Module ida_dbg
Contains functions to control the debugging of a process.
See Debugger functions for a complete explanation of these functions.
These functions are inlined for the kernel. They are not inlined for the user-
interfaces.
Global variables
var BKPT_ACTIVE
-
active?
var BKPT_BADBPT
-
failed to write the bpt to the process memory (at least one location)
var BKPT_CNDREADY
-
condition has been compiled
var BKPT_FAKEPEND
-
fake pending bpt: it is inactive but another bpt of the same type is active at the same address(es)
var BKPT_LISTBPT
-
include in bpt list (user-defined bpt)
var BKPT_PAGE
-
written to the process as a page bpt. Available only after writing the bpt to the process.
var BKPT_PARTIAL
-
partially active? (some locations were not written yet)
var BKPT_TRACE
-
trace bpt; should not be deleted when the process gets suspended
var BPLT_ABS
-
absolute address: ea
var BPLT_REL
-
relative address: module_path, offset
var BPLT_SRC
-
source level: filename, lineno
var BPLT_SYM
-
BPLT_SYM = 2
var BPTCK_ACT
-
breakpoint is active (written to the process)
var BPTCK_NO
-
breakpoint is disabled
var BPTCK_NONE
-
breakpoint does not exist
var BPTCK_YES
-
breakpoint is enabled
var BPTEV_ADDED
-
Breakpoint has been added.
var BPTEV_CHANGED
-
Breakpoint has been modified.
var BPTEV_REMOVED
-
Breakpoint has been removed.
var BPT_BRK
-
suspend execution upon hit
var BPT_ELANG_MASK
-
BPT_ELANG_MASK = 4026531840
var BPT_ELANG_SHIFT
-
index of the extlang (scripting language) of the condition
var BPT_ENABLED
-
enabled?
var BPT_LOWCND
-
condition is calculated at low level (on the server side)
var BPT_TRACE
-
add trace information upon hit
var BPT_TRACEON
-
enable tracing when the breakpoint is reached
var BPT_TRACE_BBLK
-
basic block tracing
var BPT_TRACE_FUNC
-
function tracing
var BPT_TRACE_INSN
-
instruction tracing
var BPT_TRACE_TYPES
-
trace insns, functions, and basic blocks. if any of BPT_TRACE_TYPES bits are set but BPT_TRACEON is clear, then turn off tracing for the specified trace types
var BPT_UPDMEM
-
refresh the memory layout and contents before evaluating bpt condition
var BT_LOG_INSTS
-
specific options for basic block tracing (see set_bblk_trace_options())log all instructions in the current basic block
var DBGINV_ALL
-
invalidate everything
var DBGINV_MEMCFG
-
invalidate cached process segmentation
var DBGINV_MEMORY
-
invalidate cached memory contents
var DBGINV_NONE
-
invalidate nothing
var DBGINV_REDRAW
-
refresh the screen
var DBGINV_REGS
-
invalidate cached register values
var DEC_ERROR
-
error
var DEC_NOTASK
-
process does not exist
var DEC_TIMEOUT
-
timeout
var DOPT_BPT_MSGS
-
log breakpoints
var DOPT_DISABLE_ASLR
-
disable ASLR
var DOPT_END_BPT
-
evaluate event condition on process end
var DOPT_ENTRY_BPT
-
break on program entry point
var DOPT_EXCDLG
-
exception dialogs:
var DOPT_FAST_STEP
-
prevent debugger memory refreshes when single-stepping
var DOPT_INFO_BPT
-
break on debugging information
var DOPT_INFO_MSGS
-
log debugging info events
var DOPT_LIB_BPT
-
break on library load/unload
var DOPT_LIB_MSGS
-
log library loads/unloads
var DOPT_LOAD_DINFO
-
automatically load debug files (pdb)
var DOPT_REAL_MEMORY
-
do not hide breakpoint instructions
var DOPT_REDO_STACK
-
reconstruct the stack
var DOPT_SEGM_MSGS
-
log debugger segments modifications
var DOPT_START_BPT
-
break on process start
var DOPT_TEMP_HWBPT
-
when possible use hardware bpts for temp bpts
var DOPT_THREAD_BPT
-
break on thread start/exit
var DOPT_THREAD_MSGS
-
log thread starts/exits
var DSTATE_NOTASK
-
no process is currently debugged
var DSTATE_RUN
-
process is running
var DSTATE_SUSP
-
process is suspended and will not continue
var EXCDLG_ALWAYS
-
always display
var EXCDLG_NEVER
-
never display exception dialogs
var EXCDLG_UNKNOWN
-
display for unknown exceptions
var FT_LOG_RET
-
specific options for function tracing (see set_func_trace_options())function tracing will log returning instructions
var IT_LOG_SAME_IP
-
specific options for instruction tracing (see set_insn_trace_options())instruction tracing will log new instructions even when IP doesn't change
var MOVBPT_BAD_TYPE
-
MOVBPT_BAD_TYPE = 3
var MOVBPT_DEST_BUSY
-
MOVBPT_DEST_BUSY = 2
var MOVBPT_NOT_FOUND
-
MOVBPT_NOT_FOUND = 1
var MOVBPT_OK
-
MOVBPT_OK = 0
var SAVE_ALL_VALUES
-
SAVE_ALL_VALUES = 0
var SAVE_DIFF
-
SAVE_DIFF = 1
var SAVE_NONE
-
SAVE_NONE = 2
var SRCDBG_PROV_VERSION
-
SRCDBG_PROV_VERSION = 4
var SRCIT_EXPR
-
an expression (a+b*c)
var SRCIT_FUNC
-
function
var SRCIT_LOCVAR
-
a stack, register, or register-relative local variable or parameter
var SRCIT_MODULE
-
module
var SRCIT_NONE
-
unknown
var SRCIT_STMT
-
a statement (if/while/for...)
var SRCIT_STTVAR
-
static variable/code
var ST_ALREADY_LOGGED
-
step tracing will be disabled when IP is already logged
var ST_DIFFERENTIAL
-
ST_DIFFERENTIAL = 16
var ST_OPTIONS_DEFAULT
-
ST_OPTIONS_DEFAULT = 3
var ST_OPTIONS_MASK
-
mask of available options, to ensure compatibility with newer IDA versions
var ST_OVER_DEBUG_SEG
-
step tracing will be disabled when IP is in a debugger segment
var ST_OVER_LIB_FUNC
-
step tracing will be disabled when IP is in a library function
var ST_SKIP_LOOPS
-
step tracing will try to skip loops already recorded
var WFNE_ANY
-
return the first event (even if it doesn't suspend the process)
var WFNE_CONT
-
continue from the suspended state
var WFNE_NOWAIT
-
do not wait for any event, immediately return DEC_TIMEOUT (to be used with WFNE_CONT)
var WFNE_SILENT
-
1: be silent, 0:display modal boxes if necessary
var WFNE_SUSP
-
wait until the process gets suspended
var WFNE_USEC
-
timeout is specified in microseconds (minimum non-zero timeout is 40000us)
var dbg_bpt
-
A user defined breakpoint was reached.
var dbg_bpt_changed
-
Breakpoint has been changed.
var dbg_exception
-
dbg_exception = 10
var dbg_finished_loading_bpts
-
Finished loading breakpoint info from idb.
var dbg_information
-
dbg_information = 9
var dbg_last
-
The last debugger notification code.
var dbg_library_load
-
dbg_library_load = 7
var dbg_library_unload
-
dbg_library_unload = 8
var dbg_null
-
dbg_null = 0
var dbg_process_attach
-
note: This event notification is also an asynchronous function resultnotification for start_process() !
var dbg_process_detach
-
note: This event notification is also an asynchronous function resultnotification for start_process() !
var dbg_process_exit
-
note: This event notification is also an asynchronous function resultnotification for start_process() !
var dbg_process_start
-
note: This event notification is also an asynchronous function resultnotification for start_process() !
var dbg_request_error
-
An error occurred during the processing of a request.
var dbg_run_to
-
dbg_run_to = 17
var dbg_started_loading_bpts
-
Started loading breakpoint info from idb.
var dbg_step_into
-
dbg_step_into = 15
var dbg_step_over
-
dbg_step_over = 16
var dbg_step_until_ret
-
dbg_step_until_ret = 18
var dbg_suspend_process
-
The process is now suspended.note: This event notification is also an asynchronous function resultnotification for suspend_process() !
var dbg_thread_exit
-
dbg_thread_exit = 6
var dbg_thread_start
-
dbg_thread_start = 5
var dbg_trace
-
A step occurred (one instruction was executed). This event notification is only generated if step tracing is enabled.retval 1: do not log this trace eventretval 0: log it
var tev_bpt
-
write, read/write, execution trace
var tev_call
-
a function call trace
var tev_event
-
debug event occurred
var tev_insn
-
an instruction trace
var tev_max
-
first unused event type
var tev_mem
-
memory layout changed
var tev_none
-
no event
var tev_ret
-
a function return trace
Functions
def add_bpt(*args) ‑> bool
-
add_bpt(ea, size=0, type=BPT_DEFAULT) -> boolAdd a new breakpoint in the debugged process.
Type available as request Notification none (synchronous function) bpt: (C++: const bpt_t &) Breakpoint to add. It describes the break condition, type, flags,location (module relative, source breakpoint or absolute) and other attributes.size: asize_ttype: bpttype_tadd_bpt(bpt) -> boolbpt: bpt_t const & def add_path_mapping(*args) ‑> void
-
add_path_mapping(src, dst)src: char const *dst: char const *
def add_virt_module(*args) ‑> bool
-
add_virt_module(mod) -> boolmod: modinfo_t const *
def attach_process(*args) ‑> int
-
attach_process(pid=pid_t(-1), event_id=-1) -> int Attach the debugger to a running process.
