Module index

Module ida_idp

Contains definition of the interface to IDP modules.
The interface consists of two structures:
  • definition of target assembler: ::ash
  • definition of current processor: ::ph
These structures contain information about target processor and assembler features.
It also defines two groups of kernel events:
  • processor_t::event_t processor related events
  • idb_event:event_code_t database related events
The processor related events are used to communicate with the processor module. The database related events are used to inform any interested parties, like plugins or processor modules, about the changes in the database.

Global variables

var AS2_BRACE
Use braces for all expressions.
var AS2_BYTE1CHAR
One symbol per processor byte. Meaningful only for wide byte processors
var AS2_COLONSUF
addresses may have ":xx" suffix; this suffix must be ignored when extracting the address under the cursor
var AS2_IDEALDSCR
Description of struc/union is in the 'reverse' form (keyword before name), the same as in borland tasm ideal
var AS2_STRINV
Invert meaning of idainfo::wide_high_byte_first for text strings (for processors with bytes bigger than 8 bits)
var AS2_TERSESTR
'terse' structure initialization form; NAME<fld,fld,...> is supported
var AS2_YWORD
a_yword field is present and valid
var AS2_ZWORD
a_zword field is present and valid
var ASB_BINF0
010101b
var ASB_BINF1
^B010101
var ASB_BINF2
%010101
var ASB_BINF3
0b1010101
var ASB_BINF4
b'1010101
var ASB_BINF5
b'1010101'
var ASD_DECF0
34
var ASD_DECF1
#34
var ASD_DECF2
34.
var ASD_DECF3
.34
var ASH_HEXF0
34h
var ASH_HEXF1
h'34
var ASH_HEXF2
34
var ASH_HEXF3
0x34
var ASH_HEXF4
$34
var ASH_HEXF5
<^R > (radix)
var ASO_OCTF0
123o
var ASO_OCTF1
0123
var ASO_OCTF2
123
var ASO_OCTF3
@123
var ASO_OCTF4
o'123
var ASO_OCTF5
123q
var ASO_OCTF6
~123
var ASO_OCTF7
q'123
var AS_1TEXT
1 text per line, no bytes
var AS_2CHRE
double char constants are: "xy
var AS_ALIGN2
.align directive expects an exponent rather than a power of 2 (.align 5 means to align at 32byte boundary)
var AS_ASCIIC
ascii directive accepts C-like escape sequences (\n,\x01 and similar)
var AS_ASCIIZ
ascii directive inserts implicit zero byte at the end
var AS_BINFM
mask - binary number format
var AS_COLON
create colons after data names ?
var AS_DECFM
mask - decimal number format
var AS_HEXFM
mask - hex number format
var AS_LALIGN
Labels at "align" keyword are supported.
var AS_N2CHR
can't have 2 byte char consts
var AS_NCHRE
char constants are: 'x
var AS_NCMAS
no commas in ascii directives
var AS_NHIAS
no characters with high bit
var AS_NOCODECLN
don't create colons after code names
var AS_NOSPACE
No spaces in expressions.
var AS_NOXRF
Disable xrefs during the output file generation.
var AS_OCTFM
mask - octal number format
var AS_OFFST
offsets are 'offset xxx' ?
var AS_ONEDUP
One array definition per line.
var AS_RELSUP
Checkarg: 'and','or','xor' operations with addresses are possible.
var AS_UDATA
can use '?' in data directives
var AS_UNEQU
replace undefined data items with EQU (for ANTA's A80)
var AS_XTRNTYPE
Assembler understands type of extern symbols as ":type" suffix.
var CF_CALL
CALL instruction (should make a procedure here)
var CF_CHG1
The instruction modifies the first operand.
var CF_CHG2
The instruction modifies the second operand.
var CF_CHG3
The instruction modifies the third operand.
var CF_CHG4
The instruction modifies 4 operand.
var CF_CHG5
The instruction modifies 5 operand.
var CF_CHG6
The instruction modifies 6 operand.
var CF_CHG7
The instruction modifies the 7th operand.
var CF_CHG8
The instruction modifies the 8th operand.
var CF_HLL
Instruction may be present in a high level language function
var CF_JUMP
The instruction passes execution using indirect jump or call (thus needs additional analysis)
var CF_SHFT
Bit-shift instruction (shl,shr...)
var CF_STOP
Instruction doesn't pass execution to the next instruction
var CF_USE1
The instruction uses value of the first operand.
var CF_USE2
The instruction uses value of the second operand.
var CF_USE3
The instruction uses value of the third operand.
var CF_USE4
The instruction uses value of the 4 operand.
var CF_USE5
The instruction uses value of the 5 operand.
var CF_USE6
The instruction uses value of the 6 operand.
var CF_USE7
The instruction uses value of the 7th operand.
var CF_USE8
The instruction uses value of the 8th operand.
var CUSTOM_INSN_ITYPE
Custom instruction codes defined by processor extension plugins must be greater than or equal to this
var HKCB_GLOBAL
is global event listener? if true, the listener will survive database closing and opening. it will stay in the memory until explicitly unhooked. otherwise the kernel will delete it as soon as the owner is unloaded. should be used only with PLUGIN_FIX plugins.
var IDPOPT_BADKEY
IDPOPT_BADKEY = 1
var IDPOPT_BADTYPE
IDPOPT_BADTYPE = 2
var IDPOPT_BADVALUE
IDPOPT_BADVALUE = 3
var IDPOPT_BIT
IDPOPT_BIT = 3
var IDPOPT_BIT_BOOL
IDPOPT_BIT_BOOL = 50331648
var IDPOPT_BIT_UCHAR
IDPOPT_BIT_UCHAR = 16777216
var IDPOPT_BIT_UINT
IDPOPT_BIT_UINT = 0
var IDPOPT_BIT_USHORT
IDPOPT_BIT_USHORT = 33554432
var IDPOPT_CST
IDPOPT_CST = 6
var IDPOPT_CST_PARAMS
IDPOPT_CST_PARAMS = 16777216
var IDPOPT_FLT
IDPOPT_FLT = 4
var IDPOPT_I64
IDPOPT_I64 = 5
var IDPOPT_I64_RANGE
IDPOPT_I64_RANGE = 16777216
var IDPOPT_I64_UNS
IDPOPT_I64_UNS = 33554432
var IDPOPT_MBROFF
IDPOPT_MBROFF = 262144
var IDPOPT_NUM
IDPOPT_NUM = 2
var IDPOPT_NUM_CHAR
IDPOPT_NUM_CHAR = 16777216
var IDPOPT_NUM_INT
IDPOPT_NUM_INT = 0
var IDPOPT_NUM_RANGE
IDPOPT_NUM_RANGE = 67108864
var IDPOPT_NUM_SHORT
IDPOPT_NUM_SHORT = 33554432
var IDPOPT_NUM_UNS
IDPOPT_NUM_UNS = 134217728
var IDPOPT_OK
IDPOPT_OK = 0
var IDPOPT_PRI_DEFAULT
IDPOPT_PRI_DEFAULT = 1
var IDPOPT_PRI_HIGH
IDPOPT_PRI_HIGH = 2
var IDPOPT_STR
IDPOPT_STR = 1
var IDPOPT_STR_LONG
IDPOPT_STR_LONG = 33554432
var IDPOPT_STR_QSTRING
IDPOPT_STR_QSTRING = 16777216
var IDP_INTERFACE_VERSION
The interface version number.
note: see also IDA_SDK_VERSION from pro.h
var NO_ACCESS
NO_ACCESS = 0
var OP_FP_BASED
operand is FP based
var OP_SP_ADD
operand value is added to the pointer
var OP_SP_BASED
operand is SP based
var OP_SP_SUB
operand value is subtracted from the pointer
var PLFM_386
Intel 80x86.
var PLFM_6502
6502
var PLFM_65C816
65802/65816
var PLFM_6800
Motorola 68xx.
var PLFM_68K
Motorola 680x0.
var PLFM_80196
Intel 80196.
var PLFM_8051
8051
var PLFM_AD2106X
Analog Devices ADSP 2106X.
var PLFM_AD218X
Analog Devices ADSP 218X.
var PLFM_ALPHA
DEC Alpha.
var PLFM_ARC
Argonaut RISC Core.
var PLFM_ARM
Advanced RISC Machines.
var PLFM_AVR
Atmel 8-bit RISC processor(s)
var PLFM_C166
Siemens C166 family.
var PLFM_C39
Rockwell C39.
var PLFM_CR16
NSC CR16.
var PLFM_DALVIK
Android Dalvik Virtual Machine.
var PLFM_DSP56K
Motorola DSP5600x.
var PLFM_DSP96K
Motorola DSP96000.
var PLFM_EBC
EFI Bytecode.
var PLFM_F2MC
Fujistu F2MC-16.
var PLFM_FR
Fujitsu FR Family.
var PLFM_H8
Hitachi H8/300, H8/2000.
var PLFM_H8500
Hitachi H8/500.
var PLFM_HPPA
Hewlett-Packard PA-RISC.
var PLFM_I860
Intel 860.
var PLFM_I960
Intel 960.
var PLFM_IA64
Intel Itanium IA64.
var PLFM_JAVA
Java.
var PLFM_KR1878
Angstrem KR1878.
var PLFM_M16C
Renesas M16C.
var PLFM_M32R
Mitsubishi 32bit RISC.
var PLFM_M740
Mitsubishi 8bit.
var PLFM_M7700
Mitsubishi 16bit.
var PLFM_M7900
Mitsubishi 7900.
var PLFM_MC6812
Motorola 68HC12.
var PLFM_MC6816
Motorola 68HC16.
var PLFM_MIPS
MIPS.
var PLFM_MN102L00
Panasonic MN10200.
var PLFM_MSP430
Texas Instruments MSP430.
var PLFM_NEC_78K0
NEC 78K0.
var PLFM_NEC_78K0S
NEC 78K0S.
var PLFM_NEC_V850X
NEC V850 and V850ES/E1/E2.
var PLFM_NET
Microsoft Visual Studio.Net.
var PLFM_OAKDSP
Atmel OAK DSP.
var PLFM_PDP
PDP11.
var PLFM_PIC
Microchip's PIC.
var PLFM_PIC16
Microchip's 16-bit PIC.
var PLFM_PPC
PowerPC.
var PLFM_RISCV
RISC-V.
var PLFM_RL78
Renesas RL78.
var PLFM_RX
Renesas RX.
var PLFM_S390
IBM's S390.
var PLFM_SCR_ADPT
Processor module adapter for processor modules written in scripting languages.
var PLFM_SH
Renesas (formerly Hitachi) SuperH.
var PLFM_SPARC
SPARC.
var PLFM_SPC700
Sony SPC700.
var PLFM_SPU
Cell Broadband Engine Synergistic Processor Unit.
var PLFM_ST20
SGS-Thomson ST20.
var PLFM_ST7
SGS-Thomson ST7.
var PLFM_ST9
ST9+.
var PLFM_TLCS900
Toshiba TLCS-900.
var PLFM_TMS
Texas Instruments TMS320C5x.
var PLFM_TMS320C1X
Texas Instruments TMS320C1x.
var PLFM_TMS320C28
Texas Instruments TMS320C28x.
var PLFM_TMS320C3
