Module `ida_idd`

Contains definition of the interface to IDD modules.

The interface consists of structures describing the target debugged processor and a debugging API.

Global variables

var APPCALL_DEBEV: Return debug event information.
var APPCALL_MANUAL: Only set up the appcall, do not run. debugger_t::cleanup_appcall will not be generated by ida!
var APPCALL_TIMEOUT: Appcall with timeout. If timed out, errbuf will contain "timeout". See SET_APPCALL_TIMEOUT and GET_APPCALL_TIMEOUT
var BBLK_TRACE: BBLK_TRACE = 8
var BPT_BAD_ADDR: ea is invalid
var BPT_BAD_ALIGN: alignment is invalid
var BPT_BAD_LEN: bpt len is invalid
var BPT_BAD_TYPE: bpt type is not supported
var BPT_DEFAULT: Choose bpt type automatically.
var BPT_EXEC: Execute instruction.
var BPT_INTERNAL_ERR: interr occurred when verifying breakpoint
var BPT_OK: breakpoint can be set
var BPT_PAGE_OK: update_bpts(): ok, added a page bpt
var BPT_RDWR: Read/write access.
var BPT_READ: Read access.
var BPT_READ_ERROR: failed to read memory at bpt ea
var BPT_SKIP: update_bpts(): do not process bpt
var BPT_SOFT: Software breakpoint.
var BPT_TOO_MANY: reached max number of supported breakpoints
var BPT_WRITE: Write access.
var BPT_WRITE_ERROR: failed to write memory at bpt ea
var BREAKPOINT: Breakpoint has been reached. IDA will complain about unknown breakpoints, they should be reported as exceptions.
var DBG_FLAG_ADD_ENVS: The debugger supports launching processes with environment variables.
var DBG_FLAG_ANYSIZE_HWBPT: The debugger supports arbitrary size hardware breakpoints.
var DBG_FLAG_CAN_CONT_BPT: Debugger knows to continue from a bpt. This flag also means that the debugger module hides breakpoints from ida upon read_memory
var DBG_FLAG_CLEAN_EXIT: IDA must suspend the application and remove all breakpoints before terminating the application. Usually this is not required because the application memory disappears upon termination.
var DBG_FLAG_CONNSTRING: Display "Connection string" instead of "Hostname" and hide the "Port" field.
var DBG_FLAG_DEBTHREAD: Supports creation of a separate thread in ida for the debugger (the debthread). Most debugger functions will be called from debthread (exceptions are marked below) The debugger module may directly call only THREAD_SAFE functions. To call other functions please use execute_sync(). The debthread significantly increases debugging speed, especially if debug events occur frequently.
var DBG_FLAG_DEBUG_DLL: Can debug standalone DLLs. For example, Bochs debugger can debug any snippet of code
var DBG_FLAG_DONT_DISTURB: Debugger can handle only get_debug_event(), request_pause(), exit_process() when the debugged process is running. The kernel may also call service functions (file I/O, map_address, etc)
var DBG_FLAG_EXITSHOTOK: IDA may take a memory snapshot at PROCESS_EXITED event.
var DBG_FLAG_FAKE_ATTACH: PROCESS_ATTACHED is a fake event and does not suspend the execution
var DBG_FLAG_FAKE_MEMORY: get_memory_info()/read_memory()/write_memory() work with the idb. (there is no real process to read from, as for the replayer module) the kernel will not call these functions if this flag is set. however, third party plugins may call them, they must be implemented.
var DBG_FLAG_FAST_STEP: Do not refresh memory layout info after single stepping.
var DBG_FLAG_HWDATBPT_ONE: Hardware data breakpoints are one byte size by default
var DBG_FLAG_LAZY_WATCHPTS: Watchpoints are triggered before the offending instruction is executed. The debugger must temporarily disable the watchpoint and single-step before resuming.
var DBG_FLAG_LOWCNDS: Low level breakpoint conditions are supported.
var DBG_FLAG_MANMEMINFO: If set, manual memory region manipulation commands will be available. Use this bit for debugger modules that cannot return memory layout information
var DBG_FLAG_MERGE_ENVS: The debugger supports merge or replace setting for environment variables (only makes sense if DBG_FLAG_ADD_ENVS is set)
var DBG_FLAG_NEEDPORT: Remote debugger requires port number (to be used with DBG_FLAG_NOHOST)
var DBG_FLAG_NOHOST: Remote debugger with does not require network params (host/port/pass). (a unique device connected to the machine)
var DBG_FLAG_NOPARAMETERS: Debugger module doesn't use commandline parameters.
var DBG_FLAG_NOPASSWORD: Remote debugger doesn't use password.
var DBG_FLAG_NOSTARTDIR: Debugger module doesn't use startup directory.
var DBG_FLAG_PREFER_SWBPTS: Prefer to use software breakpoints.
var DBG_FLAG_REMOTE: Remote debugger (requires remote host name unless DBG_FLAG_NOHOST)
var DBG_FLAG_SAFE: The debugger is safe (probably because it just emulates the application without really running it)
var DBG_FLAG_SMALLBLKS: If set, IDA uses 256-byte blocks for caching memory contents. Otherwise, 1024-byte blocks are used
var DBG_FLAG_TRACER_MODULE: The module is a tracer, not a full featured debugger module.
var DBG_FLAG_USE_SREGS: Take segment register values into account (non flat memory)
var DBG_FLAG_VIRTHREADS: Thread IDs may be shuffled after each debug event. (to be used for virtual threads that represent cpus for windbg kmode)
var DBG_HAS_APPCALL: supports ev_appcall, ev_cleanup_appcall
var DBG_HAS_ATTACH_PROCESS: supports ev_attach_process
var DBG_HAS_CHECK_BPT: supports ev_check_bpt
var DBG_HAS_DETACH_PROCESS: supports ev_detach_process
var DBG_HAS_GET_PROCESSES: supports ev_get_processes
var DBG_HAS_MAP_ADDRESS: supports ev_map_address. Avoid using this bit, especially together with DBG_FLAG_DEBTHREAD because it may cause big slow downs
var DBG_HAS_OPEN_FILE: supports ev_open_file, ev_close_file, ev_read_file, ev_write_file
var DBG_HAS_REQUEST_PAUSE: supports ev_request_pause
var DBG_HAS_REXEC: supports ev_rexec
var DBG_HAS_SET_EXCEPTION_INFO: supports ev_set_exception_info
var DBG_HAS_SET_RESUME_MODE: supports ev_set_resume_mode. Cannot be set inside the debugger_t::init_debugger()
var DBG_HAS_THREAD_CONTINUE: supports ev_thread_continue
var DBG_HAS_THREAD_GET_SREG_BASE: supports ev_thread_get_sreg_base
var DBG_HAS_THREAD_SUSPEND: supports ev_thread_suspend
var DBG_HAS_UPDATE_CALL_STACK: supports ev_update_call_stack
var DBG_HIDE_WINDOW: application should be hidden on startup (windows)
var DBG_NO_ASLR: disable ASLR (linux)
var DBG_NO_TRACE: do not trace the application (mac/linux)
var DBG_PROC_32BIT: application is 32-bit
var DBG_PROC_64BIT: application is 64-bit
var DBG_PROC_IS_DLL: database contains a dll (not exe)
var DBG_PROC_IS_GUI: using gui version of ida
var DBG_RESMOD_STEP_HANDLE: RESMOD_HANDLE is available
var DBG_RESMOD_STEP_INTO: RESMOD_INTO is available
var DBG_RESMOD_STEP_OUT: RESMOD_OUT is available
var DBG_RESMOD_STEP_OVER: RESMOD_OVER is available
var DBG_RESMOD_STEP_SRCINTO: RESMOD_SRCINTO is available
var DBG_RESMOD_STEP_SRCOUT: RESMOD_SRCOUT is available
var DBG_RESMOD_STEP_SRCOVER: RESMOD_SRCOVER is available
var DBG_RESMOD_STEP_USER: RESMOD_USER is available
var DBG_SUSPENDED: application should be suspended on startup (mac)
var DEBUGGER_ID_6811_EMULATOR: MC6812 emulator (beta)
var DEBUGGER_ID_ARM_IPHONE_USER: iPhone 1.x
var DEBUGGER_ID_ARM_LINUX_USER: Userland arm linux.
var DEBUGGER_ID_ARM_MACOS_USER: Userland arm MAC OS.
var DEBUGGER_ID_DALVIK_USER: Dalvik.
var DEBUGGER_ID_GDB_USER: GDB remote.
var DEBUGGER_ID_TRACE_REPLAYER: Fake debugger to replay recorded traces.
var DEBUGGER_ID_WINDBG: WinDBG using Microsoft Debug engine.
var DEBUGGER_ID_X86_DOSBOX_EMULATOR: Dosbox MS-DOS emulator.
var DEBUGGER_ID_X86_IA32_BOCHS: BochsDbg.exe 32.
var DEBUGGER_ID_X86_IA32_LINUX_USER: Userland linux processes (ptrace())
var DEBUGGER_ID_X86_IA32_MACOSX_USER: Userland MAC OS X processes.
var DEBUGGER_ID_X86_IA32_WIN32_USER: Userland win32 processes (win32 debugging APIs)
var DEBUGGER_ID_X86_PIN_TRACER: PIN Tracer module.
var DEBUGGER_ID_XNU_USER: XNU Kernel.
var DEF_ADDRSIZE: DEF_ADDRSIZE = 4
var DRC_CRC: success, but the input file crc does not match
var DRC_ERROR: unclassified error, may be complemented by errbuf
var DRC_EVENTS: success, there are pending events
var DRC_FAILED: failed or false
var DRC_IDBSEG: use idb segmentation
var DRC_NETERR: network error
var DRC_NOCHG: no changes
var DRC_NOFILE: file not found
var DRC_NONE: reaction to the event not implemented
var DRC_NOPROC: the process does not exist anymore
var DRC_OK: success
var EXCEPTION: Exception.
var EXC_BREAK: break on the exception
var EXC_HANDLE: should be handled by the debugger?
var EXC_MSG: instead of a warning, log the exception to the output window
var EXC_SILENT: do not warn or log to the output window
var FUNC_TRACE: FUNC_TRACE = 4
var IDD_INTERFACE_VERSION: The IDD interface version number.
var INFORMATION: User-defined information. This event can be used to return empty information This will cause IDA to call get_debug_event() immediately once more.
var INSN_TRACE: INSN_TRACE = 2
var LIB_LOADED: New library has been loaded.
var LIB_UNLOADED: Library has been unloaded.
var NO_EVENT: Not an interesting event. This event can be used if the debugger module needs to return an event but there are no valid events.
var NO_PROCESS: No process.
var NO_THREAD: No thread. in PROCESS_STARTED this value can be used to specify that the main thread has not been created. It will be initialized later by a THREAD_STARTED event.
var PROCESS_ATTACHED: Successfully attached to running process.
var PROCESS_DETACHED: Successfully detached from process.
var PROCESS_EXITED: Process has been stopped.
var PROCESS_STARTED: New process has been started.
var PROCESS_SUSPENDED: Process has been suspended. This event can be used by the debugger module to signal if the process spontaneously gets suspended (not because of an exception, breakpoint, or single step). IDA will silently switch to the 'suspended process' mode without displaying any messages.
var REGISTER_ADDRESS: may contain an address
var REGISTER_CS: code segment
var REGISTER_CUSTFMT: register should be displayed using a custom data format. the format name is in bit_strings[0]; the corresponding regval_t will use bytevec_t
var REGISTER_FP: frame pointer
var REGISTER_IP: instruction pointer
var REGISTER_NOLF: displays this register without returning to the next line, allowing the next register to be displayed to its right (on the same line)
var REGISTER_READONLY: the user can't modify the current value of this register
var REGISTER_SP: stack pointer
var REGISTER_SS: stack segment
var RESMOD_HANDLE: step into the exception handler
var RESMOD_INTO: step into call (the most typical single stepping)
var RESMOD_MAX: RESMOD_MAX = 9
var RESMOD_NONE: no stepping, run freely
var RESMOD_OUT: step out of the current function (run until return)
var RESMOD_OVER: step over call
var RESMOD_SRCINTO: until control reaches a different source line
var RESMOD_SRCOUT: next source line in the previous stack frame
var RESMOD_SRCOVER: next source line in the current stack frame
var RESMOD_USER: step out to the user code
var RQ_IDAIDLE: RQ_IDAIDLE = 128
var RQ_IGNWERR: RQ_IGNWERR = 4
var RQ_MASKING: RQ_MASKING = 1
var RQ_NOSUSP: RQ_NOSUSP = 0
var RQ_PROCEXIT: RQ_PROCEXIT = 64
var RQ_RESMOD: RQ_RESMOD = 61440
var RQ_RESMOD_SHIFT: RQ_RESMOD_SHIFT = 12
var RQ_RESUME: RQ_RESUME = 512
var RQ_SILENT: RQ_SILENT = 8
var RQ_SUSPEND: RQ_SUSPEND = 2
var RQ_SUSPRUN: RQ_SUSPRUN = 256
var RQ_SWSCREEN: RQ_SWSCREEN = 16
var RQ_VERBOSE: RQ_VERBOSE = 0
var RQ__NOTHRRF: RQ__NOTHRRF = 32
var RVT_FLOAT: floating point
var RVT_INT: integer
var RVT_UNAVAILABLE: unavailable; other values mean custom data type
var STEP: One instruction has been executed. Spurious events of this kind are silently ignored by IDA.
var STEP_TRACE: STEP_TRACE = 1
var THREAD_EXITED: Thread has been stopped.
var THREAD_STARTED: New thread has been started.
var TRACE_FULL: The trace buffer of the tracer module is full and IDA needs to read it before continuing

