Module ida_nalt
[frames] | no frames]

Module ida_nalt

IDA Plugin SDK API wrapper: nalt

Classes
  custom_data_type_ids_fids_array
Proxy of C++ wrapped_array_t<(int16,8)> class
  strpath_ids_array
Proxy of C++ wrapped_array_t<(tid_t,32)> class
  array_parameters_t
Proxy of C++ array_parameters_t class
  switch_info_t
Proxy of C++ switch_info_t class
  custom_data_type_ids_t
Proxy of C++ custom_data_type_ids_t class
  refinfo_t
Proxy of C++ refinfo_t class
  strpath_t
Proxy of C++ strpath_t class
  enum_const_t
Proxy of C++ enum_const_t class
  opinfo_t
Proxy of C++ opinfo_t class
  printop_t
Proxy of C++ printop_t class
Functions
nodeidx_t
ea2node(ea)
Get netnode for the specified address.
ea_t
node2ea(ndx)
netnode
getnode(ea)
 
set_aflags(ea, flags)
 
set_abits(ea, bits)
 
clr_abits(ea, bits)
uint32
get_aflags(ea)
 
del_aflags(ea)
bool
is_hidden_item(ea)
 
hide_item(ea)
 
unhide_item(ea)
bool
is_hidden_border(ea)
 
hide_border(ea)
 
unhide_border(ea)
bool
uses_modsp(ea)
 
set_usemodsp(ea)
 
clr_usemodsp(ea)
bool
is_zstroff(ea)
 
set_zstroff(ea)
 
clr_zstroff(ea)
bool
is__bnot0(ea)
 
set__bnot0(ea)
 
clr__bnot0(ea)
bool
is__bnot1(ea)
 
set__bnot1(ea)
 
clr__bnot1(ea)
bool
is_libitem(ea)
 
set_libitem(ea)
 
clr_libitem(ea)
bool
has_ti(ea)
 
set_has_ti(ea)
 
clr_has_ti(ea)
bool
has_ti0(ea)
 
set_has_ti0(ea)
 
clr_has_ti0(ea)
bool
has_ti1(ea)
 
set_has_ti1(ea)
 
clr_has_ti1(ea)
bool
has_lname(ea)
 
set_has_lname(ea)
 
clr_has_lname(ea)
bool
is_tilcmt(ea)
 
set_tilcmt(ea)
 
clr_tilcmt(ea)
bool
is_usersp(ea)
 
set_usersp(ea)
 
clr_usersp(ea)
bool
is_lzero0(ea)
 
set_lzero0(ea)
 
clr_lzero0(ea)
bool
is_lzero1(ea)
 
set_lzero1(ea)
 
clr_lzero1(ea)
bool
is_colored_item(ea)
 
set_colored_item(ea)
 
clr_colored_item(ea)
bool
is_terse_struc(ea)
 
set_terse_struc(ea)
 
clr_terse_struc(ea)
bool
is__invsign0(ea)
 
set__invsign0(ea)
 
clr__invsign0(ea)
bool
is__invsign1(ea)
 
set__invsign1(ea)
 
clr__invsign1(ea)
bool
is_noret(ea)
 
set_noret(ea)
 
clr_noret(ea)
bool
is_fixed_spd(ea)
 
set_fixed_spd(ea)
 
clr_fixed_spd(ea)
bool
is_align_flow(ea)
 
set_align_flow(ea)
 
clr_align_flow(ea)
bool
is_userti(ea)
 
set_userti(ea)
 
clr_userti(ea)
bool
is_retfp(ea)
 
set_retfp(ea)
 
clr_retfp(ea)
bool
is_notproc(ea)
 
set_notproc(ea)
 
clr_notproc(ea)
 
set_notcode(ea)
Mark address so that it can not be converted to instruction.
 
clr_notcode(ea)
Clear not-code mark.
bool
is_notcode(ea)
Is the address marked as not-code?
 
set_visible_item(ea, visible)
Change visibility of item at given ea.
bool
is_visible_item(ea)
Test visibility of item at given ea.
bool
is_finally_visible_item(ea)
Is instruction visible?
 
