Debugger module features may be set inside debugger_t::init_debugger() except of the severals
Used by debugger_t::flags
|Remote debugger (requires remote host name unless DBG_FLAG_NOHOST) |
|Remote debugger with does not require network params (host/port/pass). More...|
|PROCESS_ATTACHED is a fake event More...|
|Hardware data breakpoints are. More...|
|Debugger knows to continue from a bpt. More...|
|Remote debugger requires port number (to be used with DBG_FLAG_NOHOST) |
|Debugger can handle only. More...|
|The debugger is safe (probably because it just emulates the application. More...|
|IDA must suspend the application and remove. More...|
|Take segment register values into account (non flat memory) |
|Debugger module doesn't use startup directory. |
|Debugger module doesn't use commandline parameters. |
|Remote debugger doesn't use password. |
|Display "Connection string" instead of "Hostname" and hide the "Port" field. |
|If set, IDA uses 256-byte blocks for caching memory contents. More...|
|If set, manual memory region manipulation commands. More...|
|IDA may take a memory snapshot at PROCESS_EXITED event. |
|Thread IDs may be shuffled after each debug event. More...|
|Low level breakpoint conditions are supported. |
|Supports creation of a separate thread in ida. More...|
|Can debug standalone DLLs. More...|
|get_memory_info()/read_memory()/write_memory() work with the idb. More...|
|The debugger supports arbitrary size hardware breakpoints. |
|The module is a tracer, not a full featured debugger module. |
|Prefer to use software breakpoints. |
|Watchpoints are triggered before the offending instruction is executed. More...|
|Do not refresh memory layout info after single stepping. |
Macro Definition Documentation
|#define DBG_FLAG_NOHOST 0x00000002|
Remote debugger with does not require network params (host/port/pass).
(a unique device connected to the machine)
|#define DBG_FLAG_FAKE_ATTACH 0x00000004|
PROCESS_ATTACHED is a fake event
and does not suspend the execution
|#define DBG_FLAG_HWDATBPT_ONE 0x00000008|
Hardware data breakpoints are.
one byte size by default
|#define DBG_FLAG_CAN_CONT_BPT 0x00000010|
Debugger knows to continue from a bpt.
This flag also means that the debugger module hides breakpoints from ida upon read_memory
|#define DBG_FLAG_DONT_DISTURB 0x00000040|
|#define DBG_FLAG_SAFE 0x00000080|
The debugger is safe (probably because it just emulates the application.
without really running it)
|#define DBG_FLAG_CLEAN_EXIT 0x00000100|
IDA must suspend the application and remove.
all breakpoints before terminating the application. Usually this is not required because the application memory disappears upon termination.
|#define DBG_FLAG_SMALLBLKS 0x00004000|
If set, IDA uses 256-byte blocks for caching memory contents.
Otherwise, 1024-byte blocks are used
|#define DBG_FLAG_MANMEMINFO 0x00008000|
If set, manual memory region manipulation commands.
will be available. Use this bit for debugger modules that cannot return memory layout information
|#define DBG_FLAG_VIRTHREADS 0x00020000|
Thread IDs may be shuffled after each debug event.
(to be used for virtual threads that represent cpus for windbg kmode)
|#define DBG_FLAG_DEBTHREAD 0x00080000|
Supports creation of a separate thread in ida.
for the debugger (the debthread). Most debugger functions will be called from debthread (exceptions are marked below) The debugger module may directly call only THREAD_SAFE functions. To call other functions please use execute_sync(). The debthread significantly increases debugging speed, especially if debug events occur frequently (to be tested)
|#define DBG_FLAG_DEBUG_DLL 0x00100000|
Can debug standalone DLLs.
For example, Bochs debugger can debug any snippet of code
|#define DBG_FLAG_FAKE_MEMORY 0x00200000|
get_memory_info()/read_memory()/write_memory() work with the idb.
(there is no real process to read from, as for the replayer module) the kernel will not call these functions if this flag is set. however, third party plugins may call them, they must be implemented.
|#define DBG_FLAG_LAZY_WATCHPTS 0x02000000|
Watchpoints are triggered before the offending instruction is executed.
The debugger must temporarily disable the watchpoint and single-step before resuming.
Generated by 1.8.15