Module ida_bytes
[frames] | no frames]

Module ida_bytes

IDA Plugin SDK API wrapper: bytes

Classes
  data_type_t
Proxy of C++ data_type_t class
  data_format_t
Proxy of C++ data_format_t class
  hidden_range_t
Proxy of C++ hidden_range_t class
Functions
error_t
enable_flags(start_ea, end_ea, stt)
Allocate flags for address range.
error_t
disable_flags(start_ea, end_ea)
Deallocate flags for address range.
error_t
change_storage_type(start_ea, end_ea, stt)
Change flag storage type for address range.
ea_t
next_addr(ea)
Get next address in the program (i.e.
ea_t
prev_addr(ea)
Get previous address in the program.
ea_t
next_chunk(ea)
Get the first address of next contiguous chunk in the program.
ea_t
prev_chunk(ea)
Get the last address of previous contiguous chunk in the program.
ea_t
chunk_start(ea)
Get start of the contiguous address block containing 'ea'.
asize_t
chunk_size(ea)
Get size of the contiguous address block containing 'ea'.
ea_t
free_chunk(bottom, size, step)
Search for a hole in the addressing space of the program.
ea_t
next_unknown(ea, maxea)
Similar to 'next_that()' , but will find the next address that is unexplored.
ea_t
prev_unknown(ea, minea)
Similar to 'prev_that()' , but will find the previous address that is unexplored.
ea_t
prev_head(ea, minea)
Get start of previous defined item.
ea_t
next_head(ea, maxea)
Get start of next defined item.
ea_t
prev_not_tail(ea)
Get address of previous non-tail byte.
ea_t
next_not_tail(ea)
Get address of next non-tail byte.
ea_t
get_item_head(ea)
Get the start address of the item at 'ea'.
ea_t
get_item_end(ea)
Get the end address of the item at 'ea'.
ea_t
calc_max_item_end(ea, how=15)
Calculate maximal reasonable end address of a new item.
asize_t
get_item_size(ea)
Get size of item (instruction/data) in bytes.
bool
is_mapped(ea)
Is the specified address 'ea' present in the program?
flags_t
get_flags_ex(ea, how)
Get flags for the specified address, extended form.
flags_t
get_flags(ea)
get flags with 'FF_IVL' & 'MS_VAL' .
flags_t
get_full_flags(ea)
Get flags value for address 'ea'.
flags_t
get_item_flag(_from, n, ea, appzero)
Get flag of the item at 'ea' even if it is a tail byte of some array or structure.
bool
has_value(F)
Do flags contain byte value?
 
del_value(ea)
Delete byte value from flags.
bool
is_loaded(ea)
Does the specified address have a byte value (is initialized?)
int
nbits(ea)
Get number of bits in a byte at the given address.
int
bytesize(ea)
Get number of bytes required to store a byte at the given address.
uchar
get_byte(ea)
Get one byte (8-bit) of the program at 'ea'.
uchar
get_db_byte(ea)
Get one byte (8-bit) of the program at 'ea' from the database.
ushort
get_word(ea)
Get one word (16-bit) of the program at 'ea'.
uint32
get_dword(ea)
Get one dword (32-bit) of the program at 'ea'.
uint64
get_qword(ea)
Get one qword (64-bit) of the program at 'ea'.
uint64
get_wide_byte(ea)
Get one wide byte of the program at 'ea'.
uint64
get_wide_word(ea)
Get one wide word (2 'byte') of the program at 'ea'.
uint64
get_wide_dword(ea)
Get two wide words (4 'bytes') of the program at 'ea'.
uint32
get_16bit(ea)
Get 16bits of the program at 'ea'.
uint32
get_32bit(ea)
Get not more than 32bits of the program at 'ea'.
uint64
get_64bit(ea)
Get not more than 64bits of the program at 'ea'.
bool
get_data_value(v, ea, size)
Get the value at of the item at 'ea'.
uint64
get_original_byte(ea)
Get original byte value (that was before patching).
uint64
get_original_word(ea)
Get original word value (that was before patching).
uint64
get_original_dword(ea)
Get original dword (that was before patching) This function works for wide byte processors too.
uint64
get_original_qword(ea)
Get original qword value (that was before patching) This function DOESN'T work for wide byte processors too.
bool
put_byte(ea, x)
Set value of one byte of the program.
 
put_word(ea, x)
Set value of one word of the program.
 
put_dword(ea, x)
Set value of one dword of the program.
 
put_qword(ea, x)
Set value of one qword (8 bytes) of the program.
bool
patch_byte(ea, x)
Patch a byte of the program.
bool
patch_word(ea, x)
Patch a word of the program.
bool
patch_dword(ea, x)
Patch a dword of the program.
bool
patch_qword(ea, x)
Patch a qword of the program.
bool
revert_byte(ea)
Revert patched byte
 
add_byte(ea, value)
Add a value to one byte of the program.
 
add_word(ea, value)
Add a value to one word of the program.
 
add_dword(ea, value)
Add a value to one dword of the program.
 
add_qword(ea, value)
Add a value to one qword of the program.
bool
get_zero_ranges(zranges, range)
Return set of ranges with zero initialized bytes.
 
put_bytes(ea, buf)
Modify the specified number of bytes of the program.
 
patch_bytes(ea, buf)
Patch the specified number of bytes of the program.
bool
is_code(F)
Does flag denote start of an instruction?
bool
f_is_code(F, arg2)
Does flag denote start of an instruction?
bool
is_data(F)
Does flag denote start of data?
bool
f_is_data(F, arg2)
Does flag denote start of data?
bool
is_tail(F)
Does flag denote tail byte?
bool
f_is_tail(F, arg2)
Does flag denote tail byte?
bool
is_not_tail(F)
Does flag denote tail byte?
bool
f_is_not_tail(F, arg2)
Does flag denote tail byte?
bool
is_unknown(F)
Does flag denote unexplored byte?
bool
is_head(F)
Does flag denote start of instruction OR data?
bool
f_is_head(F, arg2)
Does flag denote start of instruction OR data?
bool
del_items(ea, flags=0, nbytes=1, may_destroy=None)
Convert item (instruction/data) to unexplored bytes.
bool
is_manual_insn(ea)
Is the instruction overridden?
ssize_t
get_manual_insn(ea)
Retrieve the user-specified string for the manual instruction.
 
