Module idc
[frames] | no frames]

Module idc

IDC compatibility module

This file contains IDA built-in function declarations and internal bit definitions. Each byte of the program has 32-bit flags (low 8 bits keep the byte value). These 32 bits are used in get_full_flags/get_flags functions.

This file is subject to change without any notice. Future versions of IDA may use other definitions.

Classes
  DeprecatedIDCError
Exception for deprecated function calls
Functions
 
get_sourcefile(ea)
Get name of source file occupying the given address
 
get_tev_qty()
Return the total number of recorded events
 
set_inf_attr(offset, value)
 
get_name_ea_simple(name)
Get linear address of a name
 
get_event_module_size()
Get module size for debug event
 
writelong(handle, dword, mostfirst)
 
batch(batch)
Enable/disable batch mode of operation
 
get_sp_delta(ea)
Get modification of SP made by the instruction
 
set_segm_attr(segea, attr, value)
Set segment attribute
 
get_next_cref_to(To, current)
Get next code xref to 'To'
 
del_hash_string(hash_id, key)
Delete a hash element.
 
get_frame_id(ea)
Get ID of function frame structure
 
get_trace_file_desc(filename)
Get the trace description of the given binary trace file
 
create_word(ea)
Convert the current item to a word (2 bytes)
 
set_bpt_attr(address, bptattr, value)
modifiable characteristics of a breakpoint
 
del_func(ea)
Delete a function
 
substr(s, x1, x2)
 
enable_bpt(ea, enable)
Enable/disable breakpoint
 
find_unknown(ea, flag)
 
get_segm_start(ea)
Get start address of a segment
 
get_enum_size(enum_id)
Get size of enum
 
suspend_thread(tid)
Suspend thread
 
get_first_cref_from(From)
Get first code xref from 'From'
 
plan_to_apply_idasgn(name)
Load (plan to apply) a FLIRT signature file
 
get_next_fixup_ea(ea)
Find next address with fixup information
 
isBin1(F)
 
isBin0(F)
 
load_trace_file(filename)
Load a previously recorded binary trace file
 
value_is_pvoid(var)
 
next_addr(ea)
Get next address in the program
 
set_array_string(array_id, idx, value)
Sets the string value of an array element.
 
add_sourcefile(ea1, ea2, filename)
Mark a range of address as belonging to a source file An address range may belong only to one source file.
 
qsleep(milliseconds)
qsleep the specified number of milliseconds This function suspends IDA for the specified amount of time
 
byte_value(F)
Get byte value from flags Get value of byte provided that the byte is initialized.
 
enable_tracing(trace_level, enable)
Enable step tracing
 
get_qword(ea)
Get value of program quadro word (8 bytes)
 
set_func_end(ea, end)
Change function end address
 
take_memory_snapshot(only_loader_segs)
Take memory snapshot of the debugged process
 
get_tev_tid(tev)
Return the thread id of the specified event
 
get_sreg(ea, reg)
Get value of segment register at the specified address
 
get_first_bmask(enum_id)
Get first bitmask in the enum (bitfield)
 
create_struct(ea, size, strname)
Convert the current item to a structure instance
 
GetLocalType(ordinal, flags)
Retrieve a local type declaration
 
get_name_ea(fromaddr, name)
Get linear address of a name
 
set_trace_file_desc(filename, description)
Update the trace description of the given binary trace file
 
GetCommentEx(ea, repeatable)
Get regular indented comment
 
get_bpt_qty()
Get number of breakpoints.
 
get_fixup_target_flags(ea)
Get fixup target flags
 
get_struc_name(sid)
Get structure type name
 
get_root_filename()
Get input file name
 
step_into()
Execute one instruction in the current thread.
 
set_enum_member_name(const_id, name)
Rename a member of enum - a symbolic constant
 
SaveFile(filepath, pos, ea, size)
Save from IDA database to file
 
get_screen_ea()
Get linear address of cursor
 
get_event_exc_code()
Get exception code for EXCEPTION event
 
delete_array(array_id)
Delete array, by its ID.
 
call_system(command)
Execute an OS command.
 
del_struc_member(sid, member_offset)
Delete structure member
 
is_event_handled()
Is the debug event handled?
 
find_suspop(ea, flag)
 
rotate_byte(x, count)
 
create_double(ea)
Convert the current item to a double floating point (8 bytes)
 
load_and_run_plugin(name, arg)
Load and run a plugin
 
set_tail_owner(tailea, funcea)
Change the function chunk owner
 
get_thread_qty()
Get number of threads.
 
set_segm_combination(segea, comb)
Change combination of the segment
 
is_union(sid)
Is a structure a union?
 
get_prev_struc_idx(index)
Get index of previous structure type
 
set_source_linnum(ea, lnnum)
Set source line number
 
create_yword(ea)
Convert the current item to a ymm word (32 bytes/256 bits)
 
get_next_offset(sid, offset)
Get next offset in a structure
 
add_user_stkpnt(ea, delta)
Add user-defined SP register change point.
 
refresh_debugger_memory()
refresh_idaview_anyway debugger memory Upon this call IDA will forget all cached information about the debugged process.
 
set_func_flags(ea, flags)
Change function flags
 
set_processor_type(processor, level)
Change current processor
 
get_member_cmt(sid, member_offset, repeatable)
Get comment of a member
 
get_enum_idx(enum_id)
Get serial number of enum by its ID
 
set_bmask_cmt(enum_id, bmask, cmt, repeatable)
Set bitmask comment (only for bitfields)
 
is_data(F)
 
is_struct(F)
 
get_event_module_name()
Get module name for debug event
 
get_full_flags(ea)
Get internal flags
 
create_array(name)
Create array.
 
