Module `ida_regfinder`

Functions

def find_nearest_rvi(*args) ‑> int

find_nearest_rvi(rvi, ea, reg) -> int

Find the value of any of the two registers using the register tracker. First, this function tries to find the registers in the basic block of EA, and if it could not do this, then it tries to find in the entire function.

rvi: (C++: reg_value_info_t *) the found value with additional attributes

ea: (C++: ea_t) the address to find a value at

reg: (C++: const int) the registers to find

return: the index of the found register or -1

def find_reg_value(*args) ‑> uint64 *

find_reg_value(ea, reg) -> int

Find register value using the register tracker.

note: The returned value is valid *before* executing the instruction.

ea: (C++: ea_t) the address to find a value at

reg: (C++: int) the register to find

retval 0: no value (the value is varying or the find depth is not enough to

find a value)

retval 1: the found value is in VAL

retval -1: the processor module does not support a register tracker

def find_reg_value_info(*args) ‑> bool

find_reg_value_info(rvi, ea, reg, max_depth=0) -> bool

Find register value using the register tracker.

note: The returned value is valid *before* executing the instruction.

note: The _undefined_ value means that there is no execution flow to EA, e.g.

we try to find a value after the call of NORET function.

note: The _unknown_ value means that the value is:

a result of unsupported instruction, e.g. the result of a call,
a function argument,
is varying, e.g. it is a loop counter.

rvi: (C++: reg_value_info_t *) the found value with additional attributes

ea: (C++: ea_t) the address to find a value at

reg: (C++: int) the register to find

max_depth: (C++: int) the number of basic blocks to look before aborting the search

and returning the unknown value. 0 means the value of REGTRACK_MAX_DEPTH from ida.cfg for ordinal registers or REGTRACK_FUNC_MAX_DEPTH for the function-wide registers, -1 means the value of REGTRACK_FUNC_MAX_DEPTH from ida.cfg.

retval 'false': the processor module does not support a register tracker

retval 'true': the found value is in RVI

def find_sp_value(*args) ‑> int64 *

find_sp_value(ea, reg=-1) -> int

Find a value of the SP based register using the register tracker.

note: The returned value is valid *before* executing the instruction.

ea: (C++: ea_t) the address to find a value at

reg: (C++: int) the register to find. by default the SP register is used.

retval 0: no value (the value is varying or the find depth is not enough to

find a value)

retval 1: the found value is in VAL

retval -1: the processor module does not support a register tracker

def invalidate_regfinder_cache(*args) ‑> void

invalidate_regfinder_cache(ea=BADADDR)

Remove from the register tracker cache all values at EA and all dependent values. As if the control flow to this instruction has changed. if EA == BADADDR then clear the entire cache.

ea: (C++: ea_t)

def reg_value_info_t_make_aborted(*args) ‑> reg_value_info_t

reg_value_info_t_make_aborted(bblk_ea) -> reg_value_info_t

bblk_ea: ea_t

def reg_value_info_t_make_badinsn(*args) ‑> reg_value_info_t

reg_value_info_t_make_badinsn(insn_ea) -> reg_value_info_t

insn_ea: ea_t

def reg_value_info_t_make_dead_end(*args) ‑> reg_value_info_t

reg_value_info_t_make_dead_end(dead_end_ea) -> reg_value_info_t

dead_end_ea: ea_t

def reg_value_info_t_make_initial_sp(*args) ‑> reg_value_info_t

reg_value_info_t_make_initial_sp(func_ea) -> reg_value_info_t

func_ea: ea_t

def reg_value_info_t_make_num(*args) ‑> reg_value_info_t

reg_value_info_t_make_num(rval, insn, val_flags=0) -> reg_value_info_t

rval: uval_t

insn: an ida_ua.insn_t, or an address (C++: const insn_t &)

val_flags: uint16

reg_value_info_t_make_num(rval, val_ea, val_flags=0) -> reg_value_info_t

rval: uval_t

val_ea: ea_t

val_flags: uint16

def reg_value_info_t_make_unkfunc(*args) ‑> reg_value_info_t

reg_value_info_t_make_unkfunc(func_ea) -> reg_value_info_t

func_ea: ea_t

def reg_value_info_t_make_unkinsn(*args) ‑> reg_value_info_t

reg_value_info_t_make_unkinsn(insn) -> reg_value_info_t

insn: an ida_ua.insn_t, or an address (C++: const insn_t &)

def reg_value_info_t_make_unkloop(*args) ‑> reg_value_info_t

reg_value_info_t_make_unkloop(bblk_ea) -> reg_value_info_t

bblk_ea: ea_t

def reg_value_info_t_make_unkmult(*args) ‑> reg_value_info_t

reg_value_info_t_make_unkmult(bblk_ea) -> reg_value_info_t

bblk_ea: ea_t

Classes

class reg_value_def_t (*args)

Proxy of C++ reg_value_def_t class.