set_source_linnum(ea, lnnum)
uval_t
get_source_linnum(ea)
 
del_source_linnum(ea)
ea_t
get_absbase(ea)
 
set_absbase(ea, x)
 
del_absbase(ea)
ea_t
get_ind_purged(ea)
 
del_ind_purged(ea)
uint32
get_str_type(ea)
 
set_str_type(ea, x)
 
del_str_type(ea)
uchar
get_str_type_code(strtype)
char
get_str_term1(strtype)
char
get_str_term2(strtype)
uchar
get_str_encoding_idx(strtype)
Get index of the string encoding for this string.
bool
is_pascal(strtype)
uint32
get_alignment(ea)
 
set_alignment(ea, x)
 
del_alignment(ea)
 
set_item_color(ea, color)
bgcolor_t
get_item_color(ea)
bool
del_item_color(ea)
ssize_t
get_array_parameters(out, ea)
 
set_array_parameters(ea, _in)
 
del_array_parameters(ea)
 
set_switch_info(ea, _in)
 
del_switch_info(ea)
ea_t
get_switch_parent(ea)
 
set_switch_parent(ea, x)
 
del_switch_parent(ea)
int
get_custom_data_type_ids(cdis, ea)
 
set_custom_data_type_ids(ea, cdis)
 
del_custom_data_type_ids(ea)
bool
is_reftype_target_optional(type)
Can the target be calculated using operand value?
reftype_t
get_reftype_by_size(size)
Get REF_...
int
find_custom_refinfo(name)
Get id of a custom refinfo type.
custom_refinfo_handler_t const *
get_custom_refinfo(crid)
Get definition of a registered custom refinfo type.
int
set_refinfo_ex(ea, n, ri)
int
set_refinfo(ea, n, type, target=BADADDR, base=0, tdelta=0)
int
get_refinfo(ri, ea, n)
int
del_refinfo(ea, n)
bool
get_tinfo(tif, ea)
bool
set_tinfo(ea, tif)
 
del_tinfo(ea)
bool
get_op_tinfo(tif, ea, n)
bool
set_op_tinfo(ea, n, tif)
 
del_op_tinfo(ea, n)
ssize_t
get_input_file_path()
Get full path of the input file.
ssize_t
get_root_filename()
Get file name only of the input file.
 
set_root_filename(file)
Set full path of the input file.
uint32
retrieve_input_file_size()
Get size of input file in bytes.
uint32
retrieve_input_file_crc32()
Get input file crc32 stored in the database.
bool
retrieve_input_file_md5()
Get input file md5.
bool
retrieve_input_file_sha256()
Get input file sha256.
ssize_t
get_asm_inc_file()
Get name of the include file.
bool
set_asm_inc_file(file)
Set name of the include file.
ea_t
get_imagebase()
Get image base address.
 
set_imagebase(base)
Set image base address.
netnode
get_ids_modnode()
Get ids modnode.
 
set_ids_modnode(id)
Set ids modnode.
ssize_t
dbg_get_input_path()
Get debugger input file name/path (see 'LFLG_DBG_NOPATH' )
ssize_t
get_archive_path()
Get archive file path from which input file was extracted.
bool
set_archive_path(file)
Set archive file path from which input file was extracted.
int
get_encoding_qty()
Get total number of encodings (counted from 0)
char const *
get_encoding_name(idx)
Get encoding name for specific index (1-based).
int
add_encoding(encoding)
Add a new encoding (e.g.
bool
del_encoding(idx)
Delete an encoding (1-based)
bool
rename_encoding(idx, encoding)
Change name for an encoding (1-based)
int
get_encoding_bpu(idx)
Get the amount of bytes per unit (e.g., 2 for UTF-16, 4 for UTF-32) for the encoding with the given index.
int
get_strtype_bpu(strtype)
int
get_default_encoding_idx(bpu)
Get default encoding index for a specific string type.
bool
set_default_encoding_idx(bpu, idx)
set default encoding for a string type
char const *
encoding_from_strtype(strtype)
Get encoding name for this strtype.
int
get_outfile_encoding_idx()
Get the index of the encoding used when producing files 0 means no that the IDB's default 1 byte-per-unit encoding is used
bool
set_outfile_encoding_idx(idx)
set encoding to be used when producing files
uint
get_import_module_qty()
Get number of import modules.
 
