Module ida_idd
[frames] | no frames]

Module ida_idd

IDA Plugin SDK API wrapper: idd

Classes
  excvec_t
Proxy of C++ qvector<(exception_info_t)> class
  procinfo_vec_t
Proxy of C++ qvector<(process_info_t)> class
  call_stack_t
Proxy of C++ qvector<(call_stack_info_t)> class
  meminfo_vec_t
Proxy of C++ qvector<(memory_info_t)> class
  process_info_t
Proxy of C++ process_info_t class
  debapp_attrs_t
Proxy of C++ debapp_attrs_t class
  register_info_t
Proxy of C++ register_info_t class
  memory_info_t
Proxy of C++ memory_info_t class
  scattered_segm_t
Proxy of C++ scattered_segm_t class
  modinfo_t
Proxy of C++ modinfo_t class
  bptaddr_t
Proxy of C++ bptaddr_t class
  excinfo_t
Proxy of C++ excinfo_t class
  debug_event_t
Proxy of C++ debug_event_t class
  exception_info_t
Proxy of C++ exception_info_t class
  regval_t
Proxy of C++ regval_t class
  call_stack_info_t
Proxy of C++ call_stack_info_t class
  thread_name_t
Proxy of C++ thread_name_t class
  Appcall_array__
This class is used with Appcall.array() method
  Appcall_callable__
Helper class to issue appcalls using a natural syntax:...
  Appcall_consts__
Helper class used by Appcall.Consts attribute It is used to retrieve constants via attribute access
  Appcall__
Functions
 
set_debug_event_code(ev, id)
error_t
dbg_appcall(retval, func_ea, tid, ptif, argv, argnum)
Call a function from the debugged application.
error_t
cleanup_appcall(tid)
Cleanup after manual appcall.
PyObject *
dbg_get_registers()
This function returns the register definition from the currently loaded debugger.
PyObject *
dbg_get_thread_sreg_base(py_tid, py_sreg_value)
Returns the segment register base value
PyObject *
dbg_read_memory(py_ea, py_sz)
Reads from the debugee's memory at the specified ea
PyObject *
dbg_write_memory(py_ea, py_buf)
Writes a buffer to the debugee's memory
PyObject *
dbg_get_name()
This function returns the current debugger's name.
PyObject *
dbg_get_memory_info()
This function returns the memory configuration of a debugged process.
PyObject *
appcall(func_ea, tid, py_type, py_fields, arg_list)
char
get_event_module_name(ev)
ea_t
get_event_module_base(ev)
asize_t
get_event_module_size(ev)
char
get_event_exc_info(ev)
char
get_event_info(ev)
ea_t
get_event_bpt_hea(ev)
uint
get_event_exc_code(ev)
ea_t
get_event_exc_ea(ev)
bool
can_exc_continue(ev)
Variables
  IDD_INTERFACE_VERSION = 25
The IDD interface version number.
  DEF_ADDRSIZE = 4
  REGISTER_READONLY = 1
the user can't modify the current value of this register
  REGISTER_IP = 2
instruction pointer
  REGISTER_SP = 4
stack pointer
  REGISTER_FP = 8
frame pointer
  REGISTER_ADDRESS = 16
may contain an address
  REGISTER_CS = 32
code segment
  REGISTER_SS = 64
stack segment
  REGISTER_NOLF = 128
allowing the next register to be displayed to its right (on the same line)
  REGISTER_CUSTFMT = 256
register should be displayed using a custom data format.
  NO_EVENT = 0
  PROCESS_STARTED = 1
  PROCESS_EXITED = 2
  THREAD_STARTED = 4
  THREAD_EXITED = 8
  BREAKPOINT = 16
  STEP = 32
  EXCEPTION = 64
  LIB_LOADED = 128
  LIB_UNLOADED = 256
  INFORMATION = 512
  PROCESS_ATTACHED = 1024
  PROCESS_DETACHED = 2048
  PROCESS_SUSPENDED = 4096
  TRACE_FULL = 8192
  cvar = _ida_idd.cvar
  BPT_WRITE = 1
  BPT_READ = 2
  BPT_RDWR = 3
  BPT_SOFT = 4
  BPT_EXEC = 8
  BPT_DEFAULT = 12
  EXC_BREAK = 1
break on the exception
  EXC_HANDLE = 2
should be handled by the debugger?
  EXC_MSG = 4
instead of a warning, log the exception to the output window
  EXC_SILENT = 8
do not warn or log to the output window
  RVT_INT = -1
integer
  RVT_FLOAT = -2
floating point
  RVT_UNAVAILABLE = -3
other values mean custom data type
  RESMOD_NONE = 0
  RESMOD_INTO = 1
  RESMOD_OVER = 2
  RESMOD_OUT = 3
  RESMOD_SRCINTO = 4
  RESMOD_SRCOVER = 5
  RESMOD_SRCOUT = 6
  RESMOD_USER = 7
  RESMOD_HANDLE = 8
  RESMOD_MAX = 9
  STEP_TRACE = 1
  INSN_TRACE = 2
  FUNC_TRACE = 4
  BBLK_TRACE = 8
  DRC_EVENTS = 3
  DRC_CRC = 2
  DRC_OK = 1
  DRC_NONE = 0
  DRC_FAILED = -1
  DRC_NETERR = -2
  DRC_NOFILE = -3
  DRC_IDBSEG = -4
  DRC_NOPROC = -5
  DRC_NOCHG = -6
  DRC_ERROR = -7
  RQ_MASKING = 1
  RQ_SUSPEND = 2
  RQ_NOSUSP = 0
  RQ_IGNWERR = 4
  RQ_SILENT = 8
  RQ_VERBOSE = 0
  RQ_SWSCREEN = 16
  RQ__NOTHRRF = 32
  RQ_PROCEXIT = 64
  RQ_IDAIDLE = 128
  RQ_SUSPRUN = 256
  RQ_RESUME = 512
  RQ_RESMOD = 61440
  RQ_RESMOD_SHIFT = 12
  NO_PROCESS = 4294967295
No process.
  NO_THREAD = 0
No thread.
  Appcall = <ida_idd.Appcall__ object>
  __package__ = None
Function Details

