
  DOPT_ENTRY_BPT = 4096
break on program entry point
  DOPT_EXCDLG = 24576
exception dialogs:
  EXCDLG_NEVER = 0
never display exception dialogs
  EXCDLG_UNKNOWN = 8192
display for unknown exceptions
  EXCDLG_ALWAYS = 24576
always display
  DOPT_LOAD_DINFO = 32768
automatically load debug files (pdb)
  DOPT_END_BPT = 65536
evaluate event condition on process end
  DOPT_TEMP_HWBPT = 131072
when possible use hardware bpts for temp bpts
  SRCIT_NONE = 0
  SRCIT_MODULE = 1
  SRCIT_FUNC = 2
  SRCIT_STMT = 3
  SRCIT_EXPR = 4
  SRCIT_STTVAR = 5
  SRCIT_LOCVAR = 6
  SRCDBG_PROV_VERSION = 4
  __package__ = None
Function Details

run_to(ea, pid=pid_t(-1), tid=0)

 

Execute the process until the given address is reached. If no process is active, a new process is started. Technically, the debugger sets up a temporary breakpoint at the given address, and continues (or starts) the execution of the whole process. So, all threads continue their execution! \sq{Type, Asynchronous function - available as Request, Notification, 'dbg_run_to' }

Parameters:
  • ea - target address (C++: ea_t)
  • pid - not used yet. please do not specify this parameter. (C++: pid_t)
  • tid - not used yet. please do not specify this parameter. (C++: thid_t)
Returns: bool

request_run_to(ea, pid=pid_t(-1), tid=0)

 

Post a 'run_to()' request.

Parameters:
  • ea, (C++ - ea_t)
  • pid, (C++ - pid_t)
  • tid, (C++ - thid_t)
Returns: bool

run_requests()

 

Execute requests until all requests are processed or an asynchronous function is called. \sq{Type, Synchronous function, Notification, none (synchronous function)}If called from a notification handler, the execution of requests will be postponed to the end of the execution of all notification handlers.

Returns: bool
false if not all requests could be processed (indicates an asynchronous function was started)

get_running_request()

 

Get the current running request. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Returns: ui_notification_t
ui_null if no running request

get_running_notification()

 

Get the notification associated (if any) with the current running request. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Returns: dbg_notification_t
dbg_null if no running request

clear_requests_queue()

 

Clear the queue of waiting requests. \sq{Type, Synchronous function, Notification, none (synchronous function)}If a request is currently running, this one isn't stopped.

get_process_state()

 

Return the state of the currently debugged process. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Returns: int
one of Debugged process states

set_process_state(newstate, p_thid, dbginv)

 

Set new state for the debugged process. Notifies the IDA kernel about the change of the debugged process state. For example, a debugger module could call this function when it knows that the process is suspended for a short period of time. Some IDA API calls can be made only when the process is suspended. The process state is usually restored before returning control to the caller. You must know that it is ok to change the process state, doing it at arbitrary moments may crash the application or IDA. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • newstate - new process state (one of Debugged process states ) if DSTATE_NOTASK is passed then the state is not changed (C++: int)
  • p_thid - ptr to new thread id. may be NULL or pointer to NO_THREAD . the pointed variable will contain the old thread id upon return (C++: thid_t *)
  • dbginv - Debugged process invalidation options (C++: int)
Returns: int
old debugger state (one of Debugged process states )

invalidate_dbg_state(dbginv)

 

Invalidate cached debugger information. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • dbginv - Debugged process invalidation options (C++: int)
Returns: int
current debugger state (one of Debugged process states )

start_process(path=None, args=None, sdir=None)

 

Start a process in the debugger. \sq{Type, Asynchronous function - available as Request, Notification, 'dbg_process_start' }You can also use the 'run_to()' function to easily start the execution of a process until a given address is reached.For all parameters, a NULL value indicates the debugger will take the value from the defined Process Options.

Parameters:
  • path - path to the executable to start (C++: const char *)
  • args - arguments to pass to process (C++: const char *)
  • sdir - starting directory for the process (C++: const char *)
Returns: int

request_start_process(path=None, args=None, sdir=None)

 

Post a 'start_process()' request.