set_manual_insn(ea, manual_insn)
Set manual instruction string.
bool
is_flow(F)
Does the previous instruction exist and pass execution flow to the current byte?
bool
has_extra_cmts(F)
Does the current byte have additional anterior or posterior lines?
bool
f_has_extra_cmts(f, arg2)
bool
has_cmt(F)
Does the current byte have an indented comment?
bool
f_has_cmt(f, arg2)
bool
has_xref(F)
Does the current byte have cross-references to it?
bool
f_has_xref(f, arg2)
Does the current byte have cross-references to it?
bool
has_name(F)
Does the current byte have non-trivial (non-dummy) name?
bool
f_has_name(f, arg2)
Does the current byte have non-trivial (non-dummy) name?
bool
has_dummy_name(F)
Does the current byte have dummy (auto-generated, with special prefix) name?
bool
f_has_dummy_name(f, arg2)
Does the current byte have dummy (auto-generated, with special prefix) name?
bool
has_auto_name(F)
Does the current byte have auto-generated (no special prefix) name?
bool
has_any_name(F)
Does the current byte have any name?
bool
has_user_name(F)
Does the current byte have user-specified name?
bool
f_has_user_name(F, arg2)
Does the current byte have user-specified name?
bool
is_invsign(ea, F, n)
Should sign of n-th operand inverted during output?.
bool
toggle_sign(ea, n)
Toggle sign of n-th operand.
bool
is_bnot(ea, F, n)
Should we negate the operand?.
bool
toggle_bnot(ea, n)
Toggle binary negation of operand.
bool
is_lzero(ea, n)
Display leading zeroes in operands.
bool
set_lzero(ea, n)
Set toggle lzero bit.
bool
clr_lzero(ea, n)
Clear lzero bit.
bool
toggle_lzero(ea, n)
bool
leading_zero_important(ea, n)
Check if leading zeroes are important.
bool
is_defarg0(F)
Is the first operand defined? Initially operand has no defined representation.
bool
is_defarg1(F)
Is the second operand defined? Initially operand has no defined representation.
bool
is_off0(F)
Is the first operand offset? (example: push offset xxx)
bool
is_off1(F)
Is the second operand offset? (example: mov ax, offset xxx)
bool
is_char0(F)
Is the first operand character constant? (example: push 'a')
bool
is_char1(F)
Is the second operand character constant? (example: mov al, 'a')
bool
is_seg0(F)
Is the first operand segment selector? (example: push seg seg001)
bool
is_seg1(F)
Is the second operand segment selector? (example: mov dx, seg dseg)
bool
is_enum0(F)
Is the first operand a symbolic constant (enum member)?
bool
is_enum1(F)
Is the second operand a symbolic constant (enum member)?
bool
is_stroff0(F)
Is the first operand an offset within a struct?
bool
is_stroff1(F)
Is the second operand an offset within a struct?
bool
is_stkvar0(F)
Is the first operand a stack variable?
bool
is_stkvar1(F)
Is the second operand a stack variable?
bool
is_float0(F)
Is the first operand a floating point number?
bool
is_float1(F)
Is the second operand a floating point number?
bool
is_custfmt0(F)
Does the first operand use a custom data representation?
bool
is_custfmt1(F)
Does the second operand use a custom data representation?
bool
is_numop0(F)
Is the first operand a number (i.e.
bool
is_numop1(F)
Is the second operand a number (i.e.
flags_t
get_optype_flags0(F)
Get flags for first operand.
flags_t
get_optype_flags1(F)
Get flags for second operand.
bool
is_defarg(F, n)
is defined?
bool
is_off(F, n)
is offset?
bool
is_char(F, n)
is character constant?
bool
is_seg(F, n)
is segment?
bool
is_enum(F, n)
is enum?
bool
is_manual(F, n)
is forced operand? (use 'is_forced_operand()' )
bool
is_stroff(F, n)
is struct offset?
bool
is_stkvar(F, n)
is stack variable?
bool
is_fltnum(F, n)
is floating point number?
bool
is_custfmt(F, n)
is custom data format?
bool
is_numop(F, n)
is number (bin, oct, dec, hex)?
bool
is_suspop(ea, F, n)
is suspicious operand?
bool
op_adds_xrefs(F, n)
Should processor module create xrefs from the operand?.
bool
set_op_type(ea, type, n)
(internal function) change representation of operand(s).
bool
op_seg(ea, n)
Set operand representation to be 'segment'.
bool
op_enum(ea, n, id, serial)
Set operand representation to be 'enum_t'.
enum_t
get_enum_id(ea, n)
Get enum id of 'enum' operand.
bool
op_stroff(insn, n, path, path_len, delta)
Set operand representation to be 'struct offset'.
int
get_stroff_path(path, delta, ea, n)
Get struct path of operand.
bool
op_stkvar(ea, n)
Set operand representation to be 'stack variable'.
bool
set_forced_operand(ea, n, op)
Set forced operand.
ssize_t
get_forced_operand(ea, n)
Get forced operand.
bool
is_forced_operand(ea, n)
Is operand manually defined?.
flags_t
char_flag()
see 'Bits: instruction operand types'
flags_t
off_flag()
see 'Bits: instruction operand types'
flags_t
enum_flag()
see 'Bits: instruction operand types'
flags_t
stroff_flag()
see 'Bits: instruction operand types'
flags_t
stkvar_flag()
see 'Bits: instruction operand types'
flags_t
flt_flag()
see 'Bits: instruction operand types'
flags_t
custfmt_flag()
see 'Bits: instruction operand types'
flags_t
seg_flag()
see 'Bits: instruction operand types'
flags_t
num_flag()
Get number of default base (bin, oct, dec, hex)
flags_t
hex_flag()
Get number flag of the base, regardless of current processor - better to use 'num_flag()'
flags_t
dec_flag()
Get number flag of the base, regardless of current processor - better to use 'num_flag()'
flags_t
oct_flag()
Get number flag of the base, regardless of current processor - better to use 'num_flag()'
flags_t
bin_flag()
Get number flag of the base, regardless of current processor - better to use 'num_flag()'
bool
op_chr(ea, n)
set op type to 'char_flag()'
bool
op_num(ea, n)
set op type to 'num_flag()'
bool
op_hex(ea, n)
set op type to 'hex_flag()'
bool
op_dec(ea, n)
set op type to 'dec_flag()'
bool
op_oct(ea, n)
set op type to 'oct_flag()'
bool
op_bin(ea, n)
set op type to 'bin_flag()'
bool
op_flt(ea, n)
set op type to 'flt_flag()'
bool
op_custfmt(ea, n, fid)
Set custom data format for operand (fid-custom data format id)
bool
clr_op_type(ea, n)
Remove operand representation information.
int
get_default_radix()
Get default base of number for the current processor.
int
get_radix(F, n)
Get radix of the operand, in: flags.
flags_t
code_flag()
'FF_CODE'
flags_t
byte_flag()
Get a flags_t representing a byte.
flags_t
word_flag()
Get a flags_t representing a word.
flags_t
dword_flag()
Get a flags_t representing a double word.
flags_t
qword_flag()
Get a flags_t representing a quad word.
flags_t
oword_flag()
Get a flags_t representing a octaword.
flags_t
yword_flag()
Get a flags_t representing a ymm word.
flags_t
zword_flag()
Get a flags_t representing a zmm word.
flags_t
tbyte_flag()
Get a flags_t representing a tbyte.
flags_t
strlit_flag()
Get a flags_t representing a string literal.
flags_t
stru_flag()
Get a flags_t representing a struct.
flags_t
cust_flag()
Get a flags_t representing custom type data.
flags_t
align_flag()
Get a flags_t representing an alignment directive.
flags_t
float_flag()
Get a flags_t representing a float.
flags_t
double_flag()
Get a flags_t representing a double.
flags_t
packreal_flag()
Get a flags_t representing a packed decimal real.
bool
is_byte(F)
'FF_BYTE'
bool
is_word(F)
'FF_WORD'
bool
is_dword(F)
'FF_DWORD'
bool
is_qword(F)
'FF_QWORD'
bool
is_oword(F)
'FF_OWORD'
bool
is_yword(F)
'FF_YWORD'
bool
is_zword(F)
'FF_ZWORD'
bool
is_tbyte(F)
'FF_TBYTE'
bool
is_float(F)
'FF_FLOAT'
bool
is_double(F)
'FF_DOUBLE'
bool
is_pack_real(F)
'FF_PACKREAL'
bool
is_strlit(F)
'FF_STRLIT'
bool
is_struct(F)
'FF_STRUCT'
bool
is_align(F)
'FF_ALIGN'
bool
is_custom(F)
'FF_CUSTOM'
bool
f_is_byte(F, arg2)
See 'is_byte()'
bool
f_is_word(F, arg2)
See 'is_word()'
bool
f_is_dword(F, arg2)
See 'is_dword()'
bool
f_is_qword(F, arg2)
See 'is_qword()'
bool
f_is_oword(F, arg2)
See 'is_oword()'
bool
f_is_yword(F, arg2)
See 'is_yword()'
bool
f_is_tbyte(F, arg2)
See 'is_tbyte()'
bool
f_is_float(F, arg2)
See 'is_float()'
bool
f_is_double(F, arg2)
See 'is_double()'
bool
f_is_pack_real(F, arg2)
See 'is_pack_real()'
bool
f_is_strlit(F, arg2)
See 'is_strlit()'
bool
f_is_struct(F, arg2)
See 'is_struct()'
bool
f_is_align(F, arg2)
See 'is_align()'
bool
f_is_custom(F, arg2)
See 'is_custom()'
bool
is_same_data_type(F1, F2)
Do the given flags specify the same data type?
flags_t
get_flags_by_size(size)
Get flags from size (in bytes).
bool
create_data(ea, dataflag, size, tid)
Convert to data (byte, word, dword, etc).
flags_t
calc_dflags(f, force)
bool
create_byte(ea, length, force=False)
Convert to byte.
bool
create_word(ea, length, force=False)
Convert to word.
bool
create_dword(ea, length, force=False)
Convert to dword.
bool
create_qword(ea, length, force=False)
Convert to quadword.
bool
create_oword(ea, length, force=False)
Convert to octaword/xmm word.
bool
create_yword(ea, length, force=False)
Convert to ymm word.
bool
create_zword(ea, length, force=False)
Convert to zmm word.
bool
create_tbyte(ea, length, force=False)
Convert to tbyte.
bool
create_float(ea, length, force=False)
Convert to float.
bool
create_double(ea, length, force=False)
Convert to double.
bool
create_packed_real(ea, length, force=False)
Convert to packed decimal real.
bool
create_struct(ea, length, tid, force=False)
Convert to struct.
bool
create_custdata(ea, length, dtid, fid, force=False)
Convert to custom data type.
bool
create_align(ea, length, alignment)
Alignment: 0 or 2..32.
int
calc_min_align(length)
Returns: 1..32.
int
calc_max_align(endea)
Returns: 0..32.
int
calc_def_align(ea, mina, maxa)
Calculate default alignment.
bool
create_16bit_data(ea, length)
Convert to 16-bit quantity (take byte size into account)
bool
create_32bit_data(ea, length)
Convert to 32-bit quantity (take byte size into account)
size_t
get_max_strlit_length(ea, strtype, options=0)
Determine maximum length of string literal.
bool
create_strlit(start, len, strtype)
Convert to string literal and give a meaningful name.
opinfo_t
get_opinfo(buf, ea, n, flags)
Get additional information about an operand representation.
bool
set_opinfo(ea, n, flag, ti, suppress_events=False)
Set additional information about an operand representation.
asize_t
get_data_elsize(ea, F, ti=None)
Get size of data type specified in flags 'F'.
asize_t
get_full_data_elsize(ea, F, ti=None)
Get full size of data type specified in flags 'F'.
int
is_varsize_item(ea, F, ti=None, itemsize=None)
Is the item at 'ea' variable size?.
bool
can_define_item(ea, length, flags)
Can define item (instruction/data) of the specified 'length', starting at 'ea'?if there is an item starting at 'ea', this function ignores itthis function converts to unexplored all encountered data items with fixup information.
bool
has_immd(F)
Has immediate value?
bool
is_func(F)
Is function start?
bool
set_immd(ea)
Set 'has immediate operand' flag.
data_type_t
get_custom_data_type(dtid)
Get definition of a registered custom data type.
data_format_t
get_custom_data_format(dfid)
Get definition of a registered custom data format.
bool
attach_custom_data_format(dtid, dfid)
Attach the data format to the data type.
bool
detach_custom_data_format(dtid, dfid)
Detach the data format from the data type.
bool
is_attached_custom_data_format(dtid, dfid)
int
get_custom_data_types(out, min_size=0, max_size=BADADDR)
Get list of registered custom data type ids.
int
get_custom_data_formats(out, dtid)
Get list of attached custom data formats for the specified data type.
int
find_custom_data_type(name)
Get id of a custom data type.
int
find_custom_data_format(name)
Get id of a custom data format.
bool
set_cmt(ea, comm, rptble)
Set an indented comment.
ssize_t
get_cmt(ea, rptble)
Get an indented comment.
bool
append_cmt(ea, str, rptble)
Append to an indented comment.
ssize_t
get_predef_insn_cmt(ins)
Get predefined comment.
ea_t
find_byte(sEA, size, value, bin_search_flags)
Find forward a byte with the specified value (only 8-bit value from the database).
ea_t
find_byter(sEA, size, value, bin_search_flags)
Find reverse a byte with the specified value (only 8-bit value from the database).
ea_t
next_inited(ea, maxea)
Find the next initialized address.
ea_t
prev_inited(ea, minea)
Find the previous initialized address.
bool
equal_bytes(ea, image, mask, len, sense_case)
Compare 'len' bytes of the program starting from 'ea' with 'image'.
bool
update_hidden_range(ha)
Update hidden range information in the database.
bool
add_hidden_range(ea1, ea2, description, header, footer, color)
Mark a range of addresses as hidden.
hidden_range_t
get_hidden_range(ea)
Get pointer to hidden range structure, in: linear address.
hidden_range_t
getn_hidden_range(n)
Get pointer to hidden range structure, in: number of hidden range.
int
get_hidden_range_qty()
Get number of hidden ranges.
int
get_hidden_range_num(ea)
Get number of a hidden range.
hidden_range_t
get_prev_hidden_range(ea)
Get pointer to previous hidden range.
hidden_range_t
get_next_hidden_range(ea)
Get pointer to next hidden range.
hidden_range_t
get_first_hidden_range()
Get pointer to the first hidden range.
hidden_range_t
get_last_hidden_range()
Get pointer to the last hidden range.
bool
del_hidden_range(ea)
Delete hidden range.
bool
add_mapping(_from, to, size)
IDA supports memory mapping.
 
