Module index

Module ida_dbg

IDA Plugin SDK API wrapper: dbg

Global variables

var BKPT_ACTIVE
active?
var BKPT_BADBPT
failed to write the bpt to the process memory (at least one location)
var BKPT_CNDREADY
condition has been compiled
var BKPT_FAKEPEND
fake pending bpt: it is inactive but another bpt of the same type is active at the same address(es)
var BKPT_LISTBPT
include in bpt list (user-defined bpt)
var BKPT_PAGE
written to the process as a page bpt. is available only after writing the bpt to the process.
var BKPT_PARTIAL
partially active? (some locations were not written yet)
var BKPT_TRACE
trace bpt; should not be deleted when the process gets suspended
var BPLT_ABS
BPLT_ABS = 0
var BPLT_REL
BPLT_REL = 1
var BPLT_SRC
BPLT_SRC = 3
var BPLT_SYM
BPLT_SYM = 2
var BPTCK_ACT
breakpoint is active (written to the process)
var BPTCK_NO
breakpoint is disabled
var BPTCK_NONE
breakpoint does not exist
var BPTCK_YES
breakpoint is enabled
var BPTEV_ADDED
Breakpoint has been added.
var BPTEV_CHANGED
Breakpoint has been modified.
var BPTEV_REMOVED
Breakpoint has been removed.
var BPT_BRK
suspend execution upon hit
var BPT_ELANG_MASK
BPT_ELANG_MASK = 4026531840
var BPT_ELANG_SHIFT
index of the extlang (scripting language) of the condition
var BPT_ENABLED
enabled?
var BPT_LOWCND
condition is calculated at low level (on the server side)
var BPT_TRACE
add trace information upon hit
var BPT_TRACEON
enable tracing when the breakpoint is reached
var BPT_TRACE_BBLK
basic block tracing
var BPT_TRACE_FUNC
function tracing
var BPT_TRACE_INSN
instruction tracing
var BPT_TRACE_TYPES
trace insns, functions, and basic blocks. if any of 'BPT_TRACE_TYPES' bits are set but 'BPT_TRACEON' is clear, then turn off tracing for the specified trace types
var BPT_UPDMEM
refresh the memory layout and contents before evaluating bpt condition
var BT_LOG_INSTS
specific options for basic block tracing (see 'set_bblk_trace_options()' )
log all instructions in the current basic block
var DBGINV_ALL
invalidate everything
var DBGINV_MEMCFG
invalidate cached process segmentation
var DBGINV_MEMORY
invalidate cached memory contents
var DBGINV_NONE
invalidate nothing
var DBGINV_REDRAW
refresh the screen
var DBGINV_REGS
invalidate cached register values
var DEC_ERROR
DEC_ERROR = -1
var DEC_NOTASK
DEC_NOTASK = -2
var DEC_TIMEOUT
DEC_TIMEOUT = 0
var DOPT_BPT_MSGS
log breakpoints
var DOPT_END_BPT
evaluate event condition on process end
var DOPT_ENTRY_BPT
break on program entry point
var DOPT_EXCDLG
exception dialogs:
var DOPT_FAST_STEP
prevent debugger memory refreshes when single-stepping
var DOPT_INFO_BPT
break on debugging information
var DOPT_INFO_MSGS
log debugging info events
var DOPT_LIB_BPT
break on library load/unload
var DOPT_LIB_MSGS
log library loads/unloads
var DOPT_LOAD_DINFO
automatically load debug files (pdb)
var DOPT_REAL_MEMORY
do not hide breakpoint instructions
var DOPT_REDO_STACK
reconstruct the stack
var DOPT_SEGM_MSGS
log debugger segments modifications
var DOPT_START_BPT
break on process start
var DOPT_TEMP_HWBPT
when possible use hardware bpts for temp bpts
var DOPT_THREAD_BPT
break on thread start/exit
var DOPT_THREAD_MSGS
log thread starts/exits
var DSTATE_NOTASK
no process is currently debugged
var DSTATE_RUN
process is running
var DSTATE_SUSP
process is suspended and will not continue
var EXCDLG_ALWAYS
always display
var EXCDLG_NEVER
never display exception dialogs
var EXCDLG_UNKNOWN
display for unknown exceptions
var FT_LOG_RET
specific options for function tracing (see 'set_func_trace_options()' )
function tracing will log returning instructions
var IT_LOG_SAME_IP
specific options for instruction tracing (see 'set_insn_trace_options()' )
instruction tracing will log new instructions even when IP doesn't change
var MOVBPT_BAD_TYPE
MOVBPT_BAD_TYPE = 3
var MOVBPT_DEST_BUSY
MOVBPT_DEST_BUSY = 2
var MOVBPT_NOT_FOUND
MOVBPT_NOT_FOUND = 1
var MOVBPT_OK
MOVBPT_OK = 0
var SAVE_ALL_VALUES
SAVE_ALL_VALUES = 0
var SAVE_DIFF
SAVE_DIFF = 1
var SAVE_NONE
SAVE_NONE = 2
var SRCDBG_PROV_VERSION
SRCDBG_PROV_VERSION = 4
var SRCIT_EXPR
SRCIT_EXPR = 4
var SRCIT_FUNC
SRCIT_FUNC = 2
var SRCIT_LOCVAR
SRCIT_LOCVAR = 6
var SRCIT_MODULE
SRCIT_MODULE = 1
var SRCIT_NONE
SRCIT_NONE = 0
var SRCIT_STMT
SRCIT_STMT = 3
var SRCIT_STTVAR
SRCIT_STTVAR = 5
var ST_ALREADY_LOGGED
step tracing will be disabled when IP is already logged
var ST_DIFFERENTIAL
tracing: log only new instructions (not previously logged)
var ST_OPTIONS_DEFAULT
ST_OPTIONS_DEFAULT = 3
var ST_OPTIONS_MASK
mask of available options, to ensure compatibility with newer IDA versions
var ST_OVER_DEBUG_SEG
step tracing will be disabled when IP is in a debugger segment
var ST_OVER_LIB_FUNC
step tracing will be disabled when IP is in a library function
var ST_SKIP_LOOPS
step tracing will try to skip loops already recorded
var WFNE_ANY
return the first event (even if it doesn't suspend the process)
var WFNE_CONT
continue from the suspended state
var WFNE_NOWAIT
do not wait for any event, immediately return 'DEC_TIMEOUT' (to be used with 'WFNE_CONT' )
var WFNE_SILENT
1: be slient, 0:display modal boxes if necessary
var WFNE_SUSP
wait until the process gets suspended
var WFNE_USEC
timeout is specified in microseconds (minimum non-zero timeout is 40000us)
var dbg_bpt
dbg_bpt = 12
var dbg_bpt_changed
dbg_bpt_changed = 19
var dbg_exception
dbg_exception = 10
var dbg_finished_loading_bpts
dbg_finished_loading_bpts = 21
var dbg_information
dbg_information = 9
var dbg_last
dbg_last = 22
var dbg_library_load
dbg_library_load = 7
var dbg_library_unload
dbg_library_unload = 8
var dbg_null
dbg_null = 0
var dbg_process_attach
dbg_process_attach = 3
var dbg_process_detach
dbg_process_detach = 4
var dbg_process_exit
dbg_process_exit = 2
var dbg_process_start
dbg_process_start = 1
var dbg_request_error
dbg_request_error = 14
var dbg_run_to
dbg_run_to = 17
var dbg_started_loading_bpts
dbg_started_loading_bpts = 20
var dbg_step_into
dbg_step_into = 15
var dbg_step_over
dbg_step_over = 16
var dbg_step_until_ret
dbg_step_until_ret = 18
var dbg_suspend_process
dbg_suspend_process = 11
var dbg_thread_exit
dbg_thread_exit = 6
var dbg_thread_start
dbg_thread_start = 5
var dbg_trace
dbg_trace = 13
var tev_bpt
tev_bpt = 4
var tev_call
tev_call = 2
var tev_event
tev_event = 6
var tev_insn
tev_insn = 1
var tev_max
tev_max = 7
var tev_mem
tev_mem = 5
var tev_none
tev_none = 0
var tev_ret
tev_ret = 3

Functions

def add_bpt(*args) ‑> bool
Add a new breakpoint in the debugged process.
Typefunction - available as request
Notificationfunction)
Only one breakpoint can exist at a given address.
add_bpt(ea, size=0, type=BPT_DEFAULT) -> bool
ea: any address in the process memory space. Depending on the
architecture, hardware breakpoints always be setup at random address. For example, on x86, hardware breakpoints should be aligned depending on their size. Moreover, on the x86 architecture, it is impossible to setup more than 4 hardware breakpoints. (C++: ea_t)
size: size of the breakpoint (irrelevant for software
breakpoints): As for the address, hardware breakpoints can't always be setup with random size. (C++: asize_t)
type: type of the breakpoint ( BPT_SOFT for software
breakpoint) special case BPT_DEFAULT ( BPT_SOFT | BPT_EXEC ): try to add instruction breakpoint of the appropriate type as follows: software bpt if supported, hwbpt otherwise (C++: bpttype_t)
add_bpt(bpt) -> bool
bpt: bpt_t const &
def add_path_mapping(*args) ‑> void
add_path_mapping(src, dst)
src (C++: const char *)
dst (C++: const char *)
def add_virt_module(*args) ‑> bool
add_virt_module(mod) -> bool
mod (C++: const modinfo_t *)
def attach_process(*args) ‑> int
Attach the debugger to a running process.
def bring_debugger_to_front(*args) ‑> void
bring_debugger_to_front()
def check_bpt(*args) ‑> int
Check the breakpoint at the specified address.
check_bpt(ea) -> int
ea (C++: ea_t)
return: one of Breakpoint status codes
def choose_trace_file(*args) ‑> qstring *
Show the choose trace dialog.
def clear_requests_queue(*args) ‑> void
Clear the queue of waiting requests.
TypeSynchronous function
Notificationnone (synchronous function)
If a request is currently running, this one isn't stopped.
def clear_trace(*args) ‑> void
Clear all events in the trace buffer.
Typeavailable as request
Notificationnone (synchronous function)
def collect_stack_trace(*args) ‑> bool
collect_stack_trace(tid, trace) -> bool
tid (C++: thid_t)
trace (C++: call_stack_t *)
def continue_process(*args) ‑> bool
Continue the execution of the process in the debugger.
TypeSynchronous function - available as Request
Notification(synchronous function)
The 'continue_process()' function can be called from a notification handler to force the continuation of the process. In this case the request queue will not be examined, IDA will simply resume execution. Usually it makes sense to call 'request_continue_process()' followed by 'run_requests()' , so that IDA will first start a queued request (if any) and then resume the application.
def create_source_viewer(*args) ‑> source_view_t *
Create a source code view.
create_source_viewer(out_ccv, parent, custview, sf, lines, lnnum, colnum, flags) -> source_view_t *
out_ccv (C++: TWidget **)
parent (C++: TWidget *)
custview (C++: TWidget *)
sf (C++: source_file_ptr)
lines (C++: strvec_t *)
lnnum (C++: int)
colnum (C++: int)
flags (C++: int)
def dbg_add_bpt_tev(*args) ‑> bool
Add a new breakpoint trace element to the current trace.
TypeSynchronous function
Notificationnone (synchronous function)
dbg_add_bpt_tev(tid, ea, bp) -> bool
tid (C++: thid_t)
ea (C++: ea_t)
bp (C++: ea_t)
return: false if the operation failed, true otherwise
def dbg_add_call_tev(*args) ‑> void
Add a new call trace element to the current trace.
TypeSynchronous function
Notificationnone (synchronous function)
dbg_add_call_tev(tid, caller, callee)
tid (C++: thid_t)
caller (C++: ea_t)
callee (C++: ea_t)
def dbg_add_debug_event(*args) ‑> void
Add a new debug event to the current trace.
Typefunction
Notificationnone (synchronous function)
dbg_add_debug_event(event)
event (C++: debug_event_t *)
def dbg_add_insn_tev(*args) ‑> bool
Add a new instruction trace element to the current trace.
TypeSynchronous function
Notificationnone (synchronous function)
dbg_add_insn_tev(tid, ea, save=SAVE_DIFF) -> bool
tid (C++: thid_t)
ea (C++: ea_t)
save (C++: save_reg_values_t)
return: false if the operation failed, true otherwise
def dbg_add_many_tevs(*args) ‑> bool
Add many new trace elements to the current trace.
TypeSynchronous function
Notificationnone (synchronous function)
dbg_add_many_tevs(new_tevs) -> bool
new_tevs (C++: tevinforeg_vec_t *)
return: false if the operation failed for any tev_info_t object
def dbg_add_ret_tev(*args) ‑> void
Add a new return trace element to the current trace.
TypeSynchronous function
Notificationnone (synchronous function)
dbg_add_ret_tev(tid, ret_insn, return_to)
tid (C++: thid_t)
ret_insn (C++: ea_t)
return_to (C++: ea_t)
def dbg_add_tev(*args) ‑> void
Add a new trace element to the current trace.
Typefunction
Notificationnone (synchronous function)
dbg_add_tev(type, tid, address)
type (C++: tev_type_t)
tid (C++: thid_t)
address (C++: ea_t)
def dbg_add_thread(*args) ‑> void
Add a thread to the current trace.
TypeSynchronous function
Notificationnone (synchronous function)
dbg_add_thread(tid)
tid (C++: thid_t)
dbg_bin_search(start_ea, end_ea, data, srch_flags) -> str
start_ea (C++: ea_t)
end_ea (C++: ea_t)
data (C++: const compiled_binpat_vec_t &)
srch_flags (C++: int)
def dbg_can_query(*args) ‑> bool
dbg_can_query() -> bool
This function can be used to check if the debugger can be queried:
  • debugger is loaded
  • process is suspended
  • process is not suspended but can take requests. In this case some requests like
    memory read/write, bpt management succeed and register querying will fail. Check if idaapi.get_process_state() < 0 to tell if the process is suspended
return: Boolean
def dbg_del_thread(*args) ‑> void
Delete a thread from the current trace.
Typefunction
Notificationnone (synchronous function)
dbg_del_thread(tid)
tid (C++: thid_t)
def dbg_is_loaded(*args) ‑> bool
dbg_is_loaded() -> bool
Checks if a debugger is loaded
return: Boolean
def define_exception(*args) ‑> char const *
Convenience function: define new exception code.
define_exception(code, name, desc, flags) -> char const *
code: exception code (cannot be 0) (C++: uint)
name: exception name (cannot be empty or NULL) (C++: const char
*)
desc: exception description (maybe NULL) (C++: const char *)
flags: combination of Exception info flags (C++: int)
return: failure message or NULL. You must call store_exceptions()
if this function succeeds
def del_bpt(*args) ‑> bool
Delete an existing breakpoint in the debugged process.
TypeSynchronous function - available as request
Notification(synchronous function)
del_bpt(ea) -> bool
ea: any address in the breakpoint range (C++: ea_t)
del_bpt(bptloc) -> bool
bptloc: bpt_location_t const &
def del_bptgrp(*args) ‑> bool
del_bptgrp(name) -> bool
name (C++: const char *)
def del_virt_module(*args) ‑> bool
del_virt_module(base) -> bool
base (C++: const ea_t)
def detach_process(*args) ‑> bool
Detach the debugger from the debugged process.
Typefunction - available as Request
Notification'dbg_process_detach'
def diff_trace_file(*args) ‑> bool
Show difference between the current trace and the one from 'filename'.
diff_trace_file(filename) -> bool
filename (C++: const char *)
def disable_bblk_trace(*args) ‑> bool
disable_bblk_trace() -> bool
def disable_bpt(*args) ‑> bool
disable_bpt(ea) -> bool
ea (C++: ea_t)
disable_bpt(bptloc) -> bool
bptloc: bpt_location_t const &
def disable_func_trace(*args) ‑> bool
disable_func_trace() -> bool
def disable_insn_trace(*args) ‑> bool
disable_insn_trace() -> bool
def disable_step_trace(*args) ‑> bool
disable_step_trace() -> bool
def edit_manual_regions(*args) ‑> void
edit_manual_regions()
def enable_bblk_trace(*args) ‑> bool
enable_bblk_trace(enable=True) -> bool
enable (C++: bool)
def enable_bpt(*args) ‑> bool
enable_bpt(ea, enable=True) -> bool
ea (C++: ea_t)
enable (C++: bool)
enable_bpt(bptloc, enable=True) -> bool
bptloc: bpt_location_t const &
enable (C++: bool)
def enable_func_trace(*args) ‑> bool
enable_func_trace(enable=True) -> bool
enable (C++: bool)
def enable_insn_trace(*args) ‑> bool
enable_insn_trace(enable=True) -> bool
enable (C++: bool)
def enable_manual_regions(*args) ‑> void
enable_manual_regions(enable)
enable (C++: bool)
def enable_step_trace(*args) ‑> bool
enable_step_trace(enable=1) -> bool
enable (C++: int)
def exist_bpt(*args) ‑> bool
Does a breakpoint exist at the given location?
exist_bpt(ea) -> bool
ea (C++: ea_t)
def exit_process(*args) ‑> bool
Terminate the debugging of the current process.
Typefunction - available as Request
Notification'dbg_process_exit'
def find_bpt(*args) ‑> bool
Find a breakpoint by location.
Typeavailable as request
Notificationnone (synchronous function)
find_bpt(bptloc, bpt) -> bool
bptloc: Breakpoint location (C++: const bpt_location_t &)
bpt: bpt is filled if the breakpoint was found (C++: bpt_t *)
def get_bblk_trace_options(*args) ‑> int
Get current basic block tracing options. Also see 'BT_LOG_INSTS'
TypeSynchronous function
Notificationfunction)
def get_bpt(*args) ‑> bool
Get the characteristics of a breakpoint.
Typefunction
Notificationnone (synchronous function)
get_bpt(ea, bpt) -> bool
ea: any address in the breakpoint range (C++: ea_t)
bpt: if not NULL, is filled with the characteristics. (C++:
bpt_t *)
return: false if no breakpoint exists
def get_bpt_group(*args) ‑> qstring *
get_bpt_group(bptloc) -> str
bptloc (C++: const bpt_location_t &)
def get_bpt_qty(*args) ‑> int
Get number of breakpoints.
TypeSynchronous function
Notificationnone (synchronous function)
def get_bpt_tev_ea(*args) ‑> ea_t
Get the address associated to a read, read/write or execution trace event.
TypeSynchronous function
Notificationfunction)
Usually, a breakpoint is associated with a read, read/write or execution trace event. However, the returned address could be any address in the range of this breakpoint. If the breakpoint was deleted after the trace event, the address no longer corresponds to a valid breakpoint.
get_bpt_tev_ea(n) -> ea_t
n: number of trace event, is in range 0.. get_tev_qty() -1. 0
represents the latest added trace event. (C++: int)
return: BADADDR if not a read, read/write or execution trace event.