Parameters:
  • path, (C++ - const char *)
  • args, (C++ - const char *)
  • sdir, (C++ - const char *)
Returns: int

suspend_process()

 

Suspend the process in the debugger. \sq{ Type,Synchronous function (if in a notification handler)Asynchronous function (everywhere else)available as Request, Notification,none (if in a notification handler) 'dbg_suspend_process' (everywhere else) }The 'suspend_process()' function can be called from a notification handler to force the stopping of the process. In this case, no notification will be generated. When you suspend a process, the running command is always aborted.

Returns: bool

continue_process()

 

Continue the execution of the process in the debugger. \sq{Type, Synchronous function - available as Request, Notification, none (synchronous function)}The 'continue_process()' function can be called from a notification handler to force the continuation of the process. In this case the request queue will not be examined, IDA will simply resume execution. Usually it makes sense to call 'request_continue_process()' followed by 'run_requests()' , so that IDA will first start a queued request (if any) and then resume the application.

Returns: bool

exit_process()

 

Terminate the debugging of the current process. \sq{Type, Asynchronous function - available as Request, Notification, 'dbg_process_exit' }

Returns: bool

get_processes(proclist)

 

Take a snapshot of running processes and return their description. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • proclist, (C++ - procinfo_vec_t *)
Returns: ssize_t
number of processes or -1 on error

attach_process(pid=pid_t(-1), event_id=-1)

 

Attach the debugger to a running process. \sq{Type, Asynchronous function - available as Request, Notification, 'dbg_process_attach' }This function shouldn't be called as a request if 'NO_PROCESS' is used.

Parameters:
  • pid - PID of the process to attach to. If NO_PROCESS , a dialog box will interactively ask the user for the process to attach to. (C++: pid_t)
  • event_id, (C++ - int)
Returns: int

request_attach_process(pid, event_id)

 

Post an 'attach_process()' request.

Parameters:
  • pid, (C++ - pid_t)
  • event_id, (C++ - int)
Returns: int

detach_process()

 

Detach the debugger from the debugged process. \sq{Type, Asynchronous function - available as Request, Notification, 'dbg_process_detach' }

Returns: bool

is_debugger_busy()

 

Is the debugger busy?. Some debuggers do not accept any commands while the debugged application is running. For such a debugger, it is unsafe to do anything with the database (even simple queries like get_byte may lead to undesired consequences). Returns: true if the debugged application is running under such a debugger

Returns: bool

get_thread_qty()

 

Get number of threads. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Returns: int

getn_thread(n)

 

Get the ID of a thread. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • n - number of thread, is in range 0.. get_thread_qty() -1 (C++: int)
Returns: thid_t
NO_THREAD if the thread doesn't exist.

get_current_thread()

 

Get current thread ID. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Returns: thid_t

getn_thread_name(n)

 

Get the NAME of a thread \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • n - number of thread, is in range 0.. get_thread_qty() -1 or -1 for the current thread (C++: int)
Returns: char const *
thread name or NULL if the thread doesn't exist.

select_thread(tid)

 

Select the given thread as the current debugged thread. All thread related execution functions will work on this thread. The process must be suspended to select a new thread. \sq{Type, Synchronous function - available as request, Notification, none (synchronous function)}

Parameters:
  • tid - ID of the thread to select (C++: thid_t)
Returns: bool
false if the thread doesn't exist.

request_select_thread(tid)

 

Post a 'select_thread()' request.

Parameters:
  • tid, (C++ - thid_t)
Returns: bool

suspend_thread(tid)

 

Suspend thread. Suspending a thread may deadlock the whole application if the suspended was owning some synchronization objects. \sq{Type, Synchronous function - available as request, Notification, none (synchronous function)}

Parameters:
  • tid - thread id (C++: thid_t)
Returns: int

request_suspend_thread(tid)

 

Post a 'suspend_thread()' request.

Parameters:
  • tid, (C++ - thid_t)
Returns: int

resume_thread(tid)

 

Resume thread. \sq{Type, Synchronous function - available as request, Notification, none (synchronous function)}

Parameters:
  • tid - thread id (C++: thid_t)
Returns: int

request_resume_thread(tid)

 

Post a 'resume_thread()' request.

