t_bphard

Descriptor of the hardware breakpoint. Plugin are not allowed to modify this structure directly. Instead, they must call corresponding API functions.

typedef struct t_bphard {              // Hardware breakpoints
  ulong          index;                // Index of the breakpoint (0..NHARD-1)
  ulong          dummy;                // Must be 1
  ulong          type;                 // Type of the breakpoint, TY_xxx+BP_xxx
  ulong          addr;                 // Address of breakpoint
  ulong          size;                 // Size of the breakpoint, bytes
  int            fnindex;              // Index of predefined function
  ulong          limit;                // Original pass count (0 if not set)
  ulong          count;                // Actual pass count
  ulong          actions;              // Actions, set of BA_xxx
  ulong          modbase;              // Module base, used by .udd only
  wchar_t        path[MAXPATH];        // Full module name, used by .udd only
} t_bphard;


Members:

index
0-based index of the breakpoint. 80x86 CPUs support only 4 hardware breakpoints, therefore index can be only 0, 1, 2 or 3
dummy
Must be 1
type
Type of the breakpoint, combination of the flags BP_xxx listed below (and possibly TY_xxx).
Basic type of the breakpoint, at least one is required. With some limitations, breakpoint may have several types at once:
BP_MANUAL - permanent breakpoint set by user
BP_ONESHOT - one-shot breakpoint set by debugging engine. When this breakpoint is hit, OllyDbg removes BP_ONESHOT and pauses the debugged application
BP_TEMP - temporary breakpoint set by debugging engine or plugins. When this breakpoint is hit, OllyDbg removes BP_TEMP, performs actions associated with the breakpoint and continues execution
Access condition. The only allowed combinations are BP_READ, BP_READ|BP_WRITE and BP_EXEC:
BP_READ - break on read memory access
BP_WRITE - break on write memory access
BP_EXEC - break on code execution
Features of the permanent breakpoint (BP_MANUAL), a combination of zero or more of the following flags:
BP_DISABLED - breakpoint is disabled
BP_COND - conditional breakpoint. Its action depends on the associated condition (name of type NM_HARDCOND)
BP_PERIODICAL - periodical breakpoint (pauses each limit-th break)
When to pause execution when permanent breakpoint is hit, one of the following flags:
BP_NOBREAK - no pause
BP_CONDBREAK - pause when condition is true
BP_BREAK - pause always
When to protocol the value of expression (name of type NM_HARDEXPR), one of the following flags:
BP_NOLOG - don't protocol
BP_CONDLOG - protocol if condition is true
BP_LOG - protocol always
When to protocol the arguments of the function that is called or begins at addr (applies only to the breakpoints of type BP_EXEC), one of the following flags:
BP_NOARG - don't protocol
BP_CONDARG - protocol if condition is true
BP_ARG - protocol always
When to protocol the value returned by a call to function (applies only to the breakpoints of type BP_EXEC), one of the following flags:
BP_NORET - don't protocol
BP_CONDRET - protocol if condition is true
BP_RET - protocol always
addr
Address of the first byte of the memory covered by the breakpoint
size
Size of the memory covered by the breakpoint. For breakpoints of type BP_READ and BP_READ|BP_WRITE this size can be 1, 2 or 4 bytes. If size is 2, addr must be word-aligned. If size is 4, addr must be doubleword-aligned. For hardware breakpoints of type BP_EXEC, size must be 1
fnindex
Internal index of the predefined function that should be used to protocol function arguments
limit
Original pass count, or 0 if pass count is not set
count
Current pass count
actions
Special actions associated with breakpoint of type BP_TEMP, a combination of zero or more of the following flags:
BA_PERMANENT - permanent temporary breakpoint. OllyDbg sets them on important system routines, like ZwContinue()
BA_PLUGIN - when breakpoint is hit, OllyDbg passes this event to ODBG2_Plugintempbreakpoint() 
modbase
For internal use
path
For internal use


See also:
Breakpoints