Type available as Request Notification dbg_process_attach note: This function shouldn't be called as a request if NO_PROCESS is used.pid: (C++: pid_t) PID of the process to attach to. If NO_PROCESS, a dialog box willinteractively ask the user for the process to attach to.retval -4: debugger was not initedretval -3: the attaching is not supportedretval -2: impossible to find a compatible processretval -1: impossible to attach to the given process (process died, privilegeneeded, not supported by the debugger plugin, ...)retval 0: the user cancelled the attaching to the processretval 1: the debugger properly attached to the process def bring_debugger_to_front(*args) ‑> void
-
bring_debugger_to_front()
def check_bpt(*args) ‑> int
-
check_bpt(ea) -> intCheck the breakpoint at the specified address.ea: (C++: ea_t)return: one of Breakpoint status codes
def choose_trace_file(*args) ‑> qstring *
-
choose_trace_file() -> strShow the choose trace dialog.
def clear_requests_queue(*args) ‑> void
-
clear_requests_queue()Clear the queue of waiting requests.
Type Synchronous function Notification none (synchronous function) note: If a request is currently running, this one isn't stopped. def clear_trace(*args) ‑> void
-
clear_trace()Clear all events in the trace buffer.
Type as request Notification none (synchronous function) def collect_stack_trace(*args) ‑> bool
-
collect_stack_trace(tid, trace) -> booltid: thid_ttrace: call_stack_t *
def continue_process(*args) ‑> bool
-
continue_process() -> boolContinue the execution of the process in the debugger.
Type function - available as Request Notification none (synchronous function) note: The continue_process() function can be called from a notification handlerto force the continuation of the process. In this case the request queue will not be examined, IDA will simply resume execution. Usually it makes sense to call request_continue_process() followed by run_requests(), so that IDA will first start a queued request (if any) and then resume the application. def create_source_viewer(*args) ‑> source_view_t *
-
create_source_viewer(out_ccv, parent, custview, sf, lines, lnnum, colnum, flags) -> source_view_t *Create a source code view.out_ccv: (C++: TWidget **)parent: (C++: TWidget *)custview: (C++: TWidget *)sf: (C++: source_file_ptr)lines: (C++: strvec_t *)lnnum: (C++: int)colnum: (C++: int)flags: (C++: int)
def dbg_add_bpt_tev(*args) ‑> bool
-
dbg_add_bpt_tev(tid, ea, bp) -> boolAdd a new breakpoint trace element to the current trace.
Type function Notification none (synchronous function) tid: (C++: thid_t)ea: (C++: ea_t)bp: (C++: ea_t)return: false if the operation failed, true otherwise def dbg_add_call_tev(*args) ‑> void
-
dbg_add_call_tev(tid, caller, callee)Add a new call trace element to the current trace.
Type function Notification none (synchronous function) tid: (C++: thid_t)caller: (C++: ea_t)callee: (C++: ea_t) def dbg_add_debug_event(*args) ‑> void
-
dbg_add_debug_event(event)Add a new debug event to the current trace.
Type Synchronous function Notification none (synchronous function) event: (C++: debug_event_t *) def dbg_add_insn_tev(*args) ‑> bool
-
dbg_add_insn_tev(tid, ea, save=SAVE_DIFF) -> boolAdd a new instruction trace element to the current trace.
Type function Notification none (synchronous function) tid: (C++: thid_t)ea: (C++: ea_t)save: (C++: save_reg_values_t) enum save_reg_values_treturn: false if the operation failed, true otherwise def dbg_add_many_tevs(*args) ‑> bool
-
dbg_add_many_tevs(new_tevs) -> boolAdd many new trace elements to the current trace.
Type function Notification none (synchronous function) new_tevs: (C++: tevinforeg_vec_t *)return: false if the operation failed for any tev_info_t object def dbg_add_ret_tev(*args) ‑> void
-
dbg_add_ret_tev(tid, ret_insn, return_to)Add a new return trace element to the current trace.
Type function Notification none (synchronous function) tid: (C++: thid_t)ret_insn: (C++: ea_t)return_to: (C++: ea_t) def dbg_add_tev(*args) ‑> void
-
dbg_add_tev(type, tid, address)Add a new trace element to the current trace.
Type Synchronous function Notification none (synchronous function) type: (C++: tev_type_t) enum tev_type_ttid: (C++: thid_t)address: (C++: ea_t) def dbg_add_thread(*args) ‑> void
-
dbg_add_thread(tid)Add a thread to the current trace.
Type Synchronous function Notification none (synchronous function) tid: (C++: thid_t) def dbg_bin_search(*args) ‑> uint64 *, qstring *
-
dbg_bin_search(start_ea, end_ea, data, srch_flags) -> strstart_ea: ea_tend_ea: ea_tdata: compiled_binpat_vec_t const &srch_flags: int
def dbg_can_query(*args) ‑> bool
-
dbg_can_query() -> boolThis function can be used to check if the debugger can be queried:
- debugger is loaded
- process is suspended
-
process is not suspended but can take requests. In this case some requests likememory read/write, bpt management succeed and register querying will fail. Check if idaapi.get_process_state() < 0 to tell if the process is suspended
return: Boolean def dbg_del_thread(*args) ‑> void
-
dbg_del_thread(tid)Delete a thread from the current trace.
Type Synchronous function Notification none (synchronous function) tid: (C++: thid_t) def dbg_is_loaded(*args) ‑> bool
-
dbg_is_loaded() -> boolChecks if a debugger is loadedreturn: Boolean
def define_exception(*args) ‑> char const *
-
define_exception(code, name, desc, flags) -> char const *Convenience function: define new exception code.code: (C++: uint) exception code (cannot be 0)name: (C++: const char *) exception name (cannot be empty or nullptr)desc: (C++: const char *) exception description (maybe nullptr)flags: (C++: int) combination of Exception info flagsreturn: failure message or nullptr. You must call store_exceptions() if thisfunction succeeds
def del_bpt(*args) ‑> bool
-
del_bpt(ea) -> boolDelete an existing breakpoint in the debugged process.
Type function - available as request Notification none (synchronous function) bptloc: (C++: const bpt_location_t &) Breakpoint locationdel_bpt(bptloc) -> boolbptloc: bpt_location_t const & def del_bptgrp(*args) ‑> bool
-
del_bptgrp(name) -> boolDelete a folder, bpt that were part of this folder are moved to the root folder
Type Synchronous function Notification none (synchronous function) name: (C++: const char *) full path to the folder to be deletedreturn: success def del_virt_module(*args) ‑> bool
-
del_virt_module(base) -> boolbase: ea_t const
def detach_process(*args) ‑> bool
-
detach_process() -> boolDetach the debugger from the debugged process.
Type available as Request Notification dbg_process_detach def diff_trace_file(*args) ‑> bool
-
diff_trace_file(NONNULL_filename) -> boolShow difference between the current trace and the one from 'filename'.NONNULL_filename: (C++: const char *) char const *
def disable_bblk_trace(*args) ‑> bool
-
disable_bblk_trace() -> bool
def disable_bpt(*args) ‑> bool
-
disable_bpt(ea) -> boolea: ea_tdisable_bpt(bptloc) -> boolbptloc: bpt_location_t const &
def disable_func_trace(*args) ‑> bool
-
disable_func_trace() -> bool
def disable_insn_trace(*args) ‑> bool
-
disable_insn_trace() -> bool
def disable_step_trace(*args) ‑> bool
-
disable_step_trace() -> bool
def edit_manual_regions(*args) ‑> void
-
edit_manual_regions()
def enable_bblk_trace(*args) ‑> bool
-
enable_bblk_trace(enable=True) -> boolenable: bool
def enable_bpt(*args) ‑> bool
-
enable_bpt(ea, enable=True) -> boolea: ea_tenable: boolenable_bpt(bptloc, enable=True) -> boolbptloc: bpt_location_t const &enable: bool
def enable_bptgrp(*args) ‑> int
-
enable_bptgrp(bptgrp_name, enable=True) -> intEnable (or disable) all bpts in a folder
Type Synchronous function Notification none (synchronous function) bptgrp_name: (C++: const char *) absolute path to the folderenable: (C++: bool) by default true, enable bpts, false disable bptsreturn: -1 an error occured 0 no changes >0 nubmers of bpts udpated def enable_func_trace(*args) ‑> bool
-
enable_func_trace(enable=True) -> boolenable: bool
def enable_insn_trace(*args) ‑> bool
-
enable_insn_trace(enable=True) -> boolenable: bool
def enable_manual_regions(*args) ‑> void
-
enable_manual_regions(enable)enable: bool
def enable_step_trace(*args) ‑> bool
-
enable_step_trace(enable=1) -> boolenable: int
def exist_bpt(*args) ‑> bool
-
exist_bpt(ea) -> boolDoes a breakpoint exist at the given location?ea: (C++: ea_t)
def exit_process(*args) ‑> bool
-
exit_process() -> boolTerminate the debugging of the current process.
Type - available as Request Notification dbg_process_exit def find_bpt(*args) ‑> bool
-
find_bpt(bptloc, bpt) -> boolFind a breakpoint by location.