Functions

def appcall(*args) ‑> PyObject *

appcall(func_ea, tid, _type_or_none, _fields, arg_list) -> PyObject *

func_ea: ea_t

tid: thid_t

_type_or_none: bytevec_t const &

_fields: bytevec_t const &

arg_list: PyObject *

def can_exc_continue(*args) ‑> bool

can_exc_continue(ev) -> bool

ev: debug_event_t const *

def cleanup_appcall(*args) ‑> error_t

cleanup_appcall(tid) -> error_t

Cleanup after manual appcall.

tid: (C++: thid_t) thread to use. NO_THREAD means to use the current thread The

application state is restored as it was before calling the last appcall(). Nested appcalls are supported.

return: eOk if successful, otherwise an error code

def dbg_appcall(*args) ‑> error_t

dbg_appcall(retval, func_ea, tid, ptif, argv, argnum) -> error_t

Call a function from the debugged application.

retval: (C++: idc_value_t *) function return value

for APPCALL_MANUAL, r will hold the new stack point value
for APPCALL_DEBEV, r will hold the exception information upon failure and the return code will be eExecThrow

func_ea: (C++: ea_t) address to call

tid: (C++: thid_t) thread to use. NO_THREAD means to use the current thread

ptif: (C++: const tinfo_t *) pointer to type of the function to call

argv: (C++: idc_value_t *) array of arguments

argnum: (C++: size_t) number of actual arguments

return: eOk if successful, otherwise an error code

def dbg_get_memory_info(*args) ‑> PyObject *

dbg_get_memory_info() -> PyObject *

This function returns the memory configuration of a debugged process.

return: None if no debugger is active

tuple(start_ea, end_ea, name, sclass, sbase, bitness, perm)

def dbg_get_name(*args) ‑> PyObject *

dbg_get_name() -> PyObject *

This function returns the current debugger's name.

return: Debugger name or None if no debugger is active

def dbg_get_registers(*args) ‑> PyObject *

dbg_get_registers() -> PyObject *

This function returns the register definition from the currently loaded debugger. Basically, it returns an array of structure similar to to idd.hpp / register_info_t

return: None if no debugger is loaded

tuple(name, flags, class, dtype, bit_strings, default_bit_strings_mask)