Parameters:
  • tid, (C++ - thid_t)
Returns: int

step_into()

 

Execute one instruction in the current thread. Other threads are kept suspended. \sq{Type, Asynchronous function - available as Request, Notification, 'dbg_step_into' }

Returns: bool

step_over()

 

Execute one instruction in the current thread, but without entering into functions. Others threads keep suspended. \sq{Type, Asynchronous function - available as Request, Notification, 'dbg_step_over' }

Returns: bool

step_until_ret()

 

Execute instructions in the current thread until a function return instruction is executed (aka "step out"). Other threads are kept suspended. \sq{Type, Asynchronous function - available as Request, Notification, 'dbg_step_until_ret' }

Returns: bool

set_resume_mode(tid, mode)

 

How to resume the application. Set resume mode but do not resume process.

Parameters:
  • tid, (C++ - thid_t)
  • mode, (C++ - resume_mode_t)
Returns: bool

request_set_resume_mode(tid, mode)

 

Post a 'set_resume_mode()' request.

Parameters:
  • tid, (C++ - thid_t)
  • mode, (C++ - resume_mode_t)
Returns: bool

get_dbg_reg_info(regname, ri)

 

Get register information \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • regname, (C++ - const char *)
  • ri, (C++ - register_info_t *)
Returns: bool

get_sp_val()

 

Get value of the SP register for the current thread. Requires a suspended debugger.

Returns: bool

get_ip_val()

 

Get value of the IP (program counter) register for the current thread. Requires a suspended debugger.

Returns: bool

is_reg_integer(regname)

 

Does a register contain an integer value? \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • regname, (C++ - const char *)
Returns: bool

is_reg_float(regname)

 

Does a register contain a floating point value? \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • regname, (C++ - const char *)
Returns: bool

is_reg_custom(regname)

 

Does a register contain a value of a custom data type? \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • regname, (C++ - const char *)
Returns: bool

set_bptloc_string(s)

 

Helper function for 'bpt_location_t' .

Parameters:
  • s, (C++ - const char *)
Returns: int

get_bptloc_string(i)

 

Helper function for 'bpt_location_t' .

Parameters:
  • i, (C++ - int)
Returns: char const *

get_bpt_qty()

 

Get number of breakpoints. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Returns: int

getn_bpt(n, bpt)

 

Get the characteristics of a breakpoint. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • n - number of breakpoint, is in range 0.. get_bpt_qty() -1 (C++: int)
  • bpt - filled with the characteristics. (C++: bpt_t *)
Returns: bool
false if no breakpoint exists

get_bpt(ea, bpt)

 

Get the characteristics of a breakpoint. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • ea - any address in the breakpoint range (C++: ea_t)
  • bpt - if not NULL, is filled with the characteristics. (C++: bpt_t *)
Returns: bool
false if no breakpoint exists

exist_bpt(ea)

 

Does a breakpoint exist at the given location?

Parameters:
  • ea, (C++ - ea_t)
Returns: bool

add_bpt(ea, size=0, type=BPT_DEFAULT)

 
  add_bpt(bpt) -> bool


Add a new breakpoint in the debugged process. \sq{Type, Synchronous
function - available as request, Notification, none (synchronous
function)}Only one breakpoint can exist at a given address.

@param ea: any address in the process memory space. Depending on the
           architecture, hardware breakpoints always be setup at
           random address. For example, on x86, hardware breakpoints
           should be aligned depending on their size. Moreover, on the
           x86 architecture, it is impossible to setup more than 4
           hardware breakpoints. (C++: ea_t)
@param size: size of the breakpoint (irrelevant for software
             breakpoints): As for the address, hardware breakpoints
             can't always be setup with random size. (C++: asize_t)
@param type: type of the breakpoint ( BPT_SOFT  for software
             breakpoint) special case  BPT_DEFAULT  ( BPT_SOFT |
             BPT_EXEC ): try to add instruction breakpoint of the
             appropriate type as follows: software bpt if supported,
             hwbpt otherwise (C++: bpttype_t)
  

Returns: bool

request_add_bpt(ea, size=0, type=BPT_DEFAULT)

 
  request_add_bpt(bpt) -> bool


Post an 'add_bpt(ea_t, asize_t, bpttype_t)' request.


@param ea (C++: ea_t)
@param size (C++: asize_t)
@param type (C++: bpttype_t)
  

Returns: bool

del_bpt(ea)

 
  del_bpt(bptloc) -> bool


Delete an existing breakpoint in the debugged process. \sq{Type,
Synchronous function - available as request, Notification, none
(synchronous function)}

@param ea: any address in the breakpoint range (C++: ea_t)
  

Returns: bool

request_del_bpt(ea)

 
  request_del_bpt(bptloc) -> bool


Post a 'del_bpt(ea_t)' request.