Type request Notification none (synchronous function) bptloc: (C++: const bpt_location_t &) Breakpoint locationbpt: (C++: bpt_t *) bpt is filled if the breakpoint was found def get_bblk_trace_options(*args) ‑> int
-
get_bblk_trace_options() -> intGet current basic block tracing options. Also see BT_LOG_INSTS
Type Synchronous function Notification none (synchronous function) def get_bpt(*args) ‑> bool
-
get_bpt(ea, bpt) -> boolGet the characteristics of a breakpoint.
Type Synchronous function Notification none (synchronous function) ea: (C++: ea_t) any address in the breakpoint rangebpt: (C++: bpt_t *) if not nullptr, is filled with the characteristics.return: false if no breakpoint exists def get_bpt_group(*args) ‑> qstring *
-
get_bpt_group(bptloc) -> strRetrieve the absolute path to the folder of the bpt based on the bpt_location find_bpt is called to retrieve the bpt
Type Synchronous function Notification none (synchronous function) bptloc: (C++: const bpt_location_t &) bptlocation of the bptreturn: breakpoint correclty moved to the directory success def get_bpt_qty(*args) ‑> int
-
get_bpt_qty() -> intGet number of breakpoints.
Type Synchronous function Notification (synchronous function) def get_bpt_tev_ea(*args) ‑> ea_t
-
get_bpt_tev_ea(n) -> ea_tGet the address associated to a read, read/write or execution trace event.
Type Synchronous function Notification none (synchronous function) n: (C++: int) number of trace event, is in range 0..get_tev_qty()-1. 0 representsthe latest added trace event.return: BADADDR if not a read, read/write or execution trace event.note: Usually, a breakpoint is associated with a read, read/write or executiontrace event. However, the returned address could be any address in the range of this breakpoint. If the breakpoint was deleted after the trace event, the address no longer corresponds to a valid breakpoint. def get_bptloc_string(*args) ‑> char const *
-
get_bptloc_string(i) -> char const *i: int
def get_call_tev_callee(*args) ‑> ea_t
-
get_call_tev_callee(n) -> ea_tGet the called function from a function call trace event.
Type function Notification none (synchronous function) n: (C++: int) number of trace event, is in range 0..get_tev_qty()-1. 0 representsthe latest added trace event.return: BADADDR if not a function call event. def get_current_source_file(*args) ‑> qstring *
-
get_current_source_file() -> str
def get_current_source_line(*args) ‑> int
-
get_current_source_line() -> int
def get_current_thread(*args) ‑> thid_t
-
get_current_thread() -> thid_tGet current thread ID.
Type Synchronous function Notification (synchronous function) def get_dbg_byte(*args) ‑> uint32 *
-
get_dbg_byte(ea) -> boolGet one byte of the debugged process memory.ea: (C++: ea_t) linear addressreturn: true success false address inaccessible or debugger not running
def get_dbg_memory_info(*args) ‑> int
-
get_dbg_memory_info(ranges) -> intranges: meminfo_vec_t *
def get_dbg_reg_info(*args) ‑> bool
-
get_dbg_reg_info(regname, ri) -> boolGet register information
Type Synchronous function Notification (synchronous function) regname: (C++: const char *) char const *ri: (C++: register_info_t *) def get_debug_event(*args) ‑> debug_event_t const *
-
get_debug_event() -> debug_event_tGet the current debugger event.
def get_debugger_event_cond(*args) ‑> char const *
-
get_debugger_event_cond() -> char const *
def get_first_module(*args) ‑> bool
-
get_first_module(modinfo) -> boolmodinfo: modinfo_t *
def get_func_trace_options(*args) ‑> int
-
get_func_trace_options() -> intGet current function tracing options. Also see FT_LOG_RET
Type function Notification none (synchronous function) def get_global_var(*args) ‑> bool
-
get_global_var(prov, ea, name, out) -> boolprov: srcinfo_provider_t *ea: ea_tname: char const *out: source_item_ptr *
def get_grp_bpts(*args) ‑> ssize_t
-
get_grp_bpts(bpts, grp_name) -> ssize_tRetrieve a copy the bpts stored in a folder
Type Synchronous function Notification none (synchronous function) bpts: (C++: bpt_vec_t *) : pointer to a vector where the copy of bpts are storedgrp_name: (C++: const char *) absolute path to the folderreturn: number of bpts present in the vector def get_insn_tev_reg_mem(*args) ‑> bool
-
get_insn_tev_reg_mem(n, memmap) -> boolRead the memory pointed by register values from an instruction trace event.
Type Synchronous function Notification none (synchronous function) n: (C++: int) number of trace event, is in range 0..get_tev_qty()-1. 0 representsthe latest added trace event.memmap: (C++: memreg_infos_t *) resultreturn: false if not an instruction event or no memory is available def get_insn_tev_reg_result(*args) ‑> bool
-
get_insn_tev_reg_result(n, regname, regval) -> booln: intregname: char const *regval: regval_t *
def get_insn_tev_reg_val(*args) ‑> bool
-
get_insn_tev_reg_val(n, regname, regval) -> booln: intregname: char const *regval: regval_t *
def get_insn_trace_options(*args) ‑> int
-
get_insn_trace_options() -> intGet current instruction tracing options. Also see IT_LOG_SAME_IP
Type Synchronous function Notification none (synchronous function) def get_ip_val(*args) ‑> uint64 *
-
get_ip_val() -> boolGet value of the IP (program counter) register for the current thread. Requires a suspended debugger.
def get_local_var(*args) ‑> bool
-
get_local_var(prov, ea, name, out) -> boolprov: srcinfo_provider_t *ea: ea_tname: char const *out: source_item_ptr *
def get_local_vars(*args) ‑> bool
-
get_local_vars(prov, ea, out) -> boolprov: srcinfo_provider_t *ea: ea_tout: source_items_t *
def get_manual_regions(*args) ‑> PyObject *
-
get_manual_regions(ranges)Returns the manual memory regionsranges: meminfo_vec_t *return: list(start_ea, end_ea, name, sclass, sbase, bitness, perm)get_manual_regions() -> [(int, int, str, str, int, int, int), ...] or None
def get_module_info(*args) ‑> bool
-
get_module_info(ea, modinfo) -> boolea: ea_tmodinfo: modinfo_t *
def get_next_module(*args) ‑> bool
-
get_next_module(modinfo) -> boolmodinfo: modinfo_t *
def get_process_options(*args) ‑> qstring *, qstring *, qstring *, qstring *, qstring *, int *
-
get_process_options()Get process options. Any of the arguments may be nullptr
def get_process_state(*args) ‑> int
-
get_process_state() -> intReturn the state of the currently debugged process.
Type function Notification none (synchronous function) return: one of Debugged process states def get_processes(*args) ‑> ssize_t
-
get_processes(proclist) -> ssize_tTake a snapshot of running processes and return their description.
Type Synchronous function Notification none (synchronous function) proclist: (C++: procinfo_vec_t *) array with information about each running processreturn: number of processes or -1 on error def get_reg_val(*args) ‑> PyObject *
-
get_reg_val(regname, regval) -> boolGet register value as an unsigned 64-bit int.regname: (C++: const char *) char const *regval: regval_t *get_reg_val(regname, ival) -> boolregname: char const *ival: uint64 *get_reg_val(regname) -> bool, float, intregname: char const *
def get_reg_vals(*args) ‑> regvals_t *
-
get_reg_vals(tid, clsmask=-1) -> regvals_tFetch live registers values for the threadtid: The ID of the thread to read registers forclsmask: An OR'ed mask of register classes toread values for (can be used to speed up the retrieval process)return: a regvals_t instance (empty if an error occurs)
def get_ret_tev_return(*args) ‑> ea_t
-
get_ret_tev_return(n) -> ea_tGet the return address from a function return trace event.
Type function Notification none (synchronous function) n: (C++: int) number of trace event, is in range 0..get_tev_qty()-1. 0 representsthe latest added trace event.return: BADADDR if not a function return event. def get_running_notification(*args) ‑> dbg_notification_t
-
get_running_notification() -> dbg_notification_tGet the notification associated (if any) with the current running request.
Type Synchronous function Notification none (synchronous function) return: dbg_null if no running request def get_running_request(*args) ‑> ui_notification_t
-
get_running_request() -> ui_notification_tGet the current running request.
Type Synchronous function Notification none (synchronous function) return: ui_null if no running request def get_sp_val(*args) ‑> uint64 *
-
get_sp_val() -> boolGet value of the SP register for the current thread. Requires a suspended debugger.
def get_srcinfo_provider(*args) ‑> srcinfo_provider_t *
-
get_srcinfo_provider(name) -> srcinfo_provider_t *name: char const *
def get_step_trace_options(*args) ‑> int
-
get_step_trace_options() -> intGet current step tracing options.
Type Synchronous function Notification none (synchronous function) return: Step trace options def get_tev_ea(*args) ‑> ea_t
-
get_tev_ea(n) -> ea_tn: int
def get_tev_event(*args) ‑> bool
-
get_tev_event(n, d) -> boolGet the corresponding debug event, if any, for the specified tev object.
Type Synchronous function Notification none (synchronous function) n: (C++: int) number of trace event, is in range 0..get_tev_qty()-1. 0 representsthe latest added trace event.d: (C++: debug_event_t *) resultreturn: false if the tev_t object doesn't have any associated debug event, trueotherwise, with the debug event in "d". def get_tev_info(*args) ‑> bool
-
get_tev_info(n, tev_info) -> boolGet main information about a trace event.
