Callback notification codes.
| Enumerator |
|---|
| ev_init_debugger | Initialize debugger.
This event is generated in the main thread. - Parameters
-
| hostname | (const char *) |
| portnum | (int) |
| password | (const char *) |
| errbuf | (qstring *) may be nullptr |
- Returns
- DRC_OK, DRC_FAILED
|
| ev_term_debugger | Terminate debugger.
This event is generated in the main thread. - Returns
- DRC_OK, DRC_FAILED
|
| ev_get_processes | Return information about the running processes.
This event is generated in the main thread. Available if DBG_HAS_GET_PROCESSES is set - Parameters
-
- Returns
- DRC_NONE, DRC_OK, DRC_FAILED, DRC_NETERR
|
| ev_start_process | Start an executable to debug.
This event is generated in debthread. Must be implemented. - Parameters
-
| path | (const char *) path to executable |
| args | (const char *) arguments to pass to executable |
| startdir | (const char *) initial working directory of new process |
| dbg_proc_flags | (uint32) Debug process flags |
| input_path | (const char *) path to the file that was used to create the idb file It is not always the same as 'path' - e.g. if we are analyzing a dll and want to launch an executable that loads it. |
| input_file_crc32 | (uint32) CRC value for 'input_path' |
| errbuf | (qstring *) may be nullptr |
| envs | (launch_env_t *) environment variables for debugged process |
- Returns
- DRC_OK, DRC_CRC, DRC_FAILED, DRC_NETERR, DRC_NOFILE
|
| ev_attach_process | Attach to an existing running process.
event_id should be equal to -1 if not attaching to a crashed process. This event is generated in debthread. Available if DBG_HAS_ATTACH_PROCESS is set - Parameters
-
- Returns
- DRC_NONE, DRC_OK, DRC_FAILED, DRC_NETERR
|
| ev_detach_process | Detach from the debugged process.
May be generated while the process is running or suspended. Must detach from the process in any case. The kernel will repeatedly call get_debug_event() until PROCESS_DETACHED is received. In this mode, all other events will be automatically handled and process will be resumed. This event is generated from debthread. Available if DBG_HAS_DETACH_PROCESS is set - Returns
- DRC_NONE, DRC_OK, DRC_FAILED, DRC_NETERR
|
| ev_get_debapp_attrs | Retrieve process- and debugger-specific runtime attributes.
This event is generated in the main thread. - Parameters
-
- Returns
- DRC_NONE, DRC_OK
|
| ev_rebase_if_required_to | Rebase database if the debugged program has been rebased by the system.
This event is generated in the main thread. - Parameters
-
- Returns
- DRC_NONE, DRC_OK
|
| ev_request_pause | Prepare to pause the process.
Normally the next get_debug_event() will pause the process If the process is sleeping, then the pause will not occur until the process wakes up. If the debugger module does not react to this event, then it will be impossible to pause the program. This event is generated in debthread. Available if DBG_HAS_REQUEST_PAUSE is set - Parameters
-
- Returns
- DRC_NONE, DRC_OK, DRC_FAILED, DRC_NETERR
|
| ev_exit_process | Stop the process.
May be generated while the process is running or suspended. Must terminate the process in any case. The kernel will repeatedly call get_debug_event() until PROCESS_EXITED is received. In this mode, all other events will be automatically handled and process will be resumed. This event is generated in debthread. Must be implemented. - Parameters
-
- Returns
- DRC_NONE, DRC_OK, DRC_FAILED, DRC_NETERR
|
| ev_get_debug_event | Get a pending debug event and suspend the process.
This event will be generated regularly by IDA. This event is generated in debthread. IMPORTANT: the BREAKPOINT/EXCEPTION/STEP events must be reported only after reporting other pending events for a thread. Must be implemented. - Parameters
-
- Return values
-
|
| ev_resume | Continue after handling the event.
This event is generated in debthread. Must be implemented. - Parameters
-
- Returns
- DRC_OK, DRC_FAILED, DRC_NETERR
|
| ev_set_backwards | Set whether the debugger should continue backwards or forwards.