@param ea (C++: ea_t)
  

Returns: bool

update_bpt(bpt)

 

Update modifiable characteristics of an existing breakpoint. To update the breakpoint location, use 'change_bptlocs()' \sq{Type, Synchronous function, Notification, none (synchronous function)}Only the following fields can be modified: 'bpt_t::cndbody' 'bpt_t::pass_count' 'bpt_t::flags' 'bpt_t::size' 'bpt_t::type' Changing some properties will require removing and then re-adding the breakpoint to the process memory (or the debugger backend), which can lead to race conditions (i.e., breakpoint(s) can be missed) in case the process is not suspended. Here are a list of scenarios that will require the breakpoint to be removed & then re-added: 'bpt_t::size' is modified 'bpt_t::type' is modified 'bpt_t::flags' 's BPT_ENABLED is modified 'bpt_t::flags' 's BPT_LOWCND is changed 'bpt_t::flags' 's BPT_LOWCND remains set, but cndbody changed

Parameters:
  • bpt, (C++ - const bpt_t *)
Returns: bool

find_bpt(bptloc, bpt)

 

Find a breakpoint by location. \sq{Type, Synchronous function - available as request, Notification, none (synchronous function)}

Parameters:
  • bptloc - Breakpoint location (C++: const bpt_location_t &)
  • bpt - bpt is filled if the breakpoint was found (C++: bpt_t *)
Returns: bool

check_bpt(ea)

 

Check the breakpoint at the specified address.

Parameters:
  • ea, (C++ - ea_t)
Returns: int
one of Breakpoint status codes

set_trace_size(size)

 

Specify the new size of the circular buffer. \sq{Type, Synchronous function, Notification, none (synchronous function)}If you specify 0, all available memory can be quickly used !!!

Parameters:
  • size - if 0, buffer isn't circular and events are never removed. If the new size is smaller than the existing number of trace events, a corresponding number of trace events are removed. (C++: int)
Returns: bool

clear_trace()

 

Clear all events in the trace buffer. \sq{Type, Synchronous function - available as request, Notification, none (synchronous function)}

is_step_trace_enabled()

 

Get current state of step tracing. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Returns: bool

get_step_trace_options()

 

Get current step tracing options. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Returns: int
Step trace options

set_step_trace_options(options)

 

Modify step tracing options. \sq{Type, Synchronous function - available as request, Notification, none (synchronous function)}

Parameters:
  • options, (C++ - int)

request_set_step_trace_options(options)

 

Post a 'set_step_trace_options()' request.

Parameters:
  • options, (C++ - int)

is_insn_trace_enabled()

 

Get current state of instructions tracing. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Returns: bool

get_insn_trace_options()

 

Get current instruction tracing options. Also see 'IT_LOG_SAME_IP' \sq{Type, Synchronous function, Notification, none (synchronous function)}

Returns: int

set_insn_trace_options(options)

 

Modify instruction tracing options. \sq{Type, Synchronous function - available as request, Notification, none (synchronous function)}

Parameters:
  • options, (C++ - int)

request_set_insn_trace_options(options)

 

Post a 'set_insn_trace_options()' request.

Parameters:
  • options, (C++ - int)

is_func_trace_enabled()

 

Get current state of functions tracing. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Returns: bool

get_func_trace_options()

 

Get current function tracing options. Also see 'FT_LOG_RET' \sq{Type, Synchronous function, Notification, none (synchronous function)}

Returns: int

set_func_trace_options(options)

 

Modify function tracing options. \sq{Type, Synchronous function - available as request, Notification, none (synchronous function)}

Parameters:
  • options, (C++ - int)

request_set_func_trace_options(options)

 

Post a 'set_func_trace_options()' request.

Parameters:
  • options, (C++ - int)

get_bblk_trace_options()

 

Get current basic block tracing options. Also see 'BT_LOG_INSTS' \sq{Type, Synchronous function, Notification, none (synchronous function)}

Returns: int

set_bblk_trace_options(options)

 

Modify basic block tracing options (see 'BT_LOG_INSTS' )

Parameters:
  • options, (C++ - int)

request_set_bblk_trace_options(options)

 

Post a 'set_bblk_trace_options()' request.