del_mapping(ea)
Delete memory mapping range.
ea_t
use_mapping(ea)
Translate address according to current mappings.
size_t
get_mappings_qty()
Get number of mappings.
bool
get_mapping(n)
Get memory mapping range by its number.
int
visit_patched_bytes(ea1, ea2, py_callable)
Enumerates patched bytes in the given range and invokes a callable
ea_t
next_that(ea, maxea, callable)
Find next address with a flag satisfying the function 'testf'.
ea_t
prev_that(ea, minea, callable)
Find previous address with a flag satisfying the function 'testf'.do not pass 'is_unknown()' to this function to find unexplored bytes It will fail under the debugger.
PyObject *
get_bytes(ea, size, gmb_flags=0x01)
Get the specified number of bytes of the program.
PyObject *
get_bytes_and_mask(ea, size, gmb_flags=0x01)
Get the specified number of bytes of the program, and a bitmask specifying what bytes are defined and what bytes are not.
PyObject *
get_strlit_contents(ea, py_len, type, flags=0)
Get bytes contents at location, possibly converted.
ea_t
bin_search(start_ea, end_ea, image, mask, step, flags)
PyObject *
print_strlit_type(strtype, flags=0)
Get string type information: the string type name (possibly decorated with hotkey markers), and the tooltip.
PyObject *
get_octet(ea, v, nbit)
Get 8 bits of the program at 'ea'.
PyObject *
get_8bit(ea, v, nbit)
int
register_custom_data_type(py_dt)
Registers a custom data type.
bool
unregister_custom_data_type(dtid)
Unregisters a custom data type.
int
register_custom_data_format(py_df)
Registers a custom data format with a given data type.
bool
unregister_custom_data_format(dfid)
Unregisters a custom data format
 
register_data_types_and_formats(formats)
Registers multiple data types and formats at once.
 
unregister_data_types_and_formats(formats)
As opposed to register_data_types_and_formats(), this function unregisters multiple data types and formats at once.
Variables
  ITEM_END_FIXUP = 1
stop at the first fixup
  ITEM_END_INITED = 2
stop when initialization changes i.e.if is_loaded(ea): stop if uninitialized byte is encounteredif !is_loaded(ea): stop if initialized byte is encountered
  ITEM_END_NAME = 4
stop at the first named location
  ITEM_END_XREF = 8
stop at the first referenced location
  GFE_VALUE = 1
get flags with 'FF_IVL' & 'MS_VAL' .
  MS_VAL = 255
Mask for byte value.
  FF_IVL = 256
Byte has value ?
  GMB_READALL = 1
if this bit is not set, fail at first uninited byte
  GMB_WAITBOX = 2
show wait box (may return -1 in this case)
  MS_CLS = 1536
Mask for typing.
  FF_CODE = 1536
Code ?
  FF_DATA = 1024
Data ?
  FF_TAIL = 512
Tail ?
  FF_UNK = 0
Unknown ?
  DELIT_SIMPLE = 0
simply undefine the specified item(s)
  DELIT_EXPAND = 1
propagate undefined items; for example if removing an instruction removes all references to the next instruction, then plan to convert to unexplored the next instruction too.
  DELIT_DELNAMES = 2
delete any names at the specified address range (except for the starting address).
  DELIT_NOTRUNC = 4
even if 'AF_TRFUNC' is set
  DELIT_NOUNAME = 8
reject to delete if a user name is in address range (except for the starting address).
  DELIT_NOCMT = 16
reject to delete if a comment is in address range (except for the starting address).
  DELIT_KEEPFUNC = 32
Just delete xrefs, ops e.t.c.
  MS_COMM = 1046528
Mask of common bits.
  FF_COMM = 2048
Has comment ?
  FF_REF = 4096
has references
  FF_LINE = 8192
Has next or prev lines ?
  FF_NAME = 16384
Has name ?
  FF_LABL = 32768
Has dummy name?
  FF_FLOW = 65536
Exec flow from prev instruction.
  FF_SIGN = 131072
Inverted sign of operands.
  FF_BNOT = 262144
Bitwise negation of operands.
  FF_UNUSED = 524288
unused bit (was used for variable bytes)
  FF_ANYNAME = 49152
  MS_0TYPE = 15728640
Mask for 1st arg typing.
  FF_0VOID = 0
Void (unknown)?
  FF_0NUMH = 1048576
Hexadecimal number?
  FF_0NUMD = 2097152
Decimal number?
  FF_0CHAR = 3145728
Char ('x')?
  FF_0SEG = 4194304
Segment?
  FF_0OFF = 5242880
Offset?
  FF_0NUMB = 6291456
Binary number?
  FF_0NUMO = 7340032
Octal number?
  FF_0ENUM = 8388608
Enumeration?
  FF_0FOP = 9437184
Forced operand?
  FF_0STRO = 10485760
Struct offset?
  FF_0STK = 11534336
Stack variable?
  FF_0FLT = 12582912
Floating point number?
  FF_0CUST = 13631488
Custom representation?
  MS_1TYPE = 251658240
Mask for the type of other operands.
  FF_1VOID = 0
Void (unknown)?
  FF_1NUMH = 16777216
Hexadecimal number?
  FF_1NUMD = 33554432
Decimal number?
  FF_1CHAR = 50331648
Char ('x')?
  FF_1SEG = 67108864
Segment?
  FF_1OFF = 83886080
Offset?
  FF_1NUMB = 100663296
Binary number?
  FF_1NUMO = 117440512
Octal number?
  FF_1ENUM = 134217728
Enumeration?
  FF_1FOP = 150994944
Forced operand?
  FF_1STRO = 167772160
Struct offset?
  FF_1STK = 184549376
Stack variable?
  FF_1FLT = 201326592
Floating point number?
  FF_1CUST = 218103808
Custom representation?
  OPND_OUTER = 128
used only in set, get, del_offset() functions
  OPND_MASK = 15
mask for operand number
  OPND_ALL = 15
all operands
  DT_TYPE = -268435456
Mask for DATA typing.
  FF_BYTE = 0
byte
  FF_WORD = 268435456
word
  FF_DWORD = 536870912
double word
  FF_QWORD = 805306368
quadro word
  FF_TBYTE = 1073741824
tbyte
  FF_STRLIT = 1342177280
string literal
  FF_STRUCT = 1610612736
struct variable
  FF_OWORD = 1879048192
octaword/xmm word (16 bytes/128 bits)
  FF_FLOAT = -2147483648
float
  FF_DOUBLE = -1879048192
double
  FF_PACKREAL = -1610612736
packed decimal real
  FF_ALIGN = -1342177280
alignment directive
  FF_CUSTOM = -805306368
custom data type
  FF_YWORD = -536870912
ymm word (32 bytes/256 bits)
  FF_ZWORD = -268435456
zmm word (64 bytes/512 bits)
  ALOPT_IGNHEADS = 1
don't stop if another data item is encountered.
  ALOPT_IGNPRINT = 2
if set, don't stop at non-printable codepoints, but only at the terminating character (or not unicode-mapped character (e.g., 0x8f in CP1252))
  ALOPT_IGNCLT = 4
if set, don't stop at codepoints that are not part of the current 'culture'; accept all those that are graphical (this is typically used used by user-initiated actions creating string literals.)
  ALOPT_MAX4K = 8
accumulated length
  STRCONV_ESCAPE = 1
convert non-printable characters to C escapes (, \xNN, \uNNNN)
  STRCONV_REPLCHAR = 2
convert non-printable characters to the Unicode replacement character (U+FFFD)
  STRCONV_INCLLEN = 4
for Pascal-style strings, include the prefixing length byte(s) as C-escaped sequence
  PSTF_TNORM = 0
use normal name
  PSTF_TBRIEF = 1
use brief name (e.g., in the 'Strings window')
  PSTF_TINLIN = 2
use 'inline' name (e.g., in the structures comments)
  PSTF_TMASK = 3
type mask
  PSTF_HOTKEY = 4
have hotkey markers part of the name
  PSTF_ENC = 8
if encoding is specified, append it
  MS_CODE = 4026531840
Mask for code bits.
  FF_FUNC = 268435456
function start?
  FF_IMMD = 1073741824
Has Immediate value ?
  FF_JUMP = 2147483648
Has jump table or switch_info?
  PBSENC_DEF1BPU = 0
  PBSENC_ALL = -1
  BIN_SEARCH_CASE = 1
case sensitive
  BIN_SEARCH_NOCASE = 0
case insensitive
  BIN_SEARCH_NOBREAK = 2
don't check for Ctrl-Break
  BIN_SEARCH_INITED = 4
find_byte, find_byter: any initilized value
  BIN_SEARCH_NOSHOW = 8
don't show search progress or update screen
  BIN_SEARCH_FORWARD = 0
search forward for bytes
  BIN_SEARCH_BACKWARD = 16
search backward for bytes
  DTP_NODUP = 1
do not use dup construct
  __package__ = None
Function Details

enable_flags(start_ea, end_ea, stt)

 

Allocate flags for address range. This function does not change the storage type of existing ranges. Exit with an error message if not enough disk space.

Parameters:
  • start_ea - should be lower than end_ea. (C++: ea_t)
  • end_ea - does not belong to the range. (C++: ea_t)
  • stt - storage_type_t (C++: storage_type_t)
Returns: error_t
0 if ok, otherwise an error code

disable_flags(start_ea, end_ea)

 

Deallocate flags for address range. Exit with an error message if not enough disk space (this may occur too).

Parameters:
  • start_ea - should be lower than end_ea. (C++: ea_t)
  • end_ea - does not belong to the range. (C++: ea_t)
Returns: error_t
0 if ok, otherwise return error code

change_storage_type(start_ea, end_ea, stt)

 

Change flag storage type for address range.

Parameters:
  • start_ea - should be lower than end_ea. (C++: ea_t)
  • end_ea - does not belong to the range. (C++: ea_t)
  • stt - storage_type_t (C++: storage_type_t)
Returns: error_t
error code

next_addr(ea)

 

Get next address in the program (i.e. next address which has flags).

Parameters:
  • ea, (C++ - ea_t)
Returns: ea_t
BADADDR if no such address exist.

prev_addr(ea)

 

Get previous address in the program.

Parameters:
  • ea, (C++ - ea_t)
Returns: ea_t
BADADDR if no such address exist.

next_chunk(ea)

 

Get the first address of next contiguous chunk in the program.

Parameters:
  • ea, (C++ - ea_t)
Returns: ea_t
BADADDR if next chunk doesn't exist.

prev_chunk(ea)

 

Get the last address of previous contiguous chunk in the program.

Parameters:
  • ea, (C++ - ea_t)
Returns: ea_t
BADADDR if previous chunk doesn't exist.

chunk_start(ea)

 

Get start of the contiguous address block containing 'ea'.

Parameters:
  • ea, (C++ - ea_t)
Returns: ea_t
BADADDR if 'ea' doesn't belong to the program.

chunk_size(ea)

 

Get size of the contiguous address block containing 'ea'.

