Package winappdbg :: Module breakpoint :: Class HardwareBreakpoint

[frames] | no frames]

Class HardwareBreakpoint

source code

Hardware breakpoint (using debug registers).

See Also: Debug.watch_variable

Instance Methods

[hide private]

__init__(self, address, triggerFlag=3, sizeFlag=3, condition=True, action=None)
Hardware breakpoint object.

source code

__clear_bp(self, aThread)
Clears this breakpoint from the debug registers.

source code

__set_bp(self, aThread)
Sets this breakpoint in the debug registers.

source code

__repr__(self)
repr(x) (Inherited from winappdbg.breakpoint.Breakpoint)

source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __setattr__, __sizeof__, __str__, __subclasshook__

Information

int

get_slot(self)
Returns: The debug register number used by this breakpoint, or None if the breakpoint is not active. source code

int

get_trigger(self)
Returns: The breakpoint trigger flag.

source code

int

get_watch(self)
Returns: The breakpoint watch flag.

source code

int

get_address(self)
Returns: The target memory address for the breakpoint. (Inherited from winappdbg.breakpoint.Breakpoint)

source code

int

get_size(self)
Returns: The size in bytes of the breakpoint. (Inherited from winappdbg.breakpoint.Breakpoint)

source code

tuple( int, int )

get_span(self)
Returns: Starting and ending address of the memory range covered by the breakpoint. (Inherited from winappdbg.breakpoint.Breakpoint)

source code

bool

is_here(self, address)
Returns: True if the address is within the range of the breakpoint. (Inherited from winappdbg.breakpoint.Breakpoint) source code

State machine

disable(self, aProcess, aThread)
Transition to DISABLED state.

source code

enable(self, aProcess, aThread)
Transition to ENABLED state.

source code

one_shot(self, aProcess, aThread)
Transition to ONESHOT state.

source code

running(self, aProcess, aThread)
Transition to RUNNING state.

source code

int

get_state(self)
Returns: The current state of the breakpoint (DISABLED, ENABLED, ONESHOT, RUNNING). (Inherited from winappdbg.breakpoint.Breakpoint)

source code

str

get_state_name(self)
Returns: The name of the current state of the breakpoint. (Inherited from winappdbg.breakpoint.Breakpoint)

source code

hit(self, event)
Notify a breakpoint that it's been hit. (Inherited from winappdbg.breakpoint.Breakpoint)

source code

bool

is_disabled(self)
Returns: True if the breakpoint is in DISABLED state. (Inherited from winappdbg.breakpoint.Breakpoint) source code

bool

is_enabled(self)
Returns: True if the breakpoint is in ENABLED state. (Inherited from winappdbg.breakpoint.Breakpoint) source code

bool

is_one_shot(self)
Returns: True if the breakpoint is in ONESHOT state. (Inherited from winappdbg.breakpoint.Breakpoint) source code

bool

is_running(self)
Returns: True if the breakpoint is in RUNNING state. (Inherited from winappdbg.breakpoint.Breakpoint) source code

Conditional breakpoints

bool

eval_condition(self, event)
Evaluates the breakpoint condition, if any was set. (Inherited from winappdbg.breakpoint.Breakpoint)

source code

bool, function

get_condition(self)
Returns: Returns the condition callback for conditional breakpoints. (Inherited from winappdbg.breakpoint.Breakpoint)

source code

bool

is_conditional(self)
Returns: True if the breakpoint has a condition callback defined. (Inherited from winappdbg.breakpoint.Breakpoint) source code

bool

is_unconditional(self)
Returns: True if the breakpoint doesn't have a condition callback defined. (Inherited from winappdbg.breakpoint.Breakpoint) source code

set_condition(self, condition=True)
Sets a new condition callback for the breakpoint. (Inherited from winappdbg.breakpoint.Breakpoint)

source code

Automatic breakpoints

bool, function

get_action(self)
Returns: Returns the action callback for automatic breakpoints. (Inherited from winappdbg.breakpoint.Breakpoint)

source code

bool

is_automatic(self)
Returns: True if the breakpoint has an action callback defined. (Inherited from winappdbg.breakpoint.Breakpoint) source code

bool

is_interactive(self)
Returns: True if the breakpoint doesn't have an action callback defined. (Inherited from winappdbg.breakpoint.Breakpoint) source code

run_action(self, event)
Executes the breakpoint action callback, if any was set. (Inherited from winappdbg.breakpoint.Breakpoint)

source code

set_action(self, action=None)
Sets a new action callback for the breakpoint. (Inherited from winappdbg.breakpoint.Breakpoint)

source code

Class Variables

[hide private]

str typeName = 'hardware breakpoint'
User friendly breakpoint type string.

tuple validTriggers = (0, 1, 3)
Valid trigger flag values.

tuple validWatchSizes = (0, 1, 3, 2)
Valid watch flag values.

dict { int → str } stateNames = {0: 'disabled', 1: 'enabled', 2: 'one shot', 3: '...
User-friendly names for each breakpoint state. (Inherited from winappdbg.breakpoint.Breakpoint)

Trigger flags

int BREAK_ON_EXECUTION = 0
Break on execution.

int BREAK_ON_WRITE = 1
Break on write.

int BREAK_ON_ACCESS = 3
Break on read or write.

Watch size flags

int WATCH_BYTE = 0
Watch a byte.

int WATCH_WORD = 1
Watch a word (2 bytes).

int WATCH_DWORD = 3
Watch a double word (4 bytes).

int WATCH_QWORD = 2
Watch one quad word (8 bytes).

Breakpoint states

int DISABLED = 0
Disabled → Enabled, OneShot (Inherited from winappdbg.breakpoint.Breakpoint)

int ENABLED = 1
Enabled → Running, Disabled (Inherited from winappdbg.breakpoint.Breakpoint)

int ONESHOT = 2
OneShot → Disabled (Inherited from winappdbg.breakpoint.Breakpoint)

int RUNNING = 3
Running → Enabled, Disabled (Inherited from winappdbg.breakpoint.Breakpoint)

Properties

[hide private]

Inherited from object: __class__

Method Details

[hide private]

init(self, address, triggerFlag=3, sizeFlag=3, condition=True, action=None)
(Constructor)

source code

Hardware breakpoint object.

Parameters:

address (int) - Memory address for breakpoint.
triggerFlag (int) - Trigger of breakpoint. Must be one of the following:
- BREAK_ON_EXECUTION
  Break on code execution.
- BREAK_ON_WRITE
  Break on memory read or write.
- BREAK_ON_ACCESS
  Break on memory write.
sizeFlag (int) - Size of breakpoint. Must be one of the following:
- WATCH_BYTE
  One (1) byte in size.
- WATCH_WORD
  Two (2) bytes in size.
- WATCH_DWORD
  Four (4) bytes in size.
- WATCH_QWORD
  Eight (8) bytes in size.
condition (function) - (Optional) Condition callback function.
action (function) - (Optional) Action callback function.

Overrides: object.__init__

See Also: Breakpoint.__init__

__clear_bp(self, aThread)

source code

Clears this breakpoint from the debug registers.

Parameters:

aThread (Thread) - Thread object.

__set_bp(self, aThread)

source code

Sets this breakpoint in the debug registers.

Parameters:

aThread (Thread) - Thread object.

get_slot(self)

source code

Returns: int: The debug register number used by this breakpoint, or None if the breakpoint is not active.

get_trigger(self)

source code

Returns: int: The breakpoint trigger flag.

See Also: validTriggers

get_watch(self)

source code

Returns: int: The breakpoint watch flag.

See Also: validWatchSizes

disable(self, aProcess, aThread)

source code

Transition to DISABLED state.

When hit: OneShot → Disabled
Forced by user: Enabled, OneShot, Running → Disabled
Transition from running state may require special handling by the breakpoint implementation class.

Parameters:

aProcess - Process object.
aThread - Thread object.

Overrides: Breakpoint.disable

(inherited documentation)

enable(self, aProcess, aThread)

source code

Transition to ENABLED state.

When hit: Running → Enabled
Forced by user: Disabled, Running → Enabled
Transition from running state may require special handling by the breakpoint implementation class.

Parameters: