#-------------------------------------------------------------------------- # D E B U G G E R I N T E R F A C E #-------------------------------------------------------------------------- def LoadDebugger(dbgname, use_remote): """ Load the debugger @param dbgname: debugger module name Examples: win32, linux, mac. @param use_remote: 0/1: use remote debugger or not @note: This function is needed only when running idc scripts from the command line. In other cases IDA loads the debugger module automatically. """ return idaapi.load_debugger(dbgname, use_remote) def StartDebugger(path, args, sdir): """ Launch the debugger @param path: path to the executable file. @param args: command line arguments @param sdir: initial directory for the process @return: -1-failed, 0-cancelled by the user, 1-ok @note: For all args: if empty, the default value from the database will be used See the important note to the StepInto() function """ return idaapi.start_process(path, args, sdir) def StopDebugger(): """ Stop the debugger Kills the currently debugger process and returns to the disassembly mode @return: success """ return idaapi.exit_process() def PauseProcess(): """ Suspend the running process Tries to suspend the process. If successful, the PROCESS_SUSPEND debug event will arrive (see GetDebuggerEvent) @return: success @note: To resume a suspended process use the GetDebuggerEvent function. See the important note to the StepInto() function """ return idaapi.suspend_process() def GetProcessQty(): """ Take a snapshot of running processes and return their number. """ return idaapi.get_process_qty() def GetProcessPid(idx): """ Get the process ID of a running process @param idx: number of process, is in range 0..GetProcessQty()-1 @return: 0 if failure """ pinfo = idaapi.process_info_t() pid = idaapi.get_process_info(idx, pinfo) if pid != idaapi.NO_PROCESS: return pinfo.pid else: return 0 def GetProcessName(idx): """ Get the name of a running process @param idx: number of process, is in range 0..GetProcessQty()-1 @return: None if failure """ pinfo = idaapi.process_info_t() pid = idaapi.get_process_info(idx, pinfo) return None if pid == idaapi.NO_PROCESS else pinfo.name def AttachProcess(pid, event_id): """ Attach the debugger to a running process @param pid: PID of the process to attach to. If NO_PROCESS, a dialog box will interactively ask the user for the process to attach to. @param event_id: reserved, must be -1 @return: - -2: impossible to find a compatible process - -1: impossible to attach to the given process (process died, privilege needed, not supported by the debugger plugin, ...) - 0: the user cancelled the attaching to the process - 1: the debugger properly attached to the process @note: See the important note to the StepInto() function """ return idaapi.attach_process(pid, event_id) def DetachProcess(): """ Detach the debugger from the debugged process. @return: success """ return idaapi.detach_process() def GetThreadQty(): """ Get number of threads. @return: number of threads """ return idaapi.get_thread_qty() def GetThreadId(idx): """ Get the ID of a thread @param idx: number of thread, is in range 0..GetThreadQty()-1 @return: -1 if failure """ return idaapi.getn_thread(idx) def GetCurrentThreadId(): """ Get current thread ID @return: -1 if failure """ return idaapi.get_current_thread() def SelectThread(tid): """ Select the given thread as the current debugged thread. @param tid: ID of the thread to select @return: success @note: The process must be suspended to select a new thread. """ return idaapi.select_thread(tid) def SuspendThread(tid): """ Suspend thread @param tid: thread id @return: -1:network error, 0-failed, 1-ok @note: Suspending a thread may deadlock the whole application if the suspended was owning some synchronization objects. """ return idaapi.suspend_thread(tid) def ResumeThread(tid): """ Resume thread @param tid: thread id @return: -1:network error, 0-failed, 1-ok """ return idaapi.resume_thread(tid) def _get_modules(): """ INTERNAL: Enumerate process modules """ module = idaapi.module_info_t() result = idaapi.get_first_module(module) while result: yield module result = idaapi.get_next_module(module) def GetFirstModule(): """ Enumerate process modules @return: first module's base address or None on failure """ for module in _get_modules(): return module.base else: return None def GetNextModule(base): """ Enumerate process modules @param base: previous module's base address @return: next module's base address or None on failure """ foundit = False for module in _get_modules(): if foundit: return module.base if module.base == base: foundit = True else: return None def GetModuleName(base): """ Get process module name @param base: the base address of the module @return: required info or None """ for module in _get_modules(): if module.base == base: return module.name else: return 0 def GetModuleSize(base): """ Get process module size @param base: the base address of the module @return: required info or -1 """ for module in _get_modules(): if module.base == base: return module.size else: return -1 def StepInto(): """ Execute one instruction in the current thread. Other threads are kept suspended. @return: success @note: You must call GetDebuggerEvent() after this call in order to find out what happened. Normally you will get the STEP event but other events are possible (for example, an exception might occur or the process might exit). This remark applies to all execution control functions. The event codes depend on the issued command. """ return idaapi.step_into() def StepOver(): """ Execute one instruction in the current thread, but without entering into functions Others threads keep suspended. See the important note to the StepInto() function @return: success """ return idaapi.step_over() def RunTo(ea): """ Execute the process until the given address is reached. If no process is active, a new process is started. See the important note to the StepInto() function @return: success """ return idaapi.run_to(ea) def StepUntilRet(): """ Execute instructions in the current thread until a function return instruction is reached. Other threads are kept suspended. See the important note to the StepInto() function @return: success """ return idaapi.step_until_ret() def GetDebuggerEvent(wfne, timeout): """ Wait for the next event This function (optionally) resumes the process execution and wait for a debugger event until timeout @param wfne: combination of WFNE_... constants @param timeout: number of seconds to wait, -1-infinity @return: debugger event codes, see below """ return idaapi.wait_for_next_event(wfne, timeout) def ResumeProcess(): return GetDebuggerEvent(WFNE_CONT|WFNE_NOWAIT, 0) def SendDbgCommand(cmd): """Sends a command to the debugger module and returns the output string. An exception will be raised if the debugger is not running or the current debugger does not export the 'SendDbgCommand' IDC command. """ s = Eval('SendDbgCommand("%s");' % idaapi.str2user(cmd)) if s.startswith("IDC_FAILURE"): raise Exception, "Debugger command is available only when the debugger is active!" return s # wfne flag is combination of the following: WFNE_ANY = 0x0001 # return the first event (even if it doesn't suspend the process) # if the process is still running, the database # does not reflect the memory state. you might want # to call RefreshDebuggerMemory() in this case WFNE_SUSP = 0x0002 # wait until the process gets suspended WFNE_SILENT = 0x0004 # 1: be slient, 0:display modal boxes if necessary WFNE_CONT = 0x0008 # continue from the suspended state WFNE_NOWAIT = 0x0010 # do not wait for any event, immediately return DEC_TIMEOUT # (to be used with WFNE_CONT) # debugger event codes NOTASK = -2 # process does not exist DBG_ERROR = -1 # error (e.g. network problems) DBG_TIMEOUT = 0 # timeout PROCESS_START = 0x00000001 # New process started PROCESS_EXIT = 0x00000002 # Process stopped THREAD_START = 0x00000004 # New thread started THREAD_EXIT = 0x00000008 # Thread stopped BREAKPOINT = 0x00000010 # Breakpoint reached STEP = 0x00000020 # One instruction executed EXCEPTION = 0x00000040 # Exception LIBRARY_LOAD = 0x00000080 # New library loaded LIBRARY_UNLOAD = 0x00000100 # Library unloaded INFORMATION = 0x00000200 # User-defined information SYSCALL = 0x00000400 # Syscall (not used yet) WINMESSAGE = 0x00000800 # Window message (not used yet) PROCESS_ATTACH = 0x00001000 # Attached to running process PROCESS_DETACH = 0x00002000 # Detached from process PROCESS_SUSPEND = 0x00004000 # Process has been suspended def RefreshDebuggerMemory(): """ Refresh debugger memory Upon this call IDA will forget all cached information about the debugged process. This includes the segmentation information and memory contents (register cache is managed automatically). Also, this function refreshes exported