Detailed Description
Debugger module features may be set inside debugger_t::init_debugger() except of the severals
Used by debugger_t::flags
Macros | |
| #define | DBG_FLAG_REMOTE 0x00000001 |
| Remote debugger (requires remote host name unless DBG_FLAG_NOHOST) | |
| #define | DBG_FLAG_NOHOST 0x00000002 |
| Remote debugger with does not require network params (host/port/pass). More... | |
| #define | DBG_FLAG_FAKE_ATTACH 0x00000004 |
| PROCESS_ATTACHED is a fake event More... | |
| #define | DBG_FLAG_HWDATBPT_ONE 0x00000008 |
| Hardware data breakpoints are. More... | |
| #define | DBG_FLAG_CAN_CONT_BPT 0x00000010 |
| Debugger knows to continue from a bpt. More... | |
| #define | DBG_FLAG_NEEDPORT 0x00000020 |
| Remote debugger requires port number (to be used with DBG_FLAG_NOHOST) | |
| #define | DBG_FLAG_DONT_DISTURB 0x00000040 |
| Debugger can handle only. More... | |
| #define | DBG_FLAG_SAFE 0x00000080 |
| The debugger is safe (probably because it just emulates the application. More... | |
| #define | DBG_FLAG_CLEAN_EXIT 0x00000100 |
| IDA must suspend the application and remove. More... | |
| #define | DBG_FLAG_USE_SREGS 0x00000200 |
| Take segment register values into account (non flat memory) | |
| #define | DBG_FLAG_NOSTARTDIR 0x00000400 |
| Debugger module doesn't use startup directory. | |
| #define | DBG_FLAG_NOPARAMETERS 0x00000800 |
| Debugger module doesn't use commandline parameters. | |
| #define | DBG_FLAG_NOPASSWORD 0x00001000 |
| Remote debugger doesn't use password. | |
| #define | DBG_FLAG_CONNSTRING 0x00002000 |
| Display "Connection string" instead of "Hostname" and hide the "Port" field. | |
| #define | DBG_FLAG_SMALLBLKS 0x00004000 |
| If set, IDA uses 256-byte blocks for caching memory contents. More... | |
| #define | DBG_FLAG_MANMEMINFO 0x00008000 |
| If set, manual memory region manipulation commands. More... | |
| #define | DBG_FLAG_EXITSHOTOK 0x00010000 |
| IDA may take a memory snapshot at PROCESS_EXITED event. | |
| #define | DBG_FLAG_VIRTHREADS 0x00020000 |
| Thread IDs may be shuffled after each debug event. More... | |
| #define | DBG_FLAG_LOWCNDS 0x00040000 |
| Low level breakpoint conditions are supported. | |
| #define | DBG_FLAG_DEBTHREAD 0x00080000 |
| Supports creation of a separate thread in ida. More... | |
| #define | DBG_FLAG_DEBUG_DLL 0x00100000 |
| Can debug standalone DLLs. More... | |
| #define | DBG_FLAG_FAKE_MEMORY 0x00200000 |
| get_memory_info()/read_memory()/write_memory() work with the idb. More... | |
| #define | DBG_FLAG_ANYSIZE_HWBPT 0x00400000 |
| The debugger supports arbitrary size hardware breakpoints. | |
| #define | DBG_FLAG_TRACER_MODULE 0x00800000 |
| The module is a tracer, not a full featured debugger module. | |
| #define | DBG_FLAG_PREFER_SWBPTS 0x01000000 |
| Prefer to use software breakpoints. | |
| #define | DBG_FLAG_LAZY_WATCHPTS 0x02000000 |
| Watchpoints are triggered before the offending instruction is executed. More... | |
| #define | DBG_FLAG_FAST_STEP 0x04000000 |
| Do not refresh memory layout info after single stepping. | |
Macro Definition Documentation
◆ DBG_FLAG_NOHOST
| #define DBG_FLAG_NOHOST 0x00000002 |
Remote debugger with does not require network params (host/port/pass).
(a unique device connected to the machine)
◆ DBG_FLAG_FAKE_ATTACH
| #define DBG_FLAG_FAKE_ATTACH 0x00000004 |
PROCESS_ATTACHED is a fake event
and does not suspend the execution
◆ DBG_FLAG_HWDATBPT_ONE
| #define DBG_FLAG_HWDATBPT_ONE 0x00000008 |
Hardware data breakpoints are.
one byte size by default
◆ DBG_FLAG_CAN_CONT_BPT
| #define DBG_FLAG_CAN_CONT_BPT 0x00000010 |
Debugger knows to continue from a bpt.
This flag also means that the debugger module hides breakpoints from ida upon read_memory
◆ DBG_FLAG_DONT_DISTURB
| #define DBG_FLAG_DONT_DISTURB 0x00000040 |
Debugger can handle only.
get_debug_event(), request_pause(), exit_process(). when the debugged process is running. The kernel may also call service functions (file I/O, map_address, etc)
◆ DBG_FLAG_SAFE
| #define DBG_FLAG_SAFE 0x00000080 |
The debugger is safe (probably because it just emulates the application.
without really running it)
◆ DBG_FLAG_CLEAN_EXIT
| #define DBG_FLAG_CLEAN_EXIT 0x00000100 |
IDA must suspend the application and remove.
all breakpoints before terminating the application. Usually this is not required because the application memory disappears upon termination.
◆ DBG_FLAG_SMALLBLKS
| #define DBG_FLAG_SMALLBLKS 0x00004000 |
If set, IDA uses 256-byte blocks for caching memory contents.
Otherwise, 1024-byte blocks are used
◆ DBG_FLAG_MANMEMINFO
| #define DBG_FLAG_MANMEMINFO 0x00008000 |
If set, manual memory region manipulation commands.
will be available. Use this bit for debugger modules that cannot return memory layout information
◆ DBG_FLAG_VIRTHREADS
| #define DBG_FLAG_VIRTHREADS 0x00020000 |
Thread IDs may be shuffled after each debug event.
(to be used for virtual threads that represent cpus for windbg kmode)
◆ DBG_FLAG_DEBTHREAD
| #define DBG_FLAG_DEBTHREAD 0x00080000 |
Supports creation of a separate thread in ida.
for the debugger (the debthread). Most debugger functions will be called from debthread (exceptions are marked below) The debugger module may directly call only THREAD_SAFE functions. To call other functions please use execute_sync(). The debthread significantly increases debugging speed, especially if debug events occur frequently (to be tested)
◆ DBG_FLAG_DEBUG_DLL
| #define DBG_FLAG_DEBUG_DLL 0x00100000 |
Can debug standalone DLLs.
For example, Bochs debugger can debug any snippet of code
◆ DBG_FLAG_FAKE_MEMORY
| #define DBG_FLAG_FAKE_MEMORY 0x00200000 |
get_memory_info()/read_memory()/write_memory() work with the idb.
(there is no real process to read from, as for the replayer module) the kernel will not call these functions if this flag is set. however, third party plugins may call them, they must be implemented.
◆ DBG_FLAG_LAZY_WATCHPTS
| #define DBG_FLAG_LAZY_WATCHPTS 0x02000000 |
Watchpoints are triggered before the offending instruction is executed.
The debugger must temporarily disable the watchpoint and single-step before resuming.
Generated by
1.8.15