Type Synchronous function Notification none (synchronous function) n: (C++: int) number of trace event, is in range 0..get_tev_qty()-1. 0 representsthe latest added trace event.tev_info: (C++: tev_info_t *) resultreturn: success def get_tev_memory_info(*args) ‑> bool
-
get_tev_memory_info(n, mi) -> boolGet the memory layout, if any, for the specified tev object.
Type Synchronous function Notification none (synchronous function) n: (C++: int) number of trace event, is in range 0..get_tev_qty()-1. 0 representsthe latest added trace event.mi: (C++: meminfo_vec_t *) resultreturn: false if the tev_t object is not of type tev_mem, true otherwise, withthe new memory layout in "mi". def get_tev_qty(*args) ‑> int
-
get_tev_qty() -> intGet number of trace events available in trace buffer.
Type function Notification none (synchronous function) def get_tev_reg_mem(tev, idx)
def get_tev_reg_mem_ea(tev, idx)
def get_tev_reg_mem_qty(tev)
def get_tev_reg_val(tev, reg)
def get_tev_tid(*args) ‑> int
-
get_tev_tid(n) -> intn: int
def get_tev_type(*args) ‑> int
-
get_tev_type(n) -> intn: int
def get_thread_qty(*args) ‑> int
-
get_thread_qty() -> intGet number of threads.
Type Synchronous function Notification (synchronous function) def get_trace_base_address(*args) ‑> ea_t
-
get_trace_base_address() -> ea_tGet the base address of the current trace.
Type Synchronous function Notification none (synchronous function) return: the base address of the currently loaded trace def get_trace_dynamic_register_set(*args) ‑> void
-
get_trace_dynamic_register_set(idaregs)Get dynamic register set of current trace.idaregs: (C++: dynamic_register_set_t *)
def get_trace_file_desc(*args) ‑> qstring *
-
get_trace_file_desc(filename) -> strGet the file header of the specified trace file.filename: (C++: const char *) char const *
def get_trace_platform(*args) ‑> char const *
-
get_trace_platform() -> char const *Get platform name of current trace.
def getn_bpt(*args) ‑> bool
-
getn_bpt(n, bpt) -> boolGet the characteristics of a breakpoint.
Type Synchronous function Notification none (synchronous function) n: (C++: int) number of breakpoint, is in range 0..get_bpt_qty()-1bpt: (C++: bpt_t *) filled with the characteristics.return: false if no breakpoint exists def getn_thread(*args) ‑> thid_t
-
getn_thread(n) -> thid_tGet the ID of a thread.
Type Synchronous function Notification (synchronous function) n: (C++: int) number of thread, is in range 0..get_thread_qty()-1return: NO_THREAD if the thread doesn't exist. def getn_thread_name(*args) ‑> char const *
-
getn_thread_name(n) -> char const *Get the NAME of a thread
Type Synchronous function Notification (synchronous function) n: (C++: int) number of thread, is in range 0..get_thread_qty()-1 or -1 for thecurrent threadreturn: thread name or nullptr if the thread doesn't exist. def graph_trace(*args) ‑> bool
-
graph_trace() -> boolShow the trace callgraph.
def handle_debug_event(*args) ‑> int
-
handle_debug_event(ev, rqflags) -> intev: debug_event_t const *rqflags: int
def hide_all_bpts(*args) ‑> int
-
hide_all_bpts() -> int
def internal_get_sreg_base(*args) ‑> ea_t
-
internal_get_sreg_base(tid, sreg_value) -> ea_tGet the sreg base, for the given thread.tid: thid_tsreg_value: intreturn: The sreg base, or BADADDR on failure.
def internal_ioctl(*args) ‑> int
-
internal_ioctl(fn, buf, poutbuf, poutsize) -> intfn: intbuf: void const *poutbuf: void **poutsize: ssize_t *
def invalidate_dbg_state(*args) ‑> int
-
invalidate_dbg_state(dbginv) -> intInvalidate cached debugger information.
Type Synchronous function Notification none (synchronous function) dbginv: (C++: int) Debugged process invalidation optionsreturn: current debugger state (one of Debugged process states) def invalidate_dbgmem_config(*args) ‑> void
-
invalidate_dbgmem_config()Invalidate the debugged process memory configuration. Call this function if the debugged process might have changed its memory layout (allocated more memory, for example)
def invalidate_dbgmem_contents(*args) ‑> void
-
invalidate_dbgmem_contents(ea, size)Invalidate the debugged process memory contents. Call this function each time the process has been stopped or the process memory is modified. If ea == BADADDR, then the whole memory contents will be invalidatedea: (C++: ea_t)size: (C++: asize_t)
def is_bblk_trace_enabled(*args) ‑> bool
-
is_bblk_trace_enabled() -> bool
def is_debugger_busy(*args) ‑> bool
-
is_debugger_busy() -> boolIs the debugger busy?. Some debuggers do not accept any commands while the debugged application is running. For such a debugger, it is unsafe to do anything with the database (even simple queries like get_byte may lead to undesired consequences). Returns: true if the debugged application is running under such a debugger
def is_debugger_memory(*args) ‑> bool
-
is_debugger_memory(ea) -> boolIs the address mapped to debugger memory?ea: (C++: ea_t)
def is_debugger_on(*args) ‑> bool
-
is_debugger_on() -> boolIs the debugger currently running?
def is_func_trace_enabled(*args) ‑> bool
-
is_func_trace_enabled() -> boolGet current state of functions tracing.
Type Synchronous function Notification none (synchronous function) def is_insn_trace_enabled(*args) ‑> bool
-
is_insn_trace_enabled() -> boolGet current state of instruction tracing.
Type Synchronous function Notification none (synchronous function) def is_reg_custom(*args) ‑> bool
-
is_reg_custom(regname) -> boolDoes a register contain a value of a custom data type?
Type function Notification none (synchronous function) regname: (C++: const char *) char const * def is_reg_float(*args) ‑> bool
-
is_reg_float(regname) -> boolDoes a register contain a floating point value?
Type Synchronous function Notification none (synchronous function) regname: (C++: const char *) char const * def is_reg_integer(*args) ‑> bool
-
is_reg_integer(regname) -> boolDoes a register contain an integer value?
Type Synchronous function Notification none (synchronous function) regname: (C++: const char *) char const * def is_request_running(*args) ‑> bool
-
is_request_running() -> boolIs a request currently running?
def is_step_trace_enabled(*args) ‑> bool
-
is_step_trace_enabled() -> boolGet current state of step tracing.
Type Synchronous function Notification none (synchronous function) def is_valid_dstate(*args) ‑> bool
-
is_valid_dstate(state) -> boolstate: int
def is_valid_trace_file(*args) ‑> bool
-
is_valid_trace_file(filename) -> boolIs the specified file a valid trace file for the current database?filename: (C++: const char *) char const *
def list_bptgrps(*args) ‑> PyObject *
-
list_bptgrps(bptgrps) -> size_tRetrieve the list of absolute path of all folders of bpt dirtree
Type Synchronous function Notification none (synchronous function) bptgrps: (C++: qstrvec_t *) list of absolute path in the bpt dirtreereturn: number of folders returnedlist_bptgrps() -> [str, ...] def load_debugger(*args) ‑> bool
-
load_debugger(dbgname, use_remote) -> booldbgname: char const *use_remote: bool
def load_trace_file(*args) ‑> qstring *
-
load_trace_file(filename) -> strLoad a recorded trace file in the 'Tracing' window. If the call succeeds and 'buf' is not null, the description of the trace stored in the binary trace file will be returned in 'buf'filename: (C++: const char *) char const *
def move_bpt_to_grp(*args) ‑> bool
-
set_bpt_group(bpt, grp_name) -> boolMove a bpt into a folder in the breakpoint dirtree if the folder didn't exists, it will be created
Type Synchronous function Notification (synchronous function) bpt: (C++: bpt_t &) bpt that will be movedgrp_name: (C++: const char *) absolute path to the breakpoint dirtree folderreturn: success def put_dbg_byte(*args) ‑> bool
-
put_dbg_byte(ea, x) -> boolChange one byte of the debugged process memory.ea: (C++: ea_t) linear addressx: (C++: uint32) byte valuereturn: true if the process memory has been modified
def read_dbg_memory(*args) ‑> ssize_t
-
read_dbg_memory(ea, buffer, size) -> ssize_tea: ea_tbuffer: void *size: size_t
def refresh_debugger_memory(*args) ‑> PyObject *
-
refresh_debugger_memory() -> PyObject *Refreshes the debugger memoryreturn: Nothing
def rename_bptgrp(*args) ‑> bool
-
rename_bptgrp(old_name, new_name) -> boolRename a folder of bpt dirtree
Type Synchronous function Notification none (synchronous function) old_name: (C++: const char *) absolute path to the folder to be renamednew_name: (C++: const char *) absolute path of the new folder namereturn: success def request_add_bpt(*args) ‑> bool
-
request_add_bpt(ea, size=0, type=BPT_DEFAULT) -> boolPost an add_bpt(const bpt_t &) request.ea: ea_tsize: asize_ttype: bpttype_trequest_add_bpt(bpt) -> boolbpt: bpt_t const &
def request_attach_process(*args) ‑> int
-
request_attach_process(pid, event_id) -> intPost an attach_process() request.pid: (C++: pid_t)event_id: (C++: int)
def request_clear_trace(*args) ‑> void
-
request_clear_trace()Post a clear_trace() request.