The bit_strings can be a tuple of strings or None (if the register does not have bit_strings)

def dbg_get_thread_sreg_base(*args) ‑> PyObject *

dbg_get_thread_sreg_base(tid, sreg_value) -> PyObject *

Returns the segment register base value

tid: thread id

sreg_value: segment register (selector) value

return: - The base as an 'ea'

Or None on failure

def dbg_read_memory(*args) ‑> PyObject *

dbg_read_memory(ea, sz) -> PyObject *

Reads from the debugee's memory at the specified ea

ea: ea_t

sz: size_t

return: - The read buffer (as a string)

Or None on failure

def dbg_write_memory(*args) ‑> PyObject *

dbg_write_memory(ea, buf) -> bool

Writes a buffer to the debugee's memory

ea: ea_t

buf: bytevec_t const &

return: Boolean

def get_dbg(*args) ‑> debugger_t *

get_dbg() -> debugger_t

def get_event_bpt_hea(*args) ‑> ea_t

get_event_bpt_hea(ev) -> ea_t

ev: debug_event_t const *

def get_event_exc_code(*args) ‑> uint

get_event_exc_code(ev) -> uint

ev: debug_event_t const *

def get_event_exc_ea(*args) ‑> ea_t

get_event_exc_ea(ev) -> ea_t

ev: debug_event_t const *

def get_event_exc_info(*args) ‑> size_t

get_event_exc_info(ev) -> str

ev: debug_event_t const *

def get_event_info(*args) ‑> size_t

get_event_info(ev) -> str

ev: debug_event_t const *

def get_event_module_base(*args) ‑> ea_t

get_event_module_base(ev) -> ea_t

ev: debug_event_t const *

def get_event_module_name(*args) ‑> size_t

get_event_module_name(ev) -> str

ev: debug_event_t const *

def get_event_module_size(*args) ‑> asize_t

get_event_module_size(ev) -> asize_t

ev: debug_event_t const *

def set_debug_event_code(*args) ‑> void

set_debug_event_code(ev, id)

ev: debug_event_t *

id: enum event_id_t

Classes

class Appcall__

Class variables

var APPCALL_DEBEV: Return debug event information If this bit is set, exceptions during appcall will generate idc exceptions with full information about the exception
var APPCALL_MANUAL: Only set up the appcall, do not run it. you should call CleanupAppcall() when finished
var APPCALL_TIMEOUT: Appcall with timeout The timeout value in milliseconds is specified in the high 2 bytes of the 'options' argument: If timed out, errbuf will contain "timeout".

Static methods

def UTF16(s)

def array(type_name)

Defines an array type. Later you need to pack() / unpack()

def buffer(str=None, size=0, fill='\x00')

Creates a string buffer. The returned value (r) will be a byref object. Use r.value to get the contents and r.size to get the buffer's size

def byref(val)

Method to create references to immutable objects Currently we support references to int/strings Objects need not be passed by reference (this will be done automatically)

def cleanup_appcall(tid=0)

Equivalent to IDC's CleanupAppcall()

def cstr(val)

def get_appcall_options()

Return the global Appcall options

def int64(v)

Whenever a 64bit number is needed use this method to construct an object

def obj(**kwds)

Returns an empty object or objects with attributes as passed via its keywords arguments

def proto(name_or_ea, proto_or_tinfo, flags=None)

Allows you to instantiate an appcall (callable object) with the desired prototype

name_or_ea: The name of the function (will be resolved with LocByName())

proto_or_tinfo: function prototype as a string or type of the function as tinfo_t object

return: - On failure it raises an exception if the prototype could not be parsed

or the address is not resolvable

Returns a callbable Appcall instance with the given prototypes and flags

def set_appcall_options(opt)

Method to change the Appcall options globally (not per Appcall)

def typedobj(typedecl_or_tinfo, ea=None)

Returns an appcall object for a type (can be given as tinfo_t object or as a string declaration) One can then use retrieve() member method

ea: Optional parameter that later can be used to retrieve the type

return: Appcall object or raises ValueError exception

def unicode(s)

def valueof(name, default=0)

Returns the numeric value of a given name string. If the name could not be resolved then the default value will be returned

Instance variables

var Consts: Use Appcall.Consts.CONST_NAME to access constants

class Appcall_array__ (tp)

This class is used with Appcall.array() method

Methods

def pack(self, L): Packs a list or tuple into a byref buffer
def try_to_convert_to_list(self, obj): Is this object a list? We check for the existance of attribute zero and attribute self.size-1
def unpack(self, buf, as_list=True): Unpacks an array back into a list or an object

class Appcall_callable__ (ea, tinfo_or_typestr=None, fields=None)

Helper class to issue appcalls using a natural syntax:

appcall.FunctionNameInTheDatabase(arguments, ....)

appcall["Function@8"](arguments, ...)

f8 = appcall["Function@8"] f8(arg1, arg2, ...)

o = appcall.obj() i = byref(5) appcall.funcname(arg1, i, "hello", o)

Initializes an appcall with a given function ea

Instance variables

var ea: Returns or sets the EA associated with this object
var fields: Returns the field names
var options: Sets the Appcall options locally to this Appcall instance
var size: Returns the size of the type
var tif: Returns the tinfo_t object
var timeout: An Appcall instance can change its timeout value with this attribute
var type: Returns the typestring

Methods

def retrieve(self, src=None, flags=0)

Unpacks a typed object from the database if an ea is given or from a string if a string was passed

src: the address of the object or a string

return: Returns a tuple of boolean and object or error number (Bool, Error | Object).

def store(self, obj, dest_ea=None, base_ea=0, flags=0)

Packs an object into a given ea if provided or into a string if no address was passed.

obj: The object to pack

dest_ea: If packing to idb this will be the store location

base_ea: If packing to a buffer, this will be the base that will be used to relocate the pointers

return: - If packing to a string then a Tuple(Boolean, packed_string or error code)

If packing to the database then a return code is returned (0 is success)

class Appcall_consts__ (default=None)

Helper class used by Appcall.Consts attribute It is used to retrieve constants via attribute access

class bptaddr_t (*args)

Proxy of C++ bptaddr_t class.

__init__(self) -> bptaddr_t

Instance variables

var hea: Possible address referenced by hardware breakpoints.
var kea: Address of the triggered bpt from the kernel's point of view. (for some systems with special memory mappings, the triggered ea might be different from event ea). Use to BADADDR for flat memory model.

class call_stack_info_t (*args)

Proxy of C++ call_stack_info_t class.

__init__(self) -> call_stack_info_t

Instance variables

var callea: the address of the call instruction. for the 0th frame this is usually just the current value of EIP.
var fp: the value of the frame pointer of the called function
var funcea: the address of the called function
var funcok: is the function present?

class call_stack_info_vec_t (*args)

Proxy of C++ qvector< call_stack_info_t > class.