Parameters:
  • options, (C++ - int)

get_tev_qty()

 

Get number of trace events available in trace buffer. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Returns: int

get_tev_info(n, tev_info)

 

Get main information about a trace event. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • n - number of trace event, is in range 0.. get_bpt_qty() -1. 0 represents the latest added trace event. (C++: int)
  • tev_info - result (C++: tev_info_t *)
Returns: bool
success

get_insn_tev_reg_val(n, regname, regval)

 

Read a register value from an instruction trace event. \sq{Type, Synchronous function, Notification, none (synchronous function)}This is the value of the register before the execution of the instruction.

Parameters:
  • n - number of trace event, is in range 0.. get_bpt_qty() -1. 0 represents the latest added trace event. (C++: int)
  • regname - name of desired register (C++: const char *)
  • regval - result (C++: regval_t *)
Returns: bool
false if not an instruction event.

get_insn_tev_reg_mem(n, memmap)

 

Read the memory pointed by register values from an instruction trace event. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • n - number of trace event, is in range 0.. get_bpt_qty() -1. 0 represents the latest added trace event. (C++: int)
  • memmap - result (C++: memreg_infos_t *)
Returns: bool
false if not an instruction event or no memory is available

get_insn_tev_reg_result(n, regname, regval)

 

Read the resulting register value from an instruction trace event. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • n - number of trace event, is in range 0.. get_bpt_qty() -1. 0 represents the latest added trace event. (C++: int)
  • regname - name of desired register (C++: const char *)
  • regval - result (C++: regval_t *)
Returns: bool
false if not an instruction trace event or register wasn't modified.

get_call_tev_callee(n)

 

Get the called function from a function call trace event. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • n - number of trace event, is in range 0.. get_bpt_qty() -1. 0 represents the latest added trace event. (C++: int)
Returns: ea_t
BADADDR if not a function call event.

get_ret_tev_return(n)

 

Get the return address from a function return trace event. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • n - number of trace event, is in range 0.. get_bpt_qty() -1. 0 represents the latest added trace event. (C++: int)
Returns: ea_t
BADADDR if not a function return event.

get_bpt_tev_ea(n)

 

Get the address associated to a read, read/write or execution trace event. \sq{Type, Synchronous function, Notification, none (synchronous function)}Usually, a breakpoint is associated with a read, read/write or execution trace event. However, the returned address could be any address in the range of this breakpoint. If the breakpoint was deleted after the trace event, the address no longer corresponds to a valid breakpoint.

Parameters:
  • n - number of trace event, is in range 0.. get_bpt_qty() -1. 0 represents the latest added trace event. (C++: int)
Returns: ea_t
BADADDR if not a read, read/write or execution trace event.

get_tev_memory_info(n, mi)

 

Get the memory layout, if any, for the specified tev object. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • n - number of trace event, is in range 0.. get_bpt_qty() -1. 0 represents the latest added trace event. (C++: int)
  • mi - result (C++: meminfo_vec_t *)
Returns: bool
false if the tev_t object is not of type tev_mem , true otherwise, with the new memory layout in "mi".

get_tev_event(n, d)

 

Get the corresponding debug event, if any, for the specified tev object. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • n - number of trace event, is in range 0.. get_bpt_qty() -1. 0 represents the latest added trace event. (C++: int)
  • d - result (C++: debug_event_t *)
Returns: bool
false if the tev_t object doesn't have any associated debug event, true otherwise, with the debug event in "d".

get_trace_base_address()

 

Get the base address of the current trace. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Returns: ea_t
the base address of the currently loaded trace

set_trace_base_address(ea)

 

Set the base address of the current trace. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • ea, (C++ - ea_t)

dbg_add_thread(tid)

 

Add a thread to the current trace. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • tid, (C++ - thid_t)

dbg_del_thread(tid)

 

Delete a thread from the current trace. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • tid, (C++ - thid_t)

dbg_add_tev(type, tid, address)

 

Add a new trace element to the current trace. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • type, (C++ - tev_type_t)
  • tid, (C++ - thid_t)
  • address, (C++ - ea_t)

dbg_add_many_tevs(new_tevs)

 

Add many new trace elements to the current trace. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • new_tevs, (C++ - tevinforeg_vec_t *)
Returns: bool
false if the operation failed for any tev_info_t object

dbg_add_insn_tev(tid, ea, save=SAVE_DIFF)

 

Add a new instruction trace element to the current trace. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • tid, (C++ - thid_t)
  • ea, (C++ - ea_t)
  • save, (C++ - save_reg_values_t)
Returns: bool
false if the operation failed, true otherwise

dbg_add_bpt_tev(tid, ea, bp)