delete_imports()
Delete all imported modules information.
int
validate_idb_names(do_repair)
 
set_gotea(gotea)
ea_t
get_gotea()
PyObject *
get_import_module_name(mod_index)
Returns the name of an imported module given its index
int
enum_import_names(mod_index, py_cb)
Enumerate imports from a specific module.
switch_info_t
switch_info_t__from_ptrval__(ptrval)
 
get_switch_info(*args)
 
get_abi_name(*args)
Variables
  NALT_SWITCH = 1
switch idiom address (used at jump targets)
  NALT_STRUCT = 3
struct id
  NALT_AFLAGS = 8
additional flags for an item
  NALT_LINNUM = 9
source line number
  NALT_ABSBASE = 10
absolute segment location
  NALT_ENUM0 = 11
enum id for the first operand
  NALT_ENUM1 = 12
enum id for the second operand
  NALT_PURGE = 15
number of bytes purged from the stack when a function is called indirectly
  NALT_STRTYPE = 16
type of string item
  NALT_ALIGN = 17
(should by equal to power of 2)
  NALT_COLOR = 20
instruction/data background color
  NSUP_CMT = 0
regular comment
  NSUP_REPCMT = 1
repeatable comment
  NSUP_FOP1 = 2
forced operand 1
  NSUP_FOP2 = 3
forced operand 2
  NSUP_JINFO = 4
jump table info
  NSUP_ARRAY = 5
array parameters
  NSUP_OMFGRP = 6
OMF: group of segments (not used anymore)
  NSUP_FOP3 = 7
forced operand 3
  NSUP_SWITCH = 8
switch information
  NSUP_REF0 = 9
complex reference information for operand 1
  NSUP_REF1 = 10
complex reference information for operand 2
  NSUP_REF2 = 11
complex reference information for operand 3
  NSUP_OREF0 = 12
outer complex reference information for operand 1
  NSUP_OREF1 = 13
outer complex reference information for operand 2
  NSUP_OREF2 = 14
outer complex reference information for operand 3
  NSUP_STROFF0 = 15
stroff: struct path for the first operand
  NSUP_STROFF1 = 16
stroff: struct path for the second operand
  NSUP_SEGTRANS = 17
segment translations
  NSUP_FOP4 = 18
forced operand 4
  NSUP_FOP5 = 19
forced operand 5
  NSUP_FOP6 = 20
forced operand 6
  NSUP_REF3 = 21
complex reference information for operand 4
  NSUP_REF4 = 22
complex reference information for operand 5
  NSUP_REF5 = 23
complex reference information for operand 6
  NSUP_OREF3 = 24
outer complex reference information for operand 4
  NSUP_OREF4 = 25
outer complex reference information for operand 5
  NSUP_OREF5 = 26
outer complex reference information for operand 6
  NSUP_XREFPOS = 27
saved xref address and type in the xrefs window
  NSUP_CUSTDT = 28
custom data type id
  NSUP_GROUPS = 29
SEG_GRP: pack_dd encoded list of selectors.
  NSUP_ARGEAS = 30
instructions that initialize call arguments
  NSUP_FOP7 = 31
forced operand 7
  NSUP_FOP8 = 32
forced operand 8
  NSUP_REF6 = 33
complex reference information for operand 7
  NSUP_REF7 = 34
complex reference information for operand 8
  NSUP_OREF6 = 35
outer complex reference information for operand 7
  NSUP_OREF7 = 36
outer complex reference information for operand 8
  NSUP_POINTS = 4096
SP change points blob (see funcs.cpp).
  NSUP_MANUAL = 8192
manual instruction.
  NSUP_TYPEINFO = 12288
type information.
  NSUP_REGVAR = 16384
register variables.
  NSUP_LLABEL = 20480
local labels.
  NSUP_REGARG = 24576
register argument type/name descriptions values NSUP_REGARG..NSUP_REGARG+0x1000 are reserved
  NSUP_FTAILS = 28672
function tails or tail referers values NSUP_FTAILS..NSUP_FTAILS+0x1000 are reserved
  NSUP_GROUP = 32768
graph group information values NSUP_GROUP..NSUP_GROUP+0x1000 are reserved
  NSUP_OPTYPES = 36864
operand type information.
  NALT_CREF_TO = 'X'
code xref to, idx: target address
  NALT_CREF_FROM = 'x'