Texas Instruments TMS320C3.
var PLFM_TMS320C54
Texas Instruments TMS320C54xx.
var PLFM_TMS320C55
Texas Instruments TMS320C55xx.
var PLFM_TMSC6
Texas Instruments TMS320C6x.
var PLFM_TRICORE
Tasking Tricore.
var PLFM_TRIMEDIA
Trimedia.
var PLFM_UNSP
SunPlus unSP.
var PLFM_XTENSA
Tensilica Xtensa.
var PLFM_Z8
Z8.
var PLFM_Z80
8085, Z80
var PR2_CODE16_BIT
low bit of code addresses has special meaning e.g. ARM Thumb, MIPS16
var PR2_FORCE_16BIT
use 16-bit basic types despite of 32-bit segments (used by c166)
var PR2_IDP_OPTS
the module has processor-specific configuration options
var PR2_MACRO
processor supports macro instructions
var PR2_MAPPINGS
the processor module uses memory mapping
var PR2_REALCVT
the module has a custom 'ev_realcvt' implementation (otherwise IEEE-754 format is assumed)
var PR2_REL_BITS
(Lumina) calcrel info has bits granularity, not bytes - construction flag only
var PR2_USE_CALCREL
(Lumina) the module supports calcrel info
var PRN_BIN
binary
var PRN_DEC
decimal
var PRN_HEX
hex
var PRN_OCT
octal
var PR_ADJSEGS
IDA may adjust segments' starting/ending addresses.
var PR_ALIGN
All data items should be aligned properly.
var PR_ALIGN_INSN
allow ida to create alignment instructions arbitrarily. Since these instructions might lead to other wrong instructions and spoil the listing, IDA does not create them by default anymore
var PR_ASSEMBLE
Module has a built-in assembler and will react to ev_assemble.
var PR_BINMEM
the processor module provides correct segmentation for binary files (i.e. it creates additional segments). The kernel will not ask the user to specify the RAM/ROM sizes
var PR_CHK_XREF
don't allow near xrefs between segments with different bases
var PR_CNDINSNS
has conditional instructions
var PR_DEFNUM
mask - default number representation
var PR_DEFSEG32
segments are 32-bit by default
var PR_DEFSEG64
segments are 64-bit by default
var PR_DELAYED
has delayed jumps and calls. If this flag is set, processor_t::is_basic_block_end, processor_t::delay_slot_insn should be implemented
var PR_NOCHANGE
The user can't change segments and code/data attributes (display only)
var PR_NO_SEGMOVE
the processor module doesn't support move_segm() (i.e. the user can't move segments)
var PR_OUTER
has outer operands (currently only mc68k)
var PR_PURGING
there are calling conventions which may purge bytes from the stack
var PR_RNAMESOK
allow user register names for location names
var PR_SCALE_STKVARS
use processor_t::get_stkvar_scale callback
var PR_SEGS
has segment registers?
var PR_SEGTRANS
the processor module supports the segment translation feature (meaning it calculates the code addresses using the map_code_ea() function)
var PR_SGROTHER
the segment registers don't contain the segment selectors.
var PR_STACK_UP
the stack grows up
var PR_TYPEINFO
the processor module fully supports type information callbacks; without full support, function argument locations and other things will probably be wrong.
var PR_USE32
supports 32-bit addressing?
var PR_USE64
supports 64-bit addressing?
var PR_USE_ARG_TYPES
use processor_t::use_arg_types callback
var PR_USE_TBYTE
BTMT_SPECFLT means _TBYTE type
var PR_WORD_INS
instruction codes are grouped 2bytes in binary line prefix
var READ_ACCESS
READ_ACCESS = 2
var REAL_ERROR_BADDATA
REAL_ERROR_BADDATA = -3
var REAL_ERROR_FORMAT
REAL_ERROR_FORMAT = -1
var REAL_ERROR_RANGE
REAL_ERROR_RANGE = -2
var REG_SPOIL
processor_t::use_regarg_type uses this bit in the return value to indicate that the register value has been spoiled
var RW_ACCESS
RW_ACCESS = 3
var SETPROC_IDB
set processor type for old idb
var SETPROC_LOADER
set processor type for new idb; if the user has specified a compatible processor, return success without changing it. if failure, call loader_failure()
var SETPROC_LOADER_NON_FATAL
the same as SETPROC_LOADER but non-fatal failures.
var SETPROC_USER
set user-specified processor used for -p and manual processor change at later time
var WRITE_ACCESS
WRITE_ACCESS = 1
var adding_segm
adding_segm = 94
var allsegs_moved
allsegs_moved = 62
var auto_empty
auto_empty = 3
var auto_empty_finally
auto_empty_finally = 4
var bookmark_changed
bookmark_changed = 92
var byte_patched
byte_patched = 84
var callee_addr_changed
callee_addr_changed = 91
var changing_cmt
changing_cmt = 85
var changing_enum_bf
changing_enum_bf = 24
var changing_enum_cmt
changing_enum_cmt = 26
var changing_op_ti
changing_op_ti = 15
var changing_op_type
changing_op_type = 17
var changing_range_cmt
changing_range_cmt = 87
var changing_segm_class
changing_segm_class = 58
var changing_segm_end
changing_segm_end = 54
var changing_segm_name
changing_segm_name = 56
var changing_segm_start
changing_segm_start = 52
var changing_struc_align
changing_struc_align = 34
var changing_struc_cmt
changing_struc_cmt = 47
var changing_struc_member
changing_struc_member = 45
var changing_ti
changing_ti = 13
var cik_filename
cik_filename = 1
var cik_path
cik_path = 2
var cik_string
cik_string = 0
var closebase
closebase = 0
var cmt_changed
cmt_changed = 86
var compiler_changed
compiler_changed = 12
var deleting_enum
deleting_enum = 20
var deleting_enum_member
deleting_enum_member = 29
var deleting_func
deleting_func = 67
var deleting_func_tail
deleting_func_tail = 71
var deleting_segm
deleting_segm = 50
var deleting_struc
deleting_struc = 32
var deleting_struc_member
deleting_struc_member = 41
var deleting_tryblks
deleting_tryblks = 78
var destroyed_items
destroyed_items = 82
var determined_main
determined_main = 5
dirtree_link = 98
var dirtree_mkdir
dirtree_mkdir = 96
var dirtree_move
dirtree_move = 99
var dirtree_rank
dirtree_rank = 100
var dirtree_rmdir
dirtree_rmdir = 97
var dirtree_rminode
dirtree_rminode = 101
var dirtree_segm_moved
dirtree_segm_moved = 102
var enum_bf_changed
enum_bf_changed = 25
var enum_cmt_changed
enum_cmt_changed = 27
var enum_created
enum_created = 19
var enum_deleted
enum_deleted = 21
var enum_flag_changed
enum_flag_changed = 104
var enum_member_created
enum_member_created = 28
var enum_member_deleted
enum_member_deleted = 30
var enum_ordinal_changed
enum_ordinal_changed = 105
var enum_renamed
enum_renamed = 23
var enum_width_changed
enum_width_changed = 103
var expanding_struc
expanding_struc = 38
var extlang_changed
extlang_changed = 7
var extra_cmt_changed
extra_cmt_changed = 89
var flow_chart_created
flow_chart_created = 11
var frame_deleted
frame_deleted = 68
var func_added
func_added = 63
var func_deleted
func_deleted = 95
var func_noret_changed
func_noret_changed = 74
var func_tail_appended
func_tail_appended = 70
var func_tail_deleted
func_tail_deleted = 72
var func_updated
func_updated = 64
var idasgn_loaded
idasgn_loaded = 8
var item_color_changed
item_color_changed = 90
var kernel_config_loaded
kernel_config_loaded = 9
var loader_finished
loader_finished = 10
var local_types_changed
local_types_changed = 6
var make_code
make_code = 80
var make_data
make_data = 81
var op_ti_changed
op_ti_changed = 16
var op_type_changed
op_type_changed = 18
var range_cmt_changed
range_cmt_changed = 88
var renamed
renamed = 83
var renaming_enum
renaming_enum = 22
var renaming_struc
renaming_struc = 36
var renaming_struc_member
renaming_struc_member = 43
var savebase
savebase = 1
var segm_added
segm_added = 49
var segm_attrs_updated
segm_attrs_updated = 60
var segm_class_changed
segm_class_changed = 59
var segm_deleted
segm_deleted = 51
var segm_end_changed
segm_end_changed = 55
var segm_moved
segm_moved = 61
var segm_name_changed
segm_name_changed = 57
var segm_start_changed
segm_start_changed = 53
var set_func_end
set_func_end = 66
var set_func_start
set_func_start = 65
var sgr_changed
sgr_changed = 79
var sgr_deleted
sgr_deleted = 93
var stkpnts_changed
stkpnts_changed = 75
var struc_align_changed
struc_align_changed = 35
var struc_cmt_changed
struc_cmt_changed = 48
var struc_created
struc_created = 31
var struc_deleted
struc_deleted = 33
var struc_expanded
struc_expanded = 39
var struc_member_changed
struc_member_changed = 46
var struc_member_created
struc_member_created = 40
var struc_member_deleted
struc_member_deleted = 42
var struc_member_renamed
struc_member_renamed = 44
var struc_renamed
struc_renamed = 37
var tail_owner_changed
tail_owner_changed = 73
var thunk_func_created
thunk_func_created = 69
var ti_changed
ti_changed = 14
var tryblks_updated
tryblks_updated = 77
var updating_tryblks
updating_tryblks = 76
var upgraded
upgraded = 2