 

Add a new breakpoint trace element to the current trace. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • tid, (C++ - thid_t)
  • ea, (C++ - ea_t)
  • bp, (C++ - ea_t)
Returns: bool
false if the operation failed, true otherwise

dbg_add_call_tev(tid, caller, callee)

 

Add a new call trace element to the current trace. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • tid, (C++ - thid_t)
  • caller, (C++ - ea_t)
  • callee, (C++ - ea_t)

dbg_add_ret_tev(tid, ret_insn, return_to)

 

Add a new return trace element to the current trace. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • tid, (C++ - thid_t)
  • ret_insn, (C++ - ea_t)
  • return_to, (C++ - ea_t)

dbg_add_debug_event(event)

 

Add a new debug event to the current trace. \sq{Type, Synchronous function, Notification, none (synchronous function)}

Parameters:
  • event, (C++ - debug_event_t *)

load_trace_file(filename)

 

Load a recorded trace file in the trace window. If the call succeeds and 'buf' is not null, the description of the trace stored in the binary trace file will be returned in 'buf'

Parameters:
  • filename, (C++ - const char *)
Returns: bool

save_trace_file(filename, description)

 

Save the current trace in the specified file.

Parameters:
  • filename, (C++ - const char *)
  • description, (C++ - const char *)
Returns: bool

is_valid_trace_file(filename)

 

Is the specified file a valid trace file for the current database?

Parameters:
  • filename, (C++ - const char *)
Returns: bool

set_trace_file_desc(filename, description)

 

Change the description of the specified trace file.

Parameters:
  • filename, (C++ - const char *)
  • description, (C++ - const char *)
Returns: bool

get_trace_file_desc(filename)

 

Get the file header of the specified trace file.

Parameters:
  • filename, (C++ - const char *)
Returns: bool

set_highlight_trace_options(hilight, color, diff)

 

Set highlight trace parameters.

Parameters:
  • hilight, (C++ - bool)
  • color, (C++ - bgcolor_t)
  • diff, (C++ - bgcolor_t)

set_trace_platform(platform)

 

Set platform name of current trace.

Parameters:
  • platform, (C++ - const char *)

wait_for_next_event(wfne, timeout)

 

Wait for the next event.This function (optionally) resumes the process execution, and waits for a debugger event until a possible timeout occurs.

Parameters:
  • wfne - combination of Wait for debugger event flags constants (C++: int)
  • timeout - number of seconds to wait, -1-infinity (C++: int)
Returns: dbg_event_code_t
either an event_id_t (if > 0), or a dbg_event_code_t (if <= 0)

set_debugger_options(options)

 

Set debugger options. Replaces debugger options with the specification combination 'Debugger options'

Parameters:
  • options, (C++ - uint)
Returns: uint
the old debugger options

set_remote_debugger(host, _pass, port=-1)

 

Set remote debugging options. Should be used before starting the debugger.

Parameters:
  • host - If empty, IDA will use local debugger. If NULL, the host will not be set. (C++: const char *)
  • port - If -1, the default port number will be used (C++: int)

get_process_options(path, args, sdir, host, _pass, port)

 

Get process options. Any of the arguments may be NULL

Parameters:
  • path, (C++ - qstring *)
  • args, (C++ - qstring *)
  • sdir, (C++ - qstring *)
  • host, (C++ - qstring *)
  • port, (C++ - int *)

set_process_options(path, args, sdir, host, _pass, port)

 

Set process options. Any of the arguments may be NULL, which means 'do not modify'

Parameters:
  • path, (C++ - const char *)
  • args, (C++ - const char *)
  • sdir, (C++ - const char *)
  • host, (C++ - const char *)
  • port, (C++ - int)

retrieve_exceptions()

 

Retrieve the exception information. You may freely modify the returned vector and add/edit/delete exceptions You must call 'store_exceptions()' after any modifications Note: exceptions with code zero, multiple exception codes or names are prohibited

Returns: excvec_t

define_exception(code, name, desc, flags)

 

Convenience function: define new exception code.

Parameters:
  • code - exception code (cannot be 0) (C++: uint)
  • name - exception name (cannot be empty or NULL) (C++: const char *)
  • desc - exception description (maybe NULL) (C++: const char *)
  • flags - combination of Exception info flags (C++: int)
Returns: char const *
failure message or NULL. You must call store_exceptions() if this function succeeds

create_source_viewer(out_ccv, parent, custview, sf, lines, lnnum, colnum, flags)

 

Create a source code view.