def get_bptloc_string(*args) ‑> char const *
Helper function for 'bpt_location_t' .
get_bptloc_string(i) -> char const *
i (C++: int)
def get_call_tev_callee(*args) ‑> ea_t
Get the called function from a function call trace event.
TypeSynchronous function
Notificationnone (synchronous function)
get_call_tev_callee(n) -> ea_t
n: number of trace event, is in range 0.. get_tev_qty() -1. 0
represents the latest added trace event. (C++: int)
return: BADADDR if not a function call event.
def get_current_source_file(*args) ‑> qstring *
get_current_source_file() -> str
def get_current_source_line(*args) ‑> int
get_current_source_line() -> int
def get_current_thread(*args) ‑> thid_t
Get current thread ID.
TypeSynchronous function
Notificationnone (synchronous function)
def get_dbg_byte(*args) ‑> bool
Get one byte of the debugged process memory.
get_dbg_byte(x, ea) -> bool
x: pointer to byte value (C++: uint32 *)
ea: linear address (C++: ea_t)
return: true success
def get_dbg_memory_info(*args) ‑> int
get_dbg_memory_info(ranges) -> int
ranges (C++: meminfo_vec_t *)
def get_dbg_reg_info(*args) ‑> bool
Get register information
TypeSynchronous function
Notificationnone (synchronous function)
get_dbg_reg_info(regname, ri) -> bool
regname (C++: const char *)
ri (C++: register_info_t *)
def get_debug_event(*args) ‑> debug_event_t const *
Get the current debugger event.
def get_debugger_event_cond(*args) ‑> char const *
get_debugger_event_cond() -> char const *
def get_first_module(*args) ‑> bool
get_first_module(modinfo) -> bool
modinfo (C++: modinfo_t *)
def get_func_trace_options(*args) ‑> int
Get current function tracing options. Also see 'FT_LOG_RET'
TypeSynchronous function
Notificationnone (synchronous function)
def get_global_var(*args) ‑> bool
get_global_var(prov, ea, name, out) -> bool
prov (C++: srcinfo_provider_t *)
ea (C++: ea_t)
name (C++: const char *)
out (C++: source_item_ptr *)
def get_grp_bpts(*args) ‑> ssize_t
get_grp_bpts(bpts, grp_name) -> ssize_t
bpts (C++: bpt_vec_t *)
grp_name (C++: const char *)
def get_insn_tev_reg_mem(*args) ‑> bool
Read the memory pointed by register values from an instruction trace event.
TypeSynchronous function
Notificationfunction)
get_insn_tev_reg_mem(n, memmap) -> bool
n: number of trace event, is in range 0.. get_tev_qty() -1. 0
represents the latest added trace event. (C++: int)
memmap: result (C++: memreg_infos_t *)
return: false if not an instruction event or no memory is available
def get_insn_tev_reg_result(*args) ‑> bool
Read the resulting register value from an instruction trace event.
TypeSynchronous function
Notificationfunction)
get_insn_tev_reg_result(n, regname, regval) -> bool
n: number of trace event, is in range 0.. get_tev_qty() -1. 0
represents the latest added trace event. (C++: int)
regname: name of desired register (C++: const char *)
regval: result (C++: regval_t *)
return: false if not an instruction trace event or register wasn't
modified.
def get_insn_tev_reg_val(*args) ‑> bool
Read a register value from an instruction trace event.
TypeSynchronous function
Notificationnone (synchronous function)
This is the value of the register before the execution of the instruction.
get_insn_tev_reg_val(n, regname, regval) -> bool
n: number of trace event, is in range 0.. get_tev_qty() -1. 0
represents the latest added trace event. (C++: int)
regname: name of desired register (C++: const char *)
regval: result (C++: regval_t *)
return: false if not an instruction event.
def get_insn_trace_options(*args) ‑> int
Get current instruction tracing options. Also see 'IT_LOG_SAME_IP'
TypeSynchronous function
Notificationfunction)
def get_ip_val(*args) ‑> uint32 *
Get value of the IP (program counter) register for the current thread. Requires a suspended debugger.
def get_local_var(*args) ‑> bool
get_local_var(prov, ea, name, out) -> bool
prov (C++: srcinfo_provider_t *)
ea (C++: ea_t)
name (C++: const char *)
out (C++: source_item_ptr *)
def get_local_vars(*args) ‑> bool
get_local_vars(prov, ea, out) -> bool
prov (C++: srcinfo_provider_t *)
ea (C++: ea_t)
out (C++: source_items_t *)
def get_manual_regions(*args) ‑> PyObject *
get_manual_regions(ranges)
Returns the manual memory regions
return: list(start_ea, end_ea, name, sclass, sbase, bitness, perm)
def get_module_info(*args) ‑> bool
get_module_info(ea, modinfo) -> bool
ea (C++: ea_t)
modinfo (C++: modinfo_t *)
def get_next_module(*args) ‑> bool
get_next_module(modinfo) -> bool
modinfo (C++: modinfo_t *)
def get_process_options(*args) ‑> qstring *, qstring *, qstring *, qstring *, qstring *, int *
Get process options. Any of the arguments may be NULL
def get_process_state(*args) ‑> int
Return the state of the currently debugged process.
TypeSynchronous function
Notificationnone (synchronous function)
def get_processes(*args) ‑> ssize_t
Take a snapshot of running processes and return their description.
TypeSynchronous function
Notificationfunction)
get_processes(proclist) -> ssize_t
proclist (C++: procinfo_vec_t *)
return: number of processes or -1 on error
def get_reg_val(*args) ‑> PyObject *
Read a register value from the current thread.
Typefunction
Notificationnone (synchronous function)
get_reg_val(regname, regval) -> bool
regname (C++: const char *)
regval (C++: regval_t *)
get_reg_val(regname, ival) -> bool
regname (C++: const char *) ival: uint64 *
get_reg_val(regname) -> PyObject *
regname (C++: const char *)
def get_reg_vals(*args) ‑> int
get_reg_vals(tid, clsmask, values) -> int
tid (C++: thid_t)
clsmask (C++: int)
values (C++: regval_t *)
def get_ret_tev_return(*args) ‑> ea_t
Get the return address from a function return trace event.
TypeSynchronous function
Notificationnone (synchronous function)
get_ret_tev_return(n) -> ea_t
n: number of trace event, is in range 0.. get_tev_qty() -1. 0
represents the latest added trace event. (C++: int)
return: BADADDR if not a function return event.
def get_running_notification(*args) ‑> dbg_notification_t
Get the notification associated (if any) with the current running request.
TypeSynchronous function
Notification(synchronous function)
def get_running_request(*args) ‑> ui_notification_t
Get the current running request.
TypeSynchronous function
Notificationnone (synchronous function)
def get_sp_val(*args) ‑> uint32 *
Get value of the SP register for the current thread. Requires a suspended debugger.
def get_srcinfo_provider(*args) ‑> srcinfo_provider_t *
get_srcinfo_provider(name) -> srcinfo_provider_t *
name (C++: const char *)
def get_step_trace_options(*args) ‑> int
Get current step tracing options.
TypeSynchronous function
Notificationnone (synchronous function)
def get_tev_ea(*args) ‑> ea_t
get_tev_ea(n) -> ea_t
n (C++: int)
def get_tev_event(*args) ‑> bool
Get the corresponding debug event, if any, for the specified tev object.
TypeSynchronous function
Notification(synchronous function)
get_tev_event(n, d) -> bool
n: number of trace event, is in range 0.. get_tev_qty() -1. 0
represents the latest added trace event. (C++: int)
d: result (C++: debug_event_t *)
return: false if the tev_t object doesn't have any associated debug
event, true otherwise, with the debug event in "d".
def get_tev_info(*args) ‑> bool
Get main information about a trace event.
Typefunction
Notificationnone (synchronous function)
get_tev_info(n, tev_info) -> bool
n: number of trace event, is in range 0.. get_tev_qty() -1. 0
represents the latest added trace event. (C++: int)
tev_info: result (C++: tev_info_t *)
return: success
def get_tev_memory_info(*args) ‑> bool
Get the memory layout, if any, for the specified tev object.
TypeSynchronous function
Notificationnone (synchronous function)
get_tev_memory_info(n, mi) -> bool
n: number of trace event, is in range 0.. get_tev_qty() -1. 0
represents the latest added trace event. (C++: int)
mi: result (C++: meminfo_vec_t *)
return: false if the tev_t object is not of type tev_mem , true
otherwise, with the new memory layout in "mi".
def get_tev_qty(*args) ‑> int
Get number of trace events available in trace buffer.
TypeSynchronous function
Notificationnone (synchronous function)
def get_tev_reg_mem(tev, idx)
def get_tev_reg_mem_ea(tev, idx)
def get_tev_reg_mem_qty(tev)
def get_tev_reg_val(tev, reg)
def get_tev_tid(*args) ‑> int
get_tev_tid(n) -> int
n (C++: int)
def get_tev_type(*args) ‑> int
get_tev_type(n) -> int
n (C++: int)
def get_thread_qty(*args) ‑> int
Get number of threads.
TypeSynchronous function
Notificationnone (synchronous function)
def get_trace_base_address(*args) ‑> ea_t
Get the base address of the current trace.
Typefunction
Notificationnone (synchronous function)
def get_trace_dynamic_register_set(*args) ‑> void
Get dynamic register set of current trace.
get_trace_dynamic_register_set(idaregs)
idaregs (C++: dynamic_register_set_t *)
def get_trace_file_desc(*args) ‑> qstring *
Get the file header of the specified trace file.
get_trace_file_desc(filename) -> str
filename (C++: const char *)
def get_trace_platform(*args) ‑> char const *
Get platform name of current trace.
def getn_bpt(*args) ‑> bool
Get the characteristics of a breakpoint.
Typefunction
Notificationnone (synchronous function)
getn_bpt(n, bpt) -> bool
n: number of breakpoint, is in range 0.. get_bpt_qty() -1 (C++:
int)
bpt: filled with the characteristics. (C++: bpt_t *)
return: false if no breakpoint exists
def getn_thread(*args) ‑> thid_t
Get the ID of a thread.
TypeSynchronous function
Notificationnone (synchronous function)
getn_thread(n) -> thid_t
n: number of thread, is in range 0.. get_thread_qty() -1 (C++:
int)
return: NO_THREAD if the thread doesn't exist.
def getn_thread_name(*args) ‑> char const *
Get the NAME of a thread
TypeSynchronous function
Notificationnone (synchronous function)
getn_thread_name(n) -> char const *
n: number of thread, is in range 0.. get_thread_qty() -1 or -1
for the current thread (C++: int)
return: thread name or NULL if the thread doesn't exist.
def graph_trace(*args) ‑> bool
Show the trace callgraph.
def handle_debug_event(*args) ‑> int
handle_debug_event(ev, rqflags) -> int