def request_continue_process(*args) ‑> bool
-
request_continue_process() -> boolPost a continue_process() request.note: This requires an explicit call to run_requests()
def request_del_bpt(*args) ‑> bool
-
request_del_bpt(ea) -> boolPost a del_bpt(const bpt_location_t &) request.ea: ea_trequest_del_bpt(bptloc) -> boolbptloc: bpt_location_t const &
def request_detach_process(*args) ‑> bool
-
request_detach_process() -> boolPost a detach_process() request.
def request_disable_bblk_trace(*args) ‑> bool
-
request_disable_bblk_trace() -> bool
def request_disable_bpt(*args) ‑> bool
-
request_disable_bpt(ea) -> boolea: ea_trequest_disable_bpt(bptloc) -> boolbptloc: bpt_location_t const &
def request_disable_func_trace(*args) ‑> bool
-
request_disable_func_trace() -> bool
def request_disable_insn_trace(*args) ‑> bool
-
request_disable_insn_trace() -> bool
def request_disable_step_trace(*args) ‑> bool
-
request_disable_step_trace() -> bool
def request_enable_bblk_trace(*args) ‑> bool
-
request_enable_bblk_trace(enable=True) -> boolenable: bool
def request_enable_bpt(*args) ‑> bool
-
request_enable_bpt(ea, enable=True) -> boolea: ea_tenable: boolrequest_enable_bpt(bptloc, enable=True) -> boolbptloc: bpt_location_t const &enable: bool
def request_enable_func_trace(*args) ‑> bool
-
request_enable_func_trace(enable=True) -> boolenable: bool
def request_enable_insn_trace(*args) ‑> bool
-
request_enable_insn_trace(enable=True) -> boolenable: bool
def request_enable_step_trace(*args) ‑> bool
-
request_enable_step_trace(enable=1) -> boolenable: int
def request_exit_process(*args) ‑> bool
-
request_exit_process() -> boolPost an exit_process() request.
def request_resume_thread(*args) ‑> int
-
request_resume_thread(tid) -> intPost a resume_thread() request.tid: (C++: thid_t)
def request_run_to(*args) ‑> bool
-
request_run_to(ea, pid=pid_t(-1), tid=0) -> bool Post a run_to() request.ea: (C++: ea_t)pid: (C++: pid_t)
def request_select_thread(*args) ‑> bool
-
request_select_thread(tid) -> boolPost a select_thread() request.tid: (C++: thid_t)
def request_set_bblk_trace_options(*args) ‑> void
-
request_set_bblk_trace_options(options)Post a set_bblk_trace_options() request.options: (C++: int)
def request_set_func_trace_options(*args) ‑> void
-
request_set_func_trace_options(options)Post a set_func_trace_options() request.options: (C++: int)
def request_set_insn_trace_options(*args) ‑> void
-
request_set_insn_trace_options(options)Post a set_insn_trace_options() request.options: (C++: int)
def request_set_reg_val(*args) ‑> PyObject *
-
request_set_reg_val(regname, o) -> PyObject *Post a set_reg_val() request.regname: (C++: const char *) char const *o: PyObject *
def request_set_resume_mode(*args) ‑> bool
-
request_set_resume_mode(tid, mode) -> boolPost a set_resume_mode() request.tid: (C++: thid_t)mode: (C++: resume_mode_t) enum resume_mode_t
def request_set_step_trace_options(*args) ‑> void
-
request_set_step_trace_options(options)Post a set_step_trace_options() request.options: (C++: int)
def request_start_process(*args) ‑> int
-
request_start_process(path=None, args=None, sdir=None) -> intPost a start_process() request.path: (C++: const char *) char const *args: (C++: const char *) char const *sdir: (C++: const char *) char const *
def request_step_into(*args) ‑> bool
-
request_step_into() -> boolPost a step_into() request.
def request_step_over(*args) ‑> bool
-
request_step_over() -> boolPost a step_over() request.
def request_step_until_ret(*args) ‑> bool
-
request_step_until_ret() -> boolPost a step_until_ret() request.
def request_suspend_process(*args) ‑> bool
-
request_suspend_process() -> boolPost a suspend_process() request.
def request_suspend_thread(*args) ‑> int
-
request_suspend_thread(tid) -> intPost a suspend_thread() request.tid: (C++: thid_t)
def resume_thread(*args) ‑> int
-
resume_thread(tid) -> intResume thread.
Type Synchronous function - available as request Notification none (synchronous function) tid: (C++: thid_t) thread idretval -1: network errorretval 0: failedretval 1: ok def retrieve_exceptions(*args) ‑> excvec_t *
-
retrieve_exceptions() -> excvec_tRetrieve the exception information. You may freely modify the returned vector and add/edit/delete exceptions You must call store_exceptions() after any modifications Note: exceptions with code zero, multiple exception codes or names are prohibited
def run_requests(*args) ‑> bool
-
run_requests() -> boolExecute requests until all requests are processed or an asynchronous function is called.
Type Synchronous function Notification function) return: false if not all requests could be processed (indicates an asynchronousfunction was started)note: If called from a notification handler, the execution of requests will bepostponed to the end of the execution of all notification handlers. def run_to(*args) ‑> bool
-
run_to(ea, pid=pid_t(-1), tid=0) -> bool Execute the process until the given address is reached. If no process is active, a new process is started. Technically, the debugger sets up a temporary breakpoint at the given address, and continues (or starts) the execution of the whole process. So, all threads continue their execution!
Type function - available as Request Notification dbg_run_to ea: (C++: ea_t) target addresspid: (C++: pid_t) not used yet. please do not specify this parameter. def save_trace_file(*args) ‑> bool
-
save_trace_file(filename, description) -> boolSave the current trace in the specified file.filename: (C++: const char *) char const *description: (C++: const char *) char const *
def select_thread(*args) ‑> bool
-
select_thread(tid) -> boolSelect the given thread as the current debugged thread. All thread related execution functions will work on this thread. The process must be suspended to select a new thread.
Type Synchronous function - available as request Notification none (synchronous function) tid: (C++: thid_t) ID of the thread to selectreturn: false if the thread doesn't exist. def send_dbg_command(command)
-
Send a direct command to the debugger backend, and retrieve the result as a string.Note: any double-quotes in 'command' must be backslash-escaped. Note: this only works with some debugger backends: Bochs, WinDbg, GDB.Returns: (True, <result string>) on success, or (False, <Error message string>) on failure
def set_bblk_trace_options(*args) ‑> void
-
set_bblk_trace_options(options)Modify basic block tracing options (see BT_LOG_INSTS)options: (C++: int)
def set_bpt_group(*args) ‑> bool
-
set_bpt_group(bpt, grp_name) -> boolMove a bpt into a folder in the breakpoint dirtree if the folder didn't exists, it will be created
Type Synchronous function Notification (synchronous function) bpt: (C++: bpt_t &) bpt that will be movedgrp_name: (C++: const char *) absolute path to the breakpoint dirtree folderreturn: success def set_bptloc_group(*args) ‑> bool
-
set_bptloc_group(bptloc, grp_name) -> boolMove a bpt into a folder in the breakpoint dirtree based on the bpt_location find_bpt is called to retrieve the bpt and then set_bpt_group if the folder didn't exists, it will be created
Type Synchronous function Notification none (synchronous function) bptloc: (C++: const bpt_location_t &) bptlocation of the bpt that will be movedgrp_name: (C++: const char *) absolute path to the breakpoint dirtree folderreturn: success def set_bptloc_string(*args) ‑> int
-
set_bptloc_string(s) -> ints: char const *
def set_debugger_event_cond(*args) ‑> void
-
set_debugger_event_cond(NONNULL_evcond)NONNULL_evcond: char const *
def set_debugger_options(*args) ‑> uint
-
set_debugger_options(options) -> uintSet debugger options. Replaces debugger options with the specification combination Debugger optionsoptions: (C++: uint)return: the old debugger options
def set_func_trace_options(*args) ‑> void
-
set_func_trace_options(options)Modify function tracing options.
Type request Notification none (synchronous function) options: (C++: int) def set_highlight_trace_options(*args) ‑> void
-
set_highlight_trace_options(hilight, color, diff)Set highlight trace parameters.hilight: (C++: bool)color: (C++: bgcolor_t)diff: (C++: bgcolor_t)
def set_insn_trace_options(*args) ‑> void
-
set_insn_trace_options(options)Modify instruction tracing options.
Type as request Notification none (synchronous function) options: (C++: int) def set_manual_regions(*args) ‑> void
-
set_manual_regions(ranges)ranges: meminfo_vec_t const *
def set_process_options(*args) ‑> void
-
set_process_options(path, args, sdir, host, _pass, port)Set process options. Any of the arguments may be nullptr, which means 'do not modify'path: (C++: const char *) char const *args: (C++: const char *) char const *sdir: (C++: const char *) char const *host: (C++: const char *) char const *pass: (C++: const char *) char const *port: (C++: int)
def set_process_state(*args) ‑> int
-
set_process_state(newstate, p_thid, dbginv) -> intSet new state for the debugged process. Notifies the IDA kernel about the change of the debugged process state. For example, a debugger module could call this function when it knows that the process is suspended for a short period of time. Some IDA API calls can be made only when the process is suspended. The process state is usually restored before returning control to the caller. You must know that it is ok to change the process state, doing it at arbitrary moments may crash the application or IDA.