name from loaded DLLs. You must call this function before using the segmentation information, memory contents, or names of a non-suspended process. This is an expensive call. """ return idaapi.refresh_debugger_memory() def TakeMemorySnapshot(only_loader_segs): """ Take memory snapshot of the debugged process @param only_loader_segs: 0-copy all segments to idb 1-copy only SFL_LOADER segments """ return idaapi.take_memory_snapshot(only_loader_segs) def GetProcessState(): """ Get debugged process state @return: one of the DBG_... constants (see below) """ return idaapi.get_process_state() DSTATE_SUSP = -1 # process is suspended DSTATE_NOTASK = 0 # no process is currently debugged DSTATE_RUN = 1 # process is running DSTATE_RUN_WAIT_ATTACH = 2 # process is running, waiting for process properly attached DSTATE_RUN_WAIT_END = 3 # process is running, but the user asked to kill/detach the process # remark: in this case, most events are ignored """ Get various information about the current debug event These functions are valid only when the current event exists (the process is in the suspended state) """ # For all events: def GetEventId(): """ Get ID of debug event @return: event ID """ ev = idaapi.get_debug_event() assert ev, "Could not retrieve debug event" return ev.eid def GetEventPid(): """ Get process ID for debug event @return: process ID """ ev = idaapi.get_debug_event() assert ev, "Could not retrieve debug event" return ev.pid def GetEventTid(): """ Get type ID for debug event @return: type ID """ ev = idaapi.get_debug_event() assert ev, "Could not retrieve debug event" return ev.tid def GetEventEa(): """ Get ea for debug event @return: ea """ ev = idaapi.get_debug_event() assert ev, "Could not retrieve debug event" return ev.ea def IsEventHandled(): """ Is the debug event handled? @return: boolean """ ev = idaapi.get_debug_event() assert ev, "Could not retrieve debug event" return ev.handled # For PROCESS_START, PROCESS_ATTACH, LIBRARY_LOAD events: def GetEventModuleName(): """ Get module name for debug event @return: module name """ ev = idaapi.get_debug_event() assert ev, "Could not retrieve debug event" return idaapi.get_event_module_name(ev) def GetEventModuleBase(): """ Get module base for debug event @return: module base """ ev = idaapi.get_debug_event() assert ev, "Could not retrieve debug event" return idaapi.get_event_module_base(ev) def GetEventModuleSize(): """ Get module size for debug event @return: module size """ ev = idaapi.get_debug_event() assert ev, "Could not retrieve debug event" return idaapi.get_event_module_size(ev) def GetEventExitCode(): """ Get exit code for debug event @return: exit code for PROCESS_EXIT, THREAD_EXIT events """ ev = idaapi.get_debug_event() assert ev, "Could not retrieve debug event" return ev.exit_code def GetEventInfo(): """ Get debug event info @return: event info: for LIBRARY_UNLOAD (unloaded library name) for INFORMATION (message to display) """ ev = idaapi.get_debug_event() assert ev, "Could not retrieve debug event" return idaapi.get_event_info(ev) def GetEventBptHardwareEa(): """ Get hardware address for BREAKPOINT event @return: hardware address """ ev = idaapi.get_debug_event() assert ev, "Could not retrieve debug event" return idaapi.get_event_bpt_hea(ev) def GetEventExceptionCode(): """ Get exception code for EXCEPTION event @return: exception code """ ev = idaapi.get_debug_event() assert ev, "Could not retrieve debug event" return idaapi.get_event_exc_code(ev) def GetEventExceptionEa(): """ Get address for EXCEPTION event @return: adress of exception """ ev = idaapi.get_debug_event() assert ev, "Could not retrieve debug event" return idaapi.get_event_exc_ea(ev) def CanExceptionContinue(): """ Can it continue after EXCEPTION event? @return: boolean """ ev = idaapi.get_debug_event() assert ev, "Could not retrieve debug event" return idaapi.can_exc_continue(ev) def GetEventExceptionInfo(): """ Get info for EXCEPTION event @return: info string """ ev = idaapi.get_debug_event() assert ev, "Could not retrieve debug event" return idaapi.get_event_exc_info(ev) def SetDebuggerOptions(opt): """ Get/set debugger options @param opt: combination of DOPT_... constants @return: old options """ return idaapi.set_debugger_options(opt) DOPT_SEGM_MSGS = 0x00000001 # print messages on debugger segments modifications DOPT_START_BPT = 0x00000002 # break on process start DOPT_THREAD_MSGS = 0x00000004 # print messages on thread start/exit DOPT_THREAD_BPT = 0x00000008 # break on thread start/exit DOPT_BPT_MSGS = 0x00000010 # print message on breakpoint DOPT_LIB_MSGS = 0x00000040 # print message on library load/unlad DOPT_LIB_BPT = 0x00000080 # break on library load/unlad DOPT_INFO_MSGS = 0x00000100 # print message on debugging information DOPT_INFO_BPT = 0x00000200 # break on debugging information DOPT_REAL_MEMORY = 0x00000400 # don't hide breakpoint instructions DOPT_REDO_STACK = 0x00000800 # reconstruct the stack DOPT_ENTRY_BPT = 0x00001000 # break on program entry point DOPT_EXCDLG = 0x00006000 # exception dialogs: EXCDLG_NEVER = 0x00000000 # never display exception dialogs EXCDLG_UNKNOWN = 0x00002000 # display for unknown exceptions EXCDLG_ALWAYS = 0x00006000 # always display DOPT_LOAD_DINFO = 0x00008000 # automatically load debug files (pdb) def GetDebuggerEventCondition(): """ Return the debugger event condition """ return idaapi.get_debugger_event_cond() def SetDebuggerEventCondition(cond): """ Set the debugger event condition """ return idaapi.set_debugger_event_cond(cond) def SetRemoteDebugger(hostname, password, portnum): """ Set remote debugging options @param hostname: remote host name or address if empty, revert to local debugger @param password: password for the debugger server @param portnum: port number to connect (-1: don't change) @return: nothing """ return idaapi.set_remote_debugger(hostname, password, portnum) def GetExceptionQty(): """ Get number of defined exception codes """ return idaapi.get_exception_qty() def GetExceptionCode(idx): """ Get exception code @param idx: number of exception in the vector (0..GetExceptionQty()-1) @return: exception code (0 - error) """ return idaapi.get_exception_code(idx) def GetExceptionName(code): """ Get exception information @param code: exception code @return: "" on error """ return idaapi.get_exception_name(code) def GetExceptionFlags(code): """ Get exception information @param code: exception code @return: -1 on error """ return idaapi.get_exception_flags(code) def DefineException(code, name, desc, flags): """ Add exception handling information @param code: exception code @param name: exception name @param desc: exception description @param flags: exception flags (combination of EXC_...) @return: failure description or "" """ return idaapi.define_exception(code, name, desc, flags) EXC_BREAK = 0x0001 # break on the exception EXC_HANDLE = 0x0002 # should be handled by the debugger? def SetExceptionFlags(code, flags): """ Set exception flags @param code: exception code @param flags: exception flags (combination of EXC_...) """ return idaapi.set_exception_flags(code, flags) def ForgetException(code): """ Delete exception handling information @param code: exception code """ return idaapi.forget_exception(code) def GetRegValue(name): """ Get register value @param name: the register name @note: The debugger should be running. otherwise the function fails the register name should be valid. It is not necessary to use this function to get register values because a register name in the script will do too. @return: register value (integer or floating point) """ rv = idaapi.regval_t() res = idaapi.get_reg_val(name, rv) assert res, "get_reg_val() failed, bogus register name ('%s') perhaps?" % name return rv.ival def SetRegValue(value, name): """ Set register value @param name: the register name @param value: new register value @note: The debugger should be running It is not necessary to use this function to set register values. A register name in the left side of an assignment will do too. """ rv = idaapi.regval_t() if type(value) == types.StringType: value = int(value, 16) elif type(value) != types.IntType and type(value) != types.LongType: print "SetRegValue: value must be integer!" return BADADDR if value < 0: #ival_set cannot handle negative numbers value &= 0xFFFFFFFF rv.ival = value return idaapi.set_reg_val(name, rv) def GetBptQty(): """ Get number of breakpoints. @return: number of breakpoints """ return idaapi.get_bpt_qty() def GetBptEA(n): """ Get breakpoint address @param n: number of breakpoint, is in range 0..GetBptQty()-1 @return: addresss of the breakpoint or BADADDR """ bpt = idaapi.bpt_t() if idaapi.getn_bpt(n, bpt): return bpt.ea else: return BADADDR def GetBptAttr(ea, bptattr): """ Get the characteristics of a breakpoint @param ea: any address in the breakpoint range @param bptattr: the desired attribute code, one of BPTATTR_... constants @return: the desired attribute value or -1 """ bpt = idaapi.bpt_t() if not idaapi.get_bpt(ea, bpt): return -1 else: if bptattr == BPTATTR_EA: return bpt.ea if bptattr == BPTATTR_SIZE: return bpt.size if bptattr == BPTATTR_TYPE: return bpt.type if bptattr == BPTATTR_COUNT: return bpt.pass_count if bptattr == BPTATTR_FLAGS: return bpt.flags if bptattr == BPTATTR_COND: return bpt.condition return -1 BPTATTR_EA = 1 # starting address of the breakpoint BPTATTR_SIZE = 2 # size of the breakpoint (undefined for software breakpoint) # type of the breakpoint BPTATTR_TYPE = 3 # Breakpoint types: BPT_WRITE = 1 # Hardware: Write access BPT_RDWR = 3 # Hardware: Read/write access BPT_SOFT = 4 # Software breakpoint BPT_EXEC = 8 # Hardware: Execute instruction BPT_DEFAULT = (BPT_SOFT|BPT_EXEC); # Choose bpt type automaticaly BPTATTR_COUNT = 4 BPTATTR_FLAGS = 5 BPT_BRK = 0x001 # the debugger stops on this breakpoint BPT_TRACE = 0x002 # the debugger adds trace information when this breakpoint is reached BPT_UPDMEM = 0x004 # refresh the memory layout and contents before evaluating bpt condition BPT_ENABLED = 0x008 # enabled? BPT_LOWCND = 0x010 # condition is calculated at low level (on the server side) BPT_TRACEON = 0x020 # enable tracing when the breakpoint is reached BPT_TRACE_INSN = 0x040 # instruction tracing BPT_TRACE_FUNC = 0x080 # function tracing BPT_TRACE_BBLK = 0x100 # basic block tracing BPTATTR_COND = 6 # Breakpoint condition. NOTE: the return value is a string in this case # Breakpoint location type: BPLT_ABS = 0 # Absolute address. Attributes: # - locinfo: absolute address BPLT_REL = 1 # Module relative address. Attributes: # - locpath: the module path # - locinfo: offset from the module base address BPLT_SYM = 2 # Symbolic name. The name will be resolved on DLL load/unload # events and on naming an address. Attributes: # - locpath: symbol name # - locinfo: offset from the symbol base address def SetBptAttr(address, bptattr, value): """ modifiable characteristics of a breakpoint @param address: any address in the breakpoint range @param bptattr: the attribute code, one of BPTATTR_* constants BPTATTR_CND is not allowed, see SetBptCnd() @param value: the attibute value @return: success """ bpt = idaapi.bpt_t() if not idaapi.get_bpt(address, bpt): return False else: if bptattr not in [ BPTATTR_SIZE, BPTATTR_TYPE, BPTATTR_FLAGS, BPTATTR_COUNT ]: return False if bptattr == BPTATTR_SIZE: bpt.size = value if bptattr == BPTATTR_TYPE: bpt.type = value if bptattr == BPTATTR_COUNT: bpt.pass_count = value if bptattr == BPTATTR_FLAGS: bpt.flags = value idaapi.update_bpt(bpt) return True def SetBptCndEx(ea, cnd, is_lowcnd): """ Set breakpoint condition @param ea: any address in the breakpoint range @param cnd: breakpoint condition @param is_lowcnd: 0 - regular condition, 1 - low level condition @return: success """ bpt = idaapi.bpt_t() if not idaapi.get_bpt(ea, bpt): return False bpt.condition = cnd if is_lowcnd: bpt.flags |= BPT_LOWCND else: bpt.flags &= ~BPT_LOWCND return idaapi.update_bpt(bpt) def SetBptCnd(ea, cnd): """ Set breakpoint condition @param ea: any address in the breakpoint range @param cnd: breakpoint condition @return: success """ return SetBptCndEx(ea, cnd, 0) def AddBptEx(ea, size, bpttype): """ Add a new breakpoint @param ea: any address in the process memory space: @param size: size of the breakpoint (irrelevant for software breakpoints): @param bpttype: type of the breakpoint (one of BPT_... constants) @return: success @note: Only one breakpoint can exist at a given address. """ return idaapi.add_bpt(ea, size, bpttype) def AddBpt(ea): return AddBptEx(ea, 0, BPT_DEFAULT) def DelBpt(ea): """ Delete breakpoint @param ea: any address in the process memory space: @return: success """ return idaapi.del_bpt(ea) def EnableBpt(ea, enable): """ Enable/disable breakpoint @param ea: any address in the process memory space @return: success @note: Disabled breakpoints are not written to the process memory """ return idaapi.enable_bpt(ea, enable) def CheckBpt(ea): """ Check a breakpoint @param ea: address in the process memory space @return: one of BPTCK_... constants """ return idaapi.check_bpt(ea) BPTCK_NONE = -1 # breakpoint does not exist BPTCK_NO = 0 # breakpoint is disabled BPTCK_YES = 1 # breakpoint is enabled BPTCK_ACT = 2 # breakpoint is active (written to the