__init__(self) -> call_stack_info_vec_t

__init__(self, x) -> call_stack_info_vec_t

x: qvector< call_stack_info_t > const &

Subclasses

call_stack_t

Methods

def add_unique(self, *args) ‑> bool: add_unique(self, x) -> bool
x: call_stack_info_t const &
def at(self, *args) ‑> call_stack_info_t const &: at(self, _idx) -> call_stack_info_t
_idx: size_t
def back(self)
def begin(self, *args) ‑> qvector< call_stack_info_t >::const_iterator: begin(self) -> call_stack_info_t
def capacity(self, *args) ‑> size_t: capacity(self) -> size_t
def clear(self, *args) ‑> void: clear(self)
def empty(self, *args) ‑> bool: empty(self) -> bool
def end(self, *args) ‑> qvector< call_stack_info_t >::const_iterator: end(self) -> call_stack_info_t
def erase(self, *args) ‑> qvector< call_stack_info_t >::iterator: erase(self, it) -> call_stack_info_t
it: qvector< call_stack_info_t >::iterator

erase(self, first, last) -> call_stack_info_t
first: qvector< call_stack_info_t >::iterator

last: qvector< call_stack_info_t >::iterator
def extract(self, *args) ‑> call_stack_info_t *: extract(self) -> call_stack_info_t
def find(self, *args) ‑> qvector< call_stack_info_t >::const_iterator: find(self, x) -> call_stack_info_t
x: call_stack_info_t const &
def front(self)
def grow(self, *args) ‑> void: grow(self, x=call_stack_info_t())

x: call_stack_info_t const &
def has(self, *args) ‑> bool: has(self, x) -> bool
x: call_stack_info_t const &
def inject(self, *args) ‑> void: inject(self, s, len)
s: call_stack_info_t *

len: size_t
def insert(self, *args) ‑> qvector< call_stack_info_t >::iterator: insert(self, it, x) -> call_stack_info_t
it: qvector< call_stack_info_t >::iterator

x: call_stack_info_t const &
def pop_back(self, *args) ‑> void: pop_back(self)
def push_back(self, *args) ‑> call_stack_info_t &: push_back(self, x)
x: call_stack_info_t const &

push_back(self) -> call_stack_info_t
def qclear(self, *args) ‑> void: qclear(self)
def reserve(self, *args) ‑> void: reserve(self, cnt)
cnt: size_t
def resize(self, *args) ‑> void: resize(self, _newsize, x)
_newsize: size_t

x: call_stack_info_t const &

resize(self, _newsize)
_newsize: size_t
def size(self, *args) ‑> size_t: size(self) -> size_t
def swap(self, *args) ‑> void: swap(self, r)
r: qvector< call_stack_info_t > &
def truncate(self, *args) ‑> void: truncate(self)

class call_stack_t (*args)

Proxy of C++ call_stack_t class.

__init__(self) -> call_stack_t

Ancestors

call_stack_info_vec_t

Inherited members

call_stack_info_vec_t:
- add_unique
- at
- begin
- capacity
- clear
- empty
- end
- erase
- extract
- find
- grow
- has
- inject
- insert
- pop_back
- push_back
- qclear
- reserve
- resize
- size
- swap
- truncate

class debapp_attrs_t (*args)

Proxy of C++ debapp_attrs_t class.

__init__(self) -> debapp_attrs_t

Instance variables

var addrsize: address size of the process. Since 64-bit debuggers usually can debug 32-bit applications, we cannot rely on sizeof(ea_t) to detect the current address size. The following variable should be used instead. It is initialized with 8 for 64-bit debuggers but they should adjust it as soon as they learn that a 32-bit application is being debugged. For 32-bit debuggers it is initialized with 4.
var cbsize: control field: size of this structure
var is_be: is_be
var platform: platform name process is running/debugging under. (is used as a key value in exceptions.cfg)

class debug_event_t (*args)

Proxy of C++ debug_event_t class.

__init__(self) -> debug_event_t

__init__(self, r) -> debug_event_t

r: debug_event_t const &

Instance variables

var ea: Address where the event occurred.
var handled: Is event handled by the debugger?. (from the system's point of view) Meaningful for EXCEPTION events
var pid: Process where the event occurred.
var tid: Thread where the event occurred.

Methods

def bpt(self, *args) ‑> bptaddr_t const &: bpt(self) -> bptaddr_t
def bpt_ea(self, *args) ‑> ea_t: bpt_ea(self) -> ea_t
On some systems with special memory mappings the triggered ea might be different from the actual ea. Calculate the address to use.
def clear(self, *args) ‑> void: clear(self)
clear the dependent information (see below), set event code to NO_EVENT
def clear_all(self, *args) ‑> void: clear_all(self)
def copy(self, *args) ‑> debug_event_t &: copy(self, r) -> debug_event_t
r: debug_event_t const &
def eid(self, *args) ‑> event_id_t: eid(self) -> event_id_t
Event code.
def exc(self, *args) ‑> excinfo_t const &: exc(self) -> excinfo_t
def exit_code(self, *args) ‑> int const &: exit_code(self) -> int const &
def info(self, *args) ‑> qstring const &: info(self) -> qstring

info(self) -> qstring const &
def modinfo(self, *args) ‑> modinfo_t const &: modinfo(self) -> modinfo_t
def set_bpt(self, *args) ‑> bptaddr_t &: set_bpt(self) -> bptaddr_t
def set_eid(self, *args) ‑> void: set_eid(self, id)
Set event code. If the new event code is compatible with the old one then the dependent information (see below) will be preserved. Otherwise the event will be cleared and the new event code will be set.

id: (C++: event_id_t) enum event_id_t
def set_exception(self, *args) ‑> excinfo_t &: set_exception(self) -> excinfo_t
def set_exit_code(self, *args) ‑> void: set_exit_code(self, id, code)
id: enum event_id_t

code: int
def set_info(self, *args) ‑> qstring &: set_info(self, id) -> qstring &
id: enum event_id_t
def set_modinfo(self, *args) ‑> modinfo_t &: set_modinfo(self, id) -> modinfo_t
id: enum event_id_t

class debugger_t (*args)

Proxy of C++ debugger_t class.

__init__(self) -> debugger_t

Class variables

var ev_appcall: Call application function. This event calls a function from the debugged application. This event is generated in debthread Available if HAS_APPCALL is set

retval DRC_NONE

retval DRC_OK,see: BLOB_EA
var ev_attach_process: Attach to an existing running process. event_id should be equal to -1 if not attaching to a crashed process. This event is generated in debthread. Available if DBG_HAS_ATTACH_PROCESS is set

return: DRC_NONE, DRC_OK, DRC_FAILED, DRC_NETERR
var ev_bin_search: Search for a binary pattern in the program.

return: DRC_OK EA contains the binary pattern address

retval DRC_FAILED: not found

retval DRC_NONE: not implemented

retval DRC_NETERR,DRC_ERROR
var ev_check_bpt: Is it possible to set breakpoint? This event is generated in debthread or in the main thread if debthread is not running yet. It is generated to verify hardware breakpoints. Available if DBG_HAS_CHECK_BPT is set

return: DRC_OK, DRC_NONE
var ev_cleanup_appcall: Cleanup after appcall(). The debugger module must keep the stack blob in the memory until this event is generated. It will be generated by the kernel for each successful appcall(). There is an exception: if APPCALL_MANUAL, IDA may not call cleanup_appcall. If the user selects to terminate a manual appcall, then cleanup_appcall will be generated. Otherwise, the debugger module should terminate the appcall when the generated event returns. This event is generated in debthread. Available if HAS_APPCALL is set

retval DRC_EVENTS: success, there are pending events

retval DRC_OK: success

retval DRC_FAILED: failed

retval DRC_NETERR: network error
var ev_close_file: return: ignored
var ev_dbg_enable_trace: Enable/Disable tracing. The kernel will generated this event if the debugger plugin set DBG_FLAG_TRACER_MODULE. TRACE_FLAGS can be a set of #STEP_TRACE, #INSN_TRACE, #BBLK_TRACE or #FUNC_TRACE. This event is generated in the main thread.

return: DRC_OK, DRC_FAILED, DRC_NONE
var ev_detach_process: Detach from the debugged process. May be generated while the process is running or suspended. Must detach from the process in any case. The kernel will repeatedly call get_debug_event() until PROCESS_DETACHED is received. In this mode, all other events will be automatically handled and process will be resumed. This event is generated from debthread. Available if DBG_HAS_DETACH_PROCESS is set

return: DRC_NONE, DRC_OK, DRC_FAILED, DRC_NETERR
var ev_eval_lowcnd: Evaluate a low level breakpoint condition at 'ea'. Other evaluation errors are displayed in a dialog box. This call is used by IDA when the process has already been temporarily suspended for some reason and IDA has to decide whether the process should be resumed or definitely suspended because of a breakpoint with a low level condition. This event is generated in debthread.

retval DRC_OK: condition is satisfied

retval DRC_FAILED: not satisfied

retval DRC_NETERR: network error
var ev_exit_process: Stop the process. May be generated while the process is running or suspended. Must terminate the process in any case. The kernel will repeatedly call get_debug_event() until PROCESS_EXITED is received. In this mode, all other events will be automatically handled and process will be resumed. This event is generated in debthread. Must be implemented.