Functions

def AssembleLine(*args) ‑> PyObject *
AssembleLine(ea, cs, ip, use32, nonnul_line) -> bytes
Assemble an instruction to a string (display a warning if an error is found)
ea: linear address of instruction
cs: cs of instruction
ip: ip of instruction
use32: is 32bit segment
nonnul_line: char const *
return: - None on failure
  • or a string containing the assembled instruction
def assemble(*args) ‑> bool
assemble(ea, cs, ip, use32, line) -> bool
Assemble an instruction into the database (display a warning if an error is found)
ea: linear address of instruction
cs: cs of instruction
ip: ip of instruction
use32: is 32bit segment?
line: line to assemble
return: Boolean. True on success.
def cfg_get_cc_header_path(*args) ‑> char const *
cfg_get_cc_header_path(compid) -> char const *
compid: comp_t
def cfg_get_cc_parm(*args) ‑> char const *
cfg_get_cc_parm(compid, name) -> char const *
compid: comp_t
name: char const *
def cfg_get_cc_predefined_macros(*args) ‑> char const *
cfg_get_cc_predefined_macros(compid) -> char const *
compid: comp_t
def delay_slot_insn(*args) ‑> bool
delay_slot_insn(ea, bexec, fexec) -> bool
ea: ea_t *
bexec: bool *
fexec: bool *
def gen_idb_event(*args) ‑> void
gen_idb_event(code)
the kernel will use this function to generate idb_events
code: (C++: idb_event::event_code_t) enum idb_event::event_code_t
def get_ash(*args) ‑> asm_t *
get_ash() -> asm_t
def get_idb_notifier_addr(*args) ‑> PyObject *
get_idb_notifier_addr(arg1) -> PyObject *
arg1: PyObject *
def get_idb_notifier_ud_addr(*args) ‑> PyObject *
get_idb_notifier_ud_addr(hooks) -> PyObject *
hooks: IDB_Hooks *
def get_idp_name(*args) ‑> size_t
get_idp_name() -> str
Get name of the current processor module. The name is derived from the file name. For example, for IBM PC the module is named "pc.w32" (windows version), then the module name is "PC" (uppercase). If no processor module is loaded, this function will return nullptr
def get_idp_notifier_addr(*args) ‑> PyObject *
get_idp_notifier_addr(arg1) -> PyObject *
arg1: PyObject *
def get_idp_notifier_ud_addr(*args) ‑> PyObject *
get_idp_notifier_ud_addr(hooks) -> PyObject *
hooks: IDP_Hooks *
def get_ph(*args) ‑> processor_t *
get_ph() -> _processor_t
def get_reg_info(*args) ‑> char const *
get_reg_info(regname, bitrange) -> char const *
regname: char const *
bitrange: bitrange_t *
def get_reg_name(*args) ‑> qstring *
get_reg_name(reg, width, reghi=-1) -> str
Get text representation of a register. For most processors this function will just return processor_t::reg_names[reg]. If the processor module has implemented processor_t::get_reg_name, it will be used instead
reg: (C++: int) internal register number as defined in the processor module
width: (C++: size_t) register width in bytes
reghi: (C++: int) if specified, then this function will return the register pair
return: length of register name in bytes or -1 if failure
def has_cf_chg(*args) ‑> bool
has_cf_chg(feature, opnum) -> bool
Does an instruction with the specified feature modify the i-th operand?
feature: (C++: uint32)
opnum: (C++: uint)
def has_cf_use(*args) ‑> bool
has_cf_use(feature, opnum) -> bool
Does an instruction with the specified feature use a value of the i-th operand?
feature: (C++: uint32)
opnum: (C++: uint)
def has_insn_feature(*args) ‑> bool
has_insn_feature(icode, bit) -> bool
Does the specified instruction have the specified feature?
icode: (C++: uint16)
bit: (C++: uint32)
def is_align_insn(*args) ‑> int
is_align_insn(ea) -> int
If the instruction at 'ea' looks like an alignment instruction, return its length in bytes. Otherwise return 0.
ea: (C++: ea_t)
def is_basic_block_end(*args) ‑> bool
is_basic_block_end(insn, call_insn_stops_block) -> bool
Is the instruction the end of a basic block?
insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)
call_insn_stops_block: (C++: bool)
def is_call_insn(*args) ‑> bool
is_call_insn(insn) -> bool
Is the instruction a "call"?
insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)
def is_indirect_jump_insn(*args) ‑> bool
is_indirect_jump_insn(insn) -> bool
Is the instruction an indirect jump?
insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)
def is_ret_insn(*args) ‑> bool
is_ret_insn(insn, strict=True) -> bool
Is the instruction a "return"?
insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)
strict: (C++: bool)
def parse_reg_name(*args) ‑> bool
parse_reg_name(ri, regname) -> bool
Get register info by name.
ri: (C++: reg_info_t *) result
regname: (C++: const char *) name of register
return: success
def ph_calcrel(*args) ‑> bytevec_t *, size_t *
ph_calcrel(ea)
ea: ea_t
def ph_find_op_value(*args) ‑> uint64 *
ph_find_op_value(insn, op) -> ssize_t
insn: an ida_ua.insn_t, or an address (C++: const insn_t &)
op: int
def ph_find_reg_value(*args) ‑> uint64 *
ph_find_reg_value(insn, reg) -> ssize_t
insn: an ida_ua.insn_t, or an address (C++: const insn_t &)
reg: int
def ph_get_cnbits(*args) ‑> size_t
ph_get_cnbits() -> size_t
Returns the 'ph.cnbits'
def ph_get_dnbits(*args) ‑> size_t
ph_get_dnbits() -> size_t
Returns the 'ph.dnbits'
def ph_get_flag(*args) ‑> size_t
ph_get_flag() -> size_t
Returns the 'ph.flag'
def ph_get_icode_return(*args) ‑> size_t
ph_get_icode_return() -> size_t
Returns the 'ph.icode_return'
def ph_get_id(*args) ‑> size_t
ph_get_id() -> size_t
Returns the 'ph.id' field
def ph_get_instruc(*args) ‑> PyObject *
ph_get_instruc() -> [(str, int), ...]
Returns a list of tuples (instruction_name, instruction_feature) containing the instructions list as defined in he processor module
def ph_get_instruc_end(*args) ‑> size_t
ph_get_instruc_end() -> size_t
Returns the 'ph.instruc_end'
def ph_get_instruc_start(*args) ‑> size_t
ph_get_instruc_start() -> size_t
Returns the 'ph.instruc_start'
def ph_get_operand_info(*args) ‑> PyObject *
ph_get_operand_info(ea, n) -> (int, int, int, int, int) or None
Returns the operand information given an ea and operand number.
ea: address
n: operand number
return: Returns an idd_opinfo_t as a tuple: (modified, ea, reg_ival, regidx, value_size).
Please refer to idd_opinfo_t structure in the SDK.
def ph_get_reg_accesses(*args) ‑> ssize_t
ph_get_reg_accesses(accvec, insn, flags) -> ssize_t
accvec: reg_accesses_t *
insn: an ida_ua.insn_t, or an address (C++: const insn_t &)
flags: int
def ph_get_reg_code_sreg(*args) ‑> size_t
ph_get_reg_code_sreg() -> size_t
Returns the 'ph.reg_code_sreg'
def ph_get_reg_data_sreg(*args) ‑> size_t
ph_get_reg_data_sreg() -> size_t
Returns the 'ph.reg_data_sreg'
def ph_get_reg_first_sreg(*args) ‑> size_t
ph_get_reg_first_sreg() -> size_t
Returns the 'ph.reg_first_sreg'
def ph_get_reg_last_sreg(*args) ‑> size_t
ph_get_reg_last_sreg() -> size_t
Returns the 'ph.reg_last_sreg'
def ph_get_regnames(*args) ‑> PyObject *
ph_get_regnames() -> [str, ...]
Returns the list of register names as defined in the processor module
def ph_get_segreg_size(*args) ‑> size_t
ph_get_segreg_size() -> size_t
Returns the 'ph.segreg_size'
def ph_get_tbyte_size(*args) ‑> size_t
ph_get_tbyte_size() -> size_t
Returns the 'ph.tbyte_size' field as defined in he processor module
def ph_get_version(*args) ‑> size_t
ph_get_version() -> size_t
Returns the 'ph.version'
def process_config_directive(*args) ‑> void
process_config_directive(directive, priority=2)
directive: char const *
priority: int
def register_cfgopts(*args) ‑> bool
register_cfgopts(opts, nopts, cb=None, obj=None) -> bool
opts: cfgopt_t const []
nopts: size_t
cb: config_changed_cb_t *
obj: void *
def set_processor_type(*args) ‑> bool
set_processor_type(procname, level) -> bool
Set target processor type. Once a processor module is loaded, it cannot be replaced until we close the idb.
procname: (C++: const char *) name of processor type (one of names present in
processor_t::psnames)
level: (C++: setproc_level_t) SETPROC_
return: success
def set_target_assembler(*args) ‑> bool
set_target_assembler(asmnum) -> bool
Set target assembler.
asmnum: (C++: int) number of assembler in the current processor module
return: success
def sizeof_ldbl(*args) ‑> size_t
sizeof_ldbl() -> size_t
def str2reg(*args) ‑> int
str2reg(p) -> int
Get any reg number (-1 on error)
p: (C++: const char *) char const *

Classes

class IDB_Hooks (*args)
Proxy of C++ IDB_Hooks class.
__init__(self, _flags=0, _hkcb_flags=0x0001) -> IDB_Hooks
_flags: uint32
_hkcb_flags: uint32

Subclasses

  • ida_idp._notify_when_dispatcher_t._IDB_Hooks
  • ida_idp._processor_t_Trampoline_IDB_Hooks

Methods

def adding_segm(self, *args) ‑> void
adding_segm(self, s)
A segment is being created.
s: (segment_t *)
def allsegs_moved(self, *args) ‑> void
allsegs_moved(self, info)
Program rebasing is complete. This event is generated after series of segm_moved events
info: (segm_move_infos_t *)
def auto_empty(self, *args) ‑> void
auto_empty(self)
def auto_empty_finally(self, *args) ‑> void
auto_empty_finally(self)
def bookmark_changed(self, *args) ‑> void
bookmark_changed(self, index, pos, desc, operation)
Boomarked position changed.
index: (uint32)
pos: (::const lochist_entry_t *)
desc: (::const char *)
operation: (int) 0-added, 1-updated, 2-deleted if desc==nullptr, then the
bookmark was deleted.
def byte_patched(self, *args) ‑> void
byte_patched(self, ea, old_value)
A byte has been patched.
ea: (::ea_t)
old_value: (uint32)
def callee_addr_changed(self, *args) ‑> void
callee_addr_changed(self, ea, callee)
Callee address has been updated by the user.
ea: (::ea_t)
callee: (::ea_t)
def changing_cmt(self, *args) ‑> void
changing_cmt(self, ea, repeatable_cmt, newcmt)
An item comment is to be changed.
ea: (::ea_t)
repeatable_cmt: (bool)
newcmt: (const char *)
def changing_enum_bf(self, *args) ‑> void
changing_enum_bf(self, id, new_bf)
An enum type 'bitfield' attribute is to be changed.
id: (enum_t)
new_bf: (bool)
def changing_enum_cmt(self, *args) ‑> void
changing_enum_cmt(self, id, repeatable, newcmt)
An enum or member type comment is to be changed.
id: (tid_t)
repeatable: (bool)
newcmt: (const char *)
def changing_op_ti(self, *args) ‑> void
changing_op_ti(self, ea, n, new_type, new_fnames)
An operand typestring (c/c++ prototype) is to be changed.
ea: (::ea_t)
n: (int)
new_type: (const type_t *)
new_fnames: (const p_list *)
def changing_op_type(self, *args) ‑> void
changing_op_type(self, ea, n, opinfo)
An operand type (offset, hex, etc...) is to be changed.
ea: (::ea_t)
n: (int) eventually or'ed with OPND_OUTER or OPND_ALL
opinfo: (const opinfo_t *) additional operand info
def changing_range_cmt(self, *args) ‑> void
changing_range_cmt(self, kind, a, cmt, repeatable)
Range comment is to be changed.
kind: (range_kind_t)
a: (const range_t *)
cmt: (const char *)
repeatable: (bool)
def changing_segm_class(self, *args) ‑> void
changing_segm_class(self, s)
Segment class is being changed.
s: (segment_t *)
def changing_segm_end(self, *args) ‑> void
changing_segm_end(self, s, new_end, segmod_flags)
Segment end address is to be changed.
s: (segment_t *)
new_end: (::ea_t)
segmod_flags: (int)
def changing_segm_name(self, *args) ‑> void
changing_segm_name(self, s, oldname)
Segment name is being changed.
s: (segment_t *)
oldname: (const char *)
def changing_segm_start(self, *args) ‑> void
changing_segm_start(self, s, new_start, segmod_flags)
Segment start address is to be changed.
s: (segment_t *)
new_start: (::ea_t)
segmod_flags: (int)
def changing_struc_align(self, *args) ‑> void
changing_struc_align(self, sptr)
A structure type is being changed (the struct alignment).
sptr: (struc_t *)
def changing_struc_cmt(self, *args) ‑> void
changing_struc_cmt(self, struc_id, repeatable, newcmt)
A structure type comment is to be changed.
struc_id: (tid_t)
repeatable: (bool)
newcmt: (const char *)
def changing_struc_member(self, *args) ‑> void
changing_struc_member(self, sptr, mptr, flag, ti, nbytes)
A structure member is to be changed.
sptr: (struc_t *)
mptr: (member_t *)
flag: (flags64_t)
ti: (const opinfo_t *)
nbytes: (::asize_t)
def changing_ti(self, *args) ‑> void
changing_ti(self, ea, new_type, new_fnames)
An item typestring (c/c++ prototype) is to be changed.
ea: (::ea_t)
new_type: (const type_t *)
new_fnames: (const p_list *)
def closebase(self, *args) ‑> void
closebase(self)
The database will be closed now.
def cmt_changed(self, *args) ‑> void
cmt_changed(self, ea, repeatable_cmt)
An item comment has been changed.
ea: (::ea_t)
repeatable_cmt: (bool)
def compiler_changed(self, *args) ‑> void
compiler_changed(self, adjust_inf_fields)
The kernel has changed the compiler information. ( idainfo::cc structure; get_abi_name)
adjust_inf_fields: (::bool) may change inf fields?
def deleting_enum(self, *args) ‑> void
deleting_enum(self, id)
An enum type is to be deleted.
id: (enum_t)
def deleting_enum_member(self, *args) ‑> void
deleting_enum_member(self, id, cid)
An enum member is to be deleted.
id: (enum_t)
cid: (const_t)
def deleting_func(self, *args) ‑> void
deleting_func(self, pfn)
The kernel is about to delete a function.
pfn: (func_t *)
def deleting_func_tail(self, *args) ‑> void
deleting_func_tail(self, pfn, tail)
A function tail chunk is to be removed.
pfn: (func_t *)
tail: (const range_t *)
def deleting_segm(self, *args) ‑> void
deleting_segm(self, start_ea)
A segment is to be deleted.
start_ea: (::ea_t)
def deleting_struc(self, *args) ‑> void
deleting_struc(self, sptr)
A structure type is to be deleted.
sptr: (struc_t *)
def deleting_struc_member(self, *args) ‑> void
deleting_struc_member(self, sptr, mptr)
A structure member is to be deleted.
sptr: (struc_t *)
mptr: (member_t *)
def deleting_tryblks(self, *args) ‑> void
deleting_tryblks(self, range)
About to delete tryblk information in given range
range: (const range_t *)
def destroyed_items(self, *args) ‑> void
destroyed_items(self, ea1, ea2, will_disable_range)
Instructions/data have been destroyed in [ea1,ea2).
ea1: (::ea_t)
ea2: (::ea_t)
will_disable_range: (bool)
def determined_main(self, *args) ‑> void
determined_main(self, main)
The main() function has been determined.
main: (::ea_t) address of the main() function
dirtree_link(self, dt, path, link)
dt: (dirtree_t *)
path: (::const char *)
link: (::bool)
def dirtree_mkdir(self, *args) ‑> void
dirtree_mkdir(self, dt, path)
dt: (dirtree_t *)
path: (::const char *)
def dirtree_move(self, *args) ‑> void
dirtree_move(self, dt, _from, to)
dt: (dirtree_t *)
from: (::const char *)
to: (::const char *)
def dirtree_rank(self, *args) ‑> void
dirtree_rank(self, dt, path, rank)
dt: (dirtree_t *)
path: (::const char *)
rank: (::size_t)
def dirtree_rmdir(self, *args) ‑> void
dirtree_rmdir(self, dt, path)
dt: (dirtree_t *)
path: (::const char *)
def dirtree_rminode(self, *args) ‑> void
dirtree_rminode(self, dt, inode)
dt: (dirtree_t *)
inode: (inode_t)
def dirtree_segm_moved(self, *args) ‑> void
dirtree_segm_moved(self, dt)
dt: (dirtree_t *)
def enum_bf_changed(self, *args) ‑> void
enum_bf_changed(self, id)
An enum type 'bitfield' attribute has been changed.
id: (enum_t)
def enum_cmt_changed(self, *args) ‑> void
enum_cmt_changed(self, id, repeatable)
An enum or member type comment has been changed.
id: (tid_t)
repeatable: (bool)
def enum_created(self, *args) ‑> void
enum_created(self, id)
An enum type has been created.
id: (enum_t)
def enum_deleted(self, *args) ‑> void
enum_deleted(self, id)
An enum type has been deleted.
id: (enum_t)
def enum_flag_changed(self, *args) ‑> void
enum_flag_changed(self, id, F)
Enum flags have been changed.
id: (enum_t)
F: (flags64_t)
def enum_member_created(self, *args) ‑> void
enum_member_created(self, id, cid)
An enum member has been created.
id: (enum_t)
cid: (const_t)
def enum_member_deleted(self, *args) ‑> void
enum_member_deleted(self, id, cid)
An enum member has been deleted.
id: (enum_t)
cid: (const_t)
def enum_ordinal_changed(self, *args) ‑> void
enum_ordinal_changed(self, id, ord)
Enum mapping to a local type has been changed.
id: (enum_t)
ord: (int)
def enum_renamed(self, *args) ‑> void
enum_renamed(self, id)
An enum or member has been renamed.
id: (tid_t)
def enum_width_changed(self, *args) ‑> void
enum_width_changed(self, id, width)
Enum width has been changed.
id: (enum_t)
width: (int)
def expanding_struc(self, *args) ‑> void
expanding_struc(self, sptr, offset, delta)
A structure type is to be expanded/shrunk.
sptr: (struc_t *)
offset: (::ea_t)
delta: (::adiff_t)
def extlang_changed(self, *args) ‑> void
extlang_changed(self, kind, el, idx)
The list of extlangs or the default extlang was changed.
kind: (int) 0: extlang installed 1: extlang removed 2: default extlang
changed
el: (extlang_t *) pointer to the extlang affected
idx: (int) extlang index
def extra_cmt_changed(self, *args) ‑> void
extra_cmt_changed(self, ea, line_idx, cmt)
An extra comment has been changed.
ea: (::ea_t)
line_idx: (int)
cmt: (const char *)
def flow_chart_created(self, *args) ‑> void
flow_chart_created(self, fc)
Gui has retrieved a function flow chart. Plugins may modify the flow chart in this callback.
fc: (qflow_chart_t *)
def frame_deleted(self, *args) ‑> void
frame_deleted(self, pfn)
The kernel has deleted a function frame.
pfn: (func_t *)
def func_added(self, *args) ‑> void
func_added(self, pfn)
The kernel has added a function.
pfn: (func_t *)
def func_deleted(self, *args) ‑> void
func_deleted(self, func_ea)
A function has been deleted.
func_ea: (::ea_t)
def func_noret_changed(self, *args) ‑> void
func_noret_changed(self, pfn)
FUNC_NORET bit has been changed.
pfn: (func_t *)
def func_tail_appended(self, *args) ‑> void
func_tail_appended(self, pfn, tail)
A function tail chunk has been appended.
pfn: (func_t *)
tail: (func_t *)
def func_tail_deleted(self, *args) ‑> void
func_tail_deleted(self, pfn, tail_ea)
A function tail chunk has been removed.
pfn: (func_t *)
tail_ea: (::ea_t)
def func_updated(self, *args) ‑> void
func_updated(self, pfn)
The kernel has updated a function.
pfn: (func_t *)
def hook(self, *args) ‑> bool
hook(self) -> bool
def idasgn_loaded(self, *args) ‑> void
idasgn_loaded(self, short_sig_name)
FLIRT signature has been loaded for normal processing (not for recognition of startup sequences).
short_sig_name: (const char *)
def item_color_changed(self, *args) ‑> void
item_color_changed(self, ea, color)
An item color has been changed.
ea: (::ea_t)
color: (bgcolor_t) if color==DEFCOLOR, the the color is deleted.
def kernel_config_loaded(self, *args) ‑> void
kernel_config_loaded(self, pass_number)
This event is issued when ida.cfg is parsed.
pass_number: (int)
def loader_finished(self, *args) ‑> void
loader_finished(self, li, neflags, filetypename)
External file loader finished its work. Use this event to augment the existing loader functionality.
li: (linput_t *)
neflags: (uint16) Load file flags
filetypename: (const char *)
def local_types_changed(self, *args) ‑> void
local_types_changed(self)
Local types have been changed.
def make_code(self, *args) ‑> void
make_code(self, insn)
An instruction is being created.
insn: (const insn_t*)
def make_data(self, *args) ‑> void
make_data(self, ea, flags, tid, len)
A data item is being created.
ea: (::ea_t)
flags: (flags64_t)
tid: (tid_t)
len: (::asize_t)
def op_ti_changed(self, *args) ‑> void
op_ti_changed(self, ea, n, type, fnames)
An operand typestring (c/c++ prototype) has been changed.
ea: (::ea_t)
n: (int)
type: (const type_t *)
fnames: (const p_list *)
def op_type_changed(self, *args) ‑> void
op_type_changed(self, ea, n)
An operand type (offset, hex, etc...) has been set or deleted.
ea: (::ea_t)
n: (int) eventually or'ed with OPND_OUTER or OPND_ALL
def range_cmt_changed(self, *args) ‑> void
range_cmt_changed(self, kind, a, cmt, repeatable)
Range comment has been changed.
kind: (range_kind_t)
a: (const range_t *)
cmt: (const char *)
repeatable: (bool)
def renamed(self, *args) ‑> void
renamed(self, ea, new_name, local_name, old_name)
The kernel has renamed a byte. See also the rename event
ea: (::ea_t)
new_name: (const char *) can be nullptr
local_name: (bool)
old_name: (const char *) can be nullptr
def renaming_enum(self, *args) ‑> void
renaming_enum(self, id, is_enum, newname)
An enum or enum member is to be renamed.
id: (tid_t)
is_enum: (bool)
newname: (const char *)
def renaming_struc(self, *args) ‑> void
renaming_struc(self, id, oldname, newname)
A structure type is to be renamed.
id: (tid_t)
oldname: (const char *)
newname: (const char *)
def renaming_struc_member(self, *args) ‑> void
renaming_struc_member(self, sptr, mptr, newname)
A structure member is to be renamed.
sptr: (struc_t *)
mptr: (member_t *)
newname: (const char *)
def savebase(self, *args) ‑> void
savebase(self)
The database is being saved.
def segm_added(self, *args) ‑> void
segm_added(self, s)
A new segment has been created.
s: (segment_t *) See also adding_segm
def segm_attrs_updated(self, *args) ‑> void
segm_attrs_updated(self, s)
Segment attributes has been changed.
s: (segment_t *) This event is generated for secondary segment attributes
(examples: color, permissions, etc)
def segm_class_changed(self, *args) ‑> void
segm_class_changed(self, s, sclass)
Segment class has been changed.
s: (segment_t *)
sclass: (const char *)
def segm_deleted(self, *args) ‑> void
segm_deleted(self, start_ea, end_ea, flags)
A segment has been deleted.
start_ea: (::ea_t)
end_ea: (::ea_t)
flags: (int)
def segm_end_changed(self, *args) ‑> void
segm_end_changed(self, s, oldend)
Segment end address has been changed.
s: (segment_t *)
oldend: (::ea_t)
def segm_moved(self, *args) ‑> void
segm_moved(self, _from, to, size, changed_netmap)
Segment has been moved.
from: (::ea_t)
to: (::ea_t)
size: (::asize_t)
changed_netmap: (bool) See also idb_event::allsegs_moved
def segm_name_changed(self, *args) ‑> void
segm_name_changed(self, s, name)
Segment name has been changed.
s: (segment_t *)
name: (const char *)
def segm_start_changed(self, *args) ‑> void
segm_start_changed(self, s, oldstart)
Segment start address has been changed.
s: (segment_t *)
oldstart: (::ea_t)
def set_func_end(self, *args) ‑> void
set_func_end(self, pfn, new_end)
Function chunk end address will be changed.
pfn: (func_t *)
new_end: (::ea_t)
def set_func_start(self, *args) ‑> void
set_func_start(self, pfn, new_start)
Function chunk start address will be changed.
pfn: (func_t *)
new_start: (::ea_t)
def sgr_changed(self, *args) ‑> void
sgr_changed(self, start_ea, end_ea, regnum, value, old_value, tag)
The kernel has changed a segment register value.
start_ea: (::ea_t)
end_ea: (::ea_t)
regnum: (int)
value: (::sel_t)
old_value: (::sel_t)
tag: (uchar) Segment register range tags
def sgr_deleted(self, *args) ‑> void
sgr_deleted(self, start_ea, end_ea, regnum)
The kernel has deleted a segment register value.
start_ea: (::ea_t)
end_ea: (::ea_t)
regnum: (int)
def stkpnts_changed(self, *args) ‑> void
stkpnts_changed(self, pfn)
Stack change points have been modified.
pfn: (func_t *)
def struc_align_changed(self, *args) ‑> void
struc_align_changed(self, sptr)
A structure type has been changed (the struct alignment).
sptr: (struc_t *)
def struc_cmt_changed(self, *args) ‑> void
struc_cmt_changed(self, struc_id, repeatable_cmt)
A structure type comment has been changed.
struc_id: (tid_t)
repeatable_cmt: (bool)
def struc_created(self, *args) ‑> void
struc_created(self, struc_id)
A new structure type has been created.
struc_id: (tid_t)
def struc_deleted(self, *args) ‑> void
struc_deleted(self, struc_id)
A structure type has been deleted.
struc_id: (tid_t)
def struc_expanded(self, *args) ‑> void
struc_expanded(self, sptr)
A structure type has been expanded/shrank.
sptr: (struc_t *)
def struc_member_changed(self, *args) ‑> void
struc_member_changed(self, sptr, mptr)
A structure member has been changed.
sptr: (struc_t *)
mptr: (member_t *)
def struc_member_created(self, *args) ‑> void
struc_member_created(self, sptr, mptr)
A structure member has been created.
sptr: (struc_t *)
mptr: (member_t *)
def struc_member_deleted(self, *args) ‑> void
struc_member_deleted(self, sptr, member_id, offset)
A structure member has been deleted.
sptr: (struc_t *)
member_id: (tid_t)
offset: (::ea_t)
def struc_member_renamed(self, *args) ‑> void
struc_member_renamed(self, sptr, mptr)
A structure member has been renamed.
sptr: (struc_t *)
mptr: (member_t *)
def struc_renamed(self, *args) ‑> void
struc_renamed(self, sptr, success)
A structure type has been renamed.
sptr: (struc_t *)
success: (::bool) the structure was successfully renamed
def tail_owner_changed(self, *args) ‑> void
tail_owner_changed(self, tail, owner_func, old_owner)
A tail chunk owner has been changed.
tail: (func_t *)
owner_func: (::ea_t)
old_owner: (::ea_t)
def thunk_func_created(self, *args) ‑> void
thunk_func_created(self, pfn)
A thunk bit has been set for a function.
pfn: (func_t *)
def ti_changed(self, *args) ‑> void
ti_changed(self, ea, type, fnames)
An item typestring (c/c++ prototype) has been changed.
ea: (::ea_t)
type: (const type_t *)
fnames: (const p_list *)
def tryblks_updated(self, *args) ‑> void
tryblks_updated(self, tbv)
Updated tryblk information
tbv: (const ::tryblks_t *)
def unhook(self, *args) ‑> bool
unhook(self) -> bool
def updating_tryblks(self, *args) ‑> void
updating_tryblks(self, tbv)
About to update tryblk information
tbv: (const ::tryblks_t *)
def upgraded(self, *args) ‑> void
upgraded(self, _from)
The database has been upgraded and the receiver can upgrade its info as well
from: (int) - old IDB version
class IDP_Hooks (*args)
Proxy of C++ IDP_Hooks class.
__init__(self, _flags=0, _hkcb_flags=0x0001) -> IDP_Hooks
_flags: uint32
_hkcb_flags: uint32

