|
IDA SDK
|
Functions that work with the autoanalyzer queue. More...
Classes | |
| struct | auto_display_t |
| See get_auto_display. More... | |
Typedefs | |
| typedef int | atype_t |
| identifies an autoanalysis queue - see Autoanalysis queues | |
| typedef int | idastate_t |
| IDA status indicator - see Status indicator states. | |
Functions | |
| idaman atype_t ida_export | get_auto_state (void) |
| Get current state of autoanalyzer. More... | |
| idaman atype_t ida_export | set_auto_state (atype_t new_state) |
| Set current state of autoanalyzer. More... | |
| idaman bool ida_export | get_auto_display (auto_display_t *auto_display) |
| Get structure which holds the autoanalysis indicator contents. | |
| idaman void ida_export | show_auto (ea_t ea, atype_t type=AU_NONE) |
| Change autoanalysis indicator value. More... | |
| void | show_addr (ea_t ea) |
| Show an address on the autoanalysis indicator. More... | |
| idaman idastate_t ida_export | set_ida_state (idastate_t st) |
| Change IDA status indicator value. More... | |
| bool | may_create_stkvars (void) |
| Is it allowed to create stack variables automatically?. More... | |
| bool | may_trace_sp (void) |
| Is it allowed to trace stack pointer automatically?. More... | |
| idaman void ida_export | auto_mark_range (ea_t start, ea_t end, atype_t type) |
| Put range of addresses into a queue. More... | |
| void | auto_mark (ea_t ea, atype_t type) |
| Put single address into a queue. Queues keep addresses sorted. | |
| idaman void ida_export | auto_unmark (ea_t start, ea_t end, atype_t type) |
| Remove range of addresses from a queue. More... | |
| void | plan_ea (ea_t ea) |
| Plan to perform reanalysis. | |
| void | plan_range (ea_t sEA, ea_t eEA) |
| Plan to perform reanalysis. | |
| void | auto_make_code (ea_t ea) |
| Plan to make code. | |
| void | auto_make_proc (ea_t ea) |
| Plan to make code&function. | |
| idaman void ida_export | reanalyze_callers (ea_t ea, bool noret) |
| Plan to reanalyze callers of the specified address. More... | |
| idaman void ida_export | revert_ida_decisions (ea_t ea1, ea_t ea2) |
| Delete all analysis info that IDA generated for for the given range. | |
| idaman void ida_export | auto_apply_type (ea_t caller, ea_t callee) |
| Plan to apply the callee's type to the calling point. | |
| idaman void ida_export | auto_apply_tail (ea_t tail_ea, ea_t parent_ea) |
| Plan to apply the tail_ea chunk to the parent. More... | |
| idaman int ida_export | plan_and_wait (ea_t ea1, ea_t ea2, bool final_pass=true) |
| Analyze the specified range. More... | |
| idaman bool ida_export | auto_wait (void) |
| Process everything in the queues and return true. More... | |
| idaman ssize_t ida_export | auto_wait_range (ea_t ea1, ea_t ea2) |
| Process everything in the specified range and return true. More... | |
| idaman bool ida_export | auto_make_step (ea_t ea1, ea_t ea2) |
| Analyze one address in the specified range and return true. More... | |
| idaman void ida_export | auto_cancel (ea_t ea1, ea_t ea2) |
| Remove an address range (ea1..ea2) from queues AU_CODE, AU_PROC, AU_USED. More... | |
| idaman bool ida_export | auto_is_ok (void) |
| Are all queues empty? (i.e. More... | |
| idaman ea_t ida_export | peek_auto_queue (ea_t low_ea, atype_t type) |
| Peek into a queue 'type' for an address not lower than 'low_ea'. More... | |
| idaman ea_t ida_export | auto_get (atype_t *type, ea_t lowEA, ea_t highEA) |
| Retrieve an address from queues regarding their priority. More... | |
| idaman int ida_export | auto_recreate_insn (ea_t ea) |
| Try to create instruction. More... | |
| idaman bool ida_export | is_auto_enabled (void) |
| Get autoanalyzer state. | |
| idaman bool ida_export | enable_auto (bool enable) |
| Temporarily enable/disable autoanalyzer. More... | |
Variables | |
| const atype_t | AU_NONE = 00 |
| placeholder, not used | |
| const atype_t | AU_UNK = 10 |
| 0: convert to unexplored | |
| const atype_t | AU_CODE = 20 |
| 1: convert to instruction | |
| const atype_t | AU_WEAK = 25 |
| 2: convert to instruction (ida decision) | |
| const atype_t | AU_PROC = 30 |
| 3: convert to procedure start | |
| const atype_t | AU_TAIL = 35 |
| 4: add a procedure tail | |
| const atype_t | AU_FCHUNK =38 |
| 5: find func chunks | |
| const atype_t | AU_USED = 40 |
| 6: reanalyze | |
| const atype_t | AU_TYPE = 50 |
| 7: apply type information | |
| const atype_t | AU_LIBF = 60 |
| 8: apply signature to address | |
| const atype_t | AU_LBF2 = 70 |
| 9: the same, second pass | |
| const atype_t | AU_LBF3 = 80 |
| 10: the same, third pass | |
| const atype_t | AU_CHLB = 90 |
| 11: load signature file (file name is kept separately) | |
| const atype_t | AU_FINAL =200 |
| 12: final pass | |
| const idastate_t | st_Ready = 0 |
| READY: IDA is doing nothing. | |
| const idastate_t | st_Think = 1 |
| THINKING: Autoanalysis on, the user may press keys. | |
| const idastate_t | st_Waiting = 2 |
| WAITING: Waiting for the user input. | |
| const idastate_t | st_Work = 3 |
| BUSY: IDA is busy. | |
Functions that work with the autoanalyzer queue.
