Module ida_idd

IDA Plugin SDK API wrapper: idd

Classes
	Appcall__
	Appcall_array__ This class is used with Appcall.array() method
	Appcall_callable__ Helper class to issue appcalls using a natural syntax:...
	Appcall_consts__ Helper class used by Appcall.Consts attribute It is used to retrieve constants via attribute access
	bptaddr_t Proxy of C++ bptaddr_t class.
	call_stack_info_t Proxy of C++ call_stack_info_t class.
	call_stack_t Proxy of C++ qvector< call_stack_info_t > class.
	debapp_attrs_t Proxy of C++ debapp_attrs_t class.
	debug_event_t Proxy of C++ debug_event_t class.
	exception_info_t Proxy of C++ exception_info_t class.
	excinfo_t Proxy of C++ excinfo_t class.
	excvec_t Proxy of C++ qvector< exception_info_t > class.
	meminfo_vec_t Proxy of C++ qvector< memory_info_t > class.
	memory_info_t Proxy of C++ memory_info_t class.
	modinfo_t Proxy of C++ modinfo_t class.
	process_info_t Proxy of C++ process_info_t class.
	procinfo_vec_t Proxy of C++ qvector< process_info_t > class.
	register_info_t Proxy of C++ register_info_t class.
	regval_t Proxy of C++ regval_t class.
	scattered_segm_t Proxy of C++ scattered_segm_t class.
	thread_name_t Proxy of C++ thread_name_t class.

Functions

PyObject *

appcall(func_ea, tid, _type_or_none, _fields, arg_list)

bool

can_exc_continue(ev)

error_t

cleanup_appcall(tid)
Cleanup after manual appcall.

error_t

dbg_appcall(retval, func_ea, tid, ptif, argv, argnum)
Call a function from the debugged application.

PyObject *

dbg_get_memory_info()
This function returns the memory configuration of a debugged process.

PyObject *

dbg_get_name()
This function returns the current debugger's name.

PyObject *

dbg_get_registers()
This function returns the register definition from the currently loaded debugger.

PyObject *

dbg_get_thread_sreg_base(tid, sreg_value)
Returns the segment register base value

PyObject *

dbg_read_memory(ea, sz)
Reads from the debugee's memory at the specified ea

PyObject *

dbg_write_memory(ea, buf)
Writes a buffer to the debugee's memory

ea_t

get_event_bpt_hea(ev)

uint

get_event_exc_code(ev)

ea_t

get_event_exc_ea(ev)

str

get_event_exc_info(ev)

str

get_event_info(ev)

ea_t

get_event_module_base(ev)

str

get_event_module_name(ev)

asize_t

get_event_module_size(ev)

set_debug_event_code(ev, id)

