Latest available version: IDA and decompilers v8.4.240320sp1 see all releases
Hex-Rays logo State-of-the-art binary code analysis tools
email icon
Debugger module features

Debugger module features may be set inside debugger_t::init_debugger() except of the severals More...

Macros

#define DBG_FLAG_REMOTE   0x00000001
 Remote debugger (requires remote host name unless DBG_FLAG_NOHOST)
 
#define DBG_FLAG_NOHOST   0x00000002
 Remote debugger with does not require network params (host/port/pass). More...
 
#define DBG_FLAG_FAKE_ATTACH   0x00000004
 PROCESS_ATTACHED is a fake event and does not suspend the execution
 
#define DBG_FLAG_HWDATBPT_ONE   0x00000008
 Hardware data breakpoints are one byte size by default.
 
#define DBG_FLAG_CAN_CONT_BPT   0x00000010
 Debugger knows to continue from a bpt. More...
 
#define DBG_FLAG_NEEDPORT   0x00000020
 Remote debugger requires port number (to be used with DBG_FLAG_NOHOST)
 
#define DBG_FLAG_DONT_DISTURB   0x00000040
 Debugger can handle only get_debug_event(), request_pause(), exit_process() when the debugged process is running. More...
 
#define DBG_FLAG_SAFE   0x00000080
 The debugger is safe (probably because it just emulates the application without really running it)
 
#define DBG_FLAG_CLEAN_EXIT   0x00000100
 IDA must suspend the application and remove all breakpoints before terminating the application. More...
 
#define DBG_FLAG_USE_SREGS   0x00000200
 Take segment register values into account (non flat memory)
 
#define DBG_FLAG_NOSTARTDIR   0x00000400
 Debugger module doesn't use startup directory.
 
#define DBG_FLAG_NOPARAMETERS   0x00000800
 Debugger module doesn't use commandline parameters.
 
#define DBG_FLAG_NOPASSWORD   0x00001000
 Remote debugger doesn't use password.
 
#define DBG_FLAG_CONNSTRING   0x00002000
 Display "Connection string" instead of "Hostname" and hide the "Port" field.
 
#define DBG_FLAG_SMALLBLKS   0x00004000
 If set, IDA uses 256-byte blocks for caching memory contents. More...
 
#define DBG_FLAG_MANMEMINFO   0x00008000
 If set, manual memory region manipulation commands will be available. More...
 
#define DBG_FLAG_EXITSHOTOK   0x00010000
 IDA may take a memory snapshot at PROCESS_EXITED event.
 
#define DBG_FLAG_VIRTHREADS   0x00020000
 Thread IDs may be shuffled after each debug event. More...
 
#define DBG_FLAG_LOWCNDS   0x00040000
 Low level breakpoint conditions are supported.
 
#define DBG_FLAG_DEBTHREAD   0x00080000
 Supports creation of a separate thread in ida for the debugger (the debthread). More...
 
#define DBG_FLAG_DEBUG_DLL   0x00100000
 Can debug standalone DLLs. More...
 
#define DBG_FLAG_FAKE_MEMORY   0x00200000
 get_memory_info()/read_memory()/write_memory() work with the idb. More...
 
#define DBG_FLAG_ANYSIZE_HWBPT   0x00400000
 The debugger supports arbitrary size hardware breakpoints.
 
#define DBG_FLAG_TRACER_MODULE   0x00800000
 The module is a tracer, not a full featured debugger module.
 
#define DBG_FLAG_PREFER_SWBPTS   0x01000000
 Prefer to use software breakpoints.
 
#define DBG_FLAG_LAZY_WATCHPTS   0x02000000
 Watchpoints are triggered before the offending instruction is executed. More...
 
#define DBG_FLAG_FAST_STEP   0x04000000
 Do not refresh memory layout info after single stepping.
 
#define DBG_FLAG_ADD_ENVS   0x08000000
 The debugger supports launching processes with environment variables.
 
#define DBG_FLAG_MERGE_ENVS   0x10000000
 The debugger supports merge or replace setting for environment variables (only makes sense if DBG_FLAG_ADD_ENVS is set)
 

Detailed Description

Debugger module features may be set inside debugger_t::init_debugger() except of the severals

Used by debugger_t::flags

Macro Definition Documentation

◆ DBG_FLAG_NOHOST

#define DBG_FLAG_NOHOST   0x00000002

Remote debugger with does not require network params (host/port/pass).

(a unique device connected to the machine)

◆ DBG_FLAG_CAN_CONT_BPT

#define DBG_FLAG_CAN_CONT_BPT   0x00000010

Debugger knows to continue from a bpt.

This flag also means that the debugger module hides breakpoints from ida upon read_memory

◆ DBG_FLAG_DONT_DISTURB

#define DBG_FLAG_DONT_DISTURB   0x00000040

Debugger can handle only get_debug_event(), request_pause(), exit_process() when the debugged process is running.

The kernel may also call service functions (file I/O, map_address, etc)

◆ DBG_FLAG_CLEAN_EXIT

#define DBG_FLAG_CLEAN_EXIT   0x00000100

IDA must suspend the application and remove all breakpoints before terminating the application.

Usually this is not required because the application memory disappears upon termination.

◆ DBG_FLAG_SMALLBLKS

#define DBG_FLAG_SMALLBLKS   0x00004000

If set, IDA uses 256-byte blocks for caching memory contents.

Otherwise, 1024-byte blocks are used

◆ DBG_FLAG_MANMEMINFO

#define DBG_FLAG_MANMEMINFO   0x00008000

If set, manual memory region manipulation commands will be available.

Use this bit for debugger modules that cannot return memory layout information

◆ DBG_FLAG_VIRTHREADS

#define DBG_FLAG_VIRTHREADS   0x00020000

Thread IDs may be shuffled after each debug event.

(to be used for virtual threads that represent cpus for windbg kmode)

◆ DBG_FLAG_DEBTHREAD

#define DBG_FLAG_DEBTHREAD   0x00080000

Supports creation of a separate thread in ida for the debugger (the debthread).

Most debugger functions will be called from debthread (exceptions are marked below) The debugger module may directly call only THREAD_SAFE functions. To call other functions please use execute_sync(). The debthread significantly increases debugging speed, especially if debug events occur frequently.

◆ DBG_FLAG_DEBUG_DLL

#define DBG_FLAG_DEBUG_DLL   0x00100000

Can debug standalone DLLs.

For example, Bochs debugger can debug any snippet of code

◆ DBG_FLAG_FAKE_MEMORY

#define DBG_FLAG_FAKE_MEMORY   0x00200000

get_memory_info()/read_memory()/write_memory() work with the idb.

(there is no real process to read from, as for the replayer module) the kernel will not call these functions if this flag is set. however, third party plugins may call them, they must be implemented.

◆ DBG_FLAG_LAZY_WATCHPTS

#define DBG_FLAG_LAZY_WATCHPTS   0x02000000

Watchpoints are triggered before the offending instruction is executed.

The debugger must temporarily disable the watchpoint and single-step before resuming.