code xref from, idx: source address
  NALT_DREF_TO = 'D'
data xref to, idx: target address
  NALT_DREF_FROM = 'd'
data xref from, idx: source address
  NSUP_GR_INFO = 'g'
group node info: color, ea, text
  NALT_GR_LAYX = 'p'
group layout ptrs, hash: md5 of 'belongs'
  NSUP_GR_LAYT = 'l'
group layouts, idx: layout pointer
  PATCH_TAG = 'P'
Patch netnode tag.
  AFL_LINNUM = 1
has line number info
  AFL_USERSP = 2
user-defined SP value
  AFL_PUBNAM = 4
name is public (inter-file linkage)
  AFL_WEAKNAM = 8
name is weak
  AFL_HIDDEN = 16
the item is hidden completely
  AFL_MANUAL = 32
the instruction/data is specified by the user
  AFL_NOBRD = 64
the code/data border is hidden
  AFL_ZSTROFF = 128
display struct field name at 0 offset when displaying an offset.
  AFL_BNOT0 = 256
the 1st operand is bitwise negated
  AFL_BNOT1 = 512
the 2nd operand is bitwise negated
  AFL_LIB = 1024
item from the standard library.
  AFL_TI = 2048
has typeinfo? ( 'NSUP_TYPEINFO' )
  AFL_TI0 = 4096
has typeinfo for operand 0? ( 'NSUP_OPTYPES' )
  AFL_TI1 = 8192
has typeinfo for operand 1? ( 'NSUP_OPTYPES' +1)
  AFL_LNAME = 16384
has local name too ( 'FF_NAME' should be set)
  AFL_TILCMT = 32768
has type comment? (such a comment may be changed by IDA)
  AFL_LZERO0 = 65536
toggle leading zeroes for the 1st operand
  AFL_LZERO1 = 131072
toggle leading zeroes for the 2nd operand
  AFL_COLORED = 262144
has user defined instruction color?
  AFL_TERSESTR = 524288
terse structure variable display?
  AFL_SIGN0 = 1048576
code: toggle sign of the 1st operand
  AFL_SIGN1 = 2097152
code: toggle sign of the 2nd operand
  AFL_NORET = 4194304
for imported function pointers: doesn't return.
  AFL_FIXEDSPD = 8388608
should not be modified by modules
  AFL_ALIGNFLOW = 16777216
the previous insn was created for alignment purposes only
  AFL_USERTI = 33554432
(comes from the user or type library)
  AFL_RETFP = 67108864
function returns a floating point value
  AFL_USEMODSP = 134217728
example: pop [rsp+N]
  AFL_NOTCODE = 268435456
autoanalysis should not create code here
  AFL_NOTPROC = 536870912
autoanalysis should not create proc here
  STRWIDTH_1B = 0
  STRWIDTH_2B = 1
  STRWIDTH_4B = 2
  STRWIDTH_MASK = 3
  STRLYT_TERMCHR = 0
  STRLYT_PASCAL1 = 1
  STRLYT_PASCAL2 = 2
  STRLYT_PASCAL4 = 3
  STRLYT_MASK = 252
  STRLYT_SHIFT = 2
  STRTYPE_TERMCHR = 0
C-style string.
  STRTYPE_C = 0
Zero-terminated 16bit chars.
  STRTYPE_C_16 = 1
Zero-terminated 32bit chars.
  STRTYPE_C_32 = 2
Pascal-style, one-byte length prefix.
  STRTYPE_PASCAL = 4
Pascal-style, 16bit chars, one-byte length prefix.
  STRTYPE_PASCAL_16 = 5
Pascal-style, two-byte length prefix.
  STRTYPE_LEN2 = 8
Pascal-style, 16bit chars, two-byte length prefix.
  STRTYPE_LEN2_16 = 9
Pascal-style, four-byte length prefix.
  STRTYPE_LEN4 = 12
Pascal-style, 16bit chars, four-byte length prefix.
  STRTYPE_LEN4_16 = 13
  STRENC_DEFAULT = 0
use default encoding for this type (see 'get_default_encoding_idx()' )
  STRENC_NONE = 255
force no-conversion encoding
  AP_ALLOWDUPS = 1
use 'dup' construct
  AP_SIGNED = 2
treats numbers as signed
  AP_INDEX = 4
display array element indexes as comments
  AP_ARRAY = 8
create as array (this flag is not stored in database)
  AP_IDXBASEMASK = 240
mask for number base of the indexes
  AP_IDXDEC = 0
display indexes in decimal
  AP_IDXHEX = 16
display indexes in hex
  AP_IDXOCT = 32
display indexes in octal
  AP_IDXBIN = 48
display indexes in binary
  SWI_SPARSE = 1
otherwise lowcase present
  SWI_V32 = 2
32-bit values in table
  SWI_J32 = 4
32-bit jump offsets