This event is generated in debthread. Available if DBG_FLAG_TTD is set
|
| ev_set_exception_info | Set exception handling.
This event is generated in debthread or the main thread. Available if DBG_HAS_SET_EXCEPTION_INFO is set - Parameters
-
- Returns
- DRC_NONE, DRC_OK
|
| ev_suspended | This event will be generated by the kernel each time it has suspended the debuggee process and refreshed the database.
The debugger module may add information to the database if necessary.
The reason for introducing this event is that when an event like LOAD_DLL happens, the database does not reflect the memory state yet and therefore we can't add information about the dll into the database in the get_debug_event() function. Only when the kernel has adjusted the database we can do it. Example: for loaded PE DLLs we can add the exported function names to the list of debug names (see set_debug_names()).
This event is generated in the main thread. - Parameters
-
| dlls_added | (bool) |
| thr_names | (thread_name_vec_t *) (for the kernel only, must be nullptr) |
- Returns
- DRC_NONE, DRC_OK
|
| ev_thread_suspend | Suspend a running thread Available if DBG_HAS_THREAD_SUSPEND is set.
- Parameters
-
|
| ev_thread_continue | Resume a suspended thread Available if DBG_HAS_THREAD_CONTINUE is set.
- Parameters
-
|
| ev_set_resume_mode | Specify resume action Available if DBG_HAS_SET_RESUME_MODE is set.
- Parameters
-
|
| ev_read_registers | Read thread registers.
This event is generated in debthread. Must be implemented. - Parameters
-
| tid | (thid_t) thread id |
| clsmask | (int) bitmask of register classes to read |
| values | (regval_t *) pointer to vector of regvals for all registers. regval must have debugger_t::nregisters elements |
| errbuf | (qstring *) may be nullptr |
- Returns
- DRC_OK, DRC_FAILED, DRC_NETERR
|
| ev_write_register | Write one thread register.
This event is generated in debthread. Must be implemented. - Parameters
-
| tid | (thid_t) thread id |
| regidx | (int) register index |
| value | (const regval_t *) new value of the register |
| errbuf | (qstring *) may be nullptr |
- Returns
- DRC_OK, DRC_FAILED, DRC_NETERR
|
| ev_thread_get_sreg_base | Get information about the base of a segment register.
Currently used by the IBM PC module to resolve references like fs:0. This event is generated in debthread. Available if DBG_HAS_THREAD_GET_SREG_BASE is set - Parameters
-
| answer | (ea_t *) pointer to the answer. can't be nullptr. |
| tid | (thid_t) thread id |
| sreg_value | (int) value of the segment register (returned by get_reg_val()) |
| errbuf | (qstring *) may be nullptr |
- Returns
- DRC_NONE, DRC_OK, DRC_FAILED, DRC_NETERR
|
| ev_get_memory_info | Get information on the memory ranges.
The debugger module fills 'ranges'. The returned vector must be sorted. This event is generated in debthread. Must be implemented. - Parameters
-
- Return values
-
|
| ev_read_memory | Read process memory.
This event is generated in debthread. - Parameters
-
| nbytes | (size_t *) number of read bytes |
| ea | (ea_t) |
| buffer | (void *) |
| size | (::size_t) |
| errbuf | (qstring *) may be nullptr |
- Returns
- DRC_OK, DRC_FAILED, DRC_NOPROC
|
| ev_write_memory | Write process memory.
This event is generated in debthread. - Parameters
-
| nbytes | (size_t *) number of written bytes |
| ea | (ea_t) |
| buffer | (const void *) |
| size | (::size_t) |
| errbuf | (qstring *) may be nullptr |
- Return values
-
|
| ev_check_bpt | Is it possible to set breakpoint?
This event is generated in debthread or in the main thread if debthread is not running yet. It is generated to verify hardware breakpoints. Available if DBG_HAS_CHECK_BPT is set - Parameters
-
- Returns
- DRC_OK, DRC_NONE
|
| ev_update_bpts | Add/del breakpoints.
bpts array contains nadd bpts to add, followed by ndel bpts to del. This event is generated in debthread. - Parameters
-
| nbpts | (int *) number of updated breakpoints |
| bpts | (update_bpt_info_t *) |
| nadd | (int) |
| ndel | (int) |
| errbuf | (qstring *) may be nullptr |
- Returns
- DRC_OK, DRC_FAILED, DRC_NETERR
|
| ev_update_lowcnds | Update low-level (server side) breakpoint conditions.