ev (C++: const debug_event_t *)
rqflags (C++: int)
def hide_all_bpts(*args) ‑> int
hide_all_bpts() -> int
def internal_get_sreg_base(*args) ‑> ea_t
internal_get_sreg_base(tid, sreg_value) -> ea_t
Get the sreg base, for the given thread.
return: The sreg base, or BADADDR on failure.
def internal_ioctl(*args) ‑> int
internal_ioctl(fn, buf, poutbuf, poutsize) -> int
fn (C++: int)
buf (C++: const void *)
poutbuf (C++: void **)
poutsize (C++: ssize_t *)
def invalidate_dbg_state(*args) ‑> int
Invalidate cached debugger information.
Typefunction
Notificationnone (synchronous function)
invalidate_dbg_state(dbginv) -> int
dbginv: Debugged process invalidation options (C++: int)
return: current debugger state (one of Debugged process states )
def invalidate_dbgmem_config(*args) ‑> void
Invalidate the debugged process memory configuration. Call this function if the debugged process might have changed its memory layout (allocated more memory, for example)
def invalidate_dbgmem_contents(*args) ‑> void
Invalidate the debugged process memory contents. Call this function each time the process has been stopped or the process memory is modified. If ea == 'BADADDR' , then the whole memory contents will be invalidated
invalidate_dbgmem_contents(ea, size)
ea (C++: ea_t)
size (C++: asize_t)
def is_bblk_trace_enabled(*args) ‑> bool
is_bblk_trace_enabled() -> bool
def is_debugger_busy(*args) ‑> bool
Is the debugger busy?. Some debuggers do not accept any commands while the debugged application is running. For such a debugger, it is unsafe to do anything with the database (even simple queries like get_byte may lead to undesired consequences). Returns: true if the debugged application is running under such a debugger
def is_debugger_memory(*args) ‑> bool
Is the address mapped to debugger memory?
is_debugger_memory(ea) -> bool
ea (C++: ea_t)
def is_debugger_on(*args) ‑> bool
Is the debugger currently running?
def is_func_trace_enabled(*args) ‑> bool
Get current state of functions tracing.
Typefunction
Notificationnone (synchronous function)
def is_insn_trace_enabled(*args) ‑> bool
Get current state of instruction tracing.
Typefunction
Notificationnone (synchronous function)
def is_reg_custom(*args) ‑> bool
Does a register contain a value of a custom data type?
TypeSynchronous function
Notificationnone (synchronous function)
is_reg_custom(regname) -> bool
regname (C++: const char *)
def is_reg_float(*args) ‑> bool
Does a register contain a floating point value?
Typefunction
Notificationnone (synchronous function)
is_reg_float(regname) -> bool
regname (C++: const char *)
def is_reg_integer(*args) ‑> bool
Does a register contain an integer value?
Typefunction
Notificationnone (synchronous function)
is_reg_integer(regname) -> bool
regname (C++: const char *)
def is_request_running(*args) ‑> bool
Is a request currently running?
def is_step_trace_enabled(*args) ‑> bool
Get current state of step tracing.
TypeSynchronous function
Notificationnone (synchronous function)
def is_valid_trace_file(*args) ‑> bool
Is the specified file a valid trace file for the current database?
is_valid_trace_file(filename) -> bool
filename (C++: const char *)
def list_bptgrps(*args) ‑> PyObject *
list_bptgrps(bptgrps) -> size_t
bptgrps (C++: qstrvec_t *)
def load_debugger(*args) ‑> bool
load_debugger(dbgname, use_remote) -> bool
dbgname (C++: const char *)
use_remote (C++: bool)
def load_trace_file(*args) ‑> qstring *
Load a recorded trace file in the 'Tracing' window. If the call succeeds and 'buf' is not null, the description of the trace stored in the binary trace file will be returned in 'buf'
load_trace_file(filename) -> str
filename (C++: const char *)
def move_bpt_to_grp(*args) ‑> void
move_bpt_to_grp(bpt, grp_name)
Sets new group for the breakpoint
def put_dbg_byte(*args) ‑> bool
Change one byte of the debugged process memory.
put_dbg_byte(ea, x) -> bool
ea: linear address (C++: ea_t)
x: byte value (C++: uint32)
return: true if the process memory has been modified
def read_dbg_memory(*args) ‑> ssize_t
read_dbg_memory(ea, buffer, size) -> ssize_t
ea (C++: ea_t)
buffer (C++: void *)
size (C++: size_t)
def refresh_debugger_memory(*args) ‑> PyObject *
refresh_debugger_memory() -> PyObject *
Refreshes the debugger memory
return: Nothing
def rename_bptgrp(*args) ‑> bool
rename_bptgrp(old_name, new_name) -> bool
old_name (C++: const char *)
new_name (C++: const char *)
def request_add_bpt(*args) ‑> bool
Post an 'add_bpt(ea_t, asize_t, bpttype_t)' request.
request_add_bpt(ea, size=0, type=BPT_DEFAULT) -> bool
ea (C++: ea_t)
size (C++: asize_t)
type (C++: bpttype_t)
request_add_bpt(bpt) -> bool
bpt: bpt_t const &
def request_attach_process(*args) ‑> int
Post an 'attach_process()' request.
request_attach_process(pid, event_id) -> int
pid (C++: pid_t)
event_id (C++: int)
def request_clear_trace(*args) ‑> void
Post a 'clear_trace()' request.
def request_continue_process(*args) ‑> bool
Post a 'continue_process()' request.This requires an explicit call to 'run_requests()'
def request_del_bpt(*args) ‑> bool
Post a 'del_bpt(ea_t)' request.
request_del_bpt(ea) -> bool
ea (C++: ea_t)
request_del_bpt(bptloc) -> bool
bptloc: bpt_location_t const &
def request_detach_process(*args) ‑> bool
Post a 'detach_process()' request.
def request_disable_bblk_trace(*args) ‑> bool
request_disable_bblk_trace() -> bool
def request_disable_bpt(*args) ‑> bool
request_disable_bpt(ea) -> bool
ea (C++: ea_t)
request_disable_bpt(bptloc) -> bool
bptloc: bpt_location_t const &
def request_disable_func_trace(*args) ‑> bool
request_disable_func_trace() -> bool
def request_disable_insn_trace(*args) ‑> bool
request_disable_insn_trace() -> bool
def request_disable_step_trace(*args) ‑> bool
request_disable_step_trace() -> bool
def request_enable_bblk_trace(*args) ‑> bool
request_enable_bblk_trace(enable=True) -> bool
enable (C++: bool)
def request_enable_bpt(*args) ‑> bool
request_enable_bpt(ea, enable=True) -> bool
ea (C++: ea_t)
enable (C++: bool)
request_enable_bpt(bptloc, enable=True) -> bool
bptloc: bpt_location_t const &
enable (C++: bool)
def request_enable_func_trace(*args) ‑> bool
request_enable_func_trace(enable=True) -> bool
enable (C++: bool)
def request_enable_insn_trace(*args) ‑> bool
request_enable_insn_trace(enable=True) -> bool
enable (C++: bool)
def request_enable_step_trace(*args) ‑> bool
request_enable_step_trace(enable=1) -> bool
enable (C++: int)
def request_exit_process(*args) ‑> bool
Post an 'exit_process()' request.
def request_resume_thread(*args) ‑> int
Post a 'resume_thread()' request.
request_resume_thread(tid) -> int
tid (C++: thid_t)
def request_run_to(*args) ‑> bool
Post a 'run_to()' request.
request_run_to(ea, pid=pid_t(-1), tid=0) -> bool
ea (C++: ea_t)
pid (C++: pid_t)
tid (C++: thid_t)
def request_select_thread(*args) ‑> bool
Post a 'select_thread()' request.
request_select_thread(tid) -> bool
tid (C++: thid_t)
def request_set_bblk_trace_options(*args) ‑> void
Post a 'set_bblk_trace_options()' request.
request_set_bblk_trace_options(options)
options (C++: int)
def request_set_func_trace_options(*args) ‑> void
Post a 'set_func_trace_options()' request.
request_set_func_trace_options(options)
options (C++: int)
def request_set_insn_trace_options(*args) ‑> void
Post a 'set_insn_trace_options()' request.
request_set_insn_trace_options(options)
options (C++: int)
def request_set_reg_val(*args) ‑> PyObject *
Post a 'set_reg_val()' request.
request_set_reg_val(regname, o) -> PyObject *
regname (C++: const char *) o: PyObject *
def request_set_resume_mode(*args) ‑> bool
Post a 'set_resume_mode()' request.
request_set_resume_mode(tid, mode) -> bool
tid (C++: thid_t)
mode (C++: resume_mode_t)
def request_set_step_trace_options(*args) ‑> void
Post a 'set_step_trace_options()' request.
request_set_step_trace_options(options)
options (C++: int)
def request_start_process(*args) ‑> int
Post a 'start_process()' request.
request_start_process(path=None, args=None, sdir=None) -> int
path (C++: const char *)
args (C++: const char *)
sdir (C++: const char *)
def request_step_into(*args) ‑> bool
Post a 'step_into()' request.
def request_step_over(*args) ‑> bool
Post a 'step_over()' request.
def request_step_until_ret(*args) ‑> bool
Post a 'step_until_ret()' request.
def request_suspend_process(*args) ‑> bool
Post a 'suspend_process()' request.
def request_suspend_thread(*args) ‑> int
Post a 'suspend_thread()' request.
request_suspend_thread(tid) -> int
tid (C++: thid_t)
def resume_thread(*args) ‑> int
Resume thread.
TypeSynchronous function - available as request
Notificationnone (synchronous function)
resume_thread(tid) -> int
tid: thread id (C++: thid_t)
retval: -1 - network error
retval: 0 - failed
retval: 1 - ok
def retrieve_exceptions(*args) ‑> excvec_t *
Retrieve the exception information. You may freely modify the returned vector and add/edit/delete exceptions You must call 'store_exceptions()' after any modifications Note: exceptions with code zero, multiple exception codes or names are prohibited
def run_requests(*args) ‑> bool
Execute requests until all requests are processed or an asynchronous function is called.
TypeSynchronous function
Notification(synchronous function)
If called from a notification handler, the execution of requests will be postponed to the end of the execution of all notification handlers.
def run_to(*args) ‑> bool
Execute the process until the given address is reached. If no process is active, a new process is started. Technically, the debugger sets up a temporary breakpoint at the given address, and continues (or starts) the execution of the whole process. So, all threads continue their execution!
TypeAsynchronous function - available as Request
Notification'dbg_run_to'
run_to(ea, pid=pid_t(-1), tid=0) -> bool
ea: target address (C++: ea_t)
pid: not used yet. please do not specify this parameter. (C++:
pid_t)
tid: not used yet. please do not specify this parameter. (C++:
thid_t)
def save_trace_file(*args) ‑> bool
Save the current trace in the specified file.
save_trace_file(filename, description) -> bool
