Module ida_ua
[frames] | no frames]

Module ida_ua

IDA Plugin SDK API wrapper: ua

Classes
  operands_array
Proxy of C++ wrapped_array_t<(op_t,8)> class
  op_t
Proxy of C++ op_t class
  insn_t
Proxy of C++ insn_t class
  outctx_base_t
Proxy of C++ outctx_base_t class
  outctx_t
Proxy of C++ outctx_t class
Functions
 
insn_add_cref(insn, to, opoff, type)
 
insn_add_dref(insn, to, opoff, type)
ea_t
insn_add_off_drefs(insn, x, type, outf)
bool
insn_create_stkvar(insn, x, v, flags)
int
get_lookback()
Number of instructions to look back.
ea_t
calc_dataseg(insn, n=-1, rgnum=-1)
Get data segment for the instruction operand.
ea_t
map_data_ea(insn, addr, opnum=-1)
map_data_ea(insn, op) -> ea_t
ea_t
map_code_ea(insn, addr, opnum)
map_code_ea(insn, op) -> ea_t
ea_t
map_ea(insn, op, iscode)
map_ea(insn, addr, opnum, iscode) -> ea_t
outctx_base_t
create_outctx(ea, F=0, suspop=0)
Create a new output context.
bool
print_insn_mnem(ea)
Print instruction mnemonics.
flags_t
get_dtype_flag(dtype)
Get flags for 'op_t::dtype' field.
size_t
get_dtype_size(dtype)
Get size of opt_::dtype field.
int
create_insn(ea, out=None)
Create an instruction at the specified address.
int
decode_insn(out, ea)
Analyze the specified address and fill 'out'.
bool
can_decode(ea)
Can the bytes at address 'ea' be decoded as instruction?
bool
print_operand(ea, n, getn_flags=0, newtype=None)
Generate text representation for operand #n.
ea_t
decode_prev_insn(out, ea)
Decode previous instruction if it exists, fill 'out'.
ea_t
guess_table_address(insn)
Guess the jump table address (ibm pc specific)
asize_t
guess_table_size(insn, jump_table)
Guess the jump table size.
PyObject *
decode_preceding_insn(out, ea)
Decodes the preceding instruction.
bool
construct_macro(insn, enable, build_macro)
See ua.hpp's construct_macro().
int
get_dtype_by_size(size)
Get 'op_t::dtype' from size.
PyObject *
get_immvals(ea, n, F=0)
Get immediate values at the specified address.
PyObject *
get_printable_immvals(ea, n, F=0)
Get immediate ready-to-print values at the specified address
insn_t
insn_t__from_ptrval__(ptrval)
op_t
op_t__from_ptrval__(ptrval)
outctx_base_t
outctx_base_t__from_ptrval__(ptrval)
outctx_t
outctx_t__from_ptrval__(ptrval)
bool
ua_mnem(ea)
Print instruction mnemonics.
Variables
  cvar = _ida_ua.cvar
  o_void = 0
  o_reg = 1
  o_mem = 2
  o_phrase = 3
  o_displ = 4
  o_imm = 5
  o_far = 6
  o_near = 7
  o_idpspec0 = 8
  o_idpspec1 = 9
  o_idpspec2 = 10
  o_idpspec3 = 11
  o_idpspec4 = 12
  o_idpspec5 = 13
  OF_NO_BASE_DISP = 128
base displacement doesn't exist.
  OF_OUTER_DISP = 64
outer displacement exists.
  PACK_FORM_DEF = 32
(! 'o_reg' + 'dt_packreal' )
  OF_NUMBER = 16
the operand can be converted to a number only
  OF_SHOW = 8
should the operand be displayed?
  dt_byte = 0
8 bit
  dt_word = 1
16 bit
  dt_dword = 2
32 bit
  dt_float = 3
4 byte
  dt_double = 4
8 byte
  dt_tbyte = 5
variable size ({tbyte_size})
  dt_packreal = 6
packed real format for mc68040
  dt_qword = 7
64 bit
  dt_byte16 = 8
128 bit
  dt_code = 9
ptr to code (not used?)
  dt_void = 10
none
  dt_fword = 11
48 bit
  dt_bitfild = 12
bit field (mc680x0)
  dt_string = 13
pointer to asciiz string
  dt_unicode = 14
pointer to unicode string
  dt_ldbl = 15
long double (which may be different from tbyte)
  dt_byte32 = 16
256 bit
  dt_byte64 = 17
512 bit
  INSN_MACRO = 1
macro instruction
  INSN_MODMAC = 2
may modify the database to make room for the macro insn
  INSN_64BIT = 4
belongs to 64bit segment?
  STKVAR_VALID_SIZE = 1
  CTXF_MAIN = 1
  CTXF_MULTI = 2
  CTXF_CODE = 4
  CTXF_STACK = 8
  CTXF_GEN_XREFS = 16
  CTXF_XREF_STATE = 96
  XREFSTATE_NONE = 0
  XREFSTATE_GO = 32
  XREFSTATE_DONE = 64
  CTXF_GEN_CMT = 128
  CTXF_CMT_STATE = 768
  COMMSTATE_NONE = 0
  COMMSTATE_GO = 256
  COMMSTATE_DONE = 512
  CTXF_VOIDS = 1024
  CTXF_NORMAL_LABEL = 2048
  CTXF_DEMANGLED_LABEL = 4096
  CTXF_LABEL_OK = 8192
  CTXF_DEMANGLED_OK = 16384
  CTXF_OVSTORE_PRNT = 32768
  CTXF_OUTCTX_T = 65536
  OOF_SIGNMASK = 3
sign symbol (+/-) output
  OOFS_IFSIGN = 0
output sign if needed
  OOFS_NOSIGN = 1
don't output sign, forbid the user to change the sign
  OOFS_NEEDSIGN = 2
always out sign (+-)
  OOF_SIGNED = 4
output as signed if < 0
  OOF_NUMBER = 8
always as a number
  OOF_WIDTHMASK = 112
width of value in bits
  OOFW_IMM = 0
take from x.dtype
  OOFW_8 = 16
8 bit width
  OOFW_16 = 32
16 bit width
  OOFW_24 = 48
24 bit width
  OOFW_32 = 64
32 bit width
  OOFW_64 = 80
64 bit width
  OOF_ADDR = 128
output x.addr, otherwise x.value
  OOF_OUTER = 256
output outer operand
  OOF_ZSTROFF = 512
meaningful only if is_stroff(uFlag) append a struct field name if the field offset is zero? if 'AFL_ZSTROFF' is set, then this flag is ignored.
  OOF_NOBNOT = 1024
prohibit use of binary not
  OOF_SPACES = 2048
currently works only for floating point numbers
  OOF_ANYSERIAL = 4096
if enum: select first available serial
  MAKELINE_NONE = 0
  MAKELINE_BINPREF = 1
  MAKELINE_VOID = 2
  MAKELINE_STACK = 4
  GH_PRINT_PROC = 1
  GH_PRINT_ASM = 2
  GH_PRINT_BYTESEX = 4
  GH_PRINT_HEADER = 8
  GH_BYTESEX_HAS_HIGHBYTE = 16
  GH_PRINT_PROC_AND_ASM = 3
  GH_PRINT_PROC_ASM_AND_BYTESEX = 7
  GH_PRINT_ALL = 15
  GH_PRINT_ALL_BUT_BYTESEX = 11
  FCBF_CONT = 1
don't stop on decoding, or any other kind of error
  FCBF_ERR_REPL = 2
of a hex representation of the problematic byte
  FCBF_FF_LIT = 4
in case of codepoints == 0xFF, use it as-is (i.e., LATIN SMALL LETTER Y WITH DIAERESIS) If both this, and FCBF_REPL are specified, this will take precedence
  FCBF_DELIM = 8
add the 'ash'-specified delimiters around the generated data.
  __package__ = None
Function Details