This event is generated in debthread. - Parameters
-
| nupdated | (int *) number of updated conditions |
| lowcnds | (const lowcnd_t *) |
| nlowcnds | (int) |
| errbuf | (qstring *) may be nullptr |
- Returns
- DRC_OK, DRC_NETERR
|
| ev_open_file | - Parameters
-
| file | (const char *) |
| fsize | (uint64 *) |
| readonly | (bool) |
| errbuf | (qstring *) may be nullptr |
- Return values
-
|
| ev_close_file | - Parameters
-
- Returns
- ignored
|
| ev_read_file | - Parameters
-
| fn | (int) handle |
| off | (::qoff64_t) |
| buf | (void *) |
| size | (size_t) |
| errbuf | (qstring *) may be nullptr |
- Return values
-
|
| ev_write_file | - Parameters
-
| fn | (int) handle |
| off | (::qoff64_t) |
| buf | (const void *) |
| size | (size_t) |
| errbuf | (qstring *) may be nullptr |
- Return values
-
|
| ev_map_address | Map process address.
The debugger module may ignore this event. This event is generated in debthread. IDA will generate this event only if DBG_HAS_MAP_ADDRESS is set. - Parameters
-
| mapped | (ea_t *) mapped address or #BADADDR |
| off | (ea_t) offset to map |
| regs | (const regval_t *) current register values. if regs == nullptr, then perform global mapping, which is independent on used registers usually such a mapping is a trivial identity mapping |
| regnum | (int) required mapping. May be specified as a segment register number or a regular register number if the required mapping can be deduced from it. For example, esp implies that ss should be used. |
- Returns
- DRC_NONE, DRC_OK see MAPPED
|
| ev_get_debmod_extensions | Get pointer to debugger specific events.
This event returns a pointer to a structure that holds pointers to debugger module specific events. For information on the structure layout, please check the corresponding debugger module. Most debugger modules return nullptr because they do not have any extensions. Available extensions may be generated from plugins. This event is generated in the main thread. - Parameters
-
- Returns
- DRC_NONE, DRC_OK see EXT
|
| ev_update_call_stack | Calculate the call stack trace for the given thread.
This event is generated when the process is suspended and should fill the 'trace' object with the information about the current call stack. If this event returns DRC_NONE, IDA will try to invoke a processor-specific mechanism (see processor_t::ev_update_call_stack). If the current processor module does not implement stack tracing, then IDA will fall back to a generic algorithm (based on the frame pointer chain) to calculate the trace. This event is ideal if the debugging targets manage stack frames in a peculiar way, requiring special analysis. This event is generated in the main thread. Available if DBG_HAS_UPDATE_CALL_STACK is set - Parameters
-
- Return values
-
- Returns
- DRC_OK success
|
| ev_appcall | Call application function.
This event calls a function from the debugged application. This event is generated in debthread Available if HAS_APPCALL is set - Parameters
-
| [out] | blob_ea | (ea_t *) ea of stkargs blob, #BADADDR if failed and errbuf is filled |
| func_ea | (ea_t) address to call |
| tid | (thid_t) thread to use |
| fti | (const func_type_data_t *) type information for the generated event |
| nargs | (int) number of actual arguments |
| regargs | (const regobjs_t *) information about register arguments |
| stkargs | (relobj_t *) memory blob to pass as stack arguments (usually contains pointed data) it must be relocated by the callback but not changed otherwise |
| retregs | (regobjs_t *) event return registers. |
| [out] | errbuf | (qstring *) the error message. if empty on failure, see EVENT. should not be filled if an appcall exception happened but #APPCALL_DEBEV is set |
| [out] | event | (debug_event_t *) the last debug event that occurred during appcall execution filled only if the appcall execution fails and #APPCALL_DEBEV is set |
| options | (int) appcall options, usually taken from idainfo::appcall_options. possible values: combination of Appcall options or 0 |
- Return values
-
|
| ev_cleanup_appcall | Cleanup after appcall().
