Type of INT3 breakpoint descriptor:
typedef struct t_bpoint { // Description of INT3 breakpoint
ulong addr; // Address of breakpoint
ulong dummy; // Always 1
ulong type; // Type of breakpoint, TY_xxx
char cmd; // Old value of command
ulong passcount; // Actual pass count
} t_bpoint;
Members (members that intended stricly for internal use are not explained):
addr - address of breakpoint;
dummy - length of breakpoint, must be 1;
type - type of breakpoint, combination of bits TY_xxx. Avoid direct modification. Please do not change flags that are not described here:
| Flag | Meaning |
| TY_SET | Code INT3 is in memory. Never change! |
| TY_ACTIVE | Permanent (user) breakpoint |
| TY_DISABLED | Temporarily deactivated permanent breakpoint |
| TY_ONESHOT | One-shot breakpoint set by OllyDbg, automatically removed if breakpoint is hit |
| TY_TEMP | Temporary breakpoint, used internally by OllyDbg, for example to step over permanent breakpoint. Automatically removed when hit, execution continues |
cmd - original command at specified address. If breakpoint is active, this command is replaced in memory by INT3;
passcount - counter that indicates how many times this breakpoint must be skipped. If OllyDbg decides that program should pause at breakpoint and passcount is not 0, it decrements passcount and continues execution. Note that this item is new to OllyDbg 1.10.
To get breakpoint descriptor, you may use the following code:
t_table *bptable;
t_bpoint *bpoint;
bptable=(t_table *)Plugingetvalue(VAL_BREAKPOINTS);
if (bptable!=NULL) {
bpoint=(t_bpoint *)Findsorteddata(&(bptable->data),addr);
if (bpoint!=NULL) {
..... any necessary actions .....
}
}
See also: Breakpoint functions, Setbreakpoint, Setbreakpointext, Tempbreakpoint