Descriptor of the INT3 breakpoint. Plugin are not allowed to modify this structure directly. Instead, they must call corresponding API functions.
typedef struct t_bpoint { // INT3 breakpoints
ulong addr; // Address of breakpoint
ulong size; // Must be 1
ulong type; // Type of breakpoint, TY_xxx+BP_xxx
ushort fnindex; // Index of predefined function
uchar cmd; // First byte of original command
uchar patch; // Used only in .udd files
ulong limit; // Original pass count (0 if not set)
ulong count; // Actual pass count
ulong actions; // Actions, set of BA_xxx
} t_bpoint;
Members:
addr
Address of the breakpoint
size
Must be 1
type
Type of the breakpoint, combination of the flags BP_xxx listed below (and possibly TY_xxx).
Basic type of the breakpoint, at least one is required. Breakpoint may have several types at once:
fnindex
Basic type of the breakpoint, at least one is required. Breakpoint may have several types at once:
BP_MANUAL - permanent breakpoint set by user
BP_ONESHOT - one-shot breakpoint set by debugging engine. When this breakpoint is hit, OllyDbg removes BP_ONESHOT and pauses the debugged application
BP_TEMP - temporary breakpoint set by debugging engine or plugins. When this breakpoint is hit, OllyDbg removes BP_TEMP (unless action BA_PERMANENT is active), performs actions associated with breakpoint and continues execution
BP_TRACE - used for hit trace, marks unprocessed or unsure branches
General breakpoint features:BP_ONESHOT - one-shot breakpoint set by debugging engine. When this breakpoint is hit, OllyDbg removes BP_ONESHOT and pauses the debugged application
BP_TEMP - temporary breakpoint set by debugging engine or plugins. When this breakpoint is hit, OllyDbg removes BP_TEMP (unless action BA_PERMANENT is active), performs actions associated with breakpoint and continues execution
BP_TRACE - used for hit trace, marks unprocessed or unsure branches
BP_SET - breakpoint is applied to memory, cmd is valid
Features of the permanent breakpoint (BP_MANUAL), a combination of zero or more of the following flags:BP_DISABLED - breakpoint is disabled
BP_COND - conditional breakpoint. Its action depends on the associated condition (name of type NM_INT3COND)
BP_PERIODICAL - periodical breakpoint (pauses each limit-th break)
When to pause execution when permanent breakpoint is hit, one of the following flags:BP_COND - conditional breakpoint. Its action depends on the associated condition (name of type NM_INT3COND)
BP_PERIODICAL - periodical breakpoint (pauses each limit-th break)
BP_NOBREAK - no pause
BP_CONDBREAK - pause when condition is true
BP_BREAK - pause always
When to protocol the value of expression (name of type NM_INT3EXPR), one of the following flags:BP_CONDBREAK - pause when condition is true
BP_BREAK - pause always
BP_NOLOG - don't protocol
BP_CONDLOG - protocol if condition is true
BP_LOG - protocol always
When to protocol the arguments of the function that is called or begins at addr, one of the following flags:BP_CONDLOG - protocol if condition is true
BP_LOG - protocol always
BP_NOARG - don't protocol
BP_CONDARG - protocol if condition is true
BP_ARG - protocol always
When to protocol the value returned by a call to function, one of the following flags:BP_CONDARG - protocol if condition is true
BP_ARG - protocol always
BP_NORET - don't protocol
BP_CONDRET - protocol if condition is true
BP_RET - protocol always
BP_CONDRET - protocol if condition is true
BP_RET - protocol always
Internal index of the predefined function that should be used to protocol function arguments
cmd
Copy of the first byte of the command replaced by INT3, valid only if flag BP_SET is set
patch
For internal use
limit
Original pass count, or 0 if pass count is not set
count
Current pass count
actions
Special actions associated with breakpoint of type BP_TEMP, a combination of zero or more of the following flags:
BA_PERMANENT - permanent temporary breakpoint. OllyDbg sets them on important system routines, like ZwContinue()
BA_PLUGIN - when breakpoint is hit, OllyDbg passes this event to ODBG2_Plugintempbreakpoint()
BA_PERMANENT - permanent temporary breakpoint. OllyDbg sets them on important system routines, like ZwContinue()
BA_PLUGIN - when breakpoint is hit, OllyDbg passes this event to ODBG2_Plugintempbreakpoint()
See also: