 |
IDA SDK
|
|
IDA SDK
|
Debugger module features may be set inside debugger_t::init_debugger() except of the severals
Used by debugger_t::flags
Macros | |
| #define | DBG_FLAG_REMOTE 0x0000000000000001ULL |
| Remote debugger (requires remote host name unless DBG_FLAG_NOHOST) | |
| #define | DBG_FLAG_NOHOST 0x0000000000000002ULL |
| Remote debugger with does not require network params (host/port/pass). More... | |
| #define | DBG_FLAG_FAKE_ATTACH 0x0000000000000004ULL |
| PROCESS_ATTACHED is a fake event and does not suspend the execution | |
| #define | DBG_FLAG_HWDATBPT_ONE 0x0000000000000008ULL |
| Hardware data breakpoints are one byte size by default. | |
| #define | DBG_FLAG_CAN_CONT_BPT 0x0000000000000010ULL |
| Debugger knows to continue from a bpt. More... | |
| #define | DBG_FLAG_NEEDPORT 0x0000000000000020ULL |
| Remote debugger requires port number (to be used with DBG_FLAG_NOHOST) | |
| #define | DBG_FLAG_DONT_DISTURB 0x0000000000000040ULL |
| Debugger can handle only get_debug_event(), request_pause(), exit_process() when the debugged process is running. More... | |
| #define | DBG_FLAG_SAFE 0x0000000000000080ULL |
| The debugger is safe (probably because it just emulates the application without really running it) | |
| #define | DBG_FLAG_CLEAN_EXIT 0x0000000000000100ULL |
| IDA must suspend the application and remove all breakpoints before terminating the application. More... | |
| #define | DBG_FLAG_USE_SREGS 0x0000000000000200ULL |
| Take segment register values into account (non flat memory) | |
| #define | DBG_FLAG_NOSTARTDIR 0x0000000000000400ULL |
| Debugger module doesn't use startup directory. | |
| #define | DBG_FLAG_NOPARAMETERS 0x0000000000000800ULL |
| Debugger module doesn't use commandline parameters. | |
| #define | DBG_FLAG_NOPASSWORD 0x0000000000001000ULL |
| Remote debugger doesn't use password. | |
| #define | DBG_FLAG_CONNSTRING 0x0000000000002000ULL |
| Display "Connection string" instead of "Hostname" and hide the "Port" field. | |
| #define | DBG_FLAG_SMALLBLKS 0x0000000000004000ULL |
| If set, IDA uses 256-byte blocks for caching memory contents. More... | |
| #define | DBG_FLAG_MANMEMINFO 0x0000000000008000ULL |
| If set, manual memory region manipulation commands will be available. More... | |
| #define | DBG_FLAG_EXITSHOTOK 0x0000000000010000ULL |
| IDA may take a memory snapshot at PROCESS_EXITED event. | |
| #define | DBG_FLAG_VIRTHREADS 0x0000000000020000ULL |
| Thread IDs may be shuffled after each debug event. More... | |
| #define | DBG_FLAG_LOWCNDS 0x0000000000040000ULL |
| Low level breakpoint conditions are supported. | |
| #define | DBG_FLAG_DEBTHREAD 0x0000000000080000ULL |
| Supports creation of a separate thread in ida for the debugger (the debthread). More... | |
| #define | DBG_FLAG_DEBUG_DLL 0x0000000000100000ULL |
| Can debug standalone DLLs. More... | |
| #define | DBG_FLAG_FAKE_MEMORY 0x0000000000200000ULL |
| get_memory_info()/read_memory()/write_memory() work with the idb. More... | |
| #define | DBG_FLAG_ANYSIZE_HWBPT 0x0000000000400000ULL |
| The debugger supports arbitrary size hardware breakpoints. | |
| #define | DBG_FLAG_TRACER_MODULE 0x0000000000800000ULL |
| The module is a tracer, not a full featured debugger module. | |
| #define | DBG_FLAG_PREFER_SWBPTS 0x0000000001000000ULL |
| Prefer to use software breakpoints. | |
| #define | DBG_FLAG_LAZY_WATCHPTS 0x0000000002000000ULL |
| Watchpoints are triggered before the offending instruction is executed. More... | |
| #define | DBG_FLAG_FAST_STEP 0x0000000004000000ULL |
| Do not refresh memory layout info after single stepping. | |
| #define | DBG_FLAG_ADD_ENVS 0x0000000008000000ULL |
| The debugger supports launching processes with environment variables. | |
| #define | DBG_FLAG_MERGE_ENVS 0x0000000010000000ULL |
| The debugger supports merge or replace setting for environment variables (only makes sense if DBG_FLAG_ADD_ENVS is set) | |
| #define | DBG_FLAG_DISABLE_ASLR 0x0000000020000000ULL |
| The debugger support ASLR disabling (Address space layout randomization) | |
| #define | DBG_FLAG_TTD 0x0000000040000000ULL |
| The debugger is a time travel debugger and supports continuing backwards. | |
| #define | DBG_FLAG_FULL_INSTR_BPT 0x0000000080000000ULL |