Subclasses

  • ida_idp._notify_when_dispatcher_t._IDP_Hooks
  • processor_t

Methods

def ev_add_cref(self, *args) ‑> int
ev_add_cref(self, _from, to, type) -> int
A code reference is being created.
from: (::ea_t)
to: (::ea_t)
type: (cref_t)
retval <0: cancel cref creation
retval 0: not implemented or continue
def ev_add_dref(self, *args) ‑> int
ev_add_dref(self, _from, to, type) -> int
A data reference is being created.
from: (::ea_t)
to: (::ea_t)
type: (dref_t)
retval <0: cancel dref creation
retval 0: not implemented or continue
def ev_adjust_argloc(self, *args) ‑> int
ev_adjust_argloc(self, argloc, optional_type, size) -> int
Adjust argloc according to its type/size and platform endianess
argloc: (argloc_t *), inout
type: (const tinfo_t *), may be nullptr nullptr means primitive type of
given size
size: (int) 'size' makes no sense if type != nullptr (type->get_size()
should be used instead)
retval 0: not implemented
retval 1: ok
retval -1: error
def ev_adjust_libfunc_ea(self, *args) ‑> int
ev_adjust_libfunc_ea(self, sig, libfun, ea) -> int
Called when a signature module has been matched against bytes in the database. This is used to compute the offset at which a particular module's libfunc should be applied.
sig: (const idasgn_t *)
libfun: (const libfunc_t *)
ea: (::ea_t *)
note: 'ea' initially contains the ea_t of the start of the pattern match
retval 1: the ea_t pointed to by the third argument was modified.
retval <=0: not modified. use default algorithm.
def ev_adjust_refinfo(self, *args) ‑> int
ev_adjust_refinfo(self, ri, ea, n, fd) -> int
Called from apply_fixup before converting operand to reference. Can be used for changing the reference info. (e.g. the PPC module adds REFINFO_NOBASE for some references)
ri: (refinfo_t *)
ea: (::ea_t) instruction address
n: (int) operand number
fd: (const fixup_data_t *)
retval <0: do not create an offset
retval 0: not implemented or refinfo adjusted
def ev_ana_insn(self, *args) ‑> bool
ev_ana_insn(self, out) -> bool
Analyze one instruction and fill 'out' structure. This function shouldn't change the database, flags or anything else. All these actions should be performed only by emu_insn() function. insn_t::ea contains address of instruction to analyze.
out: (insn_t *)
return: length of the instruction in bytes, 0 if instruction can't be decoded.
retval 0: if instruction can't be decoded.
def ev_analyze_prolog(self, *args) ‑> int
ev_analyze_prolog(self, ea) -> int
Analyzes function prolog, epilog, and updates purge, and function attributes
ea: (::ea_t) start of function
retval 1: ok
retval 0: not implemented
def ev_arch_changed(self, *args) ‑> int
ev_arch_changed(self) -> int
The loader is done parsing arch-related information, which the processor module might want to use to finish its initialization.
retval 1: if success
retval 0: not implemented or failed
def ev_arg_addrs_ready(self, *args) ‑> int
ev_arg_addrs_ready(self, caller, n, tif, addrs) -> int
Argument address info is ready.
caller: (::ea_t)
n: (int) number of formal arguments
tif: (tinfo_t *) call prototype
addrs: (::ea_t *) argument intilization addresses
retval <0: do not save into idb; other values mean "ok to save"
def ev_asm_installed(self, *args) ‑> int
ev_asm_installed(self, asmnum) -> int
After setting a new assembler
asmnum: (int) See also ev_newasm
def ev_assemble(self, *args) ‑> PyObject *
ev_assemble(self, ea, cs, ip, use32, line) -> PyObject *
Assemble an instruction. (display a warning if an error is found).
ea: (::ea_t) linear address of instruction
cs: (::ea_t) cs of instruction
ip: (::ea_t) ip of instruction
use32: (bool) is 32bit segment?
line: (const char *) line to assemble
return: size of the instruction in bytes
def ev_auto_queue_empty(self, *args) ‑> int
ev_auto_queue_empty(self, type) -> int
One analysis queue is empty.
type: (atype_t)
retval void: see also idb_event::auto_empty_finally
def ev_calc_arglocs(self, *args) ‑> int
ev_calc_arglocs(self, fti) -> int
Calculate function argument locations. This callback should fill retloc, all arglocs, and stkargs. This callback is never called for CM_CC_SPECIAL functions.
fti: (func_type_data_t *) points to the func type info
retval 0: not implemented
retval 1: ok
retval -1: error
def ev_calc_cdecl_purged_bytes(self, *args) ‑> int
ev_calc_cdecl_purged_bytes(self, ea) -> int
Calculate number of purged bytes after call.
ea: (::ea_t) address of the call instruction
return: number of purged bytes (usually add sp, N)
def ev_calc_next_eas(self, *args) ‑> int
ev_calc_next_eas(self, res, insn, over) -> int
Calculate list of addresses the instruction in 'insn' may pass control to. This callback is required for source level debugging.
res: (eavec_t *), out: array for the results.
insn: (const insn_t*) the instruction
over: (bool) calculate for step over (ignore call targets)
retval <0: incalculable (indirect jumps, for example)
retval >=0: number of addresses of called functions in the array. They must be
put at the beginning of the array (0 if over=true)
def ev_calc_purged_bytes(self, *args) ‑> int
ev_calc_purged_bytes(self, p_purged_bytes, fti) -> int
Calculate number of purged bytes by the given function type.
p_purged_bytes: (int *) ptr to output
fti: (const func_type_data_t *) func type details
retval 1
retval 0: not implemented
def ev_calc_retloc(self, *args) ‑> int
ev_calc_retloc(self, retloc, rettype, cc) -> int
Calculate return value location.
retloc: (argloc_t *)
rettype: (const tinfo_t *)
cc: (cm_t)
retval 0: not implemented
retval 1: ok,
retval -1: error
def ev_calc_spdelta(self, *args) ‑> int
ev_calc_spdelta(self, spdelta, insn) -> int
Calculate amount of change to sp for the given insn. This event is required to decompile code snippets.
spdelta: (sval_t *)
insn: (const insn_t *)
retval 1: ok
retval 0: not implemented
def ev_calc_step_over(self, *args) ‑> int
ev_calc_step_over(self, target, ip) -> int
Calculate the address of the instruction which will be executed after "step over". The kernel will put a breakpoint there. If the step over is equal to step into or we cannot calculate the address, return BADADDR.
target: (::ea_t *) pointer to the answer
ip: (::ea_t) instruction address
retval 0: unimplemented
retval 1: implemented
def ev_calc_switch_cases(self, *args) ‑> int
ev_calc_switch_cases(self, casevec, targets, insn_ea, si) -> int
Calculate case values and targets for a custom jump table.
casevec: (::casevec_t *) vector of case values (may be nullptr)
targets: (eavec_t *) corresponding target addresses (my be nullptr)
insn_ea: (::ea_t) address of the 'indirect jump' instruction
si: (switch_info_t *) switch information
retval 1: ok
retval <=0: failed
def ev_calc_varglocs(self, *args) ‑> int
ev_calc_varglocs(self, ftd, aux_regs, aux_stkargs, nfixed) -> int
Calculate locations of the arguments that correspond to '...'.
ftd: (func_type_data_t *), inout: info about all arguments (including
varargs)
aux_regs: (regobjs_t *) buffer for hidden register arguments, may be
nullptr
aux_stkargs: (relobj_t *) buffer for hidden stack arguments, may be
nullptr
nfixed: (int) number of fixed arguments
retval 0: not implemented
retval 1: ok
retval -1: error On some platforms variadic calls require passing additional
information: for example, number of floating variadic arguments must be passed in rax on gcc-x64. The locations and values that constitute this additional information are returned in the buffers pointed by aux_regs and aux_stkargs
def ev_calcrel(self, *args) ‑> int
ev_calcrel(self) -> int
Reserved.
def ev_can_have_type(self, *args) ‑> int
ev_can_have_type(self, op) -> int
Can the operand have a type as offset, segment, decimal, etc? (for example, a register AX can't have a type, meaning that the user can't change its representation. see bytes.hpp for information about types and flags)
op: (const op_t *)
retval 0: unknown
retval <0: no
retval 1: yes
def ev_clean_tbit(self, *args) ‑> int
ev_clean_tbit(self, ea, getreg, regvalues) -> int
Clear the TF bit after an insn like pushf stored it in memory.
ea: (::ea_t) instruction address
getreg: (::processor_t::regval_getter_t *) function to get register
values
regvalues: (const regval_t *) register values array
retval 1: ok
retval 0: failed
def ev_cmp_operands(self, *args) ‑> int
ev_cmp_operands(self, op1, op2) -> int
Compare instruction operands
op1: (const op_t*)
op2: (const op_t*)
retval 1: equal
retval -1: not equal
retval 0: not implemented
def ev_coagulate(self, *args) ‑> int
ev_coagulate(self, start_ea) -> int
Try to define some unexplored bytes. This notification will be called if the kernel tried all possibilities and could not find anything more useful than to convert to array of bytes. The module can help the kernel and convert the bytes into something more useful.
start_ea: (::ea_t)
return: number of converted bytes
def ev_coagulate_dref(self, *args) ‑> int
ev_coagulate_dref(self, _from, to, may_define, code_ea) -> int
Data reference is being analyzed. plugin may correct 'code_ea' (e.g. for thumb mode refs, we clear the last bit)
from: (::ea_t)
to: (::ea_t)
may_define: (bool)
code_ea: (::ea_t *)
retval <0: failed dref analysis, >0 done dref analysis
retval 0: not implemented or continue
def ev_create_flat_group(self, *args) ‑> int
ev_create_flat_group(self, image_base, bitness, dataseg_sel) -> int
Create special segment representing the flat group.
image_base: (::ea_t)
bitness: (int)
dataseg_sel: (::sel_t) return value is ignored
def ev_create_func_frame(self, *args) ‑> int
ev_create_func_frame(self, pfn) -> int
Create a function frame for a newly created function Set up frame size, its attributes etc
pfn: (func_t *)
retval 1: ok
retval 0: not implemented
def ev_create_merge_handlers(self, *args) ‑> int
ev_create_merge_handlers(self, md) -> int
Create merge handlers, if needed
md: (merge_data_t *) This event is generated immediately after opening
idbs.
return: must be 0
def ev_create_switch_xrefs(self, *args) ‑> int
ev_create_switch_xrefs(self, jumpea, si) -> int
Create xrefs for a custom jump table.
jumpea: (::ea_t) address of the jump insn
si: (const switch_info_t *) switch information
return: must return 1 Must be implemented if module uses custom jump tables,
SWI_CUSTOM
def ev_creating_segm(self, *args) ‑> int
ev_creating_segm(self, seg) -> int
A new segment is about to be created.
seg: (segment_t *)
retval 1: ok
retval <0: segment should not be created
def ev_decorate_name(self, *args) ‑> PyObject *
ev_decorate_name(self, name, mangle, cc, optional_type) -> PyObject *
Decorate/undecorate a C symbol name.
name: (const char *) name of symbol
mangle: (bool) true-mangle, false-unmangle
cc: (cm_t) calling convention
optional_type: tinfo_t const *
retval 1: if success
retval 0: not implemented or failed
def ev_del_cref(self, *args) ‑> int
ev_del_cref(self, _from, to, expand) -> int
A code reference is being deleted.
from: (::ea_t)
to: (::ea_t)
expand: (bool)
retval <0: cancel cref deletion
retval 0: not implemented or continue
def ev_del_dref(self, *args) ‑> int
ev_del_dref(self, _from, to) -> int
A data reference is being deleted.
from: (::ea_t)
to: (::ea_t)
retval <0: cancel dref deletion
retval 0: not implemented or continue
def ev_delay_slot_insn(self, *args) ‑> PyObject *
ev_delay_slot_insn(self, ea, bexec, fexec) -> PyObject *
Get delay slot instruction
ea: (::ea_t *) in: instruction address in question, out: (if the answer
is positive) if the delay slot contains valid insn: the address of the delay slot insn else: BADADDR (invalid insn, e.g. a branch)
bexec: (bool *) execute slot if jumping, initially set to 'true'
fexec: (bool *) execute slot if not jumping, initally set to 'true'
retval 1: positive answer
retval <=0: ordinary insn
note: Input EA may point to the instruction with a delay slot or to the delay
slot instruction itself.
def ev_demangle_name(self, *args) ‑> PyObject *
ev_demangle_name(self, name, disable_mask, demreq) -> PyObject *
Demangle a C++ (or another language) name into a user-readable string. This event is called by demangle_name()
name: (const char *) mangled name
disable_mask: (uint32) flags to inhibit parts of output or compiler
info/other (see MNG_)
demreq: (demreq_type_t) operation to perform
retval 1: if success
retval 0: not implemented
note: if you call demangle_name() from the handler, protect against recursion!
def ev_emu_insn(self, *args) ‑> bool
ev_emu_insn(self, insn) -> bool
Emulate instruction, create cross-references, plan to analyze subsequent instructions, modify flags etc. Upon entrance to this function, all information about the instruction is in 'insn' structure.
insn: (const insn_t *)
retval 1: ok
retval -1: the kernel will delete the instruction
def ev_endbinary(self, *args) ‑> int
ev_endbinary(self, ok) -> int
IDA has loaded a binary file.
ok: (bool) file loaded successfully?
def ev_ending_undo(self, *args) ‑> int
ev_ending_undo(self, action_name, is_undo) -> int
Ended undoing/redoing an action
action_name: (const char *) action that we finished undoing/redoing. is
not nullptr.
is_undo: (bool) true if performing undo, false if performing redo
def ev_equal_reglocs(self, *args) ‑> int
ev_equal_reglocs(self, a1, a2) -> int
Are 2 register arglocs the same?. We need this callback for the pc module.
a1: (argloc_t *)
a2: (argloc_t *)
retval 1: yes
retval -1: no
retval 0: not implemented
def ev_extract_address(self, *args) ‑> int
ev_extract_address(self, out_ea, screen_ea, string, position) -> int
Extract address from a string.
out_ea: (ea_t *), out
screen_ea: (ea_t)
string: (const char *)
position: (size_t)
retval 1: ok
retval 0: kernel should use the standard algorithm
retval -1: error
def ev_find_op_value(self, *args) ‑> PyObject *
ev_find_op_value(self, pinsn, opn) -> PyObject *