Parameters:
  • ea, (C++ - ea_t)
Returns: asize_t
0 if 'ea' doesn't belong to the program.

free_chunk(bottom, size, step)

 

Search for a hole in the addressing space of the program.

Parameters:
  • bottom - address to start searching (C++: ea_t)
  • size - size of desired block (C++: asize_t)
  • step - bit mask for the start of hole (0xF would align hole to a paragraph). if 'step' is negative, the bottom address with be aligned. otherwise the kernel will try to use it as is and align it only when the hole is too small. (C++: int32)
Returns: ea_t
start of the hole or BADADDR

next_unknown(ea, maxea)

 

Similar to 'next_that()' , but will find the next address that is unexplored.

Parameters:
  • ea, (C++ - ea_t)
  • maxea, (C++ - ea_t)
Returns: ea_t

prev_unknown(ea, minea)

 

Similar to 'prev_that()' , but will find the previous address that is unexplored.

Parameters:
  • ea, (C++ - ea_t)
  • minea, (C++ - ea_t)
Returns: ea_t

prev_head(ea, minea)

 

Get start of previous defined item.

Parameters:
  • ea - begin search at this address (C++: ea_t)
  • minea - included in the search range (C++: ea_t)
Returns: ea_t
BADADDR if none exists.

next_head(ea, maxea)

 

Get start of next defined item.

Parameters:
  • ea - begin search at this address (C++: ea_t)
  • maxea - not included in the search range (C++: ea_t)
Returns: ea_t
BADADDR if none exists.

prev_not_tail(ea)

 

Get address of previous non-tail byte.

Parameters:
  • ea, (C++ - ea_t)
Returns: ea_t
BADADDR if none exists.

next_not_tail(ea)

 

Get address of next non-tail byte.

Parameters:
  • ea, (C++ - ea_t)
Returns: ea_t
BADADDR if none exists.

get_item_head(ea)

 

Get the start address of the item at 'ea'. If there is no current item, then 'ea' will be returned (see definition at the end of 'bytes.hpp' source)

Parameters:
  • ea, (C++ - ea_t)
Returns: ea_t

get_item_end(ea)

 

Get the end address of the item at 'ea'. The returned address doesn't belong to the current item. Unexplored bytes are counted as 1 byte entities.

Parameters:
  • ea, (C++ - ea_t)
Returns: ea_t

calc_max_item_end(ea, how=15)

 

Calculate maximal reasonable end address of a new item. This function will limit the item with the current segment bounds.

Parameters:
  • ea - linear address (C++: ea_t)
  • how - when to stop the search. A combination of Item end search flags (C++: int)
Returns: ea_t
end of new item. If it is not possible to create an item, it will return 'ea'.

get_item_size(ea)

 

Get size of item (instruction/data) in bytes. Unexplored bytes have length of 1 byte. This function never returns 0.

Parameters:
  • ea, (C++ - ea_t)
Returns: asize_t

is_mapped(ea)

 

Is the specified address 'ea' present in the program?

Parameters:
  • ea, (C++ - ea_t)
Returns: bool

get_flags_ex(ea, how)

 

Get flags for the specified address, extended form.

Parameters:
  • ea, (C++ - ea_t)
  • how, (C++ - int)
Returns: flags_t

get_flags(ea)

 

get flags with 'FF_IVL' & 'MS_VAL' . It is much slower under remote debugging because the kernel needs to read the process memory.

Parameters:
  • ea, (C++ - ea_t)
Returns: flags_t

get_full_flags(ea)

 

Get flags value for address 'ea'.

Parameters:
  • ea, (C++ - ea_t)
Returns: flags_t
0 if address is not present in the program

get_item_flag(_from, n, ea, appzero)

 

Get flag of the item at 'ea' even if it is a tail byte of some array or structure. This function is used to get flags of structure members or array elements.

Parameters:
  • _from - linear address of the instruction which refers to 'ea' (C++: ea_t)
  • n - number of operand which refers to 'ea' (C++: int)
  • ea - the referenced address (C++: ea_t)
  • appzero - append a struct field name if the field offset is zero? meaningful only if the name refers to a structure. (C++: bool)
Returns: flags_t
flags or 0 (if failed)

has_value(F)

 

Do flags contain byte value?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

del_value(ea)

 

Delete byte value from flags. The corresponding byte becomes uninitialized.

Parameters:
  • ea, (C++ - ea_t)

is_loaded(ea)

 

Does the specified address have a byte value (is initialized?)

Parameters:
  • ea, (C++ - ea_t)
Returns: bool

nbits(ea)

 

Get number of bits in a byte at the given address.

Parameters:
  • ea, (C++ - ea_t)
Returns: int
\ph{dnbits()} if the address doesn't belong to a segment, otherwise the result depends on the segment type

bytesize(ea)

 

Get number of bytes required to store a byte at the given address.

Parameters:
  • ea, (C++ - ea_t)
Returns: int

get_byte(ea)

 

Get one byte (8-bit) of the program at 'ea'. This function works only for 8bit byte processors.

Parameters:
  • ea, (C++ - ea_t)
Returns: uchar

get_db_byte(ea)

 

Get one byte (8-bit) of the program at 'ea' from the database. Works even if the debugger is active. See also 'get_dbg_byte()' to read the process memory directly. This function works only for 8bit byte processors.

Parameters:
  • ea, (C++ - ea_t)
Returns: uchar

get_word(ea)

 

Get one word (16-bit) of the program at 'ea'. This function takes into account order of bytes specified in \inf{is_be()} This function works only for 8bit byte processors.

Parameters:
  • ea, (C++ - ea_t)
Returns: ushort

get_dword(ea)

 

Get one dword (32-bit) of the program at 'ea'. This function takes into account order of bytes specified in \inf{is_be()} This function works only for 8bit byte processors.

Parameters:
  • ea, (C++ - ea_t)
Returns: uint32

get_qword(ea)

 

Get one qword (64-bit) of the program at 'ea'. This function takes into account order of bytes specified in \inf{is_be()} This function works only for 8bit byte processors.

Parameters:
  • ea, (C++ - ea_t)
Returns: uint64

get_wide_byte(ea)

 

Get one wide byte of the program at 'ea'. Some processors may access more than 8bit quantity at an address. These processors have 32-bit byte organization from the IDA's point of view.

Parameters:
  • ea, (C++ - ea_t)
Returns: uint64

get_wide_word(ea)

 

Get one wide word (2 'byte') of the program at 'ea'. Some processors may access more than 8bit quantity at an address. These processors have 32-bit byte organization from the IDA's point of view. This function takes into account order of bytes specified in \inf{is_be()}

Parameters:
  • ea, (C++ - ea_t)
Returns: uint64

get_wide_dword(ea)

 

Get two wide words (4 'bytes') of the program at 'ea'. Some processors may access more than 8bit quantity at an address. These processors have 32-bit byte organization from the IDA's point of view. This function takes into account order of bytes specified in \inf{is_be()}this function works incorrectly if \ph{nbits} > 16

Parameters:
  • ea, (C++ - ea_t)
Returns: uint64

get_16bit(ea)

 

Get 16bits of the program at 'ea'.

Parameters:
  • ea, (C++ - ea_t)
Returns: uint32
1 byte (getFullByte()) if the current processor has 16-bit byte, otherwise return get_word()

get_32bit(ea)

 

Get not more than 32bits of the program at 'ea'.

Parameters:
  • ea, (C++ - ea_t)
Returns: uint32
32 bit value, depending on \ph{nbits}: if ( nbits <= 8 ) return get_dword(ea); if ( nbits <= 16) return get_wide_word(ea); return get_wide_byte(ea);

get_64bit(ea)

 

Get not more than 64bits of the program at 'ea'.

Parameters:
  • ea, (C++ - ea_t)
Returns: uint64
64 bit value, depending on \ph{nbits}: if ( nbits <= 8 ) return get_qword(ea); if ( nbits <= 16) return get_wide_dword(ea); return get_wide_byte(ea);

get_data_value(v, ea, size)

 

Get the value at of the item at 'ea'. This function works with entities up to sizeof(ea_t) (bytes, word, etc)

Parameters:
  • v - pointer to the result. may be NULL (C++: uval_t *)
  • ea - linear address (C++: ea_t)
  • size - size of data to read. If 0, then the item type at 'ea' will be used (C++: asize_t)
Returns: bool
success

get_original_byte(ea)

 

Get original byte value (that was before patching). This function works for wide byte processors too.

Parameters:
  • ea, (C++ - ea_t)
Returns: uint64

get_original_word(ea)

 

Get original word value (that was before patching). This function works for wide byte processors too. This function takes into account order of bytes specified in \inf{is_be()}

Parameters:
  • ea, (C++ - ea_t)
Returns: uint64

get_original_dword(ea)

 

Get original dword (that was before patching) This function works for wide byte processors too. This function takes into account order of bytes specified in \inf{is_be()}

Parameters:
  • ea, (C++ - ea_t)
Returns: uint64

get_original_qword(ea)

 

Get original qword value (that was before patching) This function DOESN'T work for wide byte processors too. This function takes into account order of bytes specified in \inf{is_be()}

Parameters:
  • ea, (C++ - ea_t)
Returns: uint64

put_byte(ea, x)

 

Set value of one byte of the program. This function modifies the database. If the debugger is active then the debugged process memory is patched too.The original value of the byte is completely lost and can't be recovered by the 'get_original_byte()' function. See also 'put_dbg_byte()' to write to the process memory directly when the debugger is active. This function can handle wide byte processors.

Parameters:
  • ea - linear address (C++: ea_t)
  • x - byte value (C++: uint64)
Returns: bool
true if the database has been modified

put_word(ea, x)

 

Set value of one word of the program. This function takes into account order of bytes specified in \inf{is_be()} This function works for wide byte processors too.The original value of the word is completely lost and can't be recovered by the 'get_original_word()' function. ea - linear address x - word value

Parameters:
  • ea, (C++ - ea_t)
  • x, (C++ - uint64)

put_dword(ea, x)

 

Set value of one dword of the program. This function takes into account order of bytes specified in \inf{is_be()} This function works for wide byte processors too.the original value of the dword is completely lost and can't be recovered by the 'get_original_dword()' function.

Parameters:
  • ea - linear address (C++: ea_t)
  • x - dword value (C++: uint64)

put_qword(ea, x)

 

Set value of one qword (8 bytes) of the program. This function takes into account order of bytes specified in \inf{is_be()} This function DOESN'T works for wide byte processors.

Parameters:
  • ea - linear address (C++: ea_t)
  • x - qword value (C++: uint64)

patch_byte(ea, x)

 

Patch a byte of the program. The original value of the byte is saved and can be obtained by 'get_original_byte()' . This function works for wide byte processors too.