| Setting a breakpoint in the middle of an instruction will also break. | |
| #define | DBG_HAS_GET_PROCESSES 0x0000000100000000ULL |
| supports ev_get_processes | |
| #define | DBG_HAS_ATTACH_PROCESS 0x0000000200000000ULL |
| supports ev_attach_process | |
| #define | DBG_HAS_DETACH_PROCESS 0x0000000400000000ULL |
| supports ev_detach_process | |
| #define | DBG_HAS_REQUEST_PAUSE 0x0000000800000000ULL |
| supports ev_request_pause | |
| #define | DBG_HAS_SET_EXCEPTION_INFO 0x0000001000000000ULL |
| supports ev_set_exception_info | |
| #define | DBG_HAS_THREAD_SUSPEND 0x0000002000000000ULL |
| supports ev_thread_suspend | |
| #define | DBG_HAS_THREAD_CONTINUE 0x0000004000000000ULL |
| supports ev_thread_continue | |
| #define | DBG_HAS_SET_RESUME_MODE 0x0000008000000000ULL |
| supports ev_set_resume_mode. More... | |
| #define | DBG_HAS_THREAD_GET_SREG_BASE 0x0000010000000000ULL |
| supports ev_thread_get_sreg_base | |
| #define | DBG_HAS_CHECK_BPT 0x0000020000000000ULL |
| supports ev_check_bpt | |
| #define | DBG_HAS_OPEN_FILE 0x0000040000000000ULL |
| supports ev_open_file, ev_close_file, ev_read_file, ev_write_file | |
| #define | DBG_HAS_UPDATE_CALL_STACK 0x0000080000000000ULL |
| supports ev_update_call_stack | |
| #define | DBG_HAS_APPCALL 0x0000100000000000ULL |
| supports ev_appcall, ev_cleanup_appcall | |
| #define | DBG_HAS_REXEC 0x0000200000000000ULL |
| supports ev_rexec | |
| #define | DBG_HAS_MAP_ADDRESS 0x0000400000000000ULL |
| supports ev_map_address. More... | |
| #define DBG_FLAG_NOHOST 0x0000000000000002ULL |
Remote debugger with does not require network params (host/port/pass).
(a unique device connected to the machine)
| #define DBG_FLAG_CAN_CONT_BPT 0x0000000000000010ULL |
Debugger knows to continue from a bpt.
This flag also means that the debugger module hides breakpoints from ida upon read_memory
| #define DBG_FLAG_DONT_DISTURB 0x0000000000000040ULL |
Debugger can handle only get_debug_event(), request_pause(), exit_process() when the debugged process is running.
The kernel may also call service functions (file I/O, map_address, etc)
| #define DBG_FLAG_CLEAN_EXIT 0x0000000000000100ULL |
IDA must suspend the application and remove all breakpoints before terminating the application.
Usually this is not required because the application memory disappears upon termination.
| #define DBG_FLAG_SMALLBLKS 0x0000000000004000ULL |
If set, IDA uses 256-byte blocks for caching memory contents.
Otherwise, 1024-byte blocks are used
| #define DBG_FLAG_MANMEMINFO 0x0000000000008000ULL |
If set, manual memory region manipulation commands will be available.
Use this bit for debugger modules that cannot return memory layout information
| #define DBG_FLAG_VIRTHREADS 0x0000000000020000ULL |
Thread IDs may be shuffled after each debug event.
(to be used for virtual threads that represent cpus for windbg kmode)
| #define DBG_FLAG_DEBTHREAD 0x0000000000080000ULL |
Supports creation of a separate thread in ida for the debugger (the debthread).
Most debugger functions will be called from debthread (exceptions are marked below) The debugger module may directly call only THREAD_SAFE functions. To call other functions please use execute_sync(). The debthread significantly increases debugging speed, especially if debug events occur frequently.
| #define DBG_FLAG_DEBUG_DLL 0x0000000000100000ULL |
Can debug standalone DLLs.
For example, Bochs debugger can debug any snippet of code
| #define DBG_FLAG_FAKE_MEMORY 0x0000000000200000ULL |
get_memory_info()/read_memory()/write_memory() work with the idb.
(there is no real process to read from, as for the replayer module) the kernel will not call these functions if this flag is set. however, third party plugins may call them, they must be implemented.
| #define DBG_FLAG_LAZY_WATCHPTS 0x0000000002000000ULL |
Watchpoints are triggered before the offending instruction is executed.
The debugger must temporarily disable the watchpoint and single-step before resuming.
| #define DBG_HAS_SET_RESUME_MODE 0x0000008000000000ULL |
supports ev_set_resume_mode.
Cannot be set inside the debugger_t::init_debugger()
| #define DBG_HAS_MAP_ADDRESS 0x0000400000000000ULL |
supports ev_map_address.
Avoid using this bit, especially together with DBG_FLAG_DEBTHREAD because it may cause big slow downs
1.9.3