IDA SDK
Macros
Debugger module features

Detailed Description

Debugger module features may be set inside debugger_t::init_debugger() except of the severals

Used by debugger_t::flags

Macros

#define DBG_FLAG_REMOTE   0x00000001
 Remote debugger (requires remote host name unless DBG_FLAG_NOHOST)
 
#define DBG_FLAG_NOHOST   0x00000002
 Remote debugger with does not require network params (host/port/pass). More...
 
#define DBG_FLAG_FAKE_ATTACH   0x00000004
 PROCESS_ATTACHED is a fake event More...
 
#define DBG_FLAG_HWDATBPT_ONE   0x00000008
 Hardware data breakpoints are. More...
 
#define DBG_FLAG_CAN_CONT_BPT   0x00000010
 Debugger knows to continue from a bpt. More...
 
#define DBG_FLAG_NEEDPORT   0x00000020
 Remote debugger requires port number (to be used with DBG_FLAG_NOHOST)
 
#define DBG_FLAG_DONT_DISTURB   0x00000040
 Debugger can handle only. More...
 
#define DBG_FLAG_SAFE   0x00000080
 The debugger is safe (probably because it just emulates the application. More...
 
#define DBG_FLAG_CLEAN_EXIT   0x00000100
 IDA must suspend the application and remove. More...
 
#define DBG_FLAG_USE_SREGS   0x00000200
 Take segment register values into account (non flat memory)
 
#define DBG_FLAG_NOSTARTDIR   0x00000400
 Debugger module doesn't use startup directory.
 
#define DBG_FLAG_NOPARAMETERS   0x00000800
 Debugger module doesn't use commandline parameters.
 
#define DBG_FLAG_NOPASSWORD   0x00001000
 Remote debugger doesn't use password.
 
#define DBG_FLAG_CONNSTRING   0x00002000
 Display "Connection string" instead of "Hostname" and hide the "Port" field.
 
#define DBG_FLAG_SMALLBLKS   0x00004000
 If set, IDA uses 256-byte blocks for caching memory contents. More...
 
#define DBG_FLAG_MANMEMINFO   0x00008000
 If set, manual memory region manipulation commands. More...
 
#define DBG_FLAG_EXITSHOTOK   0x00010000
 IDA may take a memory snapshot at PROCESS_EXITED event.
 
#define DBG_FLAG_VIRTHREADS   0x00020000
 Thread IDs may be shuffled after each debug event. More...
 
#define DBG_FLAG_LOWCNDS   0x00040000
 Low level breakpoint conditions are supported.
 
#define DBG_FLAG_DEBTHREAD   0x00080000
 Supports creation of a separate thread in ida. More...
 
#define DBG_FLAG_DEBUG_DLL   0x00100000
 Can debug standalone DLLs. More...
 
#define DBG_FLAG_FAKE_MEMORY   0x00200000
 get_memory_info()/read_memory()/write_memory() work with the idb. More...
 
#define DBG_FLAG_ANYSIZE_HWBPT   0x00400000
 The debugger supports arbitrary size hardware breakpoints.
 
#define DBG_FLAG_TRACER_MODULE   0x00800000
 The module is a tracer, not a full featured debugger module.
 
#define DBG_FLAG_PREFER_SWBPTS   0x01000000
 Prefer to use software breakpoints.
 

Macro Definition Documentation

#define DBG_FLAG_NOHOST   0x00000002

Remote debugger with does not require network params (host/port/pass).

(a unique device connected to the machine)

#define DBG_FLAG_FAKE_ATTACH   0x00000004

PROCESS_ATTACHED is a fake event

and does not suspend the execution

#define DBG_FLAG_HWDATBPT_ONE   0x00000008

Hardware data breakpoints are.

one byte size by default

#define DBG_FLAG_CAN_CONT_BPT   0x00000010

Debugger knows to continue from a bpt.

This flag also means that the debugger module hides breakpoints from ida upon read_memory

#define DBG_FLAG_DONT_DISTURB   0x00000040

Debugger can handle only.

get_debug_event(), request_pause(), exit_process(). when the debugged process is running. The kernel may also call service functions (file I/O, map_address, etc)

#define DBG_FLAG_SAFE   0x00000080

The debugger is safe (probably because it just emulates the application.

without really running it)

#define DBG_FLAG_CLEAN_EXIT   0x00000100

IDA must suspend the application and remove.

all breakpoints before terminating the application. Usually this is not required because the application memory disappears upon termination.

#define DBG_FLAG_SMALLBLKS   0x00004000

If set, IDA uses 256-byte blocks for caching memory contents.

Otherwise, 1024-byte blocks are used

#define DBG_FLAG_MANMEMINFO   0x00008000

If set, manual memory region manipulation commands.

will be available. Use this bit for debugger modules that can not return memory layout information

#define DBG_FLAG_VIRTHREADS   0x00020000

Thread IDs may be shuffled after each debug event.

(to be used for virtual threads that represent cpus for windbg kmode)

#define DBG_FLAG_DEBTHREAD   0x00080000

Supports creation of a separate thread in ida.

for the debugger (the debthread). Most debugger functions will be called from debthread (exceptions are marked below) The debugger module may directly call only THREAD_SAFE functions. To call other functions please use execute_sync(). The debthread significantly increases debugging speed, especially if debug events occur frequently (to be tested)

#define DBG_FLAG_DEBUG_DLL   0x00100000

Can debug standalone DLLs.

For example, Bochs debugger can debug any snippet of code

#define DBG_FLAG_FAKE_MEMORY   0x00200000

get_memory_info()/read_memory()/write_memory() work with the idb.

(there is no real process to read from, as for the replayer module) the kernel will not call these functions if this flag is set. however, third party plugins may call them, they must be implemented.