Parameters:
  • out_ccv, (C++ - TWidget **)
  • parent, (C++ - TWidget *)
  • custview, (C++ - TWidget *)
  • sf, (C++ - source_file_ptr)
  • lines, (C++ - strvec_t *)
  • lnnum, (C++ - int)
  • colnum, (C++ - int)
  • flags, (C++ - int)
Returns: source_view_t *

get_dbg_byte(x, ea)

 

Get one byte of the debugged process memory.

Parameters:
  • x - pointer to byte value (C++: uint32 *)
  • ea - linear address (C++: ea_t)
Returns: bool
true success

put_dbg_byte(ea, x)

 

Change one byte of the debugged process memory.

Parameters:
  • ea - linear address (C++: ea_t)
  • x - byte value (C++: uint32)
Returns: bool
true if the process memory has been modified

invalidate_dbgmem_config()

 

Invalidate the debugged process memory configuration. Call this function if the debugged process might have changed its memory layout (allocated more memory, for example)

invalidate_dbgmem_contents(ea, size)

 

Invalidate the debugged process memory contents. Call this function each time the process has been stopped or the process memory is modified. If ea == 'BADADDR' , then the whole memory contents will be invalidated

Parameters:
  • ea, (C++ - ea_t)
  • size, (C++ - asize_t)

is_debugger_memory(ea)

 

Is the address mapped to debugger memory?

Parameters:
  • ea, (C++ - ea_t)
Returns: bool

dbg_can_query()

 

This function can be used to check if the debugger can be queried:

  • debugger is loaded
  • process is suspended
  • process is not suspended but can take requests. In this case some requests like memory read/write, bpt management succeed and register querying will fail. Check if idaapi.get_process_state() < 0 to tell if the process is suspended
Returns: bool
Boolean

get_manual_regions(ranges)

 
  get_manual_regions() -> PyObject *


Returns the manual memory regions
@return: list(start_ea, end_ea, name, sclass, sbase, bitness, perm)
  

dbg_is_loaded()

 

Checks if a debugger is loaded

Returns: bool
Boolean

refresh_debugger_memory()

 

Refreshes the debugger memory

Returns: PyObject *
Nothing

internal_get_sreg_base(tid, sreg_value)

 

Get the sreg base, for the given thread.

Returns: ea_t
The sreg base, or BADADDR on failure.

set_reg_val(regname, o)

 
  set_reg_val(tid, regidx, o) -> PyObject *


Write a register value to the current thread. \sq{Type, Synchronous
function - available as Request, Notification, none (synchronous
function)}

@param regname (C++: const char *)
  

Returns: PyObject

request_set_reg_val(regname, o)

 

Post a 'set_reg_val()' request.

Parameters:
  • regname, (C++ - const char *)
Returns: PyObject *

get_reg_val(regname, regval)

 
  get_reg_val(regname, ival) -> bool
  get_reg_val(regname) -> PyObject *


Read a register value from the current thread. \sq{Type, Synchronous
function, Notification, none (synchronous function)}

@param regname (C++: const char *)
@param regval (C++: regval_t  *)
  

Returns: bool

send_dbg_command(command)

 

Send a direct command to the debugger backend, and retrieve the result as a string.

Note: any double-quotes in 'command' must be backslash-escaped. Note: this only works with some debugger backends: Bochs, WinDbg, GDB.

Returns: (True, <result string>) on success, or (False, <Error message string>) on failure


Variables Details

BPT_TRACE_TYPES

trace insns, functions, and basic blocks. if any of 'BPT_TRACE_TYPES' bits are set but 'BPT_TRACEON' is clear, then turn off tracing for the specified trace types

Value:
448

BKPT_FAKEPEND

bpt of the same type is active at the same address(es)

fake pending bpt: it is inactive but another

Value:
64

BKPT_PAGE

only after writing the bpt to the process.

written to the process as a page bpt. is available

Value:
128

WFNE_NOWAIT

(to be used with 'WFNE_CONT' )

do not wait for any event, immediately return 'DEC_TIMEOUT'

Value:
16

WFNE_USEC

(minimum non-zero timeout is 40000us)

timeout is specified in microseconds

Value:
32