filename (C++: const char *)
description (C++: const char *)
def select_thread(*args) ‑> bool
Select the given thread as the current debugged thread. All thread related execution functions will work on this thread. The process must be suspended to select a new thread.
Typeavailable as request
Notificationnone (synchronous function)
select_thread(tid) -> bool
tid: ID of the thread to select (C++: thid_t)
return: false if the thread doesn't exist.
def send_dbg_command(command)
Send a direct command to the debugger backend, and retrieve the result as a string.
Note: any double-quotes in 'command' must be backslash-escaped. Note: this only works with some debugger backends: Bochs, WinDbg, GDB.
Returns: (True, <result string>) on success, or (False, <Error message string>) on failure
def set_bblk_trace_options(*args) ‑> void
Modify basic block tracing options (see 'BT_LOG_INSTS' )
set_bblk_trace_options(options)
options (C++: int)
def set_bpt_group(*args) ‑> void
set_bpt_group(bpt, grp_name)
bpt (C++: bpt_t &)
grp_name (C++: const char *)
def set_bptloc_group(*args) ‑> bool
set_bptloc_group(bptloc, grp_name) -> bool
bptloc (C++: const bpt_location_t &)
grp_name (C++: const char *)
def set_bptloc_string(*args) ‑> int
Helper function for 'bpt_location_t' .
set_bptloc_string(s) -> int
s (C++: const char *)
def set_debugger_event_cond(*args) ‑> void
set_debugger_event_cond(evcond)
evcond (C++: const char *)
def set_debugger_options(*args) ‑> uint
Set debugger options. Replaces debugger options with the specification combination 'Debugger options'
set_debugger_options(options) -> uint
options (C++: uint)
return: the old debugger options
def set_func_trace_options(*args) ‑> void
Modify function tracing options.
Typeavailable as request
Notificationnone (synchronous function)
set_func_trace_options(options)
options (C++: int)
def set_highlight_trace_options(*args) ‑> void
Set highlight trace parameters.
set_highlight_trace_options(hilight, color, diff)
hilight (C++: bool)
color (C++: bgcolor_t)
diff (C++: bgcolor_t)
def set_insn_trace_options(*args) ‑> void
Modify instruction tracing options.
Typeavailable as request
Notificationnone (synchronous function)
set_insn_trace_options(options)
options (C++: int)
def set_manual_regions(*args) ‑> void
set_manual_regions(ranges)
ranges (C++: const meminfo_vec_t *)
def set_process_options(*args) ‑> void
Set process options. Any of the arguments may be NULL, which means 'do not modify'
set_process_options(path, args, sdir, host, _pass, port)
path (C++: const char *)
args (C++: const char *)
sdir (C++: const char *)
host (C++: const char *) pass: char const *
port (C++: int)
def set_process_state(*args) ‑> int
Set new state for the debugged process. Notifies the IDA kernel about the change of the debugged process state. For example, a debugger module could call this function when it knows that the process is suspended for a short period of time. Some IDA API calls can be made only when the process is suspended. The process state is usually restored before returning control to the caller. You must know that it is ok to change the process state, doing it at arbitrary moments may crash the application or IDA.
TypeSynchronous function
Notificationnone (synchronous function)
set_process_state(newstate, p_thid, dbginv) -> int
newstate: new process state (one of Debugged process states )
if DSTATE_NOTASK is passed then the state is not changed (C++: int)
p_thid: ptr to new thread id. may be NULL or pointer to
NO_THREAD . the pointed variable will contain the old thread id upon return (C++: thid_t *)
dbginv: Debugged process invalidation options (C++: int)
return: old debugger state (one of Debugged process states )
def set_reg_val(*args) ‑> PyObject *
Write a register value to the current thread.
Typefunction - available as Request
Notificationfunction)
set_reg_val(regname, o) -> PyObject
regname (C++: const char *) o: PyObject *
set_reg_val(tid, regidx, o) -> PyObject *
tid: thid_t regidx: int o: PyObject *
def set_remote_debugger(*args) ‑> void
Set remote debugging options. Should be used before starting the debugger.
set_remote_debugger(host, _pass, port=-1)
host: If empty, IDA will use local debugger. If NULL, the host
will not be set. (C++: const char *)
pass: char const *
port: If -1, the default port number will be used (C++: int)
def set_resume_mode(*args) ‑> bool
How to resume the application. Set resume mode but do not resume process.
set_resume_mode(tid, mode) -> bool
tid (C++: thid_t)
mode (C++: resume_mode_t)
def set_step_trace_options(*args) ‑> void
Modify step tracing options.
Typeavailable as request
Notificationnone (synchronous function)
set_step_trace_options(options)
options (C++: int)
def set_trace_base_address(*args) ‑> void
Set the base address of the current trace.
Typefunction
Notificationnone (synchronous function)
set_trace_base_address(ea)
ea (C++: ea_t)
def set_trace_dynamic_register_set(*args) ‑> void
Set dynamic register set of current trace.
set_trace_dynamic_register_set(idaregs)
idaregs (C++: dynamic_register_set_t &)
def set_trace_file_desc(*args) ‑> bool
Change the description of the specified trace file.
set_trace_file_desc(filename, description) -> bool
filename (C++: const char *)
description (C++: const char *)
def set_trace_platform(*args) ‑> void
Set platform name of current trace.
set_trace_platform(platform)
platform (C++: const char *)
def set_trace_size(*args) ‑> bool
Specify the new size of the circular buffer.
Typefunction
Notificationnone (synchronous function)
If you specify 0, all available memory can be quickly used !!!
set_trace_size(size) -> bool
size: if 0, buffer isn't circular and events are never removed.
If the new size is smaller than the existing number of trace events, a corresponding number of trace events are removed. (C++: int)
def srcdbg_request_step_into(*args) ‑> bool
srcdbg_request_step_into() -> bool
def srcdbg_request_step_over(*args) ‑> bool
srcdbg_request_step_over() -> bool
def srcdbg_request_step_until_ret(*args) ‑> bool
srcdbg_request_step_until_ret() -> bool
def srcdbg_step_into(*args) ‑> bool
srcdbg_step_into() -> bool
def srcdbg_step_over(*args) ‑> bool
srcdbg_step_over() -> bool
def srcdbg_step_until_ret(*args) ‑> bool
srcdbg_step_until_ret() -> bool
def start_process(*args) ‑> int
Start a process in the debugger.
Typeavailable as Request
Notification'dbg_process_start'
You can also use the 'run_to()' function to easily start the execution of a process until a given address is reached.For all parameters, a NULL value indicates the debugger will take the value from the defined Process Options.
start_process(path=None, args=None, sdir=None) -> int
path: path to the executable to start (C++: const char *)
args: arguments to pass to process (C++: const char *)
sdir: starting directory for the process (C++: const char *)
retval: -1 - impossible to create the process
retval: 0 - the starting of the process was cancelled by the user
retval: 1 - the process was properly started
def step_into(*args) ‑> bool
Execute one instruction in the current thread. Other threads are kept suspended.
TypeAsynchronous function - available as Request
Notification'dbg_step_into'
def step_over(*args) ‑> bool
Execute one instruction in the current thread, but without entering into functions. Others threads keep suspended.
Typefunction - available as Request
Notification'dbg_step_over'
def step_until_ret(*args) ‑> bool
Execute instructions in the current thread until a function return instruction is executed (aka "step out"). Other threads are kept suspended.
TypeAsynchronous function - available as Request
Notification'dbg_step_until_ret'
def store_exceptions(*args) ‑> bool
Update the exception information stored in the debugger module by invoking its dbg->set_exception_info callback
def suspend_process(*args) ‑> bool
Suspend the process in the debugger.
Typeelse)available as Request
Notificationhandler) 'dbg_suspend_process' (everywhere else)
The 'suspend_process()' function can be called from a notification handler to force the stopping of the process. In this case, no notification will be generated. When you suspend a process, the running command is always aborted.
def suspend_thread(*args) ‑> int
Suspend thread. Suspending a thread may deadlock the whole application if the suspended was owning some synchronization objects.
TypeSynchronous function - available as request
Notification(synchronous function)
suspend_thread(tid) -> int
tid: thread id (C++: thid_t)
retval: -1 - network error
retval: 0 - failed
retval: 1 - ok
def update_bpt(*args) ‑> bool
Update modifiable characteristics of an existing breakpoint. To update the breakpoint location, use 'change_bptlocs()'
Typefunction
Notificationnone (synchronous function)
Only the following fields can be modified: 'bpt_t::cndbody' 'bpt_t::pass_count' 'bpt_t::flags' 'bpt_t::size' 'bpt_t::type' Changing some properties will require removing and then re-adding the breakpoint to the process memory (or the debugger backend), which can lead to race conditions (i.e., breakpoint(s) can be missed) in case the process is not suspended. Here are a list of scenarios that will require the breakpoint to be removed & then re-added: 'bpt_t::size' is modified 'bpt_t::type' is modified 'bpt_t::flags' 's BPT_ENABLED is modified 'bpt_t::flags' 's BPT_LOWCND is changed 'bpt_t::flags' 's BPT_LOWCND remains set, but cndbody changed
update_bpt(bpt) -> bool
bpt (C++: const bpt_t *)
def wait_for_next_event(*args) ‑> dbg_event_code_t
Wait for the next event.This function (optionally) resumes the process execution, and waits for a debugger event until a possible timeout occurs.
wait_for_next_event(wfne, timeout) -> dbg_event_code_t
wfne: combination of Wait for debugger event flags constants
(C++: int)
timeout: number of seconds to wait, -1-infinity (C++: int)
return: either an event_id_t (if > 0), or a dbg_event_code_t (if <=
0)
def write_dbg_memory(*args) ‑> ssize_t
write_dbg_memory(ea, py_buf, size=size_t(-1)) -> ssize_t
ea (C++: ea_t) py_buf: PyObject *
size (C++: size_t)