Parameters:
  • ea, (C++ - ea_t)
  • x, (C++ - uint64)
Returns: bool

patch_word(ea, x)

 

Patch a word of the program. The original value of the word is saved and can be obtained by 'get_original_word()' . This function works for wide byte processors too. This function takes into account order of bytes specified in \inf{is_be()}

Parameters:
  • ea, (C++ - ea_t)
  • x, (C++ - uint64)
Returns: bool

patch_dword(ea, x)

 

Patch a dword of the program. The original value of the dword is saved and can be obtained by 'get_original_dword()' . This function DOESN'T work for wide byte processors. This function takes into account order of bytes specified in \inf{is_be()}

Parameters:
  • ea, (C++ - ea_t)
  • x, (C++ - uint64)
Returns: bool

patch_qword(ea, x)

 

Patch a qword of the program. The original value of the qword is saved and can be obtained by 'get_original_qword()' . This function DOESN'T work for wide byte processors. This function takes into account order of bytes specified in \inf{is_be()}

Parameters:
  • ea, (C++ - ea_t)
  • x, (C++ - uint64)
Returns: bool

revert_byte(ea)

 

Revert patched byte

Parameters:
  • ea, (C++ - ea_t)
Returns: bool

add_byte(ea, value)

 

Add a value to one byte of the program. This function works for wide byte processors too.

Parameters:
  • ea - linear address (C++: ea_t)
  • value - byte value (C++: uint32)

add_word(ea, value)

 

Add a value to one word of the program. This function works for wide byte processors too. This function takes into account order of bytes specified in \inf{is_be()}

Parameters:
  • ea - linear address (C++: ea_t)
  • value - byte value (C++: uint64)

add_dword(ea, value)

 

Add a value to one dword of the program. This function works for wide byte processors too. This function takes into account order of bytes specified in \inf{is_be()}this function works incorrectly if \ph{nbits} > 16

Parameters:
  • ea - linear address (C++: ea_t)
  • value - byte value (C++: uint64)

add_qword(ea, value)

 

Add a value to one qword of the program. This function does not work for wide byte processors. This function takes into account order of bytes specified in \inf{is_be()}

Parameters:
  • ea - linear address (C++: ea_t)
  • value - byte value (C++: uint64)

get_zero_ranges(zranges, range)

 

Return set of ranges with zero initialized bytes. The returned set includes only big zero initialized ranges (at least >1KB). Some zero initialized byte ranges may be not included. Only zero bytes that use the sparse storage method (STT_MM) are reported.

Parameters:
  • zranges - pointer to the return value. cannot be NULL (C++: rangeset_t *)
  • range - the range of addresses to verify. can be NULL - means all ranges (C++: const range_t *)
Returns: bool
true if the result is a non-empty set

put_bytes(ea, buf)

 

Modify the specified number of bytes of the program. This function does not save the original values of bytes. See also 'patch_bytes()' .

Parameters:
  • ea - linear address (C++: ea_t)
  • buf - buffer with new values of bytes (C++: const void *)

patch_bytes(ea, buf)

 

Patch the specified number of bytes of the program. Original values of bytes are saved and are available with get_original...() functions. See also 'put_bytes()' .

Parameters:
  • ea - linear address (C++: ea_t)
  • buf - buffer with new values of bytes (C++: const void *)

is_code(F)

 

Does flag denote start of an instruction?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

f_is_code(F, arg2)

 

Does flag denote start of an instruction?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_data(F)

 

Does flag denote start of data?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

f_is_data(F, arg2)

 

Does flag denote start of data?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_tail(F)

 

Does flag denote tail byte?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

f_is_tail(F, arg2)

 

Does flag denote tail byte?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_not_tail(F)

 

Does flag denote tail byte?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

f_is_not_tail(F, arg2)

 

Does flag denote tail byte?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_unknown(F)

 

Does flag denote unexplored byte?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_head(F)

 

Does flag denote start of instruction OR data?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

f_is_head(F, arg2)

 

Does flag denote start of instruction OR data?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

del_items(ea, flags=0, nbytes=1, may_destroy=None)

 

Convert item (instruction/data) to unexplored bytes. The whole item (including the head and tail bytes) will be destroyed. It is allowed to pass any address in the item to this function

Parameters:
  • ea - any address within the first item to delete (C++: ea_t)
  • flags - combination of Unexplored byte conversion flags (C++: int)
  • nbytes - number of bytes in the range to be undefined (C++: asize_t)
  • may_destroy - optional routine invoked before deleting a head item. If callback returns false then item has not to be deleted and operation fails (C++: may_destroy_cb_t *)
Returns: bool
true on sucessful operation, otherwise false

is_manual_insn(ea)

 

Is the instruction overridden?

Parameters:
  • ea - linear address of the instruction or data item (C++: ea_t)
Returns: bool

get_manual_insn(ea)

 

Retrieve the user-specified string for the manual instruction.

Parameters:
  • ea - linear address of the instruction or data item (C++: ea_t)
Returns: ssize_t
size of manual instruction or -1

set_manual_insn(ea, manual_insn)

 

Set manual instruction string.

Parameters:
  • ea - linear address of the instruction or data item (C++: ea_t)
  • manual_insn - "" - delete manual string. NULL - do nothing (C++: const char *)

is_flow(F)

 

Does the previous instruction exist and pass execution flow to the current byte?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

has_extra_cmts(F)

 

Does the current byte have additional anterior or posterior lines?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

has_cmt(F)

 

Does the current byte have an indented comment?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

has_xref(F)

 

Does the current byte have cross-references to it?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

f_has_xref(f, arg2)

 

Does the current byte have cross-references to it?

Parameters:
  • f, (C++ - flags_t)
Returns: bool

has_name(F)

 

Does the current byte have non-trivial (non-dummy) name?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

f_has_name(f, arg2)

 

Does the current byte have non-trivial (non-dummy) name?

Parameters:
  • f, (C++ - flags_t)
Returns: bool

has_dummy_name(F)

 

Does the current byte have dummy (auto-generated, with special prefix) name?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

f_has_dummy_name(f, arg2)

 

Does the current byte have dummy (auto-generated, with special prefix) name?

Parameters:
  • f, (C++ - flags_t)
Returns: bool

has_auto_name(F)

 

Does the current byte have auto-generated (no special prefix) name?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

has_any_name(F)

 

Does the current byte have any name?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

has_user_name(F)

 

Does the current byte have user-specified name?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

f_has_user_name(F, arg2)

 

Does the current byte have user-specified name?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_invsign(ea, F, n)

 

Should sign of n-th operand inverted during output?. allowed values of n: 0-first operand, 1-other operands

Parameters:
  • ea, (C++ - ea_t)
  • F, (C++ - flags_t)
  • n, (C++ - int)
Returns: bool

toggle_sign(ea, n)

 

Toggle sign of n-th operand. allowed values of n: 0-first operand, 1-other operands

Parameters:
  • ea, (C++ - ea_t)
  • n, (C++ - int)
Returns: bool

is_bnot(ea, F, n)

 

Should we negate the operand?. sh{a_bnot} should be defined in the idp module in order to work with this function

Parameters:
  • ea, (C++ - ea_t)
  • F, (C++ - flags_t)
  • n, (C++ - int)
Returns: bool

toggle_bnot(ea, n)

 

Toggle binary negation of operand. also see 'is_bnot()'

Parameters:
  • ea, (C++ - ea_t)
  • n, (C++ - int)
Returns: bool

is_lzero(ea, n)

 

Display leading zeroes in operands. The global switch for the leading zeroes is in \inf{s_genflags} The leading zeroes doesn't work if the octal numbers start with 0 Display leading zeroes? (takes into account \inf{s_genflags})

Parameters:
  • ea, (C++ - ea_t)
  • n, (C++ - int)
Returns: bool

set_lzero(ea, n)

 

Set toggle lzero bit.

Parameters:
  • ea, (C++ - ea_t)
  • n, (C++ - int)
Returns: bool

clr_lzero(ea, n)

 

Clear lzero bit.

Parameters:
  • ea, (C++ - ea_t)
  • n, (C++ - int)
Returns: bool

leading_zero_important(ea, n)

 

Check if leading zeroes are important.

Parameters:
  • ea, (C++ - ea_t)
  • n, (C++ - int)
Returns: bool

is_defarg0(F)

 

Is the first operand defined? Initially operand has no defined representation.

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_defarg1(F)

 

Is the second operand defined? Initially operand has no defined representation.

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_off0(F)

 

Is the first operand offset? (example: push offset xxx)

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_off1(F)

 

Is the second operand offset? (example: mov ax, offset xxx)

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_char0(F)

 

Is the first operand character constant? (example: push 'a')

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_char1(F)

 

Is the second operand character constant? (example: mov al, 'a')

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_seg0(F)

 

Is the first operand segment selector? (example: push seg seg001)

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_seg1(F)

 

Is the second operand segment selector? (example: mov dx, seg dseg)

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_enum0(F)

 

Is the first operand a symbolic constant (enum member)?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_enum1(F)

 

Is the second operand a symbolic constant (enum member)?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_stroff0(F)

 

Is the first operand an offset within a struct?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_stroff1(F)

 

Is the second operand an offset within a struct?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_stkvar0(F)

 

Is the first operand a stack variable?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_stkvar1(F)

 

Is the second operand a stack variable?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_float0(F)

 

Is the first operand a floating point number?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_float1(F)

 

Is the second operand a floating point number?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_custfmt0(F)

 

Does the first operand use a custom data representation?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_custfmt1(F)

 

Does the second operand use a custom data representation?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_numop0(F)

 

Is the first operand a number (i.e. binary, octal, decimal or hex?)

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_numop1(F)

 

Is the second operand a number (i.e. binary, octal, decimal or hex?)

Parameters:
  • F, (C++ - flags_t)
Returns: bool

get_optype_flags0(F)

 

Get flags for first operand.

Parameters:
  • F, (C++ - flags_t)
Returns: flags_t

get_optype_flags1(F)

 

Get flags for second operand.

Parameters:
  • F, (C++ - flags_t)
Returns: flags_t

is_defarg(F, n)

 

is defined?

Parameters:
  • F, (C++ - flags_t)
  • n, (C++ - int)
Returns: bool

is_off(F, n)

 

is offset?

Parameters:
  • F, (C++ - flags_t)
  • n, (C++ - int)
Returns: bool

is_char(F, n)

 

is character constant?

Parameters:
  • F, (C++ - flags_t)
  • n, (C++ - int)
Returns: bool

is_seg(F, n)

 

is segment?

Parameters:
  • F, (C++ - flags_t)
  • n, (C++ - int)
Returns: bool

is_enum(F, n)

 

is enum?