process) def EnableTracing(trace_level, enable): """ Enable step tracing @param trace_level: what kind of trace to modify @param enable: 0: turn off, 1: turn on @return: success """ assert trace_level in [ TRACE_STEP, TRACE_INSN, TRACE_FUNC ], "trace_level must be one of TRACE_* constants" if trace_level == TRACE_STEP: return idaapi.enable_step_trace(enable) if trace_level == TRACE_INSN: return idaapi.enable_insn_trace(enable) if trace_level == TRACE_FUNC: return idaapi.enable_func_trace(enable) return False TRACE_STEP = 0x0 # lowest level trace. trace buffers are not maintained TRACE_INSN = 0x1 # instruction level trace TRACE_FUNC = 0x2 # function level trace (calls & rets) def GetStepTraceOptions(): """ Get step current tracing options @return: a combination of ST_... constants """ return idaapi.get_step_trace_options() def SetStepTraceOptions(options): """ Set step current tracing options. @param options: combination of ST_... constants """ return idaapi.set_step_trace_options(options) ST_OVER_DEBUG_SEG = 0x01 # step tracing will be disabled when IP is in a debugger segment ST_OVER_LIB_FUNC = 0x02 # step tracing will be disabled when IP is in a library function ST_ALREADY_LOGGED = 0x04 # step tracing will be disabled when IP is already logged ST_SKIP_LOOPS = 0x08 # step tracing will try to skip loops already recorded def LoadTraceFile(filename): """ Load a previously recorded binary trace file @param filename: trace file """ return idaapi.load_trace_file(filename) def SaveTraceFile(filename, description): """ Save current trace to a binary trace file @param filename: trace file @param description: trace description """ return idaapi.save_trace_file(filename, description) def CheckTraceFile(filename): """ Check the given binary trace file @param filename: trace file """ return idaapi.is_valid_trace_file(filename) def DiffTraceFile(filename): """ Diff current trace buffer against given trace @param filename: trace file """ return idaapi.diff_trace_file(filename) def ClearTraceFile(filename): """ Clear the current trace buffer """ return idaapi.clear_trace() def GetTraceDesc(filename): """ Get the trace description of the given binary trace file @param filename: trace file """ return idaapi.get_trace_file_desc(filename) def SetTraceDesc(filename, description): """ Update the trace description of the given binary trace file @param filename: trace file @description: trace description """ return idaapi.set_trace_file_desc(filename, description) def GetMaxTev(): """ Return the total number of recorded events """ return idaapi.get_tev_qty() def GetTevEa(tev): """ Return the address of the specified event @param tev: event number """ return idaapi.get_tev_ea(tev) TEV_NONE = 0 # no event TEV_INSN = 1 # an instruction trace TEV_CALL = 2 # a function call trace TEV_RET = 3 # a function return trace TEV_BPT = 4 # write, read/write, execution trace TEV_MEM = 5 # memory layout changed TEV_EVENT = 6 # debug event def GetTevType(tev): """ Return the type of the specified event (TEV_... constants) @param tev: event number """ return idaapi.get_tev_type(tev) def GetTevTid(tev): """ Return the thread id of the specified event @param tev: event number """ return idaapi.get_tev_tid(tev) def GetTevRegVal(tev, reg): """ Return the register value for the specified event @param tev: event number @param reg: register name (like EAX, RBX, ...) """ return idaapi.get_tev_reg_val(tev, reg) def GetTevRegMemQty(tev): """ Return the number of memory addresses recorded for the specified event @param tev: event number """ return idaapi.get_tev_reg_mem_qty(tev) def GetTevRegMem(tev, idx): """ Return the memory pointed by 'index' for the specified event @param tev: event number @param idx: memory address index """ return idaapi.get_tev_reg_mem(tev, idx) def GetTevRegMemEa(tev, idx): """ Return the address pointed by 'index' for the specified event @param tev: event number @param idx: memory address index """ return idaapi.get_tev_reg_mem_ea(tev, idx) def GetTevCallee(tev): """ Return the address of the callee for the specified event @param tev: event number """ return idaapi.get_call_tev_callee(tev) def GetTevReturn(tev): """ Return the return address for the specified event @param tev: event number """ return idaapi.get_ret_tev_return(tev) def GetBptTevEa(tev): """ Return the address of the specified TEV_BPT event @param tev: event number """ return idaapi.get_bpt_tev_ea(tev)