return: DRC_NONE, DRC_OK, DRC_FAILED, DRC_NETERR
var ev_get_debapp_attrs: Retrieve process- and debugger-specific runtime attributes. This event is generated in the main thread.

return: DRC_NONE, DRC_OK
var ev_get_debmod_extensions: Get pointer to debugger specific events. This event returns a pointer to a structure that holds pointers to debugger module specific events. For information on the structure layout, please check the corresponding debugger module. Most debugger modules return nullptr because they do not have any extensions. Available extensions may be generated from plugins. This event is generated in the main thread.

return: DRC_NONE, DRC_OK see EXT
var ev_get_debug_event: Get a pending debug event and suspend the process. This event will be generated regularly by IDA. This event is generated in debthread. IMPORTANT: the BREAKPOINT/EXCEPTION/STEP events must be reported only after reporting other pending events for a thread. Must be implemented.

retval ignored
var ev_get_memory_info: Get information on the memory ranges. The debugger module fills 'ranges'. The returned vector must be sorted. This event is generated in debthread. Must be implemented.

retval DRC_OK: new memory layout is returned

retval DRC_FAILED,DRC_NETERR,DRC_NOPROC,DRC_NOCHG,DRC_IDBSEG
var ev_get_processes: Return information about the running processes. This event is generated in the main thread. Available if DBG_HAS_GET_PROCESSES is set

return: DRC_NONE, DRC_OK, DRC_FAILED, DRC_NETERR
var ev_get_srcinfo_path: Get the path to a file containing source debug info for the given module. This allows srcinfo providers to call into the debugger when looking for debug info. It is useful in certain cases like the iOS debugger, which is a remote debugger but the remote debugserver does not provide dwarf info. So, we allow the debugger client to decide where to look for debug info locally.

return: DRC_NONE, DRC_OK result stored in PATH
var ev_init_debugger: Initialize debugger. This event is generated in the main thread.

return: DRC_OK, DRC_FAILED
var ev_is_tracing_enabled: Is tracing enabled? The kernel will generated this event if the debugger plugin set DBG_FLAG_TRACER_MODULE. TRACE_BIT can be one of the following: #STEP_TRACE, #INSN_TRACE, #BBLK_TRACE or #FUNC_TRACE

retval DRC_OK: bit is set

retval DRC_NONE: bit is not set or not implemented
var ev_map_address: Map process address. The debugger module may ignore this event. This event is generated in debthread. IDA will generate this event only if DBG_HAS_MAP_ADDRESS is set.

return: DRC_NONE, DRC_OK see MAPPED
var ev_open_file: retval (int): handle

retval -1: error
var ev_read_file: retval number: of read bytes
var ev_read_memory: Read process memory. This event is generated in debthread.

return: DRC_OK, DRC_FAILED, DRC_NOPROC
var ev_read_registers: Read thread registers. This event is generated in debthread. Must be implemented.

return: DRC_OK, DRC_FAILED, DRC_NETERR
var ev_rebase_if_required_to: Rebase database if the debugged program has been rebased by the system. This event is generated in the main thread.

return: DRC_NONE, DRC_OK
var ev_request_pause: Prepare to pause the process. Normally the next get_debug_event() will pause the process If the process is sleeping, then the pause will not occur until the process wakes up. If the debugger module does not react to this event, then it will be impossible to pause the program. This event is generated in debthread. Available if DBG_HAS_REQUEST_PAUSE is set

return: DRC_NONE, DRC_OK, DRC_FAILED, DRC_NETERR
var ev_resume: Continue after handling the event. This event is generated in debthread. Must be implemented.

return: DRC_OK, DRC_FAILED, DRC_NETERR
var ev_rexec: Execute a command on the remote computer. Available if DBG_HAS_REXEC is set

return: (int) exit code
var ev_send_ioctl: Perform a debugger-specific event. This event is generated in debthread

retval DRC_...
var ev_set_exception_info: Set exception handling. This event is generated in debthread or the main thread. Available if DBG_HAS_SET_EXCEPTION_INFO is set

return: DRC_NONE, DRC_OK
var ev_set_resume_mode: Specify resume action Available if DBG_HAS_SET_RESUME_MODE is set
var ev_start_process: Start an executable to debug. This event is generated in debthread. Must be implemented.

return: DRC_OK, DRC_CRC, DRC_FAILED, DRC_NETERR, DRC_NOFILE
var ev_suspended: This event will be generated by the kernel each time it has suspended the debuggee process and refreshed the database. The debugger module may add information to the database if necessary.

The reason for introducing this event is that when an event like LOAD_DLL happens, the database does not reflect the memory state yet and therefore we can't add information about the dll into the database in the get_debug_event() function. Only when the kernel has adjusted the database we can do it. Example: for loaded PE DLLs we can add the exported function names to the list of debug names (see set_debug_names()).

This event is generated in the main thread.

return: DRC_NONE, DRC_OK
var ev_term_debugger: Terminate debugger. This event is generated in the main thread.

return: DRC_OK, DRC_FAILED
var ev_thread_continue: Resume a suspended thread Available if DBG_HAS_THREAD_CONTINUE is set
var ev_thread_get_sreg_base: Get information about the base of a segment register. Currently used by the IBM PC module to resolve references like fs:0. This event is generated in debthread. Available if DBG_HAS_THREAD_GET_SREG_BASE is set

return: DRC_NONE, DRC_OK, DRC_FAILED, DRC_NETERR
var ev_thread_suspend: Suspend a running thread Available if DBG_HAS_THREAD_SUSPEND is set
var ev_update_bpts: Add/del breakpoints. bpts array contains nadd bpts to add, followed by ndel bpts to del. This event is generated in debthread.

return: DRC_OK, DRC_FAILED, DRC_NETERR
var ev_update_call_stack: Calculate the call stack trace for the given thread. This event is generated when the process is suspended and should fill the 'trace' object with the information about the current call stack. If this event returns DRC_NONE, IDA will try to invoke a processor-specific mechanism (see processor_t::ev_update_call_stack). If the current processor module does not implement stack tracing, then IDA will fall back to a generic algorithm (based on the frame pointer chain) to calculate the trace. This event is ideal if the debugging targets manage stack frames in a peculiar way, requiring special analysis. This event is generated in the main thread. Available if DBG_HAS_UPDATE_CALL_STACK is set

retval DRC_NONE: false or not implemented

return: DRC_OK success
var ev_update_lowcnds: Update low-level (server side) breakpoint conditions. This event is generated in debthread.

return: DRC_OK, DRC_NETERR
var ev_write_file: retval number: of written bytes
var ev_write_memory: Write process memory. This event is generated in debthread.

retval DRC_OK,DRC_FAILED,DRC_NOPROC
var ev_write_register: Write one thread register. This event is generated in debthread. Must be implemented.

return: DRC_OK, DRC_FAILED, DRC_NETERR

Instance variables

var bpt_bytes : bytevec_t: A software breakpoint instruction.
var bpt_size: Size of the software breakpoint instruction in bytes.
var default_regclasses: Mask of default printed register classes.
var filetype: Input file type for the instant debugger. This value will be used after attaching to a new process.
var flags: flags
var flags2: Debugger module features
var id: one of Debugger API module id
var memory_page_size: Size of a memory page. Usually 4K.
var name: Short debugger name like win32 or linux.
var nregs : int: Number of registers.
var processor: Required processor name. Used for instant debugging to load the correct processor module
var regclasses : PyObject *: Array of register class names.
var registers : dynamic_wrapped_array_t< register_info_t >: Array of registers. Use regs() to access it.
var resume_modes: Resume modes
var version: Expected kernel version, should be IDD_INTERFACE_VERSION