Parameters:
  • F, (C++ - flags_t)
  • n, (C++ - int)
Returns: bool

is_manual(F, n)

 

is forced operand? (use 'is_forced_operand()' )

Parameters:
  • F, (C++ - flags_t)
  • n, (C++ - int)
Returns: bool

is_stroff(F, n)

 

is struct offset?

Parameters:
  • F, (C++ - flags_t)
  • n, (C++ - int)
Returns: bool

is_stkvar(F, n)

 

is stack variable?

Parameters:
  • F, (C++ - flags_t)
  • n, (C++ - int)
Returns: bool

is_fltnum(F, n)

 

is floating point number?

Parameters:
  • F, (C++ - flags_t)
  • n, (C++ - int)
Returns: bool

is_custfmt(F, n)

 

is custom data format?

Parameters:
  • F, (C++ - flags_t)
  • n, (C++ - int)
Returns: bool

is_numop(F, n)

 

is number (bin, oct, dec, hex)?

Parameters:
  • F, (C++ - flags_t)
  • n, (C++ - int)
Returns: bool

is_suspop(ea, F, n)

 

is suspicious operand?

Parameters:
  • ea, (C++ - ea_t)
  • F, (C++ - flags_t)
  • n, (C++ - int)
Returns: bool

op_adds_xrefs(F, n)

 

Should processor module create xrefs from the operand?. Currently 'offset' and 'structure offset' operands create xrefs

Parameters:
  • F, (C++ - flags_t)
  • n, (C++ - int)
Returns: bool

set_op_type(ea, type, n)

 

(internal function) change representation of operand(s).

Parameters:
  • ea - linear address (C++: ea_t)
  • type - new flag value (should be obtained from char_flag() , num_flag() and similar functions) (C++: flags_t)
  • n - number of operand (0, 1, -1) (C++: int)
Returns: bool

op_seg(ea, n)

 

Set operand representation to be 'segment'. If applied to unexplored bytes, converts them to 16/32bit word data

Parameters:
  • ea - linear address (C++: ea_t)
  • n - number of operand (0, 1, -1) (C++: int)
Returns: bool
success

op_enum(ea, n, id, serial)

 

Set operand representation to be 'enum_t'. If applied to unexplored bytes, converts them to 16/32bit word data

Parameters:
  • ea - linear address (C++: ea_t)
  • n - number of operand (0, 1, -1) (C++: int)
  • id - id of enum (C++: enum_t)
  • serial - the serial number of the constant in the enumeration, usually 0. the serial numbers are used if the enumeration contains several constants with the same value (C++: uchar)
Returns: bool
success

get_enum_id(ea, n)

 

Get enum id of 'enum' operand.

Parameters:
  • ea - linear address (C++: ea_t)
  • n - number of operand (0, 1, -1) (C++: int)
Returns: enum_t
id of enum or BADNODE

op_stroff(insn, n, path, path_len, delta)

 

Set operand representation to be 'struct offset'. If applied to unexplored bytes, converts them to 16/32bit word data

Parameters:
  • insn - the instruction (C++: const insn_t &)
  • n - number of operand (0, 1, -1) (C++: int)
  • path - structure path (strpath). see nalt.hpp for more info. (C++: const tid_t *)
  • path_len - length of the structure path (C++: int)
  • delta - struct offset delta. usually 0. denotes the difference between the structure base and the pointer into the structure. (C++: adiff_t)
Returns: bool
success

Example: Python> Python> ins = ida_ua.insn_t() Python> if ida_ua.decode_insn(ins, some_address): Python> path_len = 1 Python> path = ida_pro.tid_array(path_len) Python> path[0] = ida_struct.get_struc_id("my_stucture_t") Python> ida_bytes.op_stroff(ins, 0, path.cast(), path_len, 0) Python>

get_stroff_path(path, delta, ea, n)

 

Get struct path of operand.

Parameters:
  • path - buffer for structure path (strpath). see nalt.hpp for more info. (C++: tid_t *)
  • delta - struct offset delta (C++: adiff_t *)
  • ea - linear address (C++: ea_t)
  • n - number of operand (0, 1, -1) (C++: int)
Returns: int
length of strpath

op_stkvar(ea, n)

 

Set operand representation to be 'stack variable'. Should be applied to an instruction within a function. Should be applied after creating a stack var using 'insn_t::create_stkvar()' .

Parameters:
  • ea - linear address (C++: ea_t)
  • n - number of operand (0, 1, -1) (C++: int)
Returns: bool
success

set_forced_operand(ea, n, op)

 

Set forced operand.

Parameters:
  • ea - linear address (C++: ea_t)
  • n - number of operand (0, 1, 2) (C++: int)
  • op - text of operand NULL: do nothing (return 0) "" : delete forced operand (C++: const char *)
Returns: bool
success

get_forced_operand(ea, n)

 

Get forced operand.

Parameters:
  • ea - linear address (C++: ea_t)
  • n - number of operand (0, 1, 2) (C++: int)
Returns: ssize_t
size of forced operand or -1

is_forced_operand(ea, n)

 

Is operand manually defined?.

Parameters:
  • ea - linear address (C++: ea_t)
  • n - number of operand (0, 1, 2) (C++: int)
Returns: bool

op_chr(ea, n)

 

set op type to 'char_flag()'

Parameters:
  • ea, (C++ - ea_t)
  • n, (C++ - int)
Returns: bool

op_num(ea, n)

 

set op type to 'num_flag()'

Parameters:
  • ea, (C++ - ea_t)
  • n, (C++ - int)
Returns: bool

op_hex(ea, n)

 

set op type to 'hex_flag()'

Parameters:
  • ea, (C++ - ea_t)
  • n, (C++ - int)
Returns: bool

op_dec(ea, n)

 

set op type to 'dec_flag()'

Parameters:
  • ea, (C++ - ea_t)
  • n, (C++ - int)
Returns: bool

op_oct(ea, n)

 

set op type to 'oct_flag()'

Parameters:
  • ea, (C++ - ea_t)
  • n, (C++ - int)
Returns: bool

op_bin(ea, n)

 

set op type to 'bin_flag()'

Parameters:
  • ea, (C++ - ea_t)
  • n, (C++ - int)
Returns: bool

op_flt(ea, n)

 

set op type to 'flt_flag()'

Parameters:
  • ea, (C++ - ea_t)
  • n, (C++ - int)
Returns: bool

op_custfmt(ea, n, fid)

 

Set custom data format for operand (fid-custom data format id)

Parameters:
  • ea, (C++ - ea_t)
  • n, (C++ - int)
  • fid, (C++ - int)
Returns: bool

clr_op_type(ea, n)

 

Remove operand representation information. (set operand representation to be 'undefined')

Parameters:
  • ea - linear address (C++: ea_t)
  • n - number of operand (0, 1, -1) (C++: int)
Returns: bool
success

get_default_radix()

 

Get default base of number for the current processor.

Returns: int
2, 8, 10, 16

get_radix(F, n)

 

Get radix of the operand, in: flags. If the operand is not a number, returns 'get_default_radix()'

Parameters:
  • F - flags (C++: flags_t)
  • n - number of operand (0, 1, -1) (C++: int)
Returns: int
2, 8, 10, 16

is_byte(F)

 

'FF_BYTE'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_word(F)

 

'FF_WORD'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_dword(F)

 

'FF_DWORD'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_qword(F)

 

'FF_QWORD'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_oword(F)

 

'FF_OWORD'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_yword(F)

 

'FF_YWORD'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_zword(F)

 

'FF_ZWORD'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_tbyte(F)

 

'FF_TBYTE'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_float(F)

 

'FF_FLOAT'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_double(F)

 

'FF_DOUBLE'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_pack_real(F)

 

'FF_PACKREAL'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_strlit(F)

 

'FF_STRLIT'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_struct(F)

 

'FF_STRUCT'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_align(F)

 

'FF_ALIGN'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_custom(F)

 

'FF_CUSTOM'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

f_is_byte(F, arg2)

 

See 'is_byte()'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

f_is_word(F, arg2)

 

See 'is_word()'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

f_is_dword(F, arg2)

 

See 'is_dword()'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

f_is_qword(F, arg2)

 

See 'is_qword()'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

f_is_oword(F, arg2)

 

See 'is_oword()'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

f_is_yword(F, arg2)

 

See 'is_yword()'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

f_is_tbyte(F, arg2)

 

See 'is_tbyte()'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

f_is_float(F, arg2)

 

See 'is_float()'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

f_is_double(F, arg2)

 

See 'is_double()'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

f_is_pack_real(F, arg2)

 

See 'is_pack_real()'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

f_is_strlit(F, arg2)

 

See 'is_strlit()'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

f_is_struct(F, arg2)

 

See 'is_struct()'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

f_is_align(F, arg2)

 

See 'is_align()'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

f_is_custom(F, arg2)

 

See 'is_custom()'

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_same_data_type(F1, F2)

 

Do the given flags specify the same data type?

Parameters:
  • F1, (C++ - flags_t)
  • F2, (C++ - flags_t)
Returns: bool

get_flags_by_size(size)

 

Get flags from size (in bytes). Supported sizes: 1, 2, 4, 8, 16, 32. For other sizes returns 0

Parameters:
  • size, (C++ - size_t)
Returns: flags_t

create_data(ea, dataflag, size, tid)

 

Convert to data (byte, word, dword, etc). This function may be used to create arrays.

Parameters:
  • ea - linear address (C++: ea_t)
  • dataflag - type of data. Value of function byte_flag() , word_flag() , etc. (C++: flags_t)
  • size - size of array in bytes. should be divisible by the size of one item of the specified type. for variable sized items it can be specified as 0, and the kernel will try to calculate the size. (C++: asize_t)
  • tid - type id. If the specified type is a structure, then tid is structure id. Otherwise should be BADNODE . (C++: tid_t)
Returns: bool
success

create_byte(ea, length, force=False)

 

Convert to byte.

Parameters:
  • ea, (C++ - ea_t)
  • length, (C++ - asize_t)
  • force, (C++ - bool)
Returns: bool

create_word(ea, length, force=False)

 

Convert to word.

Parameters:
  • ea, (C++ - ea_t)
  • length, (C++ - asize_t)
  • force, (C++ - bool)
Returns: bool

create_dword(ea, length, force=False)

 

Convert to dword.

Parameters:
  • ea, (C++ - ea_t)
  • length, (C++ - asize_t)
  • force, (C++ - bool)
Returns: bool

create_qword(ea, length, force=False)

 

Convert to quadword.

Parameters:
  • ea, (C++ - ea_t)
  • length, (C++ - asize_t)
  • force, (C++ - bool)
Returns: bool

create_oword(ea, length, force=False)

 

Convert to octaword/xmm word.