  SWI_VSPLIT = 8
value table is split (only for 32-bit values)
  SWI_RESERVED = 16
was: SWI_DEFAULT
  SWI_DEF_IN_TBL = 32
default case is an entry in the jump table.
  SWI_JMP_INV = 64
for first entry in values table)
  SWI_SHIFT_MASK = 384
use formula (element<<shift) + elbase to find jump targets
  SWI_ELBASE = 512
segment will be used)
  SWI_JSIZE = 1024
jump offset expansion bit
  SWI_VSIZE = 2048
value table element size expansion bit
  SWI_SEPARATE = 4096
create an array of individual elements (otherwise separate items)
  SWI_SIGNED = 8192
jump table entries are signed
  SWI_CUSTOM = 16384
custom jump table.
  SWI_INDIRECT = 65536
(for sparse switches)
  SWI_SUBTRACT = 131072
table values are subtracted from the elbase instead of being added
  SWI_HXNOLOWCASE = 262144
lowcase value should not be used by the decompiler (internal flag)
  SWI_STDTBL = 524288
custom jump table with standard table formatting.
  SWI_DEFRET = 1048576
return in the default case (defjump==BADADDR)
  SWI_SELFREL = 2097152
jump address is relative to the element not to ELBASE
  SWI_JMPINSN = 4194304
jump table entries are insns.
  SWI_VERSION = 8388608
the structure contains the VERSION member
  cvar = _ida_nalt.cvar
  V695_REF_OFF8 = 0
  REF_OFF16 = 1
  REF_OFF32 = 2
  REF_LOW8 = 3
  REF_LOW16 = 4
  REF_HIGH8 = 5
  REF_HIGH16 = 6
  V695_REF_VHIGH = 7
  V695_REF_VLOW = 8
  REF_OFF64 = 9
  REF_OFF8 = 10
  REF_LAST = 10
  REFINFO_TYPE = 15
reference type
  REFINFO_RVAOFF = 16
based reference (rva) 'refinfo_t::base' will be forced to 'get_imagebase()' such a reference is displayed with the {a_rva} keyword
  REFINFO_PASTEND = 32
reference past an item it may point to an nonexistent address do not destroy alignment dirs
  REFINFO_CUSTOM = 64
a custom reference the kernel will call {notify}(ph.custom_offset, ....
  REFINFO_NOBASE = 128
don't create the base xref implies that the base can be any value nb: base xrefs are created only if the offset base points to the middle of a segment
  REFINFO_SUBTRACT = 256
the reference value is subtracted from the base value instead of (as usual) being added to it
  REFINFO_SIGNEDOP = 512
the operand value is sign-extended (only supported for REF_OFF8/16/32/64)
  MAXSTRUCPATH = 32
maximal inclusion depth of unions
  RIDX_FILE_FORMAT_NAME = 1
file format name for loader modules
  RIDX_SELECTORS = 2
2..63 are for selector_t blob (see init_selectors())
  RIDX_GROUPS = 64
segment group information (see init_groups())
  RIDX_H_PATH = 65
C header path.
  RIDX_C_MACROS = 66
C predefined macros.
  RIDX_SMALL_IDC_OLD = 67
Instant IDC statements (obsolete)
  RIDX_NOTEPAD = 68
notepad blob, occupies 1000 indexes (1MB of text)
  RIDX_INCLUDE = 1100
assembler include file name
  RIDX_SMALL_IDC = 1200
Instant IDC statements, blob.
  RIDX_DUALOP_GRAPH = 1300
Graph text representation options.
  RIDX_DUALOP_TEXT = 1301
Text text representation options.
  RIDX_MD5 = 1302
MD5 of the input file.
  RIDX_IDA_VERSION = 1303
version of ida which created the database
  RIDX_STR_ENCODINGS = 1305
a list of encodings for the program strings
  RIDX_SRCDBG_PATHS = 1306
source debug paths, occupies 20 indexes
  RIDX_SELECTED_EXTLANG = 1327
last selected extlang name (from the execute script box)
  RIDX_DBG_BINPATHS = 1328
debug binary paths, occupies 20 indexes
  RIDX_SHA256 = 1349
SHA256 of the input file.
  RIDX_ABINAME = 1350
ABI name (processor specific)
  RIDX_ARCHIVE_PATH = 1351
archive file path
  RIDX_PROBLEMS = 1352
problem lists
  BPU_1B = 1
  BPU_2B = 2
  BPU_4B = 4
  __package__ = None
Function Details