Methods

def attach_process(self, *args) ‑> drc_t: attach_process(self, pid, event_id, dbg_proc_flags) -> drc_t
pid: pid_t

event_id: int

dbg_proc_flags: uint32
def bin_search(self, *args) ‑> drc_t: bin_search(self, start_ea, end_ea, data, srch_flags) -> drc_t
start_ea: ea_t

end_ea: ea_t

data: compiled_binpat_vec_t const &

srch_flags: int
def cache_block_size(self, *args) ‑> size_t: cache_block_size(self) -> size_t
def can_continue_from_bpt(self, *args) ‑> bool: can_continue_from_bpt(self) -> bool
def can_debug_standalone_dlls(self, *args) ‑> bool: can_debug_standalone_dlls(self) -> bool
def check_bpt(self, *args) ‑> drc_t: check_bpt(self, bptvc, type, ea, len) -> drc_t
bptvc: int *

type: bpttype_t

ea: ea_t

len: int
def cleanup_appcall(self, *args) ‑> drc_t: cleanup_appcall(self, tid) -> drc_t
tid: thid_t
def close_file(self, *args) ‑> void: close_file(self, fn)
fn: int
def dbg_enable_trace(self, *args) ‑> bool: dbg_enable_trace(self, tid, enable, trace_flags) -> bool
tid: thid_t

enable: bool

trace_flags: int
def detach_process(self, *args) ‑> drc_t: detach_process(self) -> drc_t
def eval_lowcnd(self, *args) ‑> drc_t: eval_lowcnd(self, tid, ea) -> drc_t
tid: thid_t

ea: ea_t
def exit_process(self, *args) ‑> drc_t: exit_process(self) -> drc_t
def fake_memory(self, *args) ‑> bool: fake_memory(self) -> bool
def get_debapp_attrs(self, *args) ‑> bool: get_debapp_attrs(self, out_pattrs) -> bool
out_pattrs: debapp_attrs_t *
def get_debmod_extensions(self, *args) ‑> void const *: get_debmod_extensions(self) -> void const *
def get_debug_event(self, *args) ‑> gdecode_t: get_debug_event(self, event, timeout_ms) -> gdecode_t
event: debug_event_t *

timeout_ms: int
def get_memory_info(self, *args) ‑> drc_t: get_memory_info(self, ranges) -> drc_t
ranges: meminfo_vec_t &
def get_processes(self, *args) ‑> drc_t: get_processes(self, procs) -> drc_t
procs: procinfo_vec_t *
def get_srcinfo_path(self, *args) ‑> bool: get_srcinfo_path(self, path, base) -> bool
path: qstring *

base: ea_t
def has_appcall(self, *args) ‑> bool: has_appcall(self) -> bool
def has_attach_process(self, *args) ‑> bool: has_attach_process(self) -> bool
def has_check_bpt(self, *args) ‑> bool: has_check_bpt(self) -> bool
def has_detach_process(self, *args) ‑> bool: has_detach_process(self) -> bool
def has_get_processes(self, *args) ‑> bool: has_get_processes(self) -> bool
def has_map_address(self, *args) ‑> bool: has_map_address(self) -> bool
def has_open_file(self, *args) ‑> bool: has_open_file(self) -> bool
def has_request_pause(self, *args) ‑> bool: has_request_pause(self) -> bool
def has_rexec(self, *args) ‑> bool: has_rexec(self) -> bool
def has_set_exception_info(self, *args) ‑> bool: has_set_exception_info(self) -> bool
def has_set_resume_mode(self, *args) ‑> bool: has_set_resume_mode(self) -> bool
def has_soft_bpt(self, *args) ‑> bool: has_soft_bpt(self) -> bool
def has_thread_continue(self, *args) ‑> bool: has_thread_continue(self) -> bool
def has_thread_get_sreg_base(self, *args) ‑> bool: has_thread_get_sreg_base(self) -> bool
def has_thread_suspend(self, *args) ‑> bool: has_thread_suspend(self) -> bool
def has_update_call_stack(self, *args) ‑> bool: has_update_call_stack(self) -> bool
def init_debugger(self, *args) ‑> bool: init_debugger(self, hostname, portnum, password) -> bool
hostname: char const *

portnum: int

password: char const *
def is_remote(self, *args) ‑> bool: is_remote(self) -> bool
def is_resmod_avail(self, *args) ‑> bool: is_resmod_avail(self, resmod) -> bool
resmod: int
def is_safe(self, *args) ‑> bool: is_safe(self) -> bool
def is_tracing_enabled(self, *args) ‑> bool: is_tracing_enabled(self, tid, tracebit) -> bool
tid: thid_t

tracebit: int
def map_address(self, *args) ‑> ea_t: map_address(self, off, regs, regnum) -> ea_t
off: ea_t

regs: regval_t const *

regnum: int
def may_disturb(self, *args) ‑> bool: may_disturb(self) -> bool
def may_take_exit_snapshot(self, *args) ‑> bool: may_take_exit_snapshot(self) -> bool
def must_have_hostname(self, *args) ‑> bool: must_have_hostname(self) -> bool
def open_file(self, *args) ‑> int: open_file(self, file, fsize, readonly) -> int
file: char const *

fsize: uint64 *

readonly: bool
def read_file(self, *args) ‑> ssize_t: read_file(self, fn, off, buf, size) -> ssize_t
fn: int

off: qoff64_t

buf: void *

size: size_t
def read_memory(self, *args) ‑> drc_t: read_memory(self, nbytes, ea, buffer, size) -> drc_t
nbytes: size_t *

ea: ea_t

buffer: void *

size: size_t
def read_registers(self, *args) ‑> drc_t: read_registers(self, tid, clsmask, values) -> drc_t
tid: thid_t

clsmask: int

values: regval_t *
def rebase_if_required_to(self, *args) ‑> void: rebase_if_required_to(self, new_base)
new_base: ea_t
def regs(self, *args) ‑> register_info_t &: regs(self, idx) -> register_info_t
idx: int
def request_pause(self, *args) ‑> drc_t: request_pause(self) -> drc_t
def resume(self, *args) ‑> drc_t: resume(self, event) -> drc_t
event: debug_event_t const *
def rexec(self, *args) ‑> int: rexec(self, cmdline) -> int
cmdline: char const *
def send_ioctl(self, *args) ‑> drc_t: send_ioctl(self, fn, buf, poutbuf, poutsize) -> drc_t
fn: int

buf: void const *

poutbuf: void **

poutsize: ssize_t *
def set_exception_info(self, *args) ‑> void: set_exception_info(self, info, qty)
info: exception_info_t const *

qty: int
def set_resume_mode(self, *args) ‑> drc_t: set_resume_mode(self, tid, resmod) -> drc_t
tid: thid_t

resmod: enum resume_mode_t
def start_process(self, *args) ‑> drc_t: start_process(self, path, args, envs, startdir, dbg_proc_flags, input_path, input_file_crc32) -> drc_t
path: char const *

args: char const *

envs: launch_env_t *

startdir: char const *

dbg_proc_flags: uint32

input_path: char const *

input_file_crc32: uint32
def supports_debthread(self, *args) ‑> bool: supports_debthread(self) -> bool
def supports_lowcnds(self, *args) ‑> bool: supports_lowcnds(self) -> bool
def suspended(self, *args) ‑> void: suspended(self, dlls_added, thr_names=None)
dlls_added: bool

thr_names: thread_name_vec_t *
def term_debugger(self, *args) ‑> bool: term_debugger(self) -> bool
def thread_continue(self, *args) ‑> drc_t: thread_continue(self, tid) -> drc_t
tid: thid_t
def thread_get_sreg_base(self, *args) ‑> drc_t: thread_get_sreg_base(self, answer, tid, sreg_value) -> drc_t
answer: ea_t *

tid: thid_t

sreg_value: int
def thread_suspend(self, *args) ‑> drc_t: thread_suspend(self, tid) -> drc_t
tid: thid_t
def update_bpts(self, *args) ‑> drc_t: update_bpts(self, nbpts, bpts, nadd, ndel) -> drc_t
nbpts: int *

bpts: update_bpt_info_t *

nadd: int

ndel: int
def update_call_stack(self, *args) ‑> drc_t: update_call_stack(self, tid, trace) -> drc_t
tid: thid_t

trace: call_stack_t *
def update_lowcnds(self, *args) ‑> drc_t: update_lowcnds(self, nupdated, lowcnds, nlowcnds) -> drc_t
nupdated: int *

lowcnds: lowcnd_t const *

nlowcnds: int
def use_memregs(self, *args) ‑> bool: use_memregs(self) -> bool
def use_sregs(self, *args) ‑> bool: use_sregs(self) -> bool
def virtual_threads(self, *args) ‑> bool: virtual_threads(self) -> bool
def write_file(self, *args) ‑> ssize_t: write_file(self, fn, off, buf) -> ssize_t
fn: int

off: qoff64_t

buf: void const *
def write_memory(self, *args) ‑> drc_t: write_memory(self, nbytes, ea, buffer, size) -> drc_t
nbytes: size_t *

ea: ea_t

buffer: void const *

size: size_t
def write_register(self, *args) ‑> drc_t: write_register(self, tid, regidx, value) -> drc_t
tid: thid_t

regidx: int

value: regval_t const *

class dyn_register_info_array (*args)

Proxy of C++ dynamic_wrapped_array_t< register_info_t > class.

