Module ida_loader
[frames] | no frames]

Module ida_loader

IDA Plugin SDK API wrapper: loader

Classes
  qvector_snapshotvec_t
Proxy of C++ qvector<(p.snapshot_t)> class
  loader_t
Proxy of C++ loader_t class
  idp_name_t
Proxy of C++ idp_name_t class
  idp_desc_t
Proxy of C++ idp_desc_t class
  plugin_info_t
Proxy of C++ plugin_info_t class
  snapshot_t
Proxy of C++ snapshot_t class
Functions
bool
load_binary_file(filename, li, _neflags, fileoff, basepara, binoff, nbytes)
Load a binary file into the database.
int
process_archive(temp_file, li, module_name, neflags, defmember, loader)
Calls 'loader_t::process_archive()' For parameters and return value description look at 'loader_t::process_archive()' .
int
gen_file(otype, fp, ea1, ea2, flags)
Generate an output file.
int
file2base(li, pos, ea1, ea2, patchable)
Load portion of file into the database.
int
base2file(fp, pos, ea1, ea2)
Unload database to a binary file.
filetype_t
get_basic_file_type(li)
Get the input file type.
size_t
get_file_type_name()
Get name of the current file type.
int
load_ids_module(fname)
Load and apply IDS file.
char const *
get_plugin_options(plugin)
Get plugin options from the command line.
plugin_t *
find_plugin(name, load_if_needed=False)
Find a user-defined plugin and optionally load it.
qoff64_t
get_fileregion_offset(ea)
Get offset in the input file which corresponds to the given ea.
ea_t
get_fileregion_ea(offset)
Get linear address which corresponds to the specified input file offset.
int
gen_exe_file(fp)
Generate an exe file (unload the database in binary form).
int
reload_file(file, is_remote)
Reload the input file.
bool
build_snapshot_tree(root)
Build the snapshot tree.
int
flush_buffers()
Flush buffers to the disk.
bool
is_trusted_idb()
Is the database considered as trusted?
bool
save_database(outfile, flags, root=None, attr=None)
Save current database using a new file name.when both root and attr are not NULL then the snapshot attributes will be updated, otherwise the snapshot attributes will be inherited from the current database.
bool
is_database_flag(dbfl)
Get the current database flag
 
set_database_flag(dbfl, cnd=True)
Set or clear database flag
 
clr_database_flag(dbfl)
char const *
get_path(pt)
Get the file path
 
set_path(pt, path)
Set the file path
char const *
get_elf_debug_file_directory()
Get the value of the ELF_DEBUG_FILE_DIRECTORY configuration directive.
int
mem2base(py_mem, ea, fpos=-1)
Load database from the memory.
PyObject *
load_plugin(name)
Loads a plugin
bool
run_plugin(plg, arg)
Runs a plugin
bool
load_and_run_plugin(name, arg)
Load & run a plugin.
PyObject *
extract_module_from_archive(fname, is_remote=False)
Extract a module for an archive file.
Variables
  LDRF_RELOAD = 1
loader recognizes 'NEF_RELOAD' flag
  LDRF_REQ_PROC = 2
Requires a processor to be set.
  ACCEPT_ARCHIVE = 8192
Specify that a file format is served by archive loader See 'loader_t::accept_file'
  ACCEPT_CONTINUE = 16384
Specify that the function must be called another time See 'loader_t::accept_file'
  ACCEPT_FIRST = 32768
Specify that a file format should be place first in "load file" dialog box.
  NEF_SEGS = 1
Create segments.
  NEF_RSCS = 2
Load resources.
  NEF_NAME = 4
Rename entries.
  NEF_MAN = 8
Manual load.
  NEF_FILL = 16
Fill segment gaps.
  NEF_IMPS = 32
Create import segment.
  NEF_FIRST = 128
into the database.
  NEF_CODE = 256
load as a code segment
  NEF_RELOAD = 512
reload the file at the same place: - don't create segmentsdon't create fixup infodon't import segmentsetc load only the bytes into the base.
  NEF_FLAT = 1024
Autocreate FLAT group (PE)
  NEF_MINI = 2048
Create mini database (do not copy segment bytes from the input file; use only the file header metadata)
  NEF_LOPT = 4096
Display additional loader options dialog.
  NEF_LALL = 8192
Load all segments without questions.
  DLLEXT = 'so'
  LOADER_DLL = '*.so'
  OFILE_MAP = 0
  OFILE_EXE = 1
  OFILE_IDC = 2
  OFILE_LST = 3
  OFILE_ASM = 4
  OFILE_DIF = 5
  GENFLG_MAPSEG = 1
'OFILE_MAP' : generate map of segments
  GENFLG_MAPNAME = 2
'OFILE_MAP' : include dummy names
  GENFLG_MAPDMNG = 4
'OFILE_MAP' : demangle names
  GENFLG_MAPLOC = 8
'OFILE_MAP' : include local names
  GENFLG_IDCTYPE = 8
'OFILE_IDC' : gen only information about types
  GENFLG_ASMTYPE = 16
'OFILE_ASM' , 'OFILE_LST' : gen information about types too
  GENFLG_GENHTML = 32
'OFILE_ASM' , 'OFILE_LST' : generate html ( 'ui_genfile_callback'...
  GENFLG_ASMINC = 64
'OFILE_ASM' , 'OFILE_LST' : gen information only about types
  FILEREG_PATCHABLE = 1
means that the input file may be patched (i.e.
  FILEREG_NOTPATCHABLE = 0
form in the file.
  PLUGIN_DLL = '*.so'
Pattern to find plugin files.
  MODULE_ENTRY_LOADER = '_LDSC'
  MODULE_ENTRY_PLUGIN = '_PLUGIN'
  MODULE_ENTRY_IDP = '_LPH'
  IDP_DLL = '*.so'
  MAX_DATABASE_DESCRIPTION = 128
Maximum database snapshot description length.
  SSF_AUTOMATIC = 1
automatic snapshot
  SSUF_DESC = 1
Update the description.
  SSUF_PATH = 2
Update the path.
  SSUF_FLAGS = 4
Update the flags.
  DBFL_KILL = 1
delete unpacked database
  DBFL_COMP = 2
collect garbage
  DBFL_BAK = 4
create backup file (if !DBFL_KILL)
  DBFL_TEMP = 8
temporary database
  PATH_TYPE_CMD = 0
  PATH_TYPE_IDB = 1
  PATH_TYPE_ID0 = 2
  __package__ = None
Function Details