dbg_appcall(retval, func_ea, tid, ptif, argv, argnum)

 

Call a function from the debugged application.

Parameters:
  • retval, (C++ - idc_value_t *)
  • func_ea - address to call (C++: ea_t)
  • tid - thread to use. NO_THREAD means to use the current thread (C++: thid_t)
  • ptif - pointer to type of the function to call (C++: const tinfo_t *)
  • argv - array of arguments (C++: idc_value_t *)
  • argnum - number of actual arguments (C++: size_t)
Returns: error_t
eOk if successful, otherwise an error code

cleanup_appcall(tid)

 

Cleanup after manual appcall.

Parameters:
  • tid - thread to use. NO_THREAD means to use the current thread The application state is restored as it was before calling the last appcall(). Nested appcalls are supported. (C++: thid_t)
Returns: error_t
eOk if successful, otherwise an error code

dbg_get_registers()

 

This function returns the register definition from the currently loaded debugger. Basically, it returns an array of structure similar to to idd.hpp / register_info_t

Returns: PyObject *
None if no debugger is loaded tuple(name, flags, class, dtype, bit_strings, default_bit_strings_mask) The bit_strings can be a tuple of strings or None (if the register does not have bit_strings)

dbg_get_thread_sreg_base(py_tid, py_sreg_value)

 

Returns the segment register base value

Parameters:
  • tid - thread id
  • sreg_value - segment register (selector) value
Returns: PyObject *
  • The base as an 'ea'
  • Or None on failure

dbg_read_memory(py_ea, py_sz)

 

Reads from the debugee's memory at the specified ea

Returns: PyObject *
  • The read buffer (as a string)
  • Or None on failure

dbg_write_memory(py_ea, py_buf)

 

Writes a buffer to the debugee's memory

Returns: PyObject *
Boolean

dbg_get_name()

 

This function returns the current debugger's name.

Returns: PyObject *
Debugger name or None if no debugger is active

dbg_get_memory_info()

 

This function returns the memory configuration of a debugged process.

Returns: PyObject *
None if no debugger is active tuple(start_ea, end_ea, name, sclass, sbase, bitness, perm)

Variables Details

REGISTER_NOLF

allowing the next register to be displayed to its right (on the same line)

displays this register without returning to the next line

Value:
128

REGISTER_CUSTFMT

register should be displayed using a custom data format. the format name is in bit_strings[0] the corresponding 'regval_t' will use 'bytevec_t'

Value:
256

RVT_UNAVAILABLE

other values mean custom data type

unavailable

Value:
-3

NO_THREAD

No thread. in 'PROCESS_STARTED' this value can be used to specify that the main thread has not been created. It will be initialized later by a 'THREAD_STARTED' event.

Value:
0