The debugger module must keep the stack blob in the memory until this event is generated. It will be generated by the kernel for each successful appcall(). There is an exception: if #APPCALL_MANUAL, IDA may not call cleanup_appcall. If the user selects to terminate a manual appcall, then cleanup_appcall will be generated. Otherwise, the debugger module should terminate the appcall when the generated event returns. This event is generated in debthread. Available if HAS_APPCALL is set - Parameters
-
- Return values
-
|
| ev_eval_lowcnd | Evaluate a low level breakpoint condition at 'ea'.
Other evaluation errors are displayed in a dialog box. This call is used by IDA when the process has already been temporarily suspended for some reason and IDA has to decide whether the process should be resumed or definitely suspended because of a breakpoint with a low level condition. This event is generated in debthread. - Parameters
-
- Return values
-
|
| ev_send_ioctl | Perform a debugger-specific event.
This event is generated in debthread - Parameters
-
| fn | (int) |
| buf | (const void *) |
| size | (size_t) |
| poutbuf | (void **) |
| poutsize | (ssize_t *) |
| errbuf | (qstring *) may be nullptr |
- Return values
-
|
| ev_dbg_enable_trace | Enable/Disable tracing.
The kernel will generated this event if the debugger plugin set DBG_FLAG_TRACER_MODULE. TRACE_FLAGS can be a set of #STEP_TRACE, #INSN_TRACE, #BBLK_TRACE or #FUNC_TRACE. This event is generated in the main thread. - Parameters
-
| tid | (thid_t) |
| enable | (bool) |
| trace_flags | (int) |
- Returns
- DRC_OK, DRC_FAILED, DRC_NONE
|
| ev_is_tracing_enabled | Is tracing enabled?
The kernel will generated this event if the debugger plugin set DBG_FLAG_TRACER_MODULE. TRACE_BIT can be one of the following: #STEP_TRACE, #INSN_TRACE, #BBLK_TRACE or #FUNC_TRACE - Parameters
-
- Return values
-
|
| ev_rexec | Execute a command on the remote computer.
Available if DBG_HAS_REXEC is set - Parameters
-
- Returns
- (int) exit code
|
| ev_get_srcinfo_path | Get the path to a file containing source debug info for the given module.
This allows srcinfo providers to call into the debugger when looking for debug info. It is useful in certain cases like the iOS debugger, which is a remote debugger but the remote debugserver does not provide dwarf info. So, we allow the debugger client to decide where to look for debug info locally. - Parameters
-
| path | (qstring *) output path (file might not exist) |
| base | (ea_t) base address of a module in the target process |
- Returns
- DRC_NONE, DRC_OK result stored in PATH
|
| ev_bin_search | Search for a binary pattern in the program.
- Parameters
-
- Returns
- DRC_OK EA contains the binary pattern address
- Return values
-
|
| ev_get_dynamic_register_set | Ask debuger to send dynamic register set.
- Parameters
-
- Returns
- DRC_OK REGSET is ready
- Return values
-
|
| ev_set_dbg_options | Set debugger options (parameters that are specific to the debugger module).
- Parameters
-
| [out] | code | (const char **) one of Option result codes, otherwise a pointer to an error message, may be nullptr |
| keyword | (const char *) keyword encountered in IDA.CFG/user config file. if nullptr, then an interactive dialog form should be displayed |
| pri | (int) option priority, one of Option priority values |
| value_type | (int) type of value of the keyword - one of Option value types |
| value | (const void *) pointer to value |
- Returns
- DRC_OK event is implemented
-
DRC_NONE event is not implemented See the convenience function in dbg.hpp if you need to call it. The kernel will generate this event after reading the debugger specific config file (arguments are: keyword="", type=#IDPOPT_STR, value="") The kernel uses this event with keyword=" " to detect implementation. This event is optional. This event is generated in the main thread
|