get_lookback()

 

Number of instructions to look back. This variable is not used by the kernel. Its value may be specified in ida.cfg: LOOKBACK = <number>. IDP may use it as you like it. (TMS module uses it)

Returns: int

calc_dataseg(insn, n=-1, rgnum=-1)

 

Get data segment for the instruction operand. 'opnum' and 'rgnum' are meaningful only if the processor has segment registers.

Parameters:
  • insn, (C++ - const insn_t &)
  • n, (C++ - int)
  • rgnum, (C++ - int)
Returns: ea_t

map_data_ea(insn, addr, opnum=-1)

 
  map_data_ea(insn, op) -> ea_t


Map a data address.

@param insn: the current instruction (C++: const  insn_t  &)
@param addr: the referenced address to map (C++: ea_t)
@param opnum: operand number (C++: int)
  

Returns: ea_t

map_code_ea(insn, addr, opnum)

 
  map_code_ea(insn, op) -> ea_t


Map a code address. This function takes into account the segment
translations.

@param insn: the current instruction (C++: const  insn_t  &)
@param addr: the referenced address to map (C++: ea_t)
@param opnum: operand number (C++: int)
  

Returns: ea_t

create_outctx(ea, F=0, suspop=0)

 

Create a new output context. To delete it, just use "delete pctx"

Parameters:
  • ea, (C++ - ea_t)
  • F, (C++ - flags_t)
  • suspop, (C++ - int)
Returns: outctx_base_t

print_insn_mnem(ea)

 

Print instruction mnemonics.

Parameters:
  • ea - linear address of the instruction (C++: ea_t)
Returns: bool
success

get_dtype_flag(dtype)

 

Get flags for 'op_t::dtype' field.