Find operand value via a register tracker. The returned value in 'out' is valid before executing the instruction.
pinsn: (const insn_t *) instruction
opn: (int) operand index
retval 1: if implemented, and value was found
retval 0: not implemented, -1 decoding failed, or no value found
def ev_find_reg_value(self, *args) ‑> PyObject *
ev_find_reg_value(self, pinsn, reg) -> PyObject *
Find register value via a register tracker. The returned value in 'out' is valid before executing the instruction.
pinsn: (const insn_t *) instruction
reg: (int) register index
retval 1: if implemented, and value was found
retval 0: not implemented, -1 decoding failed, or no value found
def ev_func_bounds(self, *args) ‑> int
ev_func_bounds(self, possible_return_code, pfn, max_func_end_ea) -> int
find_func_bounds() finished its work. The module may fine tune the function bounds
possible_return_code: (int *), in/out
pfn: (func_t *)
max_func_end_ea: (::ea_t) (from the kernel's point of view)
retval void
def ev_gen_asm_or_lst(self, *args) ‑> int
ev_gen_asm_or_lst(self, starting, fp, is_asm, flags, outline) -> int
starting: (bool) beginning listing generation
fp: (FILE *) output file
is_asm: (bool) true:assembler, false:listing
flags: (int) flags passed to gen_file()
outline: (html_line_cb_t **) ptr to ptr to outline callback. if this
callback is defined for this code, it will be used by the kernel to output the generated lines
retval void
def ev_gen_map_file(self, *args) ‑> int
ev_gen_map_file(self, nlines, fp) -> int
Generate map file. If not implemented the kernel itself will create the map file.
nlines: (int *) number of lines in map file (-1 means write error)
fp: (FILE *) output file
retval 0: not implemented
retval 1: ok
retval -1: write error
def ev_gen_regvar_def(self, *args) ‑> int
ev_gen_regvar_def(self, outctx, v) -> int
Generate register variable definition line.
outctx: (outctx_t *)
v: (regvar_t *)
retval >0: ok, generated the definition text
retval 0: not implemented
def ev_gen_src_file_lnnum(self, *args) ‑> int
ev_gen_src_file_lnnum(self, outctx, file, lnnum) -> int
outctx: (outctx_t *) output context
file: (const char *) source file (may be nullptr)
lnnum: (size_t) line number
retval 1: directive has been generated
retval 0: not implemented
def ev_gen_stkvar_def(self, *args) ‑> int
ev_gen_stkvar_def(self, outctx, mptr, v) -> int
Generate stack variable definition line Default line is varname = type ptr value, where 'type' is one of byte,word,dword,qword,tbyte
outctx: (outctx_t *)
mptr: (const member_t *)
v: (sval_t)
retval 1: ok
retval 0: not implemented
def ev_get_abi_info(self, *args) ‑> int
ev_get_abi_info(self, abi_names, abi_opts, comp) -> int
Get all possible ABI names and optional extensions for given compiler abiname/option is a string entirely consisting of letters, digits and underscore
abi_names: (qstrvec_t *) - all possible ABis each in form abiname-
opt1-opt2-...
abi_opts: (qstrvec_t *) - array of all possible options in form
"opt:description" or opt:hint-line#description
comp: (comp_t) - compiler ID
retval 0: not implemented
retval 1: ok
def ev_get_autocmt(self, *args) ‑> PyObject *
ev_get_autocmt(self, insn) -> PyObject *
insn: (const insn_t*) the instruction
retval 1: new comment has been generated
retval 0: callback has not been handled. the buffer must not be changed in this
case
def ev_get_bg_color(self, *args) ‑> int
ev_get_bg_color(self, color, ea) -> int
Get item background color. Plugins can hook this callback to color disassembly lines dynamically
color: (bgcolor_t *), out
ea: (::ea_t)
retval 0: not implemented
retval 1: color set
def ev_get_cc_regs(self, *args) ‑> int
ev_get_cc_regs(self, regs, cc) -> int
Get register allocation convention for given calling convention
regs: (callregs_t *), out
cc: (cm_t)
retval 1
retval 0: not implemented
def ev_get_code16_mode(self, *args) ‑> int
ev_get_code16_mode(self, ea) -> int
Get ISA 16-bit mode
ea: (ea_t) address to get the ISA mode
retval 1: 16-bit mode
retval 0: not implemented or 32-bit mode
def ev_get_dbr_opnum(self, *args) ‑> int
ev_get_dbr_opnum(self, opnum, insn) -> int
Get the number of the operand to be displayed in the debugger reference view (text mode).
opnum: (int *) operand number (out, -1 means no such operand)
insn: (const insn_t*) the instruction
retval 0: unimplemented
retval 1: implemented
def ev_get_default_enum_size(self, *args) ‑> int
ev_get_default_enum_size(self) -> int
Get default enum size. Not generated anymore. inf_get_cc_size_e() is used instead
def ev_get_frame_retsize(self, *args) ‑> int
ev_get_frame_retsize(self, frsize, pfn) -> int
Get size of function return address in bytes If this event is not implemented, the kernel will assume
  • 8 bytes for 64-bit function
  • 4 bytes for 32-bit function
  • 2 bytes otherwise
frsize: (int *) frame size (out)
pfn: (const func_t *), can't be nullptr
retval 1: ok
retval 0: not implemented
def ev_get_macro_insn_head(self, *args) ‑> int
ev_get_macro_insn_head(self, head, ip) -> int
Calculate the start of a macro instruction. This notification is called if IP points to the middle of an instruction
head: (::ea_t *), out: answer, BADADDR means normal instruction
ip: (::ea_t) instruction address
retval 0: unimplemented
retval 1: implemented
def ev_get_operand_string(self, *args) ‑> PyObject *
ev_get_operand_string(self, insn, opnum) -> PyObject *
Request text string for operand (cli, java, ...).
insn: (const insn_t*) the instruction
opnum: (int) operand number, -1 means any string operand
retval 0: no string (or empty string)
retval >0: original string length without terminating zero
def ev_get_procmod(self, *args) ‑> int
ev_get_procmod(self) -> int
Get pointer to the processor module object. All processor modules must implement this. The pointer is returned as size_t.
def ev_get_reg_accesses(self, *args) ‑> int
ev_get_reg_accesses(self, accvec, insn, flags) -> int
Get info about the registers that are used/changed by an instruction.
accvec: (reg_accesses_t*) out: info about accessed registers
insn: (const insn_t *) instruction in question
flags: (int) reserved, must be 0
retval -1: if accvec is nullptr
retval 1: found the requested access (and filled accvec)
retval 0: not implemented
def ev_get_reg_info(self, *args) ‑> int
ev_get_reg_info(self, main_regname, bitrange, regname) -> int
Get register information by its name. example: "ah" returns:
  • main_regname="eax"
  • bitrange_t = { offset==8, nbits==8 }
This callback may be unimplemented if the register names are all present in processor_t::reg_names and they all have the same size
main_regname: (const char **), out
bitrange: (bitrange_t *), out: position and size of the value within
'main_regname' (empty bitrange == whole register)
regname: (const char *)
retval 1: ok
retval -1: failed (not found)
retval 0: unimplemented
def ev_get_reg_name(self, *args) ‑> PyObject *
ev_get_reg_name(self, reg, width, reghi) -> PyObject *
Generate text representation of a register. Most processor modules do not need to implement this callback. It is useful only if processor_t::reg_names[reg] does not provide the correct register name.
reg: (int) internal register number as defined in the processor module
width: (size_t) register width in bytes
reghi: (int) if not -1 then this function will return the register pair
retval -1: if error
retval strlen(buf): if success
def ev_get_simd_types(self, *args) ‑> int
ev_get_simd_types(self, out, simd_attrs, argloc, create_tifs) -> int
Get SIMD-related types according to given attributes ant/or argument location
out: (::simd_info_vec_t *)
simd_attrs: (const simd_info_t *), may be nullptr
argloc: (const argloc_t *), may be nullptr
create_tifs: (bool) return valid tinfo_t objects, create if neccessary
retval number: of found types
retval -1: error If name==nullptr, initialize all SIMD types
def ev_get_stkarg_area_info(self, *args) ‑> int
ev_get_stkarg_area_info(self, out, cc) -> int
Get some metrics of the stack argument area.
out: (stkarg_area_info_t *) ptr to stkarg_area_info_t
cc: (cm_t) calling convention
retval 1: if success
retval 0: not implemented
def ev_get_stkvar_scale_factor(self, *args) ‑> int
ev_get_stkvar_scale_factor(self) -> int
Should stack variable references be multiplied by a coefficient before being used in the stack frame?. Currently used by TMS320C55 because the references into the stack should be multiplied by 2
return: scaling factor
retval 0: not implemented
note: PR_SCALE_STKVARS should be set to use this callback
def ev_getreg(self, *args) ‑> int
ev_getreg(self, regval, regnum) -> int
IBM PC only internal request, should never be used for other purpose Get register value by internal index
regval: (uval_t *), out
regnum: (int)
retval 1: ok
retval 0: not implemented
retval -1: failed (undefined value or bad regnum)
def ev_init(self, *args) ‑> int
ev_init(self, idp_modname) -> int
The IDP module is just loaded.
idp_modname: (const char *) processor module name
retval <0: on failure
def ev_insn_reads_tbit(self, *args) ‑> int
ev_insn_reads_tbit(self, insn, getreg, regvalues) -> int
Check if insn will read the TF bit.
insn: (const insn_t*) the instruction
getreg: (::processor_t::regval_getter_t *) function to get register
values
regvalues: (const regval_t *) register values array
retval 2: yes, will generate 'step' exception
retval 1: yes, will store the TF bit in memory
retval 0: no
def ev_is_align_insn(self, *args) ‑> int
ev_is_align_insn(self, ea) -> int
Is the instruction created only for alignment purposes?. Do not directly call this function, use is_align_insn()
ea: (ea_t) - instruction address
retval number: of bytes in the instruction
def ev_is_alloca_probe(self, *args) ‑> int
ev_is_alloca_probe(self, ea) -> int
Does the function at 'ea' behave as __alloca_probe?
ea: (::ea_t)
retval 1: yes
retval 0: no
def ev_is_basic_block_end(self, *args) ‑> int
ev_is_basic_block_end(self, insn, call_insn_stops_block) -> int
Is the current instruction end of a basic block?. This function should be defined for processors with delayed jump slots.
insn: (const insn_t*) the instruction
call_insn_stops_block: (bool)
retval 0: unknown
retval <0: no
retval 1: yes
def ev_is_call_insn(self, *args) ‑> int
ev_is_call_insn(self, insn) -> int
Is the instruction a "call"?
insn: (const insn_t *) instruction
retval 0: unknown
retval <0: no
retval 1: yes
def ev_is_cond_insn(self, *args) ‑> int
ev_is_cond_insn(self, insn) -> int
Is conditional instruction?
insn: (const insn_t *) instruction address
retval 1: yes
retval -1: no
retval 0: not implemented or not instruction
def ev_is_control_flow_guard(self, *args) ‑> int
ev_is_control_flow_guard(self, p_reg, insn) -> int
Detect if an instruction is a "thunk call" to a flow guard function (equivalent to call reg/return/nop)
p_reg: (int *) indirect register number, may be -1
insn: (const insn_t *) call/jump instruction
retval -1: no thunk detected
retval 1: indirect call
retval 2: security check routine call (NOP)
retval 3: return thunk
retval 0: not implemented
def ev_is_far_jump(self, *args) ‑> int
ev_is_far_jump(self, icode) -> int
is indirect far jump or call instruction? meaningful only if the processor has 'near' and 'far' reference types
icode: (int)
retval 0: not implemented
retval 1: yes
retval -1: no
def ev_is_indirect_jump(self, *args) ‑> int
ev_is_indirect_jump(self, insn) -> int
Determine if instruction is an indirect jump. If CF_JUMP bit cannot describe all jump types jumps, please define this callback.
insn: (const insn_t*) the instruction
retval 0: use CF_JUMP
retval 1: no
retval 2: yes
def ev_is_insn_table_jump(self, *args) ‑> int
ev_is_insn_table_jump(self) -> int
Reserved.
def ev_is_jump_func(self, *args) ‑> int
ev_is_jump_func(self, pfn, jump_target, func_pointer) -> int
Is the function a trivial "jump" function?.
pfn: (func_t *)
jump_target: (::ea_t *)
func_pointer: (::ea_t *)
retval <0: no
retval 0: don't know
retval 1: yes, see 'jump_target' and 'func_pointer'
def ev_is_ret_insn(self, *args) ‑> int
ev_is_ret_insn(self, insn, strict) -> int
Is the instruction a "return"?
insn: (const insn_t *) instruction
strict: (bool) 1: report only ret instructions 0: include instructions
like "leave" which begins the function epilog
retval 0: unknown
retval <0: no
retval 1: yes
def ev_is_sane_insn(self, *args) ‑> int
ev_is_sane_insn(self, insn, no_crefs) -> int
Is the instruction sane for the current file type?.
insn: (const insn_t*) the instruction
no_crefs: (int) 1: the instruction has no code refs to it. ida just tries
to convert unexplored bytes to an instruction (but there is no other reason to convert them into an instruction) 0: the instruction is created because of some coderef, user request or another weighty reason.
retval >=0: ok
retval <0: no, the instruction isn't likely to appear in the program
def ev_is_sp_based(self, *args) ‑> int
ev_is_sp_based(self, mode, insn, op) -> int
Check whether the operand is relative to stack pointer or frame pointer This event is used to determine how to output a stack variable If not implemented, then all operands are sp based by default. Implement this event only if some stack references use frame pointer instead of stack pointer.
mode: (int *) out, combination of SP/FP operand flags
insn: (const insn_t *)
op: (const op_t *)
retval 0: not implemented
retval 1: ok
def ev_is_switch(self, *args) ‑> int
ev_is_switch(self, si, insn) -> int
Find 'switch' idiom or override processor module's decision. It will be called for instructions marked with CF_JUMP.
si: (switch_info_t *), out
insn: (const insn_t *) instruction possibly belonging to a switch
retval 1: switch is found, 'si' is filled. IDA will create the switch using the
filled 'si'