__init__(self) -> reg_value_def_t

__init__(self, _val, ea, _flags=0) -> reg_value_def_t

_val: uval_t

ea: ea_t

_flags: uint16

__init__(self, _val, insn, _flags=0) -> reg_value_def_t

_val: uval_t

insn: an ida_ua.insn_t, or an address (C++: const insn_t &)

_flags: uint16

Class variables

var NOVAL: without a value
var SPVAL: as a SP delta
var UVAL: as a number

Instance variables

var LIKE_GOT: the value is like GOT only for numbers

see: is_num()
var PC_BASED: the value depends on DEF_EA only for numbers

see: is_num()
var SHORT_INSN: like 'addi reg, imm'
var def_ea: the instruction address
var def_itype: the instruction code (processor specific)
var flags: additional info about the value
var val: the value

Methods

def dstr(self, *args) ‑> qstring: dstr(self, how, pm=None) -> qstring
Return the string representation.

how: (C++: dstr_val_t) enum reg_value_def_t::dstr_val_t

pm: (C++: const procmod_t *) procmod_t const *
def is_like_got(self, *args) ‑> bool: is_like_got(self) -> bool
def is_pc_based(self, *args) ‑> bool: is_pc_based(self) -> bool
def is_short_insn(self, *args) ‑> bool: is_short_insn(self, insn) -> bool
insn: an ida_ua.insn_t, or an address (C++: const insn_t &)

is_short_insn(self) -> bool

class reg_value_info_t (*args)

Proxy of C++ reg_value_info_t class.

__init__(self) -> reg_value_info_t

Class variables

var ADD
var AND
var AND_NOT
var CONTAINED: L is contained in R (i.e. L\R is empty)
var CONTAINS: L contains R (i.e. R\L is empty)
var EQUAL: L==R.
var NEG
var NOT
var NOT_COMPARABLE: L\R is not empty and R\L is not empty.
var OR
var SLL
var SLR
var SUB
var XOR

Static methods

def make_aborted(*args) ‑> reg_value_info_t: make_aborted(bblk_ea) -> reg_value_info_t
Return the value after aborting.

see: aborted()

bblk_ea: (C++: ea_t)
def make_badinsn(*args) ‑> reg_value_info_t: make_badinsn(insn_ea) -> reg_value_info_t
Return the unknown value after a bad insn.

see: is_badinsn()

insn_ea: (C++: ea_t)
def make_dead_end(*args) ‑> reg_value_info_t: make_dead_end(dead_end_ea) -> reg_value_info_t
Return the undefined value because of a dead end.

see: is_dead_end()

dead_end_ea: (C++: ea_t)
def make_initial_sp(*args) ‑> reg_value_info_t: make_initial_sp(func_ea) -> reg_value_info_t
Return the value that is the initial stack pointer.

see: is_spd()

func_ea: (C++: ea_t)
def make_num(*args) ‑> reg_value_info_t: make_num(rval, insn, val_flags=0) -> reg_value_info_t
Return the value that is the RVAL number.

see: is_num()

rval: (C++: uval_t)

insn: an ida_ua.insn_t, or an address (C++: const insn_t &)

val_flags: (C++: uint16)

make_num(rval, val_ea, val_flags=0) -> reg_value_info_t
rval: uval_t

val_ea: ea_t

val_flags: uint16
def make_unkfunc(*args) ‑> reg_value_info_t: make_unkfunc(func_ea) -> reg_value_info_t
Return the unknown value from the function start.

see: is_unkfunc()

func_ea: (C++: ea_t)
def make_unkinsn(*args) ‑> reg_value_info_t: make_unkinsn(insn) -> reg_value_info_t
Return the unknown value after executing the insn.

see: is_unkinsn()

insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)
def make_unkloop(*args) ‑> reg_value_info_t: make_unkloop(bblk_ea) -> reg_value_info_t
Return the unknown value if it changes in a loop.