The autoanalyzer works when IDA is not busy processing the user keystrokes. It has several queues, each queue having its own priority. The analyzer stops when all queues are empty.
A queue contains addresses or address ranges. The addresses are kept sorted by their values. The analyzer will process all addresses from the first queue, then switch to the second queue and so on. There are no limitations on the size of the queues.
This file also contains functions that deal with the IDA status indicator and the autoanalysis indicator. You may use these functions to change the indicator value.
| idaman atype_t ida_export get_auto_state | ( | void | ) |
Get current state of autoanalyzer.
If auto_state == AU_NONE, IDA is currently not running the analysis (it could be temporarily interrupted to perform the user's requests, for example).
Set current state of autoanalyzer.
| new_state | new state of autoanalyzer |
Change autoanalysis indicator value.
| ea | linear address being analyzed |
| type | autoanalysis type (see Autoanalysis queues) |
|
inline |
Show an address on the autoanalysis indicator.
The address is displayed in the form " @:12345678".
| ea | - linear address to display |
| idaman idastate_t ida_export set_ida_state | ( | idastate_t | st | ) |
Change IDA status indicator value.
| st | - new indicator status |
|
inline |
Is it allowed to create stack variables automatically?.
This function should be used by IDP modules before creating stack vars.
|
inline |
Is it allowed to trace stack pointer automatically?.
This function should be used by IDP modules before tracing sp.
| idaman void ida_export auto_mark_range | ( | ea_t | start, |
| ea_t | end, | ||
| atype_t | type | ||
| ) |
Put range of addresses into a queue.
'start' may be higher than 'end', the kernel will swap them in this case. 'end' doesn't belong to the range.
| idaman void ida_export auto_unmark | ( | ea_t | start, |
| ea_t | end, | ||
| atype_t | type | ||
| ) |
Remove range of addresses from a queue.
'start' may be higher than 'end', the kernel will swap them in this case. 'end' doesn't belong to the range.
| idaman void ida_export reanalyze_callers | ( | ea_t | ea, |
| bool | noret | ||
| ) |
Plan to reanalyze callers of the specified address.
This function will add to AU_USED queue all instructions that call (not jump to) the specified address.
| ea | linear address of callee |
| noret | !=0: the callee doesn't return, mark to undefine subsequent instructions in the caller. 0: do nothing. |
| idaman void ida_export auto_apply_tail | ( | ea_t | tail_ea, |
| ea_t | parent_ea | ||
| ) |
Plan to apply the tail_ea chunk to the parent.
| tail_ea | linear address of start of tail |
| parent_ea | linear address within parent. If BADADDR, automatically try to find parent via xrefs. |
| idaman int ida_export plan_and_wait | ( | ea_t | ea1, |
| ea_t | ea2, | ||
| bool | final_pass = true |
||
| ) |
Analyze the specified range.
Try to create instructions where possible. Make the final pass over the specified range if specified. This function doesn't return until the range is analyzed.
| 1 | ok |
| 0 | Ctrl-Break was pressed |
| idaman bool ida_export auto_wait | ( | void | ) |
Process everything in the queues and return true.
| idaman ssize_t ida_export auto_wait_range | ( | ea_t | ea1, |
| ea_t | ea2 | ||
| ) |
Process everything in the specified range and return true.
| idaman bool ida_export auto_make_step | ( | ea_t | ea1, |
| ea_t | ea2 | ||
| ) |
Analyze one address in the specified range and return true.
| idaman void ida_export auto_cancel | ( | ea_t | ea1, |
| ea_t | ea2 | ||
| ) |
Remove an address range (ea1..ea2) from queues AU_CODE, AU_PROC, AU_USED.
To remove an address range from other queues use auto_unmark() function. 'ea1' may be higher than 'ea2', the kernel will swap them in this case. 'ea2' doesn't belong to the range.
| idaman bool ida_export auto_is_ok | ( | void | ) |
Are all queues empty? (i.e.
has autoanalysis finished?).
| idaman ea_t ida_export peek_auto_queue | ( | ea_t | low_ea, |
| atype_t | type | ||
| ) |
Peek into a queue 'type' for an address not lower than 'low_ea'.
Do not remove address from the queue.
| idaman ea_t ida_export auto_get | ( | atype_t * | type, |
| ea_t | lowEA, | ||
| ea_t | highEA | ||
| ) |
Retrieve an address from queues regarding their priority.
Returns BADADDR if no addresses not lower than 'lowEA' and less than 'highEA' are found in the queues. Otherwise *type will have queue type.
| idaman int ida_export auto_recreate_insn | ( | ea_t | ea | ) |
Try to create instruction.
| ea | linear address of callee |
| idaman bool ida_export enable_auto | ( | bool | enable | ) |
Temporarily enable/disable autoanalyzer.
Not user-facing, but rather because IDA sometimes need to turn AA on/off regardless of inf.s_genflags:INFFL_AUTO
1.9.3