__init__(self, _data, _count) -> dyn_register_info_array

_data: register_info_t *

_count: size_t

Instance variables

var count: count
var data: data

class exception_info_t (*args)

Proxy of C++ exception_info_t class.

__init__(self) -> exception_info_t

__init__(self, _code, _flags, _name, _desc) -> exception_info_t

_code: uint

_flags: uint32

_name: char const *

_desc: char const *

Instance variables

var code: exception code
var desc: Long message used to display info about the exception.
var flags: Exception info flags
var name: Exception standard name.

Methods

def break_on(self, *args) ‑> bool: break_on(self) -> bool
Should we break on the exception?
def handle(self, *args) ‑> bool: handle(self) -> bool
Should we handle the exception?

class excinfo_t (*args)

Proxy of C++ excinfo_t class.

__init__(self) -> excinfo_t

Instance variables

var can_cont: Execution of the process can continue after this exception?
var code: Exception code.
var ea: Possible address referenced by the exception.
var info: Exception message.

class excvec_t (*args)

Proxy of C++ qvector< exception_info_t > class.

__init__(self) -> excvec_t

__init__(self, x) -> excvec_t

x: qvector< exception_info_t > const &

Methods

def at(self, *args) ‑> exception_info_t const &: at(self, _idx) -> exception_info_t
_idx: size_t
def back(self)
def begin(self, *args) ‑> qvector< exception_info_t >::const_iterator: begin(self) -> exception_info_t
def capacity(self, *args) ‑> size_t: capacity(self) -> size_t
def clear(self, *args) ‑> void: clear(self)
def empty(self, *args) ‑> bool: empty(self) -> bool
def end(self, *args) ‑> qvector< exception_info_t >::const_iterator: end(self) -> exception_info_t
def erase(self, *args) ‑> qvector< exception_info_t >::iterator: erase(self, it) -> exception_info_t
it: qvector< exception_info_t >::iterator

erase(self, first, last) -> exception_info_t
first: qvector< exception_info_t >::iterator

last: qvector< exception_info_t >::iterator
def extract(self, *args) ‑> exception_info_t *: extract(self) -> exception_info_t
def front(self)
def grow(self, *args) ‑> void: grow(self, x=exception_info_t())

x: exception_info_t const &
def inject(self, *args) ‑> void: inject(self, s, len)
s: exception_info_t *

len: size_t
def insert(self, *args) ‑> qvector< exception_info_t >::iterator: insert(self, it, x) -> exception_info_t
it: qvector< exception_info_t >::iterator

x: exception_info_t const &
def pop_back(self, *args) ‑> void: pop_back(self)
def push_back(self, *args) ‑> exception_info_t &: push_back(self, x)
x: exception_info_t const &

push_back(self) -> exception_info_t
def qclear(self, *args) ‑> void: qclear(self)
def reserve(self, *args) ‑> void: reserve(self, cnt)
cnt: size_t
def resize(self, *args) ‑> void: resize(self, _newsize, x)
_newsize: size_t

x: exception_info_t const &

resize(self, _newsize)
_newsize: size_t
def size(self, *args) ‑> size_t: size(self) -> size_t
def swap(self, *args) ‑> void: swap(self, r)
r: qvector< exception_info_t > &
def truncate(self, *args) ‑> void: truncate(self)

class launch_env_t (*args)

Proxy of C++ launch_env_t class.

__init__(self) -> launch_env_t

Instance variables

var merge: merge

class meminfo_vec_t (*args)

Proxy of C++ meminfo_vec_t class.

__init__(self) -> meminfo_vec_t

Ancestors

meminfo_vec_template_t

Inherited members

meminfo_vec_template_t:
- add_unique
- at
- begin
- capacity
- clear
- empty
- end
- erase
- extract
- find
- grow
- has
- inject
- insert
- pop_back
- push_back
- qclear
- reserve
- resize
- size
- swap
- truncate

class meminfo_vec_template_t (*args)

Proxy of C++ qvector< memory_info_t > class.

__init__(self) -> meminfo_vec_template_t

__init__(self, x) -> meminfo_vec_template_t

x: qvector< memory_info_t > const &

Subclasses

meminfo_vec_t

Methods

def add_unique(self, *args) ‑> bool: add_unique(self, x) -> bool
x: memory_info_t const &
def at(self, *args) ‑> memory_info_t const &: at(self, _idx) -> memory_info_t
_idx: size_t
def back(self)
def begin(self, *args) ‑> qvector< memory_info_t >::const_iterator: begin(self) -> memory_info_t
def capacity(self, *args) ‑> size_t: capacity(self) -> size_t
def clear(self, *args) ‑> void: clear(self)
def empty(self, *args) ‑> bool: empty(self) -> bool
def end(self, *args) ‑> qvector< memory_info_t >::const_iterator: end(self) -> memory_info_t
def erase(self, *args) ‑> qvector< memory_info_t >::iterator: erase(self, it) -> memory_info_t
it: qvector< memory_info_t >::iterator

erase(self, first, last) -> memory_info_t
first: qvector< memory_info_t >::iterator

last: qvector< memory_info_t >::iterator
def extract(self, *args) ‑> memory_info_t *: extract(self) -> memory_info_t
def find(self, *args) ‑> qvector< memory_info_t >::const_iterator: find(self, x) -> memory_info_t
x: memory_info_t const &
def front(self)
def grow(self, *args) ‑> void: grow(self, x=memory_info_t())

x: memory_info_t const &
def has(self, *args) ‑> bool: has(self, x) -> bool
x: memory_info_t const &
def inject(self, *args) ‑> void: inject(self, s, len)
s: memory_info_t *

len: size_t
def insert(self, *args) ‑> qvector< memory_info_t >::iterator: insert(self, it, x) -> memory_info_t
it: qvector< memory_info_t >::iterator

x: memory_info_t const &
def pop_back(self, *args) ‑> void: pop_back(self)
def push_back(self, *args) ‑> memory_info_t &: push_back(self, x)
x: memory_info_t const &

push_back(self) -> memory_info_t
def qclear(self, *args) ‑> void: qclear(self)
def reserve(self, *args) ‑> void: reserve(self, cnt)
cnt: size_t
def resize(self, *args) ‑> void: resize(self, _newsize, x)
_newsize: size_t

x: memory_info_t const &

resize(self, _newsize)
_newsize: size_t
def size(self, *args) ‑> size_t: size(self) -> size_t
def swap(self, *args) ‑> void: swap(self, r)
r: qvector< memory_info_t > &
def truncate(self, *args) ‑> void: truncate(self)

class memory_info_t (*args)

Proxy of C++ memory_info_t class.

__init__(self) -> memory_info_t

Ancestors

range_t

Instance variables

var bitness: Number of bits in segment addresses (0-16bit, 1-32bit, 2-64bit)
var name: Memory range name.
var perm: Memory range permissions (0-no information): see segment.hpp.
var sbase: Segment base (meaningful only for segmented architectures, e.g. 16-bit x86) The base is specified in paragraphs (i.e. shifted to the right by 4)
var sclass: Memory range class name.

Inherited members

range_t:
- clear
- compare
- contains
- empty
- end_ea
- extend
- intersect
- overlaps
- size
- start_ea

class modinfo_t (*args)

Proxy of C++ modinfo_t class.

__init__(self) -> modinfo_t

Instance variables

var base: module base address. if unknown pass BADADDR
var name: full name of the module
var rebase_to: if not BADADDR, then rebase the program to the specified address
var size: module size. if unknown pass 0

class process_info_t (*args)

Proxy of C++ process_info_t class.

__init__(self) -> process_info_t

Instance variables

var name: process name
var pid: process id

class procinfo_vec_t (*args)

Proxy of C++ qvector< process_info_t > class.

__init__(self) -> procinfo_vec_t

__init__(self, x) -> procinfo_vec_t

x: qvector< process_info_t > const &

Methods

def at(self, *args) ‑> process_info_t const &: at(self, _idx) -> process_info_t
_idx: size_t
def back(self)
def begin(self, *args) ‑> qvector< process_info_t >::const_iterator: begin(self) -> process_info_t
def capacity(self, *args) ‑> size_t: capacity(self) -> size_t
def clear(self, *args) ‑> void: clear(self)
def empty(self, *args) ‑> bool: empty(self) -> bool
def end(self, *args) ‑> qvector< process_info_t >::const_iterator: end(self) -> process_info_t
def erase(self, *args) ‑> qvector< process_info_t >::iterator: erase(self, it) -> process_info_t
it: qvector< process_info_t >::iterator

erase(self, first, last) -> process_info_t
first: qvector< process_info_t >::iterator

last: qvector< process_info_t >::iterator
def extract(self, *args) ‑> process_info_t *: extract(self) -> process_info_t
def front(self)
def grow(self, *args) ‑> void: grow(self, x=process_info_t())

x: process_info_t const &
def inject(self, *args) ‑> void: inject(self, s, len)
s: process_info_t *

len: size_t
def insert(self, *args) ‑> qvector< process_info_t >::iterator: insert(self, it, x) -> process_info_t
it: qvector< process_info_t >::iterator

x: process_info_t const &
def pop_back(self, *args) ‑> void: pop_back(self)
def push_back(self, *args) ‑> process_info_t &: push_back(self, x)
x: process_info_t const &

push_back(self) -> process_info_t
def qclear(self, *args) ‑> void: qclear(self)
def reserve(self, *args) ‑> void: reserve(self, cnt)
cnt: size_t
def resize(self, *args) ‑> void: resize(self, _newsize, x)
_newsize: size_t

x: process_info_t const &

resize(self, _newsize)
_newsize: size_t
def size(self, *args) ‑> size_t: size(self) -> size_t
def swap(self, *args) ‑> void: swap(self, r)
r: qvector< process_info_t > &
def truncate(self, *args) ‑> void: truncate(self)

class register_info_t (*args)

Proxy of C++ register_info_t class.

__init__(self) -> register_info_t

Instance variables

var bit_strings : PyObject *: strings corresponding to each bit of the register. (nullptr = no bit, same name = multi-bits mask)
var default_bit_strings_mask: mask of default bits
var dtype: Register size (see Operand value types)
var flags: Register info attribute flags
var name: Register name.
var register_class: segment, mmx, etc.

class regval_t (*args)

Proxy of C++ regval_t class.

__init__(self) -> regval_t

__init__(self, r) -> regval_t

r: regval_t const &

Instance variables

var fval: 12: floating point value in the internal representation (see ieee.h)
var ival: 8: integer value
var rvtype: one of Register value types

Methods

def bytes(self, *args) ‑> bytevec_t const &: bytes(self) -> bytevec_t
Get const custom value.

bytes(self) -> bytevec_t const &
def clear(self, *args) ‑> void: clear(self)
Clear register value.
def get_data(self, *args) ‑> void const *: get_data(self)
Get const pointer to value.

get_data(self) -> void const *
def get_data_size(self, *args) ‑> size_t: get_data_size(self) -> size_t
Get size of value.
def pyval(self, *args) ‑> PyObject *: pyval(self, dtype) -> PyObject *
dtype: op_dtype_t
def set_bytes(self, *args) ‑> bytevec_t &: set_bytes(self, data, size)
Initialize this regval to an empty custom value.

data: uchar const *

size: size_t

set_bytes(self, v)
v: bytevec_t const &

set_bytes(self) -> bytevec_t &
def set_float(self, *args) ‑> void: set_float(self, x)
Set float value (fval)

x: (C++: const fpvalue_t &) fpvalue_t const &
def set_int(self, *args) ‑> void: set_int(self, x)
x: uint64
def set_pyval(self, *args) ‑> bool: set_pyval(self, o, dtype) -> bool
o: PyObject *

dtype: op_dtype_t
def set_unavailable(self, *args) ‑> void: set_unavailable(self)
Mark as unavailable.
def swap(self, *args) ‑> void: swap(self, r)
Set this = r and r = this.

r: (C++: regval_t &)

class regvals_t (*args)

Proxy of C++ qvector< regval_t > class.

__init__(self) -> regvals_t

__init__(self, x) -> regvals_t

x: qvector< regval_t > const &

Methods

def add_unique(self, *args) ‑> bool: add_unique(self, x) -> bool
x: regval_t const &
def at(self, *args) ‑> regval_t const &: at(self, _idx) -> regval_t
_idx: size_t
def back(self)
def begin(self, *args) ‑> qvector< regval_t >::const_iterator: begin(self) -> regval_t
def capacity(self, *args) ‑> size_t: capacity(self) -> size_t
def clear(self, *args) ‑> void: clear(self)
def empty(self, *args) ‑> bool: empty(self) -> bool
def end(self, *args) ‑> qvector< regval_t >::const_iterator: end(self) -> regval_t
def erase(self, *args) ‑> qvector< regval_t >::iterator: erase(self, it) -> regval_t
it: qvector< regval_t >::iterator

erase(self, first, last) -> regval_t
first: qvector< regval_t >::iterator

last: qvector< regval_t >::iterator
def extract(self, *args) ‑> regval_t *: extract(self) -> regval_t
def find(self, *args) ‑> qvector< regval_t >::const_iterator: find(self, x) -> regval_t
x: regval_t const &
def front(self)
def grow(self, *args) ‑> void: grow(self, x=regval_t())

x: regval_t const &
def has(self, *args) ‑> bool: has(self, x) -> bool
x: regval_t const &
def inject(self, *args) ‑> void: inject(self, s, len)
s: regval_t *

len: size_t
def insert(self, *args) ‑> qvector< regval_t >::iterator: insert(self, it, x) -> regval_t
it: qvector< regval_t >::iterator

x: regval_t const &
def pop_back(self, *args) ‑> void: pop_back(self)
def push_back(self, *args) ‑> regval_t &: push_back(self, x)
x: regval_t const &

push_back(self) -> regval_t
def qclear(self, *args) ‑> void: qclear(self)
def reserve(self, *args) ‑> void: reserve(self, cnt)
cnt: size_t
def resize(self, *args) ‑> void: resize(self, _newsize, x)
_newsize: size_t

x: regval_t const &

resize(self, _newsize)
_newsize: size_t
def size(self, *args) ‑> size_t: size(self) -> size_t
def swap(self, *args) ‑> void: swap(self, r)
r: qvector< regval_t > &
def truncate(self, *args) ‑> void: truncate(self)

class scattered_segm_t (*args)

Proxy of C++ scattered_segm_t class.

__init__(self) -> scattered_segm_t

Ancestors

range_t

Instance variables

var name: name of the segment

Inherited members

range_t:
- clear
- compare
- contains
- empty
- end_ea
- extend
- intersect
- overlaps
- size
- start_ea

class thread_name_t (*args)

Proxy of C++ thread_name_t class.

__init__(self) -> thread_name_t

Instance variables

var name: new thread name
var tid: thread