Parameters:
  • dtype, (C++ - op_dtype_t)
Returns: flags_t

get_dtype_size(dtype)

 

Get size of opt_::dtype field.

Parameters:
  • dtype, (C++ - op_dtype_t)
Returns: size_t

create_insn(ea, out=None)

 

Create an instruction at the specified address. This function checks if an instruction is present at the specified address and will try to create one if there is none. It will fail if there is a data item or other items hindering the creation of the new instruction. This function will also fill the 'out' structure.

Parameters:
  • ea - linear address (C++: ea_t)
  • out - the resulting instruction (C++: insn_t *)
Returns: int
the length of the instruction or 0

decode_insn(out, ea)

 

Analyze the specified address and fill 'out'. This function does not modify the database. It just tries to interpret the specified address as an instruction and fills the 'out' structure.

Parameters:
  • out - the resulting instruction (C++: insn_t *)
  • ea - linear address (C++: ea_t)
Returns: int
the length of the (possible) instruction or 0

can_decode(ea)

 

Can the bytes at address 'ea' be decoded as instruction?

Parameters:
  • ea - linear address (C++: ea_t)
Returns: bool
whether or not the contents at that address could be a valid instruction

print_operand(ea, n, getn_flags=0, newtype=None)

 

Generate text representation for operand #n. This function will generate the text representation of the specified operand (includes color codes.)

Parameters:
  • ea - the item address (instruction or data) (C++: ea_t)
  • n - operand number (0,1,2...). meaningful only for instructions (C++: int)
  • getn_flags, (C++ - int)
  • newtype - if specified, print the operand using the specified type (C++: struct printop_t *)
Returns: bool
success

decode_prev_insn(out, ea)

 

Decode previous instruction if it exists, fill 'out'.

Parameters:
  • out - the resulting instruction (C++: insn_t *)
  • ea - the address to decode the previous instruction from (C++: ea_t)
Returns: ea_t
the previous instruction address ( BADADDR -no such insn)

guess_table_address(insn)

 

Guess the jump table address (ibm pc specific)

Parameters:
  • insn, (C++ - const insn_t &)
Returns: ea_t

guess_table_size(insn, jump_table)

 

Guess the jump table size.

Parameters:
  • insn, (C++ - const insn_t &)
  • jump_table, (C++ - ea_t)
Returns: asize_t

decode_preceding_insn(out, ea)

 

Decodes the preceding instruction. Please check ua.hpp / decode_preceding_insn()

Parameters:
  • ea - current ea
  • out - instruction storage
Returns: PyObject *
tuple(preceeding_ea or BADADDR, farref = Boolean)

get_dtype_by_size(size)

 

Get 'op_t::dtype' from size.

Parameters:
  • size, (C++ - asize_t)
Returns: int

get_immvals(ea, n, F=0)

 

Get immediate values at the specified address. This function decodes instruction at the specified address or inspects the data item. It finds immediate values and copies them to 'out'. This function will store the original value of the operands in 'out', unless the last bits of 'F' are "...0 11111111", in which case the transformed values (as needed for printing) will be stored instead.

Parameters:
  • ea - address to analyze (C++: ea_t)
  • n - number of operand (0.. UA_MAXOP -1), -1 means all operands (C++: int)
  • F - flags for the specified address (C++: flags_t)
Returns: PyObject *
number of immediate values (0..2* UA_MAXOP )

get_printable_immvals(ea, n, F=0)

 

Get immediate ready-to-print values at the specified address

Parameters:
  • ea - address to analyze (C++: ea_t)
  • n - number of operand (0.. UA_MAXOP -1), -1 means all operands (C++: int)
  • F - flags for the specified address (C++: flags_t)
Returns: PyObject *
number of immediate values (0..2* UA_MAXOP )

ua_mnem(ea)

 

Print instruction mnemonics.

Parameters:
  • ea - linear address of the instruction (C++: ea_t)
Returns: bool
success

Variables Details

OF_NO_BASE_DISP

base displacement doesn't exist. meaningful only for 'o_displ' type. if set, base displacement ( 'op_t::addr' ) doesn't exist.

Value:
128

OF_OUTER_DISP

outer displacement exists. meaningful only for 'o_displ' type. if set, outer displacement ( 'op_t::value' ) exists.

Value:
64

PACK_FORM_DEF

(! 'o_reg' + 'dt_packreal' )

packed factor defined.

Value:
32

OOF_SPACES

currently works only for floating point numbers

do not suppress leading spaces

Value:
2048

FCBF_ERR_REPL

of a hex representation of the problematic byte

in case of an error, use a CP_REPLCHAR instead

Value:
2

FCBF_DELIM

add the 'ash'-specified delimiters around the generated data. Note: if those are not defined and the INFFL_ALLASM is not set, 'format_charlit()' will return an error

Value:
8