see: is_unkloop()

bblk_ea: (C++: ea_t)
def make_unkmult(*args) ‑> reg_value_info_t: make_unkmult(bblk_ea) -> reg_value_info_t
Return the unknown value if the register has incompatible values.

see: is_unkmult()

bblk_ea: (C++: ea_t)

Methods

def aborted(self, *args) ‑> bool: aborted(self) -> bool
Return 'true' if the tracking process was aborted.
def add(self, *args) ‑> void: add(self, r, insn)
Add R to the value, save INSN as a defining instruction.

note: Either THIS or R must have a single value.

r: (C++: const reg_value_info_t &) reg_value_info_t const &

insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)
def add_num(self, *args) ‑> void: add_num(self, r, insn)
Add R to the value, do not change the defining instructions.

note: This method do nothing for unknown values.

r: (C++: uval_t)

insn: an ida_ua.insn_t, or an address (C++: const insn_t &)

add_num(self, r)
r: uval_t
def band(self, *args) ‑> void: band(self, r, insn)
Make bitwise AND of R to the value, save INSN as a defining instruction.

note: Either THIS or R must have a single value.

r: (C++: const reg_value_info_t &) reg_value_info_t const &

insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)
def bandnot(self, *args) ‑> void: bandnot(self, r, insn)
Make bitwise AND of the inverse of R to the value, save INSN as a defining instruction.

note: Either THIS or R must have a single value.

r: (C++: const reg_value_info_t &) reg_value_info_t const &

insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)
def bnot(self, *args) ‑> void: bnot(self, insn)
Make bitwise inverse of the value, save INSN as a defining instruction.

insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)
def bor(self, *args) ‑> void: bor(self, r, insn)
Make bitwise OR of R to the value, save INSN as a defining instruction.

note: Either THIS or R must have a single value.

r: (C++: const reg_value_info_t &) reg_value_info_t const &

insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)
def bxor(self, *args) ‑> void: bxor(self, r, insn)
Make bitwise eXclusive OR of R to the value, save INSN as a defining instruction.

note: Either THIS or R must have a single value.

r: (C++: const reg_value_info_t &) reg_value_info_t const &

insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)
def clear(self, *args) ‑> void: clear(self)
Undefine the value.
def empty(self, *args) ‑> bool: empty(self) -> bool
Return 'true' if we know nothing about a value.
def extend(self, *args) ‑> void: extend(self, pm, width, is_signed)
Sign-, or zero-extend the number or SP delta value to full size. The initial value is considered to be of size WIDTH.

note: This method do nothing for unknown values.

pm: (C++: const procmod_t &) procmod_t const &

width: (C++: int)

is_signed: (C++: bool)
def get_def_ea(self, *args) ‑> ea_t: get_def_ea(self) -> ea_t
Return the defining address.
def get_def_itype(self, *args) ‑> uint16: get_def_itype(self) -> uint16
Return the defining instruction code (processor specific).
def get_num(self, *args) ‑> bool: get_num(self) -> bool
Return the number if the value is a constant.

see: is_num()
def get_spd(self, *args) ‑> bool: get_spd(self) -> bool
Return the SP delta if the value depends on the stack pointer.

see: is_spd()
def have_all_vals_flag(self, *args) ‑> bool: have_all_vals_flag(self, val_flags) -> bool
Check the given flag for each value.

val_flags: (C++: uint16)
def is_all_vals_like_got(self, *args) ‑> bool: is_all_vals_like_got(self) -> bool
def is_all_vals_pc_based(self, *args) ‑> bool: is_all_vals_pc_based(self) -> bool
def is_badinsn(self, *args) ‑> bool: is_badinsn(self) -> bool
Return 'true' if the value is unknown because of a bad insn.
def is_dead_end(self, *args) ‑> bool: is_dead_end(self) -> bool
Return 'true' if the value is undefined because of a dead end.
def is_known(self, *args) ‑> bool: is_known(self) -> bool
Return 'true' if the value is known (i.e. it is a number or SP delta).
def is_num(self, *args) ‑> bool: is_num(self) -> bool
Return 'true' if the value is a constant.
def is_spd(self, *args) ‑> bool: is_spd(self) -> bool
Return 'true' if the value depends on the stack pointer.
def is_special(self, *args) ‑> bool: is_special(self) -> bool
Return 'true' if the value requires special handling.
def is_unkfunc(self, *args) ‑> bool: is_unkfunc(self) -> bool
Return 'true' if the value is unknown from the function start.
def is_unkinsn(self, *args) ‑> bool: is_unkinsn(self) -> bool
Return 'true' if the value is unknown after executing the insn.
def is_unkloop(self, *args) ‑> bool: is_unkloop(self) -> bool
Return 'true' if the value is unknown because it changes in a loop.
def is_unkmult(self, *args) ‑> bool: is_unkmult(self) -> bool
Return 'true' if the value is unknown because the register has incompatible values (a number and SP delta).
def is_unknown(self, *args) ‑> bool: is_unknown(self) -> bool
Return 'true' if the value is unknown.
def is_value_unique(self, *args) ‑> bool: is_value_unique(self) -> bool
Check that the value is unique.
def neg(self, *args) ‑> void: neg(self, insn)
Negate the value, save INSN as a defining instruction.

insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)
def set_aborted(self, *args) ‑> void: set_aborted(self, bblk_ea)
Set the value after aborting.

see: aborted()

bblk_ea: (C++: ea_t)
def set_badinsn(self, *args) ‑> void: set_badinsn(self, insn_ea)
Set the value to be unknown after a bad insn.

see: is_badinsn()

insn_ea: (C++: ea_t)
def set_dead_end(self, *args) ‑> void: set_dead_end(self, dead_end_ea)
Set the value to be undefined because of a dead end.

see: is_dead_end()

dead_end_ea: (C++: ea_t)
def set_num(self, *args) ‑> void: set_num(self, rval, insn, val_flags=0)
Set the value to be a number before an address.

see: is_num()

rval: (C++: uval_t)

insn: an ida_ua.insn_t, or an address (C++: const insn_t &)

val_flags: (C++: uint16)

set_num(self, rvals, insn)
rvals: uvalvec_t *

insn: an ida_ua.insn_t, or an address (C++: const insn_t &)

set_num(self, rval, val_ea, val_flags=0)
rval: uval_t

val_ea: ea_t

val_flags: uint16
def set_unkfunc(self, *args) ‑> void: set_unkfunc(self, func_ea)
Set the value to be unknown from the function start.

see: is_unkfunc()

func_ea: (C++: ea_t)
def set_unkinsn(self, *args) ‑> void: set_unkinsn(self, insn)
Set the value to be unknown after executing the insn.

see: is_unkinsn()

insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)
def set_unkloop(self, *args) ‑> void: set_unkloop(self, bblk_ea)
Set the value to be unknown because it changes in a loop.

see: is_unkloop()

bblk_ea: (C++: ea_t)
def set_unkmult(self, *args) ‑> void: set_unkmult(self, bblk_ea)
Set the value to be unknown because the register has incompatible values.

see: is_unkmult()

bblk_ea: (C++: ea_t)
def shift_left(self, *args) ‑> void: shift_left(self, r)
Shift the value left by R, do not change the defining instructions.

note: This method do nothing for unknown values.

r: (C++: uval_t)
def shift_right(self, *args) ‑> void: shift_right(self, r)
Shift the value right by R, do not change the defining instructions.

note: This method do nothing for unknown values.

r: (C++: uval_t)
def sll(self, *args) ‑> void: sll(self, r, insn)
Shift the value left by R, save INSN as a defining instruction.

note: Either THIS or R must have a single value.

r: (C++: const reg_value_info_t &) reg_value_info_t const &

insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)
def slr(self, *args) ‑> void: slr(self, r, insn)
Shift the value right by R, save INSN as a defining instruction.

note: Either THIS or R must have a single value.

r: (C++: const reg_value_info_t &) reg_value_info_t const &

insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)
def sub(self, *args) ‑> void: sub(self, r, insn)
Subtract R from the value, save INSN as a defining instruction.

note: Either THIS or R must have a single value.

r: (C++: const reg_value_info_t &) reg_value_info_t const &

insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)
def trunc_uval(self, *args) ‑> void: trunc_uval(self, pm)
Truncate the number to the application bitness.

note: This method do nothing for non-number values.

pm: (C++: const procmod_t &) procmod_t const &
def vals_union(self, *args) ‑> reg_value_info_t::set_compare_res_t: vals_union(self, r) -> reg_value_info_t::set_compare_res_t
Add values from R into THIS ignoring duplicates.

note: This method is the only way to get multiple values.

retval EQUAL: THIS is not changed

retval CONTAINS: THIS is not changed

retval CONTAINED: THIS is a copy of R

retval NOT_COMPARABLE: values from R are added to THIS

r: (C++: const reg_value_info_t &) reg_value_info_t const &