Parameters:
  • ea, (C++ - ea_t)
  • length, (C++ - asize_t)
  • force, (C++ - bool)
Returns: bool

create_yword(ea, length, force=False)

 

Convert to ymm word.

Parameters:
  • ea, (C++ - ea_t)
  • length, (C++ - asize_t)
  • force, (C++ - bool)
Returns: bool

create_zword(ea, length, force=False)

 

Convert to zmm word.

Parameters:
  • ea, (C++ - ea_t)
  • length, (C++ - asize_t)
  • force, (C++ - bool)
Returns: bool

create_tbyte(ea, length, force=False)

 

Convert to tbyte.

Parameters:
  • ea, (C++ - ea_t)
  • length, (C++ - asize_t)
  • force, (C++ - bool)
Returns: bool

create_float(ea, length, force=False)

 

Convert to float.

Parameters:
  • ea, (C++ - ea_t)
  • length, (C++ - asize_t)
  • force, (C++ - bool)
Returns: bool

create_double(ea, length, force=False)

 

Convert to double.

Parameters:
  • ea, (C++ - ea_t)
  • length, (C++ - asize_t)
  • force, (C++ - bool)
Returns: bool

create_packed_real(ea, length, force=False)

 

Convert to packed decimal real.

Parameters:
  • ea, (C++ - ea_t)
  • length, (C++ - asize_t)
  • force, (C++ - bool)
Returns: bool

create_struct(ea, length, tid, force=False)

 

Convert to struct.

Parameters:
  • ea, (C++ - ea_t)
  • length, (C++ - asize_t)
  • tid, (C++ - tid_t)
  • force, (C++ - bool)
Returns: bool

create_custdata(ea, length, dtid, fid, force=False)

 

Convert to custom data type.

Parameters:
  • ea, (C++ - ea_t)
  • length, (C++ - asize_t)
  • dtid, (C++ - int)
  • fid, (C++ - int)
  • force, (C++ - bool)
Returns: bool

create_align(ea, length, alignment)

 

Alignment: 0 or 2..32. If it is 0, is will be calculated.

Parameters:
  • ea, (C++ - ea_t)
  • length, (C++ - asize_t)
  • alignment, (C++ - int)
Returns: bool

calc_min_align(length)

 

Returns: 1..32.

Parameters:
  • length, (C++ - asize_t)
Returns: int

calc_max_align(endea)

 

Returns: 0..32.

Parameters:
  • endea, (C++ - ea_t)
Returns: int

calc_def_align(ea, mina, maxa)

 

Calculate default alignment.

Parameters:
  • ea, (C++ - ea_t)
  • mina, (C++ - int)
  • maxa, (C++ - int)
Returns: int

create_16bit_data(ea, length)

 

Convert to 16-bit quantity (take byte size into account)

Parameters:
  • ea, (C++ - ea_t)
  • length, (C++ - asize_t)
Returns: bool

create_32bit_data(ea, length)

 

Convert to 32-bit quantity (take byte size into account)

Parameters:
  • ea, (C++ - ea_t)
  • length, (C++ - asize_t)
Returns: bool

get_max_strlit_length(ea, strtype, options=0)

 

Determine maximum length of string literal.

Parameters:
  • ea - starting address (C++: ea_t)
  • strtype - string type. one of String type codes (C++: int32)
  • options - combination of string literal length options (C++: int)
Returns: size_t
length of the string in octets (octet==8bit)

create_strlit(start, len, strtype)

 

Convert to string literal and give a meaningful name. 'start' may be higher than 'end', the kernel will swap them in this case

Parameters:
  • start - starting address (C++: ea_t)
  • len - length of the string in bytes. if 0, then get_max_strlit_length() will be used to determine the length (C++: size_t)
  • strtype - string type. one of String type codes (C++: int32)
Returns: bool
success

get_opinfo(buf, ea, n, flags)

 

Get additional information about an operand representation.

Parameters:
  • buf - buffer to receive the result. may not be NULL (C++: opinfo_t *)
  • ea - linear address of item (C++: ea_t)
  • n - number of operand, 0 or 1 (C++: int)
  • flags - flags of the item (C++: flags_t)
Returns: opinfo_t
NULL if no additional representation information

set_opinfo(ea, n, flag, ti, suppress_events=False)

 

Set additional information about an operand representation. This function is a low level one. Only the kernel should use it.

Parameters:
  • ea - linear address of the item (C++: ea_t)
  • n - number of operand, 0 or 1 (C++: int)
  • flag - flags of the item (C++: flags_t)
  • ti - additional representation information (C++: const opinfo_t *)
  • suppress_events - do not generate changing_op_type and op_type_changed events (C++: bool)
Returns: bool
success

get_data_elsize(ea, F, ti=None)

 

Get size of data type specified in flags 'F'.

Parameters:
  • ea - linear address of the item (C++: ea_t)
  • F - flags (C++: flags_t)
  • ti - additional information about the data type. For example, if the current item is a structure instance, then ti->tid is structure id. Otherwise is ignored (may be NULL). If specified as NULL, will be automatically retrieved from the database (C++: const opinfo_t *)
Returns: asize_t
byte : 1 word : 2 etc...

get_full_data_elsize(ea, F, ti=None)

 

Get full size of data type specified in flags 'F'. takes into account processors with wide bytes e.g. returns 2 for a byte element with 16-bit bytes

Parameters:
  • ea, (C++ - ea_t)
  • F, (C++ - flags_t)
  • ti, (C++ - const opinfo_t *)
Returns: asize_t

is_varsize_item(ea, F, ti=None, itemsize=None)

 

Is the item at 'ea' variable size?.

Parameters:
  • ea - linear address of the item (C++: ea_t)
  • F - flags (C++: flags_t)
  • ti - additional information about the data type. For example, if the current item is a structure instance, then ti->tid is structure id. Otherwise is ignored (may be NULL). If specified as NULL, will be automatically retrieved from the database (C++: const opinfo_t *)
  • itemsize - if not NULL and the item is varsize, itemsize will contain the calculated item size (for struct types, the minimal size is returned) (C++: asize_t *)
Returns: int

can_define_item(ea, length, flags)

 
Can define item (instruction/data) of the specified 'length', starting
at 'ea'?if there is an item starting at 'ea', this function ignores
itthis function converts to unexplored all encountered data items with
fixup information. Should be fixed in the future.a new item would
cross segment boundariesa new item would overlap with existing items
(except items specified by 'flags')

@param ea (C++: ea_t)
@param length (C++: asize_t)
@param flags: if not 0, then the kernel will ignore the data types
              specified by the flags and destroy them. For example:
              1000 dw 5                  1002 db 5 ; undef
              1003 db 5 ; undef                  1004 dw 5
              1006 dd 5                    can_define_item(1000, 6, 0)
              - false because of dw at 1004    can_define_item(1000,
              6, word_flag()) - true, word at 1004 is destroyed (C++:
              flags_t)
@return: 1-yes, 0-no

Returns: bool

has_immd(F)

 

Has immediate value?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

is_func(F)

 

Is function start?

Parameters:
  • F, (C++ - flags_t)
Returns: bool

set_immd(ea)

 

Set 'has immediate operand' flag. Returns true if the 'FF_IMMD' bit was not set and now is set

Parameters:
  • ea, (C++ - ea_t)
Returns: bool

get_custom_data_type(dtid)

 

Get definition of a registered custom data type.

Parameters:
  • dtid - data type id (C++: int)
Returns: data_type_t
data type definition or NULL

get_custom_data_format(dfid)

 

Get definition of a registered custom data format.

Parameters:
  • dfid - data format id (C++: int)
Returns: data_format_t
data format definition or NULL

attach_custom_data_format(dtid, dfid)

 

Attach the data format to the data type.

Parameters:
  • dtid - data type id that can use the data format. 0 means all standard data types. Such data formats can be applied to any data item or instruction operands. For instruction operands, the data_format_t::value_size check is not performed by the kernel. (C++: int)
  • dfid - data format id (C++: int)
Returns: bool

detach_custom_data_format(dtid, dfid)

 

Detach the data format from the data type. Unregistering a custom data type detaches all attached data formats, no need to detach them explicitly. You still need unregister them. Unregistering a custom data format detaches it from all attached data types.

Parameters:
  • dtid - data type id to detach data format from (C++: int)
  • dfid - data format id to detach (C++: int)
Returns: bool

get_custom_data_types(out, min_size=0, max_size=BADADDR)

 

Get list of registered custom data type ids.

Parameters:
  • out - buffer for the output. may be NULL (C++: intvec_t *)
  • min_size - minimum value size (C++: asize_t)
  • max_size - maximum value size (C++: asize_t)
Returns: int
number of custom data types with the specified size limits

get_custom_data_formats(out, dtid)

 

Get list of attached custom data formats for the specified data type.

Parameters:
  • out - buffer for the output. may be NULL (C++: intvec_t *)
  • dtid - data type id (C++: int)
Returns: int
number of returned custom data formats. if error, returns -1

find_custom_data_type(name)

 

Get id of a custom data type.

Parameters:
  • name - name of the custom data type (C++: const char *)
Returns: int
id or -1

find_custom_data_format(name)

 

Get id of a custom data format.

Parameters:
  • name - name of the custom data format (C++: const char *)
Returns: int
id or -1

set_cmt(ea, comm, rptble)

 

Set an indented comment.

Parameters:
  • ea - linear address (C++: ea_t)
  • comm - comment string NULL: do nothing (return 0) "" : delete comment (C++: const char *)
  • rptble - is repeatable? (C++: bool)
Returns: bool
success

get_cmt(ea, rptble)

 

Get an indented comment.

Parameters:
  • ea - linear address. may point to tail byte, the function will find start of the item (C++: ea_t)
  • rptble - get repeatable comment? (C++: bool)
Returns: ssize_t
size of comment or -1

append_cmt(ea, str, rptble)

 

Append to an indented comment. Creates a new comment if none exists. Appends a newline character and the specified string otherwise.

Parameters:
  • ea - linear address (C++: ea_t)
  • str - comment string to append (C++: const char *)
  • rptble - append to repeatable comment? (C++: bool)
Returns: bool
success

get_predef_insn_cmt(ins)

 

Get predefined comment.

Parameters:
  • ins - current instruction information (C++: const insn_t &)
Returns: ssize_t
size of comment or -1

find_byte(sEA, size, value, bin_search_flags)

 

Find forward a byte with the specified value (only 8-bit value from the database). example: ea=4 size=3 will inspect addresses 4, 5, and 6

Parameters:
  • sEA - linear address (C++: ea_t)
  • size - number of bytes to inspect (C++: asize_t)
  • value - value to find (C++: uchar)
  • bin_search_flags - combination of Search flags (C++: int)
Returns: ea_t
address of byte or BADADDR

find_byter(sEA, size, value, bin_search_flags)

 

Find reverse a byte with the specified value (only 8-bit value from the database). example: ea=4 size=3 will inspect addresses 6, 5, and 4

Parameters:
  • sEA - the lower address of the search range (C++: ea_t)
  • size - number of bytes to inspect (C++: asize_t)
  • value - value to find (C++: uchar)
  • bin_search_flags - combination of Search flags (C++: int)
Returns: ea_t
address of byte or BADADDR

next_inited(ea, maxea)

 

Find the next initialized address.