ea2node(ea)

 

Get netnode for the specified address.

Parameters:
  • ea, (C++ - ea_t)
Returns: nodeidx_t

set_notcode(ea)

 

Mark address so that it can not be converted to instruction.

Parameters:
  • ea, (C++ - ea_t)

clr_notcode(ea)

 

Clear not-code mark.

Parameters:
  • ea, (C++ - ea_t)

is_notcode(ea)

 

Is the address marked as not-code?

Parameters:
  • ea, (C++ - ea_t)
Returns: bool

set_visible_item(ea, visible)

 

Change visibility of item at given ea.

Parameters:
  • ea, (C++ - ea_t)
  • visible, (C++ - bool)

is_visible_item(ea)

 

Test visibility of item at given ea.

Parameters:
  • ea, (C++ - ea_t)
Returns: bool

is_finally_visible_item(ea)

 

Is instruction visible?

Parameters:
  • ea, (C++ - ea_t)
Returns: bool

get_str_encoding_idx(strtype)

 

Get index of the string encoding for this string.

Parameters:
  • strtype, (C++ - int32)
Returns: uchar

is_reftype_target_optional(type)

 

Can the target be calculated using operand value?

Parameters:
  • type, (C++ - reftype_t)
Returns: bool

get_reftype_by_size(size)

 

Get REF_... constant from size Supported sizes: 1,2,4,8,16 For other sizes returns reftype_t(-1)

Parameters:
  • size, (C++ - size_t)
Returns: reftype_t

find_custom_refinfo(name)

 

Get id of a custom refinfo type.

Parameters:
  • name, (C++ - const char *)
Returns: int

get_custom_refinfo(crid)

 

Get definition of a registered custom refinfo type.

Parameters:
  • crid, (C++ - int)
Returns: custom_refinfo_handler_t const *

set_root_filename(file)

 

Set full path of the input file.

Parameters:
  • file, (C++ - const char *)

retrieve_input_file_crc32()

 

Get input file crc32 stored in the database. it can be used to check that the input file has not been changed.

Returns: uint32

set_asm_inc_file(file)

 

Set name of the include file.

Parameters:
  • file, (C++ - const char *)
Returns: bool

set_imagebase(base)

 

Set image base address.

Parameters:
  • base, (C++ - ea_t)

set_ids_modnode(id)

 

Set ids modnode.

Parameters:
  • id, (C++ - netnode)

set_archive_path(file)

 

Set archive file path from which input file was extracted.

Parameters:
  • file, (C++ - const char *)
Returns: bool

get_encoding_name(idx)

 

Get encoding name for specific index (1-based).

Parameters:
  • idx, (C++ - int)
Returns: char const *
NULL if idx is out of bounds

add_encoding(encoding)

 

Add a new encoding (e.g. "UTF-8").

Parameters:
  • encoding, (C++ - const char *)
Returns: int
its index (1-based) if it's already in the list, return its index

del_encoding(idx)

 

Delete an encoding (1-based)

Parameters:
  • idx, (C++ - int)
Returns: bool

rename_encoding(idx, encoding)

 

Change name for an encoding (1-based)

Parameters:
  • idx, (C++ - int)
  • encoding, (C++ - const char *)
Returns: bool

get_encoding_bpu(idx)

 

Get the amount of bytes per unit (e.g., 2 for UTF-16, 4 for UTF-32) for the encoding with the given index.

Parameters:
  • idx - the encoding index (C++: int)
Returns: int
the number of bytes per units (1/2/4); -1 means error

get_default_encoding_idx(bpu)

 

Get default encoding index for a specific string type.

Parameters:
  • bpu - the amount of bytes per unit (e.g., 1 for ASCII, CP1252, UTF-8..., 2 for UTF-16, 4 for UTF-32) 0 means no specific encoding is set - byte values are displayed without conversion. (C++: int)
Returns: int

set_default_encoding_idx(bpu, idx)

 

set default encoding for a string type

Parameters:
  • bpu - the amount of bytes per unit (C++: int)
  • idx - the encoding index idx can be 0 to disable encoding conversion (C++: int)
Returns: bool

encoding_from_strtype(strtype)

 

Get encoding name for this strtype.

Parameters:
  • strtype, (C++ - int32)
Returns: char const *

set_outfile_encoding_idx(idx)

 

set encoding to be used when producing files

Parameters:
  • idx - the encoding index idx can be 0 to use the IDB's default 1 -byte-per-unit encoding (C++: int)
Returns: bool

get_import_module_name(mod_index)

 

Returns the name of an imported module given its index

Returns: PyObject *
None or the module name

enum_import_names(mod_index, py_cb)

 

Enumerate imports from a specific module. Please refer to ex_imports.py example.

Parameters:
  • mod_index - The module index
  • callback - A callable object that will be invoked with an ea, name (could be None) and ordinal.
Returns: int
1-finished ok, -1 on error, otherwise callback return value (<=0)

Variables Details

NALT_ALIGN

(should by equal to power of 2)

alignment value if the item is 'FF_ALIGN'

Value:
17

NSUP_POINTS

SP change points blob (see funcs.cpp). values NSUP_POINTS..NSUP_POINTS+0x1000 are reserved

Value:
4096

NSUP_MANUAL

manual instruction. values NSUP_MANUAL..NSUP_MANUAL+0x1000 are reserved

Value:
8192

NSUP_TYPEINFO

type information. values NSUP_TYPEINFO..NSUP_TYPEINFO+0x1000 are reserved

Value:
12288

NSUP_REGVAR

register variables. values NSUP_REGVAR..NSUP_REGVAR+0x1000 are reserved

Value:
16384

NSUP_LLABEL

local labels. values NSUP_LLABEL..NSUP_LLABEL+0x1000 are reserved

Value:
20480

NSUP_OPTYPES

operand type information. values NSUP_OPTYPES..NSUP_OPTYPES+0x100000 are reserved

Value:
36864

AFL_ZSTROFF

display struct field name at 0 offset when displaying an offset. example: {offset somestruct.field_0} if this flag is clear, then {offset somestruct}

Value:
128

AFL_LIB

item from the standard library. low level flag, is used to set 'FUNC_LIB' of 'func_t'

Value:
1024

AFL_NORET

for imported function pointers: doesn't return. this flag can also be used for any instruction which halts or finishes the program execution

Value:
4194304

AFL_FIXEDSPD

should not be modified by modules

sp delta value is fixed by analysis.

Value:
8388608

AFL_USERTI

(comes from the user or type library)

the type information is definitive.

Value:
33554432

AFL_USEMODSP

example: pop [rsp+N]

insn modifes SP and uses the modified value

Value:
134217728

STRTYPE_TERMCHR

C-style string.

< Character-terminated string. The termination characters are kept in the next bytes of string type.

Value:
0

SWI_SPARSE

otherwise lowcase present

sparse switch (value table present)

Value:
1

SWI_DEF_IN_TBL

default case is an entry in the jump table. This flag is applicable in 2 cases:The sparse indirect switch (i.e. a switch with a values table) <jump table="" size>=""> ==+ 1. The default case entry is the last one in the table (or the first one in the case of an inversed jump table).The switch with insns in the jump table. The default case entry is before the first entry of the table. See also the find_defjump_from_table() helper function.

Value:
32

SWI_JMP_INV

for first entry in values table)

jumptable is inversed. (last entry is

Value:
64

SWI_ELBASE

segment will be used)

elbase is present (otherwise the base of the switch

Value:
512

SWI_CUSTOM

custom jump table. {create_switch_xrefs} will be called to create code xrefs for the table. Custom jump table must be created by the module (see also 'SWI_STDTBL' )

Value:
16384

SWI_INDIRECT

(for sparse switches)

value table elements are used as indexes into the jump table

Value:
65536

SWI_STDTBL

custom jump table with standard table formatting. ATM IDA doesn't use SWI_CUSTOM for switches with standard table formatting. So this flag can be considered as obsolete.

Value:
524288

SWI_JMPINSN

jump table entries are insns. For such entries SHIFT has a different meaning. It denotes the number of insns in the entry. For example, 0 - the entry contains the jump to the case, 1 - the entry contains one insn like a 'mov' and jump to the end of case, and so on.

Value:
4194304

REFINFO_CUSTOM

a custom reference the kernel will call {notify}(ph.custom_offset, .... that can change all arguments used for calculations. This flag is useful for custom fixups

Value:
64