load_binary_file(filename, li, _neflags, fileoff, basepara, binoff, nbytes)

 

Load a binary file into the database. This function usually is called from ui.

Parameters:
  • filename - the name of input file as is (if the input file is from library, then this is the name from the library) (C++: const char *)
  • li - loader input source (C++: linput_t *)
  • _neflags - Load file flags . For the first file, the flag NEF_FIRST must be set. (C++: ushort)
  • fileoff - Offset in the input file (C++: qoff64_t)
  • basepara - Load address in paragraphs (C++: ea_t)
  • binoff - Load offset (load_address=(basepara<<4)+binoff) (C++: ea_t)
  • nbytes - Number of bytes to load from the file. 0: up to the end of the file (C++: uint64)
Returns: bool

process_archive(temp_file, li, module_name, neflags, defmember, loader)

 

Calls 'loader_t::process_archive()' For parameters and return value description look at 'loader_t::process_archive()' . Additional parameter:

Parameters:
  • temp_file, (C++ - qstring *)
  • li, (C++ - linput_t *)
  • module_name, (C++ - qstring *)
  • neflags, (C++ - ushort *)
  • defmember, (C++ - const char *)
  • loader - pointer to load_info_t structure. (C++: const load_info_t *)
Returns: int

gen_file(otype, fp, ea1, ea2, flags)

 

Generate an output file. 'OFILE_EXE' :

Parameters:
  • otype - type of output file. (C++: ofile_type_t)
  • fp - the output file handle (C++: FILE *)
  • ea1 - start address. For some file types this argument is ignored (C++: ea_t)
  • ea2 - end address. For some file types this argument is ignored as usual in ida, the end address of the range is not included (C++: ea_t)
  • flags - Generate file flags (C++: int)
Returns: int
number of the generated lines. -1 if an error occurred

file2base(li, pos, ea1, ea2, patchable)

 

Load portion of file into the database. This function will include (ea1..ea2) into the addressing space of the program (make it enabled)

Parameters:
  • li - pointer of input source (C++: linput_t *)
  • pos - position in the file (C++: qoff64_t)
  • ea1 - range of destination linear addresses (C++: ea_t)
  • ea2 - range of destination linear addresses (C++: ea_t)
  • patchable - should the kernel remember correspondence of file offsets to linear addresses. (C++: int)
Returns: int

base2file(fp, pos, ea1, ea2)

 

Unload database to a binary file. This function works for wide byte processors too.

Parameters:
  • fp - pointer to file (C++: FILE *)
  • pos - position in the file (C++: qoff64_t)
  • ea1 - range of source linear addresses (C++: ea_t)
  • ea2 - range of source linear addresses (C++: ea_t)
Returns: int
1-ok(always), write error leads to immediate exit

get_basic_file_type(li)

 

Get the input file type. This function can recognize libraries and zip files.

Parameters:
  • li, (C++ - linput_t *)
Returns: filetype_t

get_file_type_name()

 

Get name of the current file type. The current file type is kept in \inf{filetype}.

Returns: size_t
size of answer, this function always succeeds

load_ids_module(fname)

 

Load and apply IDS file. This function loads the specified IDS file and applies it to the database. If the program imports functions from a module with the same name as the name of the ids file being loaded, then only functions from this module will be affected. Otherwise (i.e. when the program does not import a module with this name) any function in the program may be affected.

Parameters:
  • fname - name of file to apply (C++: char *)
Returns: int

get_plugin_options(plugin)

 

Get plugin options from the command line. If the user has specified the options in the -Oplugin_name:options format, them this function will return the 'options' part of it The 'plugin' parameter should denote the plugin name Returns NULL if there we no options specified

Parameters:
  • plugin, (C++ - const char *)
Returns: char const *

find_plugin(name, load_if_needed=False)

 

Find a user-defined plugin and optionally load it.