Type Synchronous function Notification (synchronous function) newstate: (C++: int) new process state (one of Debugged process states) ifDSTATE_NOTASK is passed then the state is not changedp_thid: (C++: thid_t *) ptr to new thread id. may be nullptr or pointer to NO_THREAD. thepointed variable will contain the old thread id upon returndbginv: (C++: int) Debugged process invalidation optionsreturn: old debugger state (one of Debugged process states) def set_reg_val(*args) ‑> PyObject *
-
set_reg_val(regname, o) -> PyObjectregname: char const *o: PyObject *set_reg_val(tid, regidx, o) -> bool, inttid: thid_tregidx: into: PyObject *
def set_remote_debugger(*args) ‑> void
-
set_remote_debugger(host, _pass, port=-1)Set remote debugging options. Should be used before starting the debugger.host: (C++: const char *) If empty, IDA will use local debugger. If nullptr, the host willnot be set.pass: (C++: const char *) If nullptr, the password will not be setport: (C++: int) If -1, the default port number will be used
def set_resume_mode(*args) ‑> bool
-
set_resume_mode(tid, mode) -> boolHow to resume the application. Set resume mode but do not resume process.tid: (C++: thid_t)mode: (C++: resume_mode_t) enum resume_mode_t
def set_step_trace_options(*args) ‑> void
-
set_step_trace_options(options)Modify step tracing options.
Type request Notification none (synchronous function) options: (C++: int) def set_trace_base_address(*args) ‑> void
-
set_trace_base_address(ea)Set the base address of the current trace.
Type Synchronous function Notification none (synchronous function) ea: (C++: ea_t) def set_trace_dynamic_register_set(*args) ‑> void
-
set_trace_dynamic_register_set(idaregs)Set dynamic register set of current trace.idaregs: (C++: dynamic_register_set_t &)
def set_trace_file_desc(*args) ‑> bool
-
set_trace_file_desc(filename, description) -> boolChange the description of the specified trace file.filename: (C++: const char *) char const *description: (C++: const char *) char const *
def set_trace_platform(*args) ‑> void
-
set_trace_platform(platform)Set platform name of current trace.platform: (C++: const char *) char const *
def set_trace_size(*args) ‑> bool
-
set_trace_size(size) -> boolSpecify the new size of the circular buffer.
Type Synchronous function Notification none (synchronous function) size: (C++: int) if 0, buffer isn't circular and events are never removed. If thenew size is smaller than the existing number of trace events, a corresponding number of trace events are removed.note: If you specify 0, all available memory can be quickly used !!! def srcdbg_request_step_into(*args) ‑> bool
-
srcdbg_request_step_into() -> bool
def srcdbg_request_step_over(*args) ‑> bool
-
srcdbg_request_step_over() -> bool
def srcdbg_request_step_until_ret(*args) ‑> bool
-
srcdbg_request_step_until_ret() -> bool
def srcdbg_step_into(*args) ‑> bool
-
srcdbg_step_into() -> bool
def srcdbg_step_over(*args) ‑> bool
-
srcdbg_step_over() -> bool
def srcdbg_step_until_ret(*args) ‑> bool
-
srcdbg_step_until_ret() -> bool
def start_process(*args) ‑> int
-
start_process(path=None, args=None, sdir=None) -> intStart a process in the debugger.
Type Request Notification dbg_process_start note: You can also use the run_to() function to easily start the execution of aprocess until a given address is reached.note: For all parameters, a nullptr value indicates the debugger will take thevalue from the defined Process Options.path: (C++: const char *) path to the executable to startargs: (C++: const char *) arguments to pass to processsdir: (C++: const char *) starting directory for the processretval -1: impossible to create the processretval 0: the starting of the process was cancelled by the userretval 1: the process was properly started def step_into(*args) ‑> bool
-
step_into() -> boolExecute one instruction in the current thread. Other threads are kept suspended.
Type Asynchronous function - available as Request Notification dbg_step_into def step_over(*args) ‑> bool
-
step_over() -> boolExecute one instruction in the current thread, but without entering into functions. Others threads keep suspended.
Type available as Request Notification dbg_step_over def step_until_ret(*args) ‑> bool
-
step_until_ret() -> boolExecute instructions in the current thread until a function return instruction is executed (aka "step out"). Other threads are kept suspended.
Type Asynchronous function - available as Request Notification dbg_step_until_ret def store_exceptions(*args) ‑> bool
-
store_exceptions() -> boolUpdate the exception information stored in the debugger module by invoking its dbg->set_exception_info callback
def suspend_process(*args) ‑> bool
-
suspend_process() -> boolSuspend the process in the debugger.
Type * available as Request Notification * dbg_suspend_process (everywhere else) note: The suspend_process() function can be called from a notification handlerto force the stopping of the process. In this case, no notification will be generated. When you suspend a process, the running command is always aborted. def suspend_thread(*args) ‑> int
-
suspend_thread(tid) -> intSuspend thread. Suspending a thread may deadlock the whole application if the suspended was owning some synchronization objects.
Type function - available as request Notification none (synchronous function) tid: (C++: thid_t) thread idretval -1: network errorretval 0: failedretval 1: ok def update_bpt(*args) ‑> bool
-
update_bpt(bpt) -> boolUpdate modifiable characteristics of an existing breakpoint. To update the breakpoint location, use change_bptlocs()
Type Synchronous function Notification none (synchronous function) note: Only the following fields can be modified:- bpt_t::cndbody
- bpt_t::pass_count
- bpt_t::flags
- bpt_t::size
- bpt_t::type
note: Changing some properties will require removing and then re-adding thebreakpoint to the process memory (or the debugger backend), which can lead to race conditions (i.e., breakpoint(s) can be missed) in case the process is not suspended. Here are a list of scenarios that will require the breakpoint to be removed & then re-added:- bpt_t::size is modified
- bpt_t::type is modified
- bpt_t::flags's BPT_ENABLED is modified
- bpt_t::flags's BPT_LOWCND is changed
- bpt_t::flags's BPT_LOWCND remains set, but cndbody changed
bpt: (C++: const bpt_t *) bpt_t const * def wait_for_next_event(*args) ‑> dbg_event_code_t
-
wait_for_next_event(wfne, timeout) -> dbg_event_code_tWait for the next event.This function (optionally) resumes the process execution, and waits for a debugger event until a possible timeout occurs.wfne: (C++: int) combination of Wait for debugger event flags constantstimeout: (C++: int) number of seconds to wait, -1-infinityreturn: either an event_id_t (if > 0), or a dbg_event_code_t (if <= 0)
def write_dbg_memory(*args) ‑> ssize_t
-
write_dbg_memory(ea, py_buf, size=size_t(-1)) -> ssize_tea: ea_tpy_buf: PyObject *size: size_t
Classes
class DBG_Hooks (*args)
-
Proxy of C++ DBG_Hooks class.__init__(self, _flags=0, _hkcb_flags=0x0001) -> DBG_Hooks_flags: uint32_hkcb_flags: uint32
Methods
def dbg_bpt(self, *args) ‑> int
-
dbg_bpt(self, tid, bptea) -> intA user defined breakpoint was reached.tid: (thid_t)bptea: (::ea_t)
def dbg_bpt_changed(self, *args) ‑> void
-
dbg_bpt_changed(self, bptev_code, bpt)Breakpoint has been changed.bptev_code: (int) Breakpoint modification eventsbpt: (bpt_t *)
def dbg_exception(self, *args) ‑> int
-
dbg_exception(self, pid, tid, ea, exc_code, exc_can_cont, exc_ea, exc_info) -> intevent: (const debug_event_t *)warn: (int *) filled with:
- -1: display an exception warning dialog if the process is suspended.
- 0: never display an exception warning dialog.
- 1: always display an exception warning dialog.
ea: ea_texc_code: intexc_can_cont: boolexc_ea: ea_texc_info: char const * def dbg_finished_loading_bpts(self, *args) ‑> void
-
dbg_finished_loading_bpts(self)Finished loading breakpoint info from idb.
def dbg_information(self, *args) ‑> void
-
dbg_information(self, pid, tid, ea, info)event: (const debug_event_t *)tid: thid_tea: ea_tinfo: char const *
def dbg_library_load(self, *args) ‑> void
-
dbg_library_load(self, pid, tid, ea, modinfo_name, modinfo_base, modinfo_size)event: (const debug_event_t *)tid: thid_tea: ea_tmodinfo_name: char const *modinfo_base: ea_tmodinfo_size: asize_t
def dbg_library_unload(self, *args) ‑> void
-
dbg_library_unload(self, pid, tid, ea, info)event: (const debug_event_t *)tid: thid_tea: ea_tinfo: char const *
def dbg_process_attach(self, *args) ‑> void
-
dbg_process_attach(self, pid, tid, ea, modinfo_name, modinfo_base, modinfo_size)event: (const debug_event_t *)note: This event notification is also an asynchronous function resultnotification for start_process() !tid: thid_tea: ea_tmodinfo_name: char const *modinfo_base: ea_tmodinfo_size: asize_t
def dbg_process_detach(self, *args) ‑> void
-
dbg_process_detach(self, pid, tid, ea)event: (const debug_event_t *)note: This event notification is also an asynchronous function resultnotification for start_process() !tid: thid_tea: ea_t
def dbg_process_exit(self, *args) ‑> void
-
dbg_process_exit(self, pid, tid, ea, exit_code)event: (const debug_event_t *)note: This event notification is also an asynchronous function resultnotification for start_process() !tid: thid_tea: ea_texit_code: int
def dbg_process_start(self, *args) ‑> void
-
dbg_process_start(self, pid, tid, ea, modinfo_name, modinfo_base, modinfo_size)event: (const debug_event_t *)note: This event notification is also an asynchronous function resultnotification for start_process() !tid: thid_tea: ea_tmodinfo_name: char const *modinfo_base: ea_tmodinfo_size: asize_t
def dbg_request_error(self, *args) ‑> void
-
dbg_request_error(self, failed_command, failed_dbg_notification)An error occurred during the processing of a request.failed_command: (ui_notification_t)failed_dbg_notification: (dbg_notification_t)
def dbg_run_to(self, *args) ‑> void
-
dbg_run_to(self, pid, tid, ea)event: (const debug_event_t *)tid: thid_tea: ea_t
def dbg_started_loading_bpts(self, *args) ‑> void
-
dbg_started_loading_bpts(self)Started loading breakpoint info from idb.