Parameters:
  • ea, (C++ - ea_t)
  • maxea, (C++ - ea_t)
Returns: ea_t

prev_inited(ea, minea)

 

Find the previous initialized address.

Parameters:
  • ea, (C++ - ea_t)
  • minea, (C++ - ea_t)
Returns: ea_t

equal_bytes(ea, image, mask, len, sense_case)

 

Compare 'len' bytes of the program starting from 'ea' with 'image'.

Parameters:
  • ea - linear address (C++: ea_t)
  • image - bytes to compare with (C++: const uchar *)
  • mask - array of 1/0 bytes, it's length is 'len'. 1 means to perform the comparison of the corresponding byte. 0 means not to perform. if mask == NULL, then all bytes of 'image' will be compared. if mask == SKIP_FF_MASK then 0xFF bytes will be skipped (C++: const uchar *)
  • len - length of block to compare in bytes. (C++: size_t)
  • sense_case - case-sensitive comparison? (C++: bool)
Returns: bool

update_hidden_range(ha)

 

Update hidden range information in the database. You cannot use this function to change the range boundaries

Parameters:
  • ha - range to update (C++: const hidden_range_t *)
Returns: bool
success

add_hidden_range(ea1, ea2, description, header, footer, color)

 

Mark a range of addresses as hidden. The range will be created in the invisible state with the default color

Parameters:
  • ea1 - linear address of start of the address range (C++: ea_t)
  • ea2 - linear address of end of the address range (C++: ea_t)
  • description - range parameters (C++: const char *)
  • header - range parameters (C++: const char *)
  • footer - range parameters (C++: const char *)
  • color, (C++ - bgcolor_t)
Returns: bool
success

get_hidden_range(ea)

 

Get pointer to hidden range structure, in: linear address.

Parameters:
  • ea - any address in the hidden range (C++: ea_t)
Returns: hidden_range_t

getn_hidden_range(n)

 

Get pointer to hidden range structure, in: number of hidden range.

Parameters:
  • n - number of hidden range, is in range 0.. get_hidden_range_qty() -1 (C++: int)
Returns: hidden_range_t

get_hidden_range_num(ea)

 

Get number of a hidden range.

Parameters:
  • ea - any address in the hidden range (C++: ea_t)
Returns: int
number of hidden range (0.. get_hidden_range_qty() -1)

get_prev_hidden_range(ea)

 

Get pointer to previous hidden range.

Parameters:
  • ea - any address in the program (C++: ea_t)
Returns: hidden_range_t
ptr to hidden range or NULL if previous hidden range doesn't exist

get_next_hidden_range(ea)

 

Get pointer to next hidden range.

Parameters:
  • ea - any address in the program (C++: ea_t)
Returns: hidden_range_t
ptr to hidden range or NULL if next hidden range doesn't exist

get_first_hidden_range()

 

Get pointer to the first hidden range.

Returns: hidden_range_t
ptr to hidden range or NULL

get_last_hidden_range()

 

Get pointer to the last hidden range.

Returns: hidden_range_t
ptr to hidden range or NULL

del_hidden_range(ea)

 

Delete hidden range.

Parameters:
  • ea - any address in the hidden range (C++: ea_t)
Returns: bool
success

add_mapping(_from, to, size)

 

IDA supports memory mapping. References to the addresses from the mapped range use data and meta-data from the mapping range.You should set flag PR2_MAPPING in ph.flag2 to use memory mapping Add memory mapping range.

Parameters:
  • _from - start of the mapped range (nonexistent address) (C++: ea_t)
  • to - start of the mapping range (existent address) (C++: ea_t)
  • size - size of the range (C++: asize_t)
Returns: bool
success

del_mapping(ea)

 

Delete memory mapping range.

Parameters:
  • ea - any address in the mapped range (C++: ea_t)

use_mapping(ea)

 

Translate address according to current mappings.

Parameters:
  • ea - address to translate (C++: ea_t)
Returns: ea_t
translated address

get_mapping(n)

 

Get memory mapping range by its number.

Parameters:
  • n - number of mapping range (0.. get_mappings_qty() -1) (C++: size_t)
Returns: bool
false if the specified range doesn't exist, otherwise returns from , to , size

visit_patched_bytes(ea1, ea2, py_callable)

 

Enumerates patched bytes in the given range and invokes a callable

Parameters:
  • ea1 - start address
  • ea2 - end address
  • callable - a Python callable with the following prototype: callable(ea, fpos, org_val, patch_val). If the callable returns non-zero then that value will be returned to the caller and the enumeration will be interrupted.
Returns: int
Zero if the enumeration was successful or the return value of the callback if enumeration was interrupted.

next_that(ea, maxea, callable)

 

Find next address with a flag satisfying the function 'testf'. Start searching from address 'ea'+1 and inspect bytes up to 'maxea'. maxea is not included in the search range.

Parameters:
  • callable - a Python callable with the following prototype: callable(flags). Return True to stop enumeration.
Returns: ea_t
the found address or BADADDR.

prev_that(ea, minea, callable)

 

Find previous address with a flag satisfying the function 'testf'.do not pass 'is_unknown()' to this function to find unexplored bytes It will fail under the debugger. To find unexplored bytes, use 'prev_unknown()' .

Parameters:
  • ea - start searching from this address - 1. (C++: ea_t)
  • minea - included in the search range. (C++: ea_t)
Returns: ea_t
the found address or BADADDR .

get_bytes(ea, size, gmb_flags=0x01)

 

Get the specified number of bytes of the program.

Parameters:
  • ea - program address
  • size - number of bytes to return
Returns: PyObject *
the bytes (as a str), or None in case of failure

get_bytes_and_mask(ea, size, gmb_flags=0x01)

 

Get the specified number of bytes of the program, and a bitmask specifying what bytes are defined and what bytes are not.

Parameters:
  • ea - program address
  • size - number of bytes to return
Returns: PyObject *
a tuple (bytes, mask), or None in case of failure. Both 'bytes' and 'mask' are 'str' instances.

get_strlit_contents(ea, py_len, type, flags=0)

 

Get bytes contents at location, possibly converted. It works even if the string has not been created in the database yet.

Note that this will <b>always</b> return a simple string of bytes (i.e., a 'str' instance), and not a string of unicode characters.

If you want auto-conversion to unicode strings (that is: real strings), you should probably be using the idautils.Strings class.

Parameters:
  • ea - linear address of the string
  • len - length of the string in bytes (including terminating 0)
  • type - type of the string. Represents both the character encoding, <u>and</u> the 'type' of string at the given location.
  • flags - combination of STRCONV_..., to perform output conversion.
Returns: PyObject *
a bytes-filled str object.

print_strlit_type(strtype, flags=0)

 

Get string type information: the string type name (possibly decorated with hotkey markers), and the tooltip.

Parameters:
  • strtype - the string type (C++: int32)
  • flags - or'ed PSTF_* constants (C++: int)
Returns: PyObject *
length of generated text

get_octet(ea, v, nbit)

 
Get 8 bits of the program at 'ea'. The main usage of this function is
to iterate range of bytes. Here is an example:

uint64 v;
int nbit = 0;
for ( ... ) {
  uchar byte = get_octet(&ea, &v, &nbit);
  ...
}

'ea' is incremented each time when a new byte is read. In the above
example, it will be incremented in the first loop iteration.

@param ea (C++: ea_t *)
@param v (C++: uint64  *)
@param nbit (C++: int *)

Returns: PyObject *

register_custom_data_type(py_dt)

 

Registers a custom data type.

Parameters:
  • dt - an instance of the data_type_t class
Returns: int
< 0 if failed to register > 0 data type id

unregister_custom_data_type(dtid)

 

Unregisters a custom data type.

Parameters:
  • dtid - the data type id
Returns: bool
Boolean

register_custom_data_format(py_df)

 

Registers a custom data format with a given data type.

Parameters:
  • df - an instance of data_format_t
Returns: int
< 0 if failed to register > 0 data format id

unregister_custom_data_format(dfid)

 

Unregisters a custom data format

Parameters:
  • dfid - data format id
Returns: bool
Boolean

register_data_types_and_formats(formats)

 
Registers multiple data types and formats at once.
To register one type/format at a time use register_custom_data_type/register_custom_data_format

It employs a special table of types and formats described below:

The 'formats' is a list of tuples. If a tuple has one element then it is the format to be registered with dtid=0
If the tuple has more than one element, then tuple[0] is the data type and tuple[1:] are the data formats. For example:
many_formats = [
  (pascal_data_type(), pascal_data_format()),
  (simplevm_data_type(), simplevm_data_format()),
  (makedword_data_format(),),
  (simplevm_data_format(),)
]
The first two tuples describe data types and their associated formats.
The last two tuples describe two data formats to be used with built-in data types.
The data format may be attached to several data types. The id of the
data format is stored in the first data_format_t object. For example:
assert many_formats[1][1] != -1
assert many_formats[2][0] != -1
assert many_formats[3][0] == -1


Variables Details

GFE_VALUE

get flags with 'FF_IVL' & 'MS_VAL' . It is much slower under remote debugging because the kernel needs to read the process memory.

Value:
1

GMB_READALL

if this bit is not set, fail at first uninited byte

try to read all bytes

Value:
1

DELIT_DELNAMES

delete any names at the specified address range (except for the starting address). this bit is valid if nbytes > 1

Value:
2

DELIT_NOTRUNC

even if 'AF_TRFUNC' is set

don't truncate the current function

Value:
4

DELIT_NOUNAME

reject to delete if a user name is in address range (except for the starting address). this bit is valid if nbytes > 1

Value:
8

DELIT_NOCMT

reject to delete if a comment is in address range (except for the starting address). this bit is valid if nbytes > 1

Value:
16

DELIT_KEEPFUNC

Just delete xrefs, ops e.t.c.

do not undefine the function start.

Value:
32

OPND_OUTER

used only in set, get, del_offset() functions

outer offset base (combined with operand number).

Value:
128

ALOPT_IGNHEADS

don't stop if another data item is encountered. only the byte values will be used to determine the string length. if not set, a defined data item or instruction will truncate the string

Value:
1

ALOPT_MAX4K

accumulated length

if string length is more than 4K, return the

Value:
8