Classes

class DBG_Hooks (*args)
Proxy of C++ DBG_Hooks class.
__init__(self, _flags=0) -> DBG_Hooks
_flags: uint32

Methods

def dbg_bpt(self, *args) ‑> int
A user defined breakpoint was reached.
dbg_bpt(self, tid, bptea) -> int
tid (C++: thid_t)
bptea (C++: ea_t)
def dbg_bpt_changed(self, *args) ‑> void
Breakpoint has been changed.
dbg_bpt_changed(self, bptev_code, bpt)
bptev_code: Breakpoint modification events (C++: int)
bpt (C++: bpt_t *)
def dbg_exception(self, *args) ‑> int
dbg_exception(self, pid, tid, ea, exc_code, exc_can_cont, exc_ea, exc_info) -> int
pid: pid_t tid: thid_t ea: ea_t exc_code: int exc_can_cont: bool exc_ea: ea_t exc_info: char const *
def dbg_finished_loading_bpts(self, *args) ‑> void
Finished loading breakpoint info from idb.
def dbg_information(self, *args) ‑> void
dbg_information(self, pid, tid, ea, info)
pid: pid_t tid: thid_t ea: ea_t info: char const *
def dbg_library_load(self, *args) ‑> void
dbg_library_load(self, pid, tid, ea, modinfo_name, modinfo_base, modinfo_size)
pid: pid_t tid: thid_t ea: ea_t modinfo_name: char const * modinfo_base: ea_t modinfo_size: asize_t
def dbg_library_unload(self, *args) ‑> void
dbg_library_unload(self, pid, tid, ea, info)
pid: pid_t tid: thid_t ea: ea_t info: char const *
def dbg_process_attach(self, *args) ‑> void
This event notification is also an asynchronous function result notification for 'start_process()' !
dbg_process_attach(self, pid, tid, ea, modinfo_name, modinfo_base, modinfo_size)
pid: pid_t tid: thid_t ea: ea_t modinfo_name: char const * modinfo_base: ea_t modinfo_size: asize_t
def dbg_process_detach(self, *args) ‑> void
This event notification is also an asynchronous function result notification for 'start_process()' !
dbg_process_detach(self, pid, tid, ea)
pid: pid_t tid: thid_t ea: ea_t
def dbg_process_exit(self, *args) ‑> void
This event notification is also an asynchronous function result notification for 'start_process()' !
dbg_process_exit(self, pid, tid, ea, exit_code)
pid: pid_t tid: thid_t ea: ea_t exit_code: int
def dbg_process_start(self, *args) ‑> void
This event notification is also an asynchronous function result notification for 'start_process()' !
dbg_process_start(self, pid, tid, ea, modinfo_name, modinfo_base, modinfo_size)
pid: pid_t tid: thid_t ea: ea_t modinfo_name: char const * modinfo_base: ea_t modinfo_size: asize_t
def dbg_request_error(self, *args) ‑> void
An error occurred during the processing of a request.
dbg_request_error(self, failed_command, failed_dbg_notification)
failed_command (C++: ui_notification_t)
failed_dbg_notification (C++: dbg_notification_t)
def dbg_run_to(self, *args) ‑> void
dbg_run_to(self, pid, tid, ea)
pid: pid_t tid: thid_t ea: ea_t
def dbg_started_loading_bpts(self, *args) ‑> void
Started loading breakpoint info from idb.
def dbg_step_into(self, *args) ‑> void
dbg_step_into(self)
def dbg_step_over(self, *args) ‑> void
dbg_step_over(self)
def dbg_step_until_ret(self, *args) ‑> void
dbg_step_until_ret(self)
def dbg_suspend_process(self, *args) ‑> void
The process is now suspended.This event notification is also an asynchronous function result notification for 'suspend_process()' !
def dbg_thread_exit(self, *args) ‑> void
dbg_thread_exit(self, pid, tid, ea, exit_code)
pid: pid_t tid: thid_t ea: ea_t exit_code: int
def dbg_thread_start(self, *args) ‑> void
dbg_thread_start(self, pid, tid, ea)
pid: pid_t tid: thid_t ea: ea_t
def dbg_trace(self, *args) ‑> int
A step occurred (one instruction was executed). This event notification is only generated if step tracing is enabled.
dbg_trace(self, tid, ip) -> int
tid: thread ID (C++: thid_t)
ip: current instruction pointer. usually points after the
executed instruction (C++: ea_t)
retval: 1 - do not log this trace event
retval: 0 - log it
def hook(self, *args) ‑> bool
hook(self) -> bool
def unhook(self, *args) ‑> bool
unhook(self) -> bool
class bpt_location_t (*args)
Proxy of C++ bpt_location_t class.
__init__(self) -> bpt_location_t