def dbg_step_into(self, *args) ‑> void
-
dbg_step_into(self)
def dbg_step_over(self, *args) ‑> void
-
dbg_step_over(self)
def dbg_step_until_ret(self, *args) ‑> void
-
dbg_step_until_ret(self)
def dbg_suspend_process(self, *args) ‑> void
-
dbg_suspend_process(self)The process is now suspended.
def dbg_thread_exit(self, *args) ‑> void
-
dbg_thread_exit(self, pid, tid, ea, exit_code)event: (const debug_event_t *)tid: thid_tea: ea_texit_code: int
def dbg_thread_start(self, *args) ‑> void
-
dbg_thread_start(self, pid, tid, ea)event: (const debug_event_t *)tid: thid_tea: ea_t
def dbg_trace(self, *args) ‑> int
-
dbg_trace(self, tid, ip) -> intA step occurred (one instruction was executed). This event notification is only generated if step tracing is enabled.tid: (thid_t) thread IDip: (::ea_t) current instruction pointer. usually points after theexecuted instructionretval 1: do not log this trace eventretval 0: log it
def hook(self, *args) ‑> bool
-
hook(self) -> bool
def unhook(self, *args) ‑> bool
-
unhook(self) -> bool
class bpt_location_t (*args)
-
Proxy of C++ bpt_location_t class.__init__(self) -> bpt_location_t
Instance variables
var index
-
index
var info
-
info
var loctype
-
loctype
Methods
def compare(self, *args) ‑> int
-
compare(self, r) -> intLexically compare two breakpoint locations. Bpt locations are first compared based on type (i.e. BPLT_ABS < BPLT_REL). BPLT_ABS locations are compared based on their ea values. For all other location types, locations are first compared based on their string (path/filename/symbol), then their offset/lineno.r: (C++: const bpt_location_t &) bpt_location_t const &
def ea(self, *args) ‑> ea_t
-
ea(self) -> ea_tGet address (BPLT_ABS)
def is_empty_path(self, *args) ‑> bool
-
is_empty_path(self) -> boolNo path/filename specified? (BPLT_REL, BPLT_SRC)
def lineno(self, *args) ‑> int
-
lineno(self) -> intGet line number (BPLT_SRC)
def offset(self, *args) ‑> uval_t
-
offset(self) -> uval_tGet offset (BPLT_REL, BPLT_SYM)
def path(self, *args) ‑> char const *
-
path(self) -> char const *Get path/filename (BPLT_REL, BPLT_SRC)
def set_abs_bpt(self, *args) ‑> void
-
set_abs_bpt(self, a)Specify an absolute address location.a: (C++: ea_t)
def set_rel_bpt(self, *args) ‑> void
-
set_rel_bpt(self, mod, _offset)Specify a relative address location.mod: (C++: const char *) char const *_offset: (C++: uval_t)
def set_src_bpt(self, *args) ‑> void
-
set_src_bpt(self, fn, _lineno)Specify a source level location.fn: (C++: const char *) char const *_lineno: (C++: int)
def set_sym_bpt(self, *args) ‑> void
-
set_sym_bpt(self, _symbol, _offset=0)Specify a symbolic location._symbol: (C++: const char *) char const *_offset: (C++: uval_t)
def symbol(self, *args) ‑> char const *
-
symbol(self) -> char const *Get symbol name (BPLT_SYM)
def type(self, *args) ‑> bpt_loctype_t
-
type(self) -> bpt_loctype_tGet bpt type.
class bpt_t (*args)
-
Proxy of C++ bpt_t class.__init__(self) -> bpt_t
Instance variables
var bptid
-
Internal breakpoint id.
var cb
-
size of this structure
var cndidx
-
Internal number of the condition (<0-none)
var condition
-
condition
var ea
-
Address, if known. For BPLT_SRC, index into an internal data struct.
var elang
-
elang
var flags
-
Breakpoint property bits
var loc
-
Location.
var pass_count
-
Number of times the breakpoint is hit before stopping (default is 0: stop always)
var pid
-
breakpoint process id
var props
-
Internal breakpoint properties
var size
-
Size of the breakpoint (0 for software breakpoints)
var tid
-
breakpoint thread id
var type
-
Breakpoint type.
Methods
def badbpt(self, *args) ‑> bool
-
badbpt(self) -> boolFailed to write bpt to process memory?
def enabled(self, *args) ‑> bool
-
enabled(self) -> boolIs breakpoint enabled?
def get_cnd_elang_idx(self, *args) ‑> size_t
-
get_cnd_elang_idx(self) -> size_t
def get_size(self, *args) ‑> int
-
get_size(self) -> intGet bpt size.
def is_absbpt(self, *args) ‑> bool
-
is_absbpt(self) -> boolIs absolute address breakpoint?
def is_active(self, *args) ‑> bool
-
is_active(self) -> boolWritten completely to process?
def is_compiled(self, *args) ‑> bool
-
is_compiled(self) -> boolCondition has been compiled?
def is_hwbpt(self, *args) ‑> bool
-
is_hwbpt(self) -> boolIs hardware breakpoint?
def is_inactive(self, *args) ‑> bool
-
is_inactive(self) -> boolNot written to process at all?
def is_low_level(self, *args) ‑> bool
-
is_low_level(self) -> boolIs bpt condition calculated at low level?
def is_page_bpt(self, *args) ‑> bool
-
is_page_bpt(self) -> boolPage breakpoint?
def is_partially_active(self, *args) ‑> bool
-
is_partially_active(self) -> boolWritten partially to process?
def is_relbpt(self, *args) ‑> bool
-
is_relbpt(self) -> boolIs relative address breakpoint?
def is_srcbpt(self, *args) ‑> bool
-
is_srcbpt(self) -> boolIs source level breakpoint?
def is_symbpt(self, *args) ‑> bool
-
is_symbpt(self) -> boolIs symbolic breakpoint?
def is_tracemodebpt(self, *args) ‑> bool
-
is_tracemodebpt(self) -> boolDoes breakpoint trace anything?
def is_traceoffbpt(self, *args) ‑> bool
-
is_traceoffbpt(self) -> boolIs this a tracing breakpoint, and is tracing disabled?
def is_traceonbpt(self, *args) ‑> bool
-
is_traceonbpt(self) -> boolIs this a tracing breakpoint, and is tracing enabled?
def listbpt(self, *args) ‑> bool
-
listbpt(self) -> boolInclude in the bpt list?