retval -1: no switch found. This value forbids switch creation by the processor
module
retval 0: not implemented
def ev_last_cb_before_loader(self, *args) ‑> int
ev_last_cb_before_loader(self) -> int
def ev_loader(self, *args) ‑> int
ev_loader(self) -> int
This code and higher ones are reserved for the loaders. The arguments and the return values are defined by the loaders
def ev_lower_func_type(self, *args) ‑> int
ev_lower_func_type(self, argnums, fti) -> int
Get function arguments which should be converted to pointers when lowering function prototype. The processor module can also modify 'fti' in order to make non-standard conversion of some arguments.
argnums: (intvec_t *), out - numbers of arguments to be converted to
pointers in acsending order
fti: (func_type_data_t *), inout func type details (special values -1/-2
for return value - position of hidden 'retstr' argument: -1 - at the beginning, -2 - at the end)
retval 0: not implemented
retval 1: argnums was filled
retval 2: argnums was filled and made substantial changes to fti
def ev_max_ptr_size(self, *args) ‑> int
ev_max_ptr_size(self) -> int
Get maximal size of a pointer in bytes.
return: max possible size of a pointer
def ev_may_be_func(self, *args) ‑> int
ev_may_be_func(self, insn, state) -> int
Can a function start here?
insn: (const insn_t*) the instruction
state: (int) autoanalysis phase 0: creating functions 1: creating chunks
return: probability 1..100
note: Actually IDA uses 3 intervals of a probability: 0..50 not a function,
51..99 a function (IDA needs another proof), 100 a function (no other proofs needed)
def ev_may_show_sreg(self, *args) ‑> int
ev_may_show_sreg(self, current_ea) -> int
The kernel wants to display the segment registers in the messages window.
current_ea: (::ea_t)
retval <0: if the kernel should not show the segment registers. (assuming that
the module has done it)
retval 0: not implemented
def ev_moving_segm(self, *args) ‑> int
ev_moving_segm(self, seg, to, flags) -> int
May the kernel move the segment?
seg: (segment_t *) segment to move
to: (::ea_t) new segment start address
flags: (int) combination of Move segment flags
retval 0: yes
retval <0: the kernel should stop
def ev_newasm(self, *args) ‑> int
ev_newasm(self, asmnum) -> int
Before setting a new assembler.
asmnum: (int) See also ev_asm_installed
def ev_newbinary(self, *args) ‑> int
ev_newbinary(self, filename, fileoff, basepara, binoff, nbytes) -> int
IDA is about to load a binary file.
filename: (char *) binary file name
fileoff: (qoff64_t) offset in the file
basepara: (::ea_t) base loading paragraph
binoff: (::ea_t) loader offset
nbytes: (::uint64) number of bytes to load
def ev_newfile(self, *args) ‑> int
ev_newfile(self, fname) -> int
A new file has been loaded.
fname: (char *) input file name
def ev_newprc(self, *args) ‑> int
ev_newprc(self, pnum, keep_cfg) -> int
Before changing processor type.
pnum: (int) processor number in the array of processor names
keep_cfg: (bool) true: do not modify kernel configuration
retval 1: ok
retval <0: prohibit
def ev_next_exec_insn(self, *args) ‑> int
ev_next_exec_insn(self, target, ea, tid, getreg, regvalues) -> int
Get next address to be executed This function must return the next address to be executed. If the instruction following the current one is executed, then it must return BADADDR Usually the instructions to consider are: jumps, branches, calls, returns. This function is essential if the 'single step' is not supported in hardware.
target: (::ea_t *), out: pointer to the answer
ea: (::ea_t) instruction address
tid: (int) current therad id
getreg: (::processor_t::regval_getter_t *) function to get register
values
regvalues: (const regval_t *) register values array
retval 0: unimplemented
retval 1: implemented
def ev_oldfile(self, *args) ‑> int
ev_oldfile(self, fname) -> int
An old file has been loaded.
fname: (char *) input file name
def ev_out_assumes(self, *args) ‑> int
ev_out_assumes(self, outctx) -> int
Function to produce assume directives when segment register value changes.
outctx: (outctx_t *)
retval 1: ok
retval 0: not implemented
def ev_out_data(self, *args) ‑> int
ev_out_data(self, outctx, analyze_only) -> int
Generate text representation of data items This function may change the database and create cross-references if analyze_only is set
outctx: (outctx_t *)
analyze_only: (bool)
retval 1: ok
retval 0: not implemented
ev_out_footer(self, outctx) -> int
Function to produce end of disassembled text
outctx: (outctx_t *)
retval void
def ev_out_header(self, *args) ‑> int
ev_out_header(self, outctx) -> int
Function to produce start of disassembled text
outctx: (outctx_t *)
retval void
def ev_out_insn(self, *args) ‑> bool
ev_out_insn(self, outctx) -> bool
Generate text representation of an instruction in 'ctx.insn' outctx_t provides functions to output the generated text. This function shouldn't change the database, flags or anything else. All these actions should be performed only by emu_insn() function.
outctx: (outctx_t *)
retval void
def ev_out_label(self, *args) ‑> int
ev_out_label(self, outctx, colored_name) -> int
The kernel is going to generate an instruction label line or a function header.
outctx: (outctx_t *)
colored_name: (const char *)
retval <0: if the kernel should not generate the label
retval 0: not implemented or continue
def ev_out_mnem(self, *args) ‑> int
ev_out_mnem(self, outctx) -> int
Generate instruction mnemonics. This callback should append the colored mnemonics to ctx.outbuf Optional notification, if absent, out_mnem will be called.
outctx: (outctx_t *)
retval 1: if appended the mnemonics
retval 0: not implemented
def ev_out_operand(self, *args) ‑> bool
ev_out_operand(self, outctx, op) -> bool
Generate text representation of an instruction operand outctx_t provides functions to output the generated text. All these actions should be performed only by emu_insn() function.
outctx: (outctx_t *)
op: (const op_t *)
retval 1: ok
retval -1: operand is hidden
def ev_out_segend(self, *args) ‑> int
ev_out_segend(self, outctx, seg) -> int
Function to produce end of segment
outctx: (outctx_t *)
seg: (segment_t *)
retval 1: ok
retval 0: not implemented
def ev_out_segstart(self, *args) ‑> int
ev_out_segstart(self, outctx, seg) -> int
Function to produce start of segment
outctx: (outctx_t *)
seg: (segment_t *)
retval 1: ok
retval 0: not implemented
def ev_out_special_item(self, *args) ‑> int
ev_out_special_item(self, outctx, segtype) -> int
Generate text representation of an item in a special segment i.e. absolute symbols, externs, communal definitions etc
outctx: (outctx_t *)
segtype: (uchar)
retval 1: ok
retval 0: not implemented
retval -1: overflow
def ev_privrange_changed(self, *args) ‑> int
ev_privrange_changed(self, old_privrange, delta) -> int
Privrange interval has been moved to a new location. Most common actions to be done by module in this case: fix indices of netnodes used by module
old_privrange: (const range_t *) - old privrange interval
delta: (::adiff_t)
return: 0 Ok -1 error (and message in errbuf)
def ev_realcvt(self, *args) ‑> int
ev_realcvt(self, m, e, swt) -> int
Floating point -> IEEE conversion
m: (void *) ptr to processor-specific floating point value
e: (fpvalue_t *) IDA representation of a floating point value
swt: (uint16) operation (see realcvt() in ieee.h)
retval 0: not implemented
retval 1: ok
retval unknown
def ev_rename(self, *args) ‑> int
ev_rename(self, ea, new_name) -> int
The kernel is going to rename a byte.
ea: (::ea_t)
new_name: (const char *)
retval <0: if the kernel should not rename it.
retval 2: to inhibit the notification. I.e., the kernel should not rename, but
'set_name()' should return 'true'. also see renamed the return value is ignored when kernel is going to delete name
def ev_replaying_undo(self, *args) ‑> int
ev_replaying_undo(self, action_name, vec, is_undo) -> int
Replaying an undo/redo buffer
action_name: (const char *) action that we perform undo/redo for. may be
nullptr for intermediary buffers.
vec: (const undo_records_t *)
is_undo: (bool) true if performing undo, false if performing redo This
event may be generated multiple times per undo/redo
def ev_set_code16_mode(self, *args) ‑> int
ev_set_code16_mode(self, ea, code16) -> int
Some processors have ISA 16-bit mode e.g. ARM Thumb mode, PPC VLE, MIPS16 Set ISA 16-bit mode
ea: (ea_t) address to set new ISA mode
code16: (bool) true for 16-bit mode, false for 32-bit mode
def ev_set_idp_options(self, *args) ‑> int
ev_set_idp_options(self, keyword, value_type, value, idb_loaded) -> int
Set IDP-specific configuration option Also see set_options_t in config.hpp
keyword: (const char *)
value_type: (int)
value: (const void *)
idb_loaded: (bool) true if the ev_oldfile/ev_newfile events have been
generated
retval 1: ok
retval 0: not implemented
retval -1: error (and message in errbuf)
def ev_set_proc_options(self, *args) ‑> int
ev_set_proc_options(self, options, confidence) -> int
Called if the user specified an option string in the command line: -p<processor name>:<options>. Can be used for setting a processor subtype. Also called if option string is passed to set_processor_type() and IDC's SetProcessorType().
options: (const char *)
confidence: (int) 0: loader's suggestion 1: user's decision
retval <0: if bad option string
def ev_setup_til(self, *args) ‑> int
ev_setup_til(self) -> int
Setup default type libraries. (called after loading a new file into the database). The processor module may load tils, setup memory model and perform other actions required to set up the type system. This is an optional callback.
retval void
def ev_str2reg(self, *args) ‑> int
ev_str2reg(self, regname) -> int
Convert a register name to a register number. The register number is the register index in the processor_t::reg_names array Most processor modules do not need to implement this callback It is useful only if processor_t::reg_names[reg] does not provide the correct register names
regname: (const char *)
retval register: number + 1
retval 0: not implemented or could not be decoded
def ev_term(self, *args) ‑> int
ev_term(self) -> int
The IDP module is being unloaded.
def ev_treat_hindering_item(self, *args) ‑> int
ev_treat_hindering_item(self, hindering_item_ea, new_item_flags, new_item_ea, new_item_length) -> int
An item hinders creation of another item.
hindering_item_ea: (::ea_t)
new_item_flags: (flags64_t) (0 for code)
new_item_ea: (::ea_t)
new_item_length: (::asize_t)
retval 0: no reaction
retval !=0: the kernel may delete the hindering item
def ev_undefine(self, *args) ‑> int
ev_undefine(self, ea) -> int
An item in the database (insn or data) is being deleted.
ea: (ea_t)
retval 1: do not delete srranges at the item end
retval 0: srranges can be deleted
def ev_update_call_stack(self, *args) ‑> int
ev_update_call_stack(self, stack, tid, getreg, regvalues) -> int
Calculate the call stack trace for the given thread. This callback is invoked when the process is suspended and should fill the 'trace' object with the information about the current call stack. Note that this callback is NOT invoked if the current debugger backend implements stack tracing via debugger_t::event_t::ev_update_call_stack. The debugger-specific algorithm takes priority. Implementing this callback in the processor module is useful when multiple debugging platforms follow similar patterns, and thus the same processor-specific algorithm can be used for different platforms.
stack: (call_stack_t *) result
tid: (int) thread id
getreg: (::processor_t::regval_getter_t *) function to get register
values
regvalues: (const regval_t *) register values array
retval 1: ok
retval -1: failed
retval 0: unimplemented
def ev_use_arg_types(self, *args) ‑> int
ev_use_arg_types(self, ea, fti, rargs) -> int
Use information about callee arguments.
ea: (::ea_t) address of the call instruction
fti: (func_type_data_t *) info about function type
rargs: (funcargvec_t *) array of register arguments
retval 1: (and removes handled arguments from fti and rargs)
retval 0: not implemented
def ev_use_regarg_type(self, *args) ‑> PyObject *
ev_use_regarg_type(self, ea, rargs) -> PyObject *
Use information about register argument.
ea: (::ea_t) address of the instruction
rargs: (const funcargvec_t *) vector of register arguments (including
regs extracted from scattered arguments)
retval 1
retval 0: not implemented
def ev_use_stkarg_type(self, *args) ‑> int
ev_use_stkarg_type(self, ea, arg) -> int
Use information about a stack argument.
ea: (::ea_t) address of the push instruction which pushes the function
argument into the stack
arg: (const funcarg_t *) argument info
retval 1: ok
retval <=0: failed, the kernel will create a comment with the argument name or
type for the instruction
def ev_validate_flirt_func(self, *args) ‑> int
ev_validate_flirt_func(self, start_ea, funcname) -> int
Flirt has recognized a library function. This callback can be used by a plugin or proc module to intercept it and validate such a function.
start_ea: (::ea_t)
funcname: (const char *)
retval -1: do not create a function,
retval 0: function is validated
def ev_verify_noreturn(self, *args) ‑> int
ev_verify_noreturn(self, pfn) -> int
The kernel wants to set 'noreturn' flags for a function.
pfn: (func_t *)
retval 0: ok. any other value: do not set 'noreturn' flag
def ev_verify_sp(self, *args) ‑> int
ev_verify_sp(self, pfn) -> int
All function instructions have been analyzed. Now the processor module can analyze the stack pointer for the whole function
pfn: (func_t *)
retval 0: ok
retval <0: bad stack pointer
def hook(self, *args) ‑> bool
hook(self) -> bool
def unhook(self, *args) ‑> bool
unhook(self) -> bool
class asm_t (*args)
Proxy of C++ asm_t class.
__init__(self) -> asm_t