Variables
	Appcall = `<ida_idd.Appcall__ object>`
	BBLK_TRACE = `8`
	BPT_DEFAULT = `12`
	BPT_EXEC = `8`
	BPT_RDWR = `3`
	BPT_READ = `2`
	BPT_SOFT = `4`
	BPT_WRITE = `1`
	BREAKPOINT = `16`
	DEF_ADDRSIZE = `4`
	DRC_CRC = `2`
	DRC_ERROR = `-7`
	DRC_EVENTS = `3`
	DRC_FAILED = `-1`
	DRC_IDBSEG = `-4`
	DRC_NETERR = `-2`
	DRC_NOCHG = `-6`
	DRC_NOFILE = `-3`
	DRC_NONE = `0`
	DRC_NOPROC = `-5`
	DRC_OK = `1`
	EXCEPTION = `64`
	EXC_BREAK = `1`
	EXC_HANDLE = `2`
	EXC_MSG = `4`
	EXC_SILENT = `8`
	FUNC_TRACE = `4`
	IDD_INTERFACE_VERSION = `25`
	INFORMATION = `512`
	INSN_TRACE = `2`
	LIB_LOADED = `128`
	LIB_UNLOADED = `256`
	NO_EVENT = `0`
	NO_PROCESS = `4294967295`
	NO_THREAD = `0`
	PROCESS_ATTACHED = `1024`
	PROCESS_DETACHED = `2048`
	PROCESS_EXITED = `2`
	PROCESS_STARTED = `1`
	PROCESS_SUSPENDED = `4096`
	REGISTER_ADDRESS = `16`
	REGISTER_CS = `32`
	REGISTER_CUSTFMT = `256`
	REGISTER_FP = `8`
	REGISTER_IP = `2`
	REGISTER_NOLF = `128`
	REGISTER_READONLY = `1`
	REGISTER_SP = `4`
	REGISTER_SS = `64`
	RESMOD_HANDLE = `8`
	RESMOD_INTO = `1`
	RESMOD_MAX = `9`
	RESMOD_NONE = `0`
	RESMOD_OUT = `3`
	RESMOD_OVER = `2`
	RESMOD_SRCINTO = `4`
	RESMOD_SRCOUT = `6`
	RESMOD_SRCOVER = `5`
	RESMOD_USER = `7`
	RQ_IDAIDLE = `128`
	RQ_IGNWERR = `4`
	RQ_MASKING = `1`
	RQ_NOSUSP = `0`
	RQ_PROCEXIT = `64`
	RQ_RESMOD = `61440`
	RQ_RESMOD_SHIFT = `12`
	RQ_RESUME = `512`
	RQ_SILENT = `8`
	RQ_SUSPEND = `2`
	RQ_SUSPRUN = `256`
	RQ_SWSCREEN = `16`
	RQ_VERBOSE = `0`
	RQ__NOTHRRF = `32`
	RVT_FLOAT = `-2`
	RVT_INT = `-1`
	RVT_UNAVAILABLE = `-3`
	STEP = `32`
	STEP_TRACE = `1`
	SWIG_PYTHON_LEGACY_BOOL = `1`
	THREAD_EXITED = `8`
	THREAD_STARTED = `4`
	TRACE_FULL = `8192`
	__package__ = `None`
	cvar = `??`

Function Details

cleanup_appcall(tid)

Cleanup after manual appcall.

Parameters:

tid - thread to use. NO_THREAD means to use the current thread The application state is restored as it was before calling the last appcall(). Nested appcalls are supported. (C++: thid_t)

Returns: error_t

eOk if successful, otherwise an error code

dbg_appcall(retval, func_ea, tid, ptif, argv, argnum)

Call a function from the debugged application.

Parameters:

retval, (C++ - idc_value_t *)
func_ea - address to call (C++: ea_t)
tid - thread to use. NO_THREAD means to use the current thread (C++: thid_t)
ptif - pointer to type of the function to call (C++: const tinfo_t *)
argv - array of arguments (C++: idc_value_t *)
argnum - number of actual arguments (C++: size_t)

Returns: error_t

eOk if successful, otherwise an error code

dbg_get_memory_info()

This function returns the memory configuration of a debugged process.

Returns: PyObject *: None if no debugger is active tuple(start_ea, end_ea, name, sclass, sbase, bitness, perm)

dbg_get_name()

This function returns the current debugger's name.

Returns: PyObject *: Debugger name or None if no debugger is active

dbg_get_registers()

This function returns the register definition from the currently loaded debugger. Basically, it returns an array of structure similar to to idd.hpp / register_info_t

Returns: PyObject *: None if no debugger is loaded tuple(name, flags, class, dtype, bit_strings, default_bit_strings_mask) The bit_strings can be a tuple of strings or None (if the register does not have bit_strings)

dbg_get_thread_sreg_base(tid, sreg_value)

Returns the segment register base value

Parameters:

tid - thread id
sreg_value - segment register (selector) value

Returns: PyObject *

The base as an 'ea'
Or None on failure

dbg_read_memory(ea, sz)

Reads from the debugee's memory at the specified ea

Returns: PyObject *

The read buffer (as a string)
Or None on failure

dbg_write_memory(ea, buf)

Writes a buffer to the debugee's memory

Returns: PyObject *: Boolean