def set_abs_bpt(self, *args) ‑> void
-
set_abs_bpt(self, a)Set bpt location to an absolute address.a: (C++: ea_t)
def set_rel_bpt(self, *args) ‑> void
-
set_rel_bpt(self, mod, o)Set bpt location to a relative address.mod: (C++: const char *) char const *o: (C++: uval_t)
def set_src_bpt(self, *args) ‑> void
-
set_src_bpt(self, fn, lineno)Set bpt location to a source line.fn: (C++: const char *) char const *lineno: (C++: int)
def set_sym_bpt(self, *args) ‑> void
-
set_sym_bpt(self, sym, o)Set bpt location to a symbol.sym: (C++: const char *) char const *o: (C++: uval_t)
def set_trace_action(self, *args) ‑> bool
-
set_trace_action(self, enable, trace_types) -> boolConfigure tracing options.enable: (C++: bool)trace_types: (C++: int)
class bpt_vec_t (*args)
-
Proxy of C++ qvector< bpt_t > class.__init__(self) -> bpt_vec_t__init__(self, x) -> bpt_vec_tx: qvector< bpt_t > const &
Methods
def at(self, *args) ‑> bpt_t const &
-
at(self, _idx) -> bpt_t_idx: size_t
def back(self)
def begin(self, *args) ‑> qvector< bpt_t >::const_iterator
-
begin(self) -> bpt_t
def capacity(self, *args) ‑> size_t
-
capacity(self) -> size_t
def clear(self, *args) ‑> void
-
clear(self)
def empty(self, *args) ‑> bool
-
empty(self) -> bool
def end(self, *args) ‑> qvector< bpt_t >::const_iterator
-
end(self) -> bpt_t
def erase(self, *args) ‑> qvector< bpt_t >::iterator
-
erase(self, it) -> bpt_tit: qvector< bpt_t >::iteratorerase(self, first, last) -> bpt_tfirst: qvector< bpt_t >::iteratorlast: qvector< bpt_t >::iterator
def extract(self, *args) ‑> bpt_t *
-
extract(self) -> bpt_t
def front(self)
def grow(self, *args) ‑> void
-
grow(self, x=bpt_t())x: bpt_t const &
def inject(self, *args) ‑> void
-
inject(self, s, len)s: bpt_t *len: size_t
def insert(self, *args) ‑> qvector< bpt_t >::iterator
-
insert(self, it, x) -> bpt_tit: qvector< bpt_t >::iteratorx: bpt_t const &
def pop_back(self, *args) ‑> void
-
pop_back(self)
def push_back(self, *args) ‑> bpt_t &
-
push_back(self, x)x: bpt_t const &push_back(self) -> bpt_t
def qclear(self, *args) ‑> void
-
qclear(self)
def reserve(self, *args) ‑> void
-
reserve(self, cnt)cnt: size_t
def resize(self, *args) ‑> void
-
resize(self, _newsize, x)_newsize: size_tx: bpt_t const &resize(self, _newsize)_newsize: size_t
def size(self, *args) ‑> size_t
-
size(self) -> size_t
def swap(self, *args) ‑> void
-
swap(self, r)r: qvector< bpt_t > &
def truncate(self, *args) ‑> void
-
truncate(self)
class bptaddrs_t (*args)
-
Proxy of C++ bptaddrs_t class.__init__(self) -> bptaddrs_t
Instance variables
var bpt
-
bpt
class eval_ctx_t (*args)
-
Proxy of C++ eval_ctx_t class.__init__(self, _ea) -> eval_ctx_t_ea: ea_t
Instance variables
var ea
-
ea
class memreg_info_t (*args)
-
Proxy of C++ memreg_info_t class.__init__(self) -> memreg_info_t
Instance variables
var bytes : PyObject *
-
get_bytes(self) -> PyObject *
var ea
-
ea
Methods
def get_bytes(self, *args) ‑> PyObject *
-
get_bytes(self) -> PyObject *
class memreg_infos_t (*args)
-
Proxy of C++ qvector< memreg_info_t > class.__init__(self) -> memreg_infos_t__init__(self, x) -> memreg_infos_tx: qvector< memreg_info_t > const &
Methods
def at(self, *args) ‑> memreg_info_t const &
-
at(self, _idx) -> memreg_info_t_idx: size_t
def back(self)
def begin(self, *args) ‑> qvector< memreg_info_t >::const_iterator
-
begin(self) -> memreg_info_t
def capacity(self, *args) ‑> size_t
-
capacity(self) -> size_t
def clear(self, *args) ‑> void
-
clear(self)
def empty(self, *args) ‑> bool
-
empty(self) -> bool
def end(self, *args) ‑> qvector< memreg_info_t >::const_iterator
-
end(self) -> memreg_info_t
def erase(self, *args) ‑> qvector< memreg_info_t >::iterator
-
erase(self, it) -> memreg_info_tit: qvector< memreg_info_t >::iteratorerase(self, first, last) -> memreg_info_tfirst: qvector< memreg_info_t >::iteratorlast: qvector< memreg_info_t >::iterator
def extract(self, *args) ‑> memreg_info_t *
-
extract(self) -> memreg_info_t
def front(self)
def grow(self, *args) ‑> void
-
grow(self, x=memreg_info_t())x: memreg_info_t const &
def inject(self, *args) ‑> void
-
inject(self, s, len)s: memreg_info_t *len: size_t
def insert(self, *args) ‑> qvector< memreg_info_t >::iterator
-
insert(self, it, x) -> memreg_info_tit: qvector< memreg_info_t >::iteratorx: memreg_info_t const &
def pop_back(self, *args) ‑> void
-
pop_back(self)
def push_back(self, *args) ‑> memreg_info_t &
-
push_back(self, x)x: memreg_info_t const &push_back(self) -> memreg_info_t
def qclear(self, *args) ‑> void
-
qclear(self)
def reserve(self, *args) ‑> void
-
reserve(self, cnt)cnt: size_t
def resize(self, *args) ‑> void
-
resize(self, _newsize, x)_newsize: size_tx: memreg_info_t const &resize(self, _newsize)_newsize: size_t
def size(self, *args) ‑> size_t
-
size(self) -> size_t
def swap(self, *args) ‑> void
-
swap(self, r)r: qvector< memreg_info_t > &
def truncate(self, *args) ‑> void
-
truncate(self)
class tev_info_reg_t (*args)
-
Proxy of C++ tev_info_reg_t class.__init__(self) -> tev_info_reg_t
Instance variables
var info
-
info
var registers
-
registers
class tev_info_t (*args)
-
Proxy of C++ tev_info_t class.__init__(self) -> tev_info_t
Instance variables
var ea
-
address where the event occurred
var tid
-
thread where the event was recorded
var type
-
trace event type
class tev_reg_value_t (*args)
-
Proxy of C++ tev_reg_value_t class.__init__(self, _reg_idx=-1, _value=uint64(-1)) -> tev_reg_value_t_reg_idx: int_value: uint64
Instance variables
var reg_idx
-
reg_idx
var value
-
value
class tev_reg_values_t (*args)
-
Proxy of C++ qvector< tev_reg_value_t > class.__init__(self) -> tev_reg_values_t__init__(self, x) -> tev_reg_values_tx: qvector< tev_reg_value_t > const &
Methods
def at(self, *args) ‑> tev_reg_value_t const &
-
at(self, _idx) -> tev_reg_value_t_idx: size_t
def back(self)
def begin(self, *args) ‑> qvector< tev_reg_value_t >::const_iterator
-
begin(self) -> tev_reg_value_t
def capacity(self, *args) ‑> size_t
-
capacity(self) -> size_t
def clear(self, *args) ‑> void
-
clear(self)
def empty(self, *args) ‑> bool
-
empty(self) -> bool
def end(self, *args) ‑> qvector< tev_reg_value_t >::const_iterator
-
end(self) -> tev_reg_value_t
def erase(self, *args) ‑> qvector< tev_reg_value_t >::iterator
-
erase(self, it) -> tev_reg_value_tit: qvector< tev_reg_value_t >::iteratorerase(self, first, last) -> tev_reg_value_tfirst: qvector< tev_reg_value_t >::iteratorlast: qvector< tev_reg_value_t >::iterator
def extract(self, *args) ‑> tev_reg_value_t *
-
extract(self) -> tev_reg_value_t
def front(self)
def grow(self, *args) ‑> void
-
grow(self, x=tev_reg_value_t())x: tev_reg_value_t const &
def inject(self, *args) ‑> void
-
inject(self, s, len)s: tev_reg_value_t *len: size_t
def insert(self, *args) ‑> qvector< tev_reg_value_t >::iterator
-
insert(self, it, x) -> tev_reg_value_tit: qvector< tev_reg_value_t >::iteratorx: tev_reg_value_t const &
def pop_back(self, *args) ‑> void
-
pop_back(self)
def push_back(self, *args) ‑> tev_reg_value_t &
-
push_back(self, x)x: tev_reg_value_t const &push_back(self) -> tev_reg_value_t
def qclear(self, *args) ‑> void
-
qclear(self)
def reserve(self, *args) ‑> void
-
reserve(self, cnt)cnt: size_t
def resize(self, *args) ‑> void
-
resize(self, _newsize, x)_newsize: size_tx: tev_reg_value_t const &resize(self, _newsize)_newsize: size_t
def size(self, *args) ‑> size_t
-
size(self) -> size_t
def swap(self, *args) ‑> void
-
swap(self, r)r: qvector< tev_reg_value_t > &
def truncate(self, *args) ‑> void
-
truncate(self)
class tevinforeg_vec_t (*args)
-
Proxy of C++ qvector< tev_info_reg_t > class.__init__(self) -> tevinforeg_vec_t__init__(self, x) -> tevinforeg_vec_tx: qvector< tev_info_reg_t > const &
Methods
def at(self, *args) ‑> tev_info_reg_t const &
-
at(self, _idx) -> tev_info_reg_t_idx: size_t
def back(self)
def begin(self, *args) ‑> qvector< tev_info_reg_t >::const_iterator
-
begin(self) -> tev_info_reg_t
def capacity(self, *args) ‑> size_t
-
capacity(self) -> size_t
def clear(self, *args) ‑> void
-
clear(self)
def empty(self, *args) ‑> bool
-
empty(self) -> bool
def end(self, *args) ‑> qvector< tev_info_reg_t >::const_iterator
-
end(self) -> tev_info_reg_t
def erase(self, *args) ‑> qvector< tev_info_reg_t >::iterator
-
erase(self, it) -> tev_info_reg_tit: qvector< tev_info_reg_t >::iteratorerase(self, first, last) -> tev_info_reg_tfirst: qvector< tev_info_reg_t >::iteratorlast: qvector< tev_info_reg_t >::iterator
def extract(self, *args) ‑> tev_info_reg_t *
-
extract(self) -> tev_info_reg_t
def front(self)
def grow(self, *args) ‑> void
-
grow(self, x=tev_info_reg_t())x: tev_info_reg_t const &
def inject(self, *args) ‑> void
-
inject(self, s, len)s: tev_info_reg_t *len: size_t
def insert(self, *args) ‑> qvector< tev_info_reg_t >::iterator
-
insert(self, it, x) -> tev_info_reg_tit: qvector< tev_info_reg_t >::iteratorx: tev_info_reg_t const &
def pop_back(self, *args) ‑> void
-
pop_back(self)
def push_back(self, *args) ‑> tev_info_reg_t &
-
push_back(self, x)x: tev_info_reg_t const &push_back(self) -> tev_info_reg_t
def qclear(self, *args) ‑> void
-
qclear(self)
def reserve(self, *args) ‑> void
-
reserve(self, cnt)cnt: size_t
def resize(self, *args) ‑> void
-
resize(self, _newsize, x)_newsize: size_tx: tev_info_reg_t const &resize(self, _newsize)_newsize: size_t
def size(self, *args) ‑> size_t
-
size(self) -> size_t
def swap(self, *args) ‑> void
-
swap(self, r)r: qvector< tev_info_reg_t > &
def truncate(self, *args) ‑> void
-
truncate(self)