Instance variables

var index
bpt_location_t_index_get(self) -> int
var info
bpt_location_t_info_get(self) -> ea_t
var loctype
bpt_location_t_loctype_get(self) -> bpt_loctype_t

Methods

def compare(self, *args) ‑> int
Lexically compare two breakpoint locations. Bpt locations are first compared based on type (i.e. 'BPLT_ABS' < 'BPLT_REL' ). 'BPLT_ABS' locations are compared based on their ea values. For all other location types, locations are first compared based on their string (path/filename/symbol), then their offset/lineno.
compare(self, r) -> int
r (C++: const bpt_location_t &)
def ea(self, *args) ‑> ea_t
Get address ( 'BPLT_ABS' )
def is_empty_path(self, *args) ‑> bool
No path/filename specified? ( 'BPLT_REL' , 'BPLT_SRC' )
def lineno(self, *args) ‑> int
Get line number ( 'BPLT_SRC' )
def offset(self, *args) ‑> uval_t
Get offset ( 'BPLT_REL' , 'BPLT_SYM' )
def path(self, *args) ‑> char const *
Get path/filename ( 'BPLT_REL' , 'BPLT_SRC' )
def set_abs_bpt(self, *args) ‑> void
Specify an absolute address location.
set_abs_bpt(self, a)
a (C++: ea_t)
def set_rel_bpt(self, *args) ‑> void
Specify a relative address location.
set_rel_bpt(self, mod, _offset)
mod (C++: const char *)
_offset (C++: uval_t)
def set_src_bpt(self, *args) ‑> void
Specify a source level location.
set_src_bpt(self, fn, _lineno)
fn (C++: const char *)
_lineno (C++: int)
def set_sym_bpt(self, *args) ‑> void
Specify a symbolic location.
set_sym_bpt(self, _symbol, _offset=0)
_symbol (C++: const char *)
_offset (C++: uval_t)
def symbol(self, *args) ‑> char const *
Get symbol name ( 'BPLT_SYM' )
def type(self, *args) ‑> bpt_loctype_t
Get bpt type.
class bpt_t (*args)
Proxy of C++ bpt_t class.
__init__(self) -> bpt_t

Instance variables

var cb
bpt_t_cb_get(self) -> size_t
var cndidx
bpt_t_cndidx_get(self) -> int
var condition
bpt_t_condition_get(self) -> PyObject *
var ea
bpt_t_ea_get(self) -> ea_t
var elang
bpt_t_elang_get(self) -> PyObject *
var flags
bpt_t_flags_get(self) -> uint32
var loc
bpt_t_loc_get(self) -> bpt_location_t
var pass_count
bpt_t_pass_count_get(self) -> int
var pid
bpt_t_pid_get(self) -> pid_t
var props
bpt_t_props_get(self) -> uint32
var size
bpt_t_size_get(self) -> int
var tid
bpt_t_tid_get(self) -> thid_t
var type
bpt_t_type_get(self) -> bpttype_t

Methods

def badbpt(self, *args) ‑> bool
Failed to write bpt to process memory?
def enabled(self, *args) ‑> bool
Is breakpoint enabled?
def get_cnd_elang_idx(self, *args) ‑> size_t
get_cnd_elang_idx(self) -> size_t
def get_size(self, *args) ‑> int
Get bpt size.
def is_absbpt(self, *args) ‑> bool
Is absolute address breakpoint?
def is_active(self, *args) ‑> bool
Written completely to process?
def is_compiled(self, *args) ‑> bool
Condition has been compiled?
def is_hwbpt(self, *args) ‑> bool
Is hardware breakpoint?
def is_inactive(self, *args) ‑> bool
Not written to process at all?
def is_low_level(self, *args) ‑> bool
Is bpt condition calculated at low level?
def is_page_bpt(self, *args) ‑> bool
Page breakpoint?
def is_partially_active(self, *args) ‑> bool
Written partially to process?
def is_relbpt(self, *args) ‑> bool
Is relative address breakpoint?
def is_srcbpt(self, *args) ‑> bool
Is source level breakpoint?
def is_symbpt(self, *args) ‑> bool
Is symbolic breakpoint?
def is_tracemodebpt(self, *args) ‑> bool
Does breakpoint trace anything?
def is_traceoffbpt(self, *args) ‑> bool
Is this a tracing breakpoint, and is tracing disabled?
def is_traceonbpt(self, *args) ‑> bool
Is this a tracing breakpoint, and is tracing enabled?
def listbpt(self, *args) ‑> bool
Include in the bpt list?
def set_abs_bpt(self, *args) ‑> void
Set bpt location to an absolute address.
set_abs_bpt(self, a)
a (C++: ea_t)
def set_rel_bpt(self, *args) ‑> void
Set bpt location to a relative address.
set_rel_bpt(self, mod, o)
mod (C++: const char *)
o (C++: uval_t)
def set_src_bpt(self, *args) ‑> void
Set bpt location to a source line.
set_src_bpt(self, fn, lineno)
fn (C++: const char *)
lineno (C++: int)
def set_sym_bpt(self, *args) ‑> void
Set bpt location to a symbol.
set_sym_bpt(self, sym, o)
sym (C++: const char *)
o (C++: uval_t)
def set_trace_action(self, *args) ‑> bool
Configure tracing options.
set_trace_action(self, enable, trace_types) -> bool
enable (C++: bool)
trace_types (C++: int)
class bpt_vec_t (*args)
Proxy of C++ qvector< bpt_t > class.
__init__(self) -> bpt_vec_t
x: qvector< bpt_t > const &

Methods

def at(self, *args) ‑> bpt_t const &
at(self, _idx) -> bpt_t
_idx: size_t
def back(self)
def begin(self, *args) ‑> qvector< bpt_t >::const_iterator
begin(self) -> bpt_t
begin(self) -> bpt_t
def capacity(self, *args) ‑> size_t
capacity(self) -> size_t
def clear(self, *args) ‑> void
clear(self)
def empty(self, *args) ‑> bool
empty(self) -> bool
def end(self, *args) ‑> qvector< bpt_t >::const_iterator
end(self) -> bpt_t
end(self) -> bpt_t
def erase(self, *args) ‑> qvector< bpt_t >::iterator
erase(self, it) -> bpt_t
it: qvector< bpt_t >::iterator
erase(self, first, last) -> bpt_t
first: qvector< bpt_t >::iterator last: qvector< bpt_t >::iterator
def extract(self, *args) ‑> bpt_t *
extract(self) -> bpt_t
def front(self)
def grow(self, *args) ‑> void
grow(self, x=bpt_t())
x: bpt_t const &
def inject(self, *args) ‑> void
inject(self, s, len)
s: bpt_t * len: size_t
def insert(self, *args) ‑> qvector< bpt_t >::iterator
insert(self, it, x) -> bpt_t
it: qvector< bpt_t >::iterator x: bpt_t const &
def pop_back(self, *args) ‑> void
pop_back(self)
def push_back(self, *args) ‑> bpt_t &
push_back(self, x)
x: bpt_t const &
def qclear(self, *args) ‑> void
qclear(self)
def reserve(self, *args) ‑> void
reserve(self, cnt)
cnt: size_t
def resize(self, *args) ‑> void
resize(self, _newsize, x)
_newsize: size_t x: bpt_t const &
resize(self, _newsize)
_newsize: size_t
def size(self, *args) ‑> size_t
size(self) -> size_t
def swap(self, *args) ‑> void
swap(self, r)
r: qvector< bpt_t > &
def truncate(self, *args) ‑> void
truncate(self)
class eval_ctx_t (*args)
Proxy of C++ eval_ctx_t class.
__init__(self, _ea) -> eval_ctx_t
_ea: ea_t