Parameters:
  • name - short plugin name without path and extension, or absolute path to the file name (C++: const char *)
  • load_if_needed - if the plugin is not present in the memory, try to load it (C++: bool)
Returns: plugin_t *
pointer to plugin description block

get_fileregion_offset(ea)

 

Get offset in the input file which corresponds to the given ea. If the specified ea can't be mapped into the input file offset, return -1.

Parameters:
  • ea, (C++ - ea_t)
Returns: qoff64_t

get_fileregion_ea(offset)

 

Get linear address which corresponds to the specified input file offset. If can't be found, return 'BADADDR'

Parameters:
  • offset, (C++ - qoff64_t)
Returns: ea_t

gen_exe_file(fp)

 

Generate an exe file (unload the database in binary form).

Parameters:
  • fp, (C++ - FILE *)
Returns: int
fp the output file handle. if fp == NULL then return: 1: can generate an executable file 0: can't generate an executable file

reload_file(file, is_remote)

 

Reload the input file. This function reloads the byte values from the input file. It doesn't modify the segmentation, names, comments, etc.

Parameters:
  • file - name of the input file. if file == NULL then returns: 1: can reload the input file 0: can't reload the input file (C++: const char *)
  • is_remote - is the file located on a remote computer with the debugger server? (C++: bool)
Returns: int

build_snapshot_tree(root)

 

Build the snapshot tree.

Parameters:
  • root - snapshot root that will contain the snapshot tree elements. (C++: snapshot_t *)
Returns: bool
success

save_database(outfile, flags, root=None, attr=None)

 

Save current database using a new file name.when both root and attr are not NULL then the snapshot attributes will be updated, otherwise the snapshot attributes will be inherited from the current database.

Parameters:
  • outfile - output database file name (C++: const char *)
  • flags - Database flags (C++: uint32)
  • root - optional: snapshot tree root. (C++: const snapshot_t *)
  • attr - optional: snapshot attributes (C++: const snapshot_t *)
Returns: bool
success

is_database_flag(dbfl)

 

Get the current database flag

Parameters:
  • dbfl - flag Database flags (C++: uint32)
Returns: bool
the state of the flag (set or cleared)

set_database_flag(dbfl, cnd=True)

 

Set or clear database flag

Parameters:
  • dbfl - flag Database flags (C++: uint32)
  • cnd - set if true or clear flag otherwise (C++: bool)

get_path(pt)

 

Get the file path

Parameters:
  • pt - file path type Types of the file pathes (C++: path_type_t)
Returns: char const *
file path, never returns NULL

set_path(pt, path)

 

Set the file path

Parameters:
  • pt - file path type Types of the file pathes (C++: path_type_t)
  • path - new file path, use NULL or empty string to clear the file path (C++: const char *)

mem2base(py_mem, ea, fpos=-1)

 

Load database from the memory.

Parameters:
  • mem - the buffer
  • ea - start linear addresses
  • fpos - position in the input file the data is taken from. if == -1, then no file position correspond to the data.
Returns: int
  • Returns zero if the passed buffer was not a string
  • Otherwise 1 is returned

load_plugin(name)

 

Loads a plugin

Returns: PyObject *
  • None if plugin could not be loaded
  • An opaque object representing the loaded plugin

run_plugin(plg, arg)

 

Runs a plugin

Parameters:
  • plg - A plugin object (returned by load_plugin())
Returns: bool
Boolean

load_and_run_plugin(name, arg)

 

Load & run a plugin.

Parameters:
  • name, (C++ - const char *)
  • arg, (C++ - size_t)
Returns: bool

extract_module_from_archive(fname, is_remote=False)

 

Extract a module for an archive file. Parse an archive file, show the list of modules to the user, allow him to select a module, extract the selected module to a file (if the extract module is an archive, repeat the process). This function can handle ZIP, AR, AIXAR, OMFLIB files. The temporary file will be automatically deleted by IDA at the end.

Parameters:
  • is_remote - is the input file remote? (C++: bool)
Returns: PyObject *

Variables Details

LDRF_REQ_PROC

Requires a processor to be set. if this bit is not set, load_file() must call set_processor_type(..., SETPROC_LOADER)

Value:
2

ACCEPT_FIRST

Specify that a file format should be place first in "load file" dialog box. See 'loader_t::accept_file'

Value:
32768

NEF_FIRST

into the database.

This is the first file loaded

Value:
128

NEF_CODE

load as a code segment

for 'load_binary_file()' :

Value:
256

NEF_RELOAD

reload the file at the same place: - don't create segmentsdon't create fixup infodon't import segmentsetc load only the bytes into the base. a loader should have 'LDRF_RELOAD' bit set

Value:
512

GENFLG_GENHTML

 'OFILE_ASM' , 'OFILE_LST' : generate html ( 'ui_genfile_callback'
will be used)

Value:
32

FILEREG_PATCHABLE

means that the input file may be patched (i.e. no compression, no iterated data, etc)

Value:
1

FILEREG_NOTPATCHABLE

form in the file.

the data is kept in some encoded

Value:
0