Module ida_idd
[frames] | no frames]

Module ida_idd

IDA Plugin SDK API wrapper: idd

Classes
  excvec_t
Proxy of C++ qvector<(exception_info_t)> class
  procinfo_vec_t
Proxy of C++ qvector<(process_info_t)> class
  process_info_t
Proxy of C++ process_info_t class
  debapp_attrs_t
Proxy of C++ debapp_attrs_t class
  scattered_segm_t
Proxy of C++ scattered_segm_t class
  module_info_t
Proxy of C++ module_info_t class
  e_breakpoint_t
Proxy of C++ e_breakpoint_t class
  e_exception_t
Proxy of C++ e_exception_t class
  debug_event_t
Proxy of C++ debug_event_t class
  exception_info_t
Proxy of C++ exception_info_t class
  regval_t
Proxy of C++ regval_t class
  call_stack_info_t
Proxy of C++ call_stack_info_t class
  call_stack_t
Proxy of C++ call_stack_t class
  Appcall_array__
This class is used with Appcall.array() method
  Appcall_callable__
Helper class to issue appcalls using a natural syntax:...
  Appcall_consts__
Helper class used by Appcall.Consts attribute It is used to retrieve constants via attribute access
  Appcall__
Functions
error_t
dbg_appcall(retval, func_ea, tid, ptif, argv, argnum)
error_t
cleanup_appcall(tid)
PyObject *
dbg_get_registers()
This function returns the register definition from the currently loaded debugger.
PyObject *
dbg_get_thread_sreg_base(py_tid, py_sreg_value)
Returns the segment register base value
PyObject *
dbg_read_memory(py_ea, py_sz)
Reads from the debugee's memory at the specified ea
PyObject *
dbg_write_memory(py_ea, py_buf)
Writes a buffer to the debugee's memory
PyObject *
dbg_get_name()
This function returns the current debugger's name.
PyObject *
dbg_get_memory_info()
This function returns the memory configuration of a debugged process.
bool
dbg_can_query()
This function can be used to check if the debugger can be queried:
PyObject *
appcall(func_ea, tid, py_type, py_fields, arg_list)
char
get_event_module_name(ev)
ea_t
get_event_module_base(ev)
asize_t
get_event_module_size(ev)
char
get_event_exc_info(ev)
char
get_event_info(ev)
ea_t
get_event_bpt_hea(ev)
uint
get_event_exc_code(ev)
ea_t
get_event_exc_ea(ev)
bool
can_exc_continue(ev)
Variables
  IDD_INTERFACE_VERSION = 22
  DEF_ADDRSIZE = 4
  NO_EVENT = 0
  PROCESS_START = 1
  PROCESS_EXIT = 2
  THREAD_START = 4
  THREAD_EXIT = 8
  BREAKPOINT = 16
  STEP = 32
  EXCEPTION = 64
  LIBRARY_LOAD = 128
  LIBRARY_UNLOAD = 256
  INFORMATION = 512
  SYSCALL = 1024
  WINMESSAGE = 2048
  PROCESS_ATTACH = 4096
  PROCESS_DETACH = 8192
  PROCESS_SUSPEND = 16384
  TRACE_FULL = 32768
  cvar = _ida_idd.cvar
  BPT_WRITE = 1
  BPT_READ = 2
  BPT_RDWR = 3
  BPT_SOFT = 4
  BPT_EXEC = 8
  BPT_DEFAULT = 12
  EXC_BREAK = 1
  EXC_HANDLE = 2
  EXC_MSG = 4
  EXC_SILENT = 8
  RVT_INT = -1
  RVT_FLOAT = -2
  RESMOD_NONE = 0
  RESMOD_INTO = 1
  RESMOD_OVER = 2
  RESMOD_OUT = 3
  RESMOD_SRCINTO = 4
  RESMOD_SRCOVER = 5
  RESMOD_SRCOUT = 6
  RESMOD_USER = 7
  RESMOD_HANDLE = 8
  RESMOD_MAX = 9
  RQ_MASKING = 1
  RQ_SUSPEND = 2
  RQ_NOSUSP = 0
  RQ_IGNWERR = 4
  RQ_SILENT = 8
  RQ_VERBOSE = 0
  RQ_SWSCREEN = 16
  RQ__NOTHRRF = 32
  RQ_PROCEXIT = 64
  RQ_IDAIDLE = 128
  RQ_SUSPRUN = 256
  RQ_RESUME = 512
  RQ_RESMOD = 61440
  RQ_RESMOD_SHIFT = 12
  NO_PROCESS = 4294967295
  NO_THREAD = 0
  Appcall = <ida_idd.Appcall__ object>
  __package__ = None
Function Details

dbg_get_registers()

 

This function returns the register definition from the currently loaded debugger. Basically, it returns an array of structure similar to to idd.hpp / register_info_t

Returns: PyObject *
None if no debugger is loaded tuple(name, flags, class, dtype, bit_strings, default_bit_strings_mask) The bit_strings can be a tuple of strings or None (if the register does not have bit_strings)

dbg_get_thread_sreg_base(py_tid, py_sreg_value)

 

Returns the segment register base value

Parameters:
  • tid - thread id
  • sreg_value - segment register (selector) value
Returns: PyObject *
  • The base as an 'ea'
  • Or None on failure

dbg_read_memory(py_ea, py_sz)

 

Reads from the debugee's memory at the specified ea

Returns: PyObject *
  • The read buffer (as a string)
  • Or None on failure

dbg_write_memory(py_ea, py_buf)

 

Writes a buffer to the debugee's memory

Returns: PyObject *
Boolean

dbg_get_name()

 

This function returns the current debugger's name.

Returns: PyObject *
Debugger name or None if no debugger is active

dbg_get_memory_info()

 

This function returns the memory configuration of a debugged process.

Returns: PyObject *
None if no debugger is active tuple(start_ea, end_ea, name, sclass, sbase, bitness, perm)

dbg_can_query()

 

This function can be used to check if the debugger can be queried:

  • debugger is loaded
  • process is suspended
  • process is not suspended but can take requests. In this case some requests like memory read/write, bpt management succeed and register querying will fail. Check if idaapi.get_process_state() < 0 to tell if the process is suspended
Returns: bool
Boolean