# IDA 7.1 Debugger API 7.1 Porting Guide ## IDA 7.1 debugging module: Porting from IDA 4.9-7.0 API to IDA 7.1 API ### Introduction The most important change is the use of the notification codes instead of callbacks. We added the new hook type HT\_IDD and replaced all callback pointers by notifications. The debugger module in the **debugger\_t** structure should provide only two callbacks now: * **set\_dbg\_options** - with the same meaning as was before * **callback** - this callback will be hooked to the HT\_IDD notification point when the debugger is loaded and unhooked during the debugger unloading. The debugger plugin will be the last one to receive notifications. ### Notifications In most cases the name of a notification event corresponds to the old callback name prefixed with "ev\_". However, please note that we renamed some events, for example: * **stopped\_at\_debug\_event** to **ev\_suspended**. Many notification callbacks now have an additional argument - **errbuf**, which is used to report the detailed error message. | original callback | notification code | | --------------------------- | ---------------------------- | | init\_debugger | ev\_init\_debugger | | term\_debugger | ev\_term\_debugger | | get\_processes | ev\_get\_processes | | start\_process | ev\_start\_process | | attach\_process | ev\_attach\_process | | detach\_process | ev\_detach\_process | | get\_debapp\_attrs | ev\_get\_debapp\_attrs | | rebase\_if\_required\_to | ev\_rebase\_if\_required\_to | | prepare\_to\_pause\_process | ev\_request\_pause | | exit\_process | ev\_exit\_process | | get\_debug\_event | ev\_get\_debug\_event | | continue\_after\_event | ev\_resume | | set\_exception\_info | ev\_set\_exception\_info | | stopped\_at\_debug\_event | ev\_suspended | | thread\_suspend | ev\_thread\_suspend | | thread\_continue | ev\_thread\_continue | | set\_resume\_mode | ev\_set\_resume\_mode | | read\_registers | ev\_read\_registers | | write\_register | ev\_write\_register | | thread\_get\_sreg\_base | ev\_thread\_get\_sreg\_base | | get\_memory\_info | ev\_get\_memory\_info | | read\_memory | ev\_read\_memory | | write\_memory | ev\_write\_memory | | is\_ok\_bpt | ev\_check\_bpt | | update\_bpts | ev\_update\_bpts | | update\_lowcnds | ev\_update\_lowcnds | | open\_file | ev\_open\_file | | close\_file | ev\_close\_file | | read\_file | ev\_read\_file | | write\_file | ev\_write\_file | | map\_address | ev\_map\_address | | get\_debmod\_extensions | ev\_get\_debmod\_extensions | | update\_call\_stack | ev\_update\_call\_stack | | appcall | ev\_appcall | | cleanup\_appcall | ev\_cleanup\_appcall | | eval\_lowcnd | ev\_eval\_lowcnd | | send\_ioctl | ev\_send\_ioctl | | dbg\_enable\_trace | ev\_dbg\_enable\_trace | | is\_tracing\_enabled | ev\_is\_tracing\_enabled | | rexec | ev\_rexec | | get\_srcinfo\_path | ev\_get\_srcinfo\_path | New notification code: * ev\_bin\_search IDA needs to know if the debugger module will react to specific notification codes. To describe this, the following flags have been added: * DBG\_HAS\_GET\_PROCESSES * DBG\_HAS\_ATTACH\_PROCESS * DBG\_HAS\_DETACH\_PROCESS * DBG\_HAS\_REQUEST\_PAUSE * DBG\_HAS\_SET\_EXCEPTION\_INFO * DBG\_HAS\_THREAD\_SUSPEND * DBG\_HAS\_THREAD\_CONTINUE * DBG\_HAS\_SET\_RESUME\_MODE * DBG\_HAS\_THREAD\_GET\_SREG\_BASE * DBG\_HAS\_CHECK\_BPT * DBG\_HAS\_OPEN\_FILE * DBG\_HAS\_UPDATE\_CALL\_STACK * DBG\_HAS\_APPCALL * DBG\_HAS\_REXEC Please see **idd.hpp** for more details. ### Structures There are several changes in the structures used by the debugger module. #### debugger\_t Renamed fields and methods: | original name | new name | | -------------------------- | ------------------- | | register\_classes | regclasses | | register\_classes\_default | default\_regclasses | | \_registers | registers | | registers\_size | nregs | | register | regs() | #### event\_id\_t Renamed events: | original name | new name | | ---------------- | ------------------ | | PROCESS\_START | PROCESS\_STARTED | | PROCESS\_EXIT | PROCESS\_EXITED | | THREAD\_START | THREAD\_STARTED | | THREAD\_EXIT | THREAD\_EXITED | | LIBRARY\_LOAD | LIB\_LOADED | | LIBRARY\_UNLOAD | LIB\_UNLOADED | | PROCESS\_ATTACH | PROCESS\_ATTACHED | | PROCESS\_DETACH | PROCESS\_DETACHED | | PROCESS\_SUSPEND | PROCESS\_SUSPENDED | Removed events: * SYSCALL * WINMESSAGE Please note that the event codes have been changed. #### debug\_event\_t Changed to be more robust and controlled. Public fields have been replaced by accessors. | original field | new accessor | | -------------- | ------------------------------- | | eid | eid(), set\_eid() | | modinfo | modinfo(), set\_modinfo() | | exit\_code | exit\_code(), set\_exit\_code() | | info | info(), set\_info() | | bpt | bpt(), set\_bpt() | | exc | exc(), set\_exc() | Please note that the event **THREAD\_STARTED** can return the thread name using the **info** accessor. #### bpt\_t Added new fields: * pid - breakpoint process id * tid - breakpoint thread id ### Example Plugin **highlighter** have been ported to use the new debugger module API.