Instance variables

var ea
eval_ctx_t_ea_get(self) -> ea_t
class memreg_info_t (*args)
Proxy of C++ memreg_info_t class.
__init__(self) -> memreg_info_t

Instance variables

var bytes : PyObject *
get_bytes(self) -> PyObject *
var ea
memreg_info_t_ea_get(self) -> ea_t

Methods

def get_bytes(self, *args) ‑> PyObject *
get_bytes(self) -> PyObject *
class memreg_infos_t (*args)
Proxy of C++ qvector< memreg_info_t > class.
__init__(self) -> memreg_infos_t
x: qvector< memreg_info_t > const &

Methods

def at(self, *args) ‑> memreg_info_t const &
at(self, _idx) -> memreg_info_t
_idx: size_t
def back(self)
def begin(self, *args) ‑> qvector< memreg_info_t >::const_iterator
begin(self) -> memreg_info_t
begin(self) -> memreg_info_t
def capacity(self, *args) ‑> size_t
capacity(self) -> size_t
def clear(self, *args) ‑> void
clear(self)
def empty(self, *args) ‑> bool
empty(self) -> bool
def end(self, *args) ‑> qvector< memreg_info_t >::const_iterator
end(self) -> memreg_info_t
end(self) -> memreg_info_t
def erase(self, *args) ‑> qvector< memreg_info_t >::iterator
erase(self, it) -> memreg_info_t
it: qvector< memreg_info_t >::iterator
erase(self, first, last) -> memreg_info_t
first: qvector< memreg_info_t >::iterator last: qvector< memreg_info_t >::iterator
def extract(self, *args) ‑> memreg_info_t *
extract(self) -> memreg_info_t
def front(self)
def grow(self, *args) ‑> void
grow(self, x=memreg_info_t())
x: memreg_info_t const &
def inject(self, *args) ‑> void
inject(self, s, len)
s: memreg_info_t * len: size_t
def insert(self, *args) ‑> qvector< memreg_info_t >::iterator
insert(self, it, x) -> memreg_info_t
it: qvector< memreg_info_t >::iterator x: memreg_info_t const &
def pop_back(self, *args) ‑> void
pop_back(self)
def push_back(self, *args) ‑> memreg_info_t &
push_back(self, x)
x: memreg_info_t const &
def qclear(self, *args) ‑> void
qclear(self)
def reserve(self, *args) ‑> void
reserve(self, cnt)
cnt: size_t
def resize(self, *args) ‑> void
resize(self, _newsize, x)
_newsize: size_t x: memreg_info_t const &
resize(self, _newsize)
_newsize: size_t
def size(self, *args) ‑> size_t
size(self) -> size_t
def swap(self, *args) ‑> void
swap(self, r)
r: qvector< memreg_info_t > &
def truncate(self, *args) ‑> void
truncate(self)
class tev_info_reg_t (*args)
Proxy of C++ tev_info_reg_t class.
__init__(self) -> tev_info_reg_t

Instance variables

var info
tev_info_reg_t_info_get(self) -> tev_info_t
var registers
tev_info_reg_t_registers_get(self) -> tev_reg_values_t
class tev_info_t (*args)
Proxy of C++ tev_info_t class.
__init__(self) -> tev_info_t

Instance variables

var ea
tev_info_t_ea_get(self) -> ea_t
var tid
tev_info_t_tid_get(self) -> thid_t
var type
tev_info_t_type_get(self) -> tev_type_t
class tev_reg_value_t (*args)
Proxy of C++ tev_reg_value_t class.
__init__(self, _reg_idx=-1, _value=uint64(-1)) -> tev_reg_value_t
_reg_idx: int _value: uint64

Instance variables

var reg_idx
tev_reg_value_t_reg_idx_get(self) -> int
var value
tev_reg_value_t_value_get(self) -> regval_t
class tev_reg_values_t (*args)
Proxy of C++ qvector< tev_reg_value_t > class.
__init__(self) -> tev_reg_values_t
x: qvector< tev_reg_value_t > const &

Methods

def at(self, *args) ‑> tev_reg_value_t const &
at(self, _idx) -> tev_reg_value_t
_idx: size_t
def back(self)
def begin(self, *args) ‑> qvector< tev_reg_value_t >::const_iterator
begin(self) -> tev_reg_value_t
begin(self) -> tev_reg_value_t
def capacity(self, *args) ‑> size_t
capacity(self) -> size_t
def clear(self, *args) ‑> void
clear(self)
def empty(self, *args) ‑> bool
empty(self) -> bool
def end(self, *args) ‑> qvector< tev_reg_value_t >::const_iterator
end(self) -> tev_reg_value_t
end(self) -> tev_reg_value_t
def erase(self, *args) ‑> qvector< tev_reg_value_t >::iterator
erase(self, it) -> tev_reg_value_t
it: qvector< tev_reg_value_t >::iterator
erase(self, first, last) -> tev_reg_value_t
first: qvector< tev_reg_value_t >::iterator last: qvector< tev_reg_value_t >::iterator
def extract(self, *args) ‑> tev_reg_value_t *
extract(self) -> tev_reg_value_t
def front(self)
def grow(self, *args) ‑> void
grow(self, x=tev_reg_value_t())
x: tev_reg_value_t const &
def inject(self, *args) ‑> void
inject(self, s, len)
s: tev_reg_value_t * len: size_t
def insert(self, *args) ‑> qvector< tev_reg_value_t >::iterator
insert(self, it, x) -> tev_reg_value_t
it: qvector< tev_reg_value_t >::iterator x: tev_reg_value_t const &
def pop_back(self, *args) ‑> void
pop_back(self)
def push_back(self, *args) ‑> tev_reg_value_t &
push_back(self, x)
x: tev_reg_value_t const &
def qclear(self, *args) ‑> void
qclear(self)
def reserve(self, *args) ‑> void
reserve(self, cnt)
cnt: size_t
def resize(self, *args) ‑> void
resize(self, _newsize, x)
_newsize: size_t x: tev_reg_value_t const &
resize(self, _newsize)
_newsize: size_t
def size(self, *args) ‑> size_t
size(self) -> size_t
def swap(self, *args) ‑> void
swap(self, r)
r: qvector< tev_reg_value_t > &
def truncate(self, *args) ‑> void
truncate(self)
class tevinforeg_vec_t (*args)
Proxy of C++ qvector< tev_info_reg_t > class.
__init__(self) -> tevinforeg_vec_t
x: qvector< tev_info_reg_t > const &

Methods

def at(self, *args) ‑> tev_info_reg_t const &
at(self, _idx) -> tev_info_reg_t
_idx: size_t
def back(self)
def begin(self, *args) ‑> qvector< tev_info_reg_t >::const_iterator
begin(self) -> tev_info_reg_t
begin(self) -> tev_info_reg_t
def capacity(self, *args) ‑> size_t
capacity(self) -> size_t
def clear(self, *args) ‑> void
clear(self)
def empty(self, *args) ‑> bool
empty(self) -> bool
def end(self, *args) ‑> qvector< tev_info_reg_t >::const_iterator
end(self) -> tev_info_reg_t
end(self) -> tev_info_reg_t
def erase(self, *args) ‑> qvector< tev_info_reg_t >::iterator
erase(self, it) -> tev_info_reg_t
it: qvector< tev_info_reg_t >::iterator
erase(self, first, last) -> tev_info_reg_t
first: qvector< tev_info_reg_t >::iterator last: qvector< tev_info_reg_t >::iterator
def extract(self, *args) ‑> tev_info_reg_t *
extract(self) -> tev_info_reg_t
def front(self)
def grow(self, *args) ‑> void
grow(self, x=tev_info_reg_t())
x: tev_info_reg_t const &
def inject(self, *args) ‑> void
inject(self, s, len)
s: tev_info_reg_t * len: size_t
def insert(self, *args) ‑> qvector< tev_info_reg_t >::iterator
insert(self, it, x) -> tev_info_reg_t
it: qvector< tev_info_reg_t >::iterator x: tev_info_reg_t const &
def pop_back(self, *args) ‑> void
pop_back(self)
def push_back(self, *args) ‑> tev_info_reg_t &
push_back(self, x)
x: tev_info_reg_t const &
def qclear(self, *args) ‑> void
qclear(self)
def reserve(self, *args) ‑> void
reserve(self, cnt)
cnt: size_t
def resize(self, *args) ‑> void
resize(self, _newsize, x)
_newsize: size_t x: tev_info_reg_t const &
resize(self, _newsize)
_newsize: size_t
def size(self, *args) ‑> size_t
size(self) -> size_t
def swap(self, *args) ‑> void
swap(self, r)
r: qvector< tev_info_reg_t > &
def truncate(self, *args) ‑> void
truncate(self)