Instance variables

var a_align
"align" keyword
var a_ascii
string literal directive
var a_band
& bit and assembler time operation
var a_bnot
~ bit not assembler time operation
var a_bor
| bit or assembler time operation
var a_bss
uninitialized data directive should include 's' for the size of data
var a_byte
byte directive
var a_comdef
"comm" (communal variable)
var a_curip
current IP (instruction pointer) symbol in assembler
var a_double
double; 8bytes; nullptr if not allowed
var a_dups
array keyword. the following sequences may appear:
  • #h header
  • #d size
  • #v value
  • #s(b,w,l,q,f,d,o) size specifiers for byte,word, dword,qword, float,double,oword
var a_dword
nullptr if not allowed
var a_equ
'equ' Used if AS_UNEQU is set
var a_extrn
"extern" name keyword
var a_float
float; 4bytes; nullptr if not allowed
var a_include_fmt
the include directive (format string)
var a_mod
% mod assembler time operation
var a_oword
nullptr if not allowed
var a_packreal
packed decimal real nullptr if not allowed
var a_public
"public" name keyword. nullptr-use default, ""-do not generate
var a_qword
nullptr if not allowed
var a_rva
'rva' keyword for image based offsets (see REFINFO_RVAOFF)
var a_seg
'seg ' prefix (example: push seg seg001)
var a_shl
<< shift left assembler time operation
var a_shr
>> shift right assembler time operation
var a_sizeof_fmt
size of type (format string)
var a_tbyte
long double; nullptr if not allowed
var a_vstruc_fmt
if a named item is a structure and displayed in the verbose (multiline) form then display the name as printf(a_strucname_fmt, typename) (for asms with type checking, e.g. tasm ideal)
var a_weak
"weak" name keyword. nullptr-use default, ""-do not generate
var a_word
word directive
var a_xor
^ bit xor assembler time operation
var a_yword
32-byte (256-bit) data; nullptr if not allowed requires AS2_YWORD
var a_zword
64-byte (512-bit) data; nullptr if not allowed requires AS2_ZWORD
var accsep
char constant delimiter
var ascsep
string literal delimiter
var cmnt
comment string (see also cmnt2)
var cmnt2
comment close string (usually nullptr) this is used to denote a string which closes comments, for example, if the comments are represented with (* ... *) then cmnt = "(*" and cmnt2 = "*)"
var end
end directive
var esccodes
special chars that cannot appear as is in string and char literals
var flag
Assembler feature bits
var flag2
Secondary assembler feature bits
var header
array of automatically generated header lines they appear at the start of disassembled text
var help
Help screen number, 0 - no help.
var high16
high16
var high8
high8
var lbrace
left brace used in complex expressions
var low16
low16
var low8
low8 operation, should contain s for the operand
var name
Assembler name (displayed in menus)
var origin
org directive
var rbrace
right brace used in complex expressions
var uflag
user defined flags (local only for IDP) you may define and use your own bits
class num_range_t (*args)
Proxy of C++ cfgopt_t::num_range_t class.
__init__(self, _min, _max) -> num_range_t
_min: int64
_max: int64

Instance variables

var maxval
maxval
var minval
minval
class params_t (*args)
Proxy of C++ cfgopt_t::params_t class.
__init__(self, _p1, _p2) -> params_t
_p1: int64
_p2: int64

Instance variables

var p1
p1
var p2
p2
class processor_t
Proxy of C++ IDP_Hooks class.
__init__(self, _flags=0, _hkcb_flags=0x0001) -> IDP_Hooks
_flags: uint32
_hkcb_flags: uint32

Ancestors

Methods

def auto_empty(self, *args)
def auto_empty_finally(self, *args)
def closebase(self, *args)
def compiler_changed(self, *args)
def deleting_func(self, pfn)
def determined_main(self, *args)
def func_added(self, pfn)
def get_auxpref(self, insn)
This function returns insn.auxpref value
def get_idpdesc(self)
This function must be present and should return the list of short processor names similar to the one in ph.psnames. This method can be overridden to return to the kernel a different IDP description.
def get_uFlag(self)
Use this utility function to retrieve the 'uFlag' global variable
def idasgn_loaded(self, *args)
def kernel_config_loaded(self, *args)
def make_code(self, *args)
def make_data(self, *args)
def renamed(self, *args)
def savebase(self, *args)
def segm_moved(self, from_ea, to_ea, size, changed_netmap)
def set_func_end(self, *args)
def set_func_start(self, *args)
def sgr_changed(self, *args)

Inherited members

class reg_access_t (*args)
Proxy of C++ reg_access_t class.
__init__(self) -> reg_access_t

Instance variables

var access_type
access_type
var opnum
operand number
var range
bitrange inside the register
var regnum
register number (only entire registers)

Methods

def have_common_bits(self, *args) ‑> bool
have_common_bits(self, r) -> bool
r: reg_access_t const &
class reg_access_vec_t (*args)
Proxy of C++ qvector< reg_access_t > class.
__init__(self) -> reg_access_vec_t
__init__(self, x) -> reg_access_vec_t
x: qvector< reg_access_t > const &

Subclasses

Methods

def add_unique(self, *args) ‑> bool
add_unique(self, x) -> bool
x: reg_access_t const &
def at(self, *args) ‑> reg_access_t const &
at(self, _idx) -> reg_access_t
_idx: size_t
def back(self)
def begin(self, *args) ‑> qvector< reg_access_t >::const_iterator
begin(self) -> reg_access_t
def capacity(self, *args) ‑> size_t
capacity(self) -> size_t
def clear(self, *args) ‑> void
clear(self)
def empty(self, *args) ‑> bool
empty(self) -> bool
def end(self, *args) ‑> qvector< reg_access_t >::const_iterator
end(self) -> reg_access_t
def erase(self, *args) ‑> qvector< reg_access_t >::iterator
erase(self, it) -> reg_access_t
it: qvector< reg_access_t >::iterator
erase(self, first, last) -> reg_access_t
first: qvector< reg_access_t >::iterator
last: qvector< reg_access_t >::iterator
def extract(self, *args) ‑> reg_access_t *
extract(self) -> reg_access_t
def find(self, *args) ‑> qvector< reg_access_t >::const_iterator
find(self, x) -> reg_access_t
x: reg_access_t const &
def front(self)
def grow(self, *args) ‑> void
grow(self, x=reg_access_t())
x: reg_access_t const &
def has(self, *args) ‑> bool
has(self, x) -> bool
x: reg_access_t const &
def inject(self, *args) ‑> void
inject(self, s, len)
s: reg_access_t *
len: size_t
def insert(self, *args) ‑> qvector< reg_access_t >::iterator
insert(self, it, x) -> reg_access_t
it: qvector< reg_access_t >::iterator
x: reg_access_t const &
def pop_back(self, *args) ‑> void
pop_back(self)
def push_back(self, *args) ‑> reg_access_t &
push_back(self, x)
x: reg_access_t const &
push_back(self) -> reg_access_t
def qclear(self, *args) ‑> void
qclear(self)
def reserve(self, *args) ‑> void
reserve(self, cnt)
cnt: size_t
def resize(self, *args) ‑> void
resize(self, _newsize, x)
_newsize: size_t
x: reg_access_t const &
resize(self, _newsize)
_newsize: size_t
def size(self, *args) ‑> size_t
size(self) -> size_t
def swap(self, *args) ‑> void
swap(self, r)
r: qvector< reg_access_t > &
def truncate(self, *args) ‑> void
truncate(self)
class reg_accesses_t (*args)
Proxy of C++ reg_accesses_t class.
__init__(self) -> reg_accesses_t

Ancestors

Inherited members

class reg_info_t (*args)
Proxy of C++ reg_info_t class.
__init__(self) -> reg_info_t

Instance variables

var reg
register number
var size
register size

Methods

def compare(self, *args) ‑> int
compare(self, r) -> int
r: reg_info_t const &