get_enum_name(enum_id)
Get name of enum
 
get_bookmark(slot)
Get marked position
 
isExtra(F)
 
find_code(ea, flag)
 
xtol(s)
 
get_event_exc_info()
Get info for EXCEPTION event
 
is_bf(enum_id)
Is enum a bitfield?
 
set_member_type(sid, member_offset, flag, typeid, nitems, target=-1, tdelta=0, reftype=2)
Change structure member type
 
force_bl_call(ea)
Force BL instruction to be a call
 
get_prev_offset(sid, offset)
Get previous offset in a structure
 
get_item_end(ea)
Get address of the end of the item (instruction or data)
 
GetFloat(ea)
Get value of a floating point number (4 bytes) This function assumes number stored using IEEE format and in the same endianness as integers.
 
get_current_thread()
Get current thread ID
 
get_event_module_base()
Get module base for debug event
 
recalc_spd(cur_ea)
Recalculate SP delta for an instruction that stops execution.
 
get_next_cref_from(From, current)
Get next code xref from
 
del_enum(enum_id)
Delete enum type
 
get_fixup_target_sel(ea)
Get fixup target selector
 
is_head(F)
 
ask_seg(defval, prompt)
Ask the user to enter a segment value
 
getn_thread(idx)
Get the ID of a thread
 
resume_process()
 
save_trace_file(filename, description)
Save current trace to a binary trace file
 
get_enum_member_by_name(name)
Get member of enum - a symbolic constant ID
 
is_float(F)
 
jumpto(ea)
Move cursor to the specifed linear address
 
set_struc_name(sid, name)
Change structure name
 
gen_flow_graph(outfile, title, ea1, ea2, flags)
Generate a flow chart GDL file
 
add_entry(ordinal, ea, name, makecode)
Add entry point
 
wait_for_next_event(wfne, timeout)
Wait for the next event This function (optionally) resumes the process execution and wait for a debugger event until timeout
 
delete_all_segments()
Delete all segments, instructions, comments, i.e.
 
get_first_struc_idx()
Get index of first structure type
 
read_dbg_dword(ea)
Get value of program double-word using the debugger memory
 
get_event_exit_code()
Get exit code for debug event
 
get_next_hash_key(hash_id, key)
Get the next key in the hash.
 
eval_idc(expr)
Evaluate an IDC expression
 
guess_type(ea)
Guess type of function/variable
 
get_ret_tev_return(tev)
Return the return address for the specified event
 
get_forced_operand(ea, n)
Get manually entered operand string
 
get_hash_string(hash_id, key)
Gets the string value of a hash element.
 
toggle_sign(ea, n)
Change sign of the operand
 
filelength(handle)
 
find_data(ea, flag)
 
form(format, *args)
 
ask_yn(defval, prompt)
Ask the user a question and let him answer Yes/No/Cancel
 
create_byte(ea)
Convert the current item to a byte
 
is_defarg1(F)
 
get_event_pid()
Get process ID for debug event
 
del_sourcefile(ea)
Delete information about the source file
 
get_tev_type(tev)
Return the type of the specified event (TEV_...
 
create_tbyte(ea)
Convert the current item to a tbyte (10 or 12 bytes)
 
get_first_fcref_to(To)
Get first xref to 'To'
 
value_is_string(var)
 
detach_process()
Detach the debugger from the debugged process.
 
get_strlit_contents(ea, length=-1, strtype=0)
Get string contents
 
get_original_byte(ea)
Get original value of program byte
 
is_tbyte(F)
 
get_prev_bmask(enum_id, value)
Get prev bitmask in the enum (bitfield)
 
op_oct(ea, n)
Convert an operand of the item (instruction or data) to an octal number
 
hasName(F)
 
get_member_qty(sid)
Get number of members of a structure
 
get_curline()
Get the disassembly line at the cursor
 
get_first_fcref_from(From)
Get first xref from 'From'
 
get_next_index(tag, array_id, idx)
Get index of the next existing array element.
 
get_tinfo(ea)
Get type information of function/variable as 'typeinfo' object
 
get_struc_id(name)
Get structure ID by structure name
 
del_struc(sid)
Delete a structure type
 
find_imm(ea, flag, value)
 
process_ui_action(name, flags=0)
Invokes an IDA UI action by name
 
prev_head(ea, minea=0)
Get previous defined item (instruction or data) in the program
 
get_segm_attr(segea, attr)
Get segment attribute
 
get_enum_width(enum_id)
Get width of enum elements
 
auto_mark_range(start, end, queuetype)
Plan to perform an action in the future.
 
del_fixup(ea)
Delete fixup information
 
msg(message)
Display an UTF-8 string in the message window
 
write_dbg_memory(ea, data)
Write to debugger memory.
 
GetDisasm(ea)
Get disassembly line
 
choose_func(title)
Ask the user to select a function
 
is_dword(F)
 
add_enum_member(enum_id, name, value, bmask)
Add a member of enum - a symbolic constant
 
get_next_module(base)
Enumerate process modules
 
define_exception(code, name, desc, flags)
Add exception handling information
 
get_wide_dword(ea)
Get value of program double word (4 bytes)
 
strlen(s)
 
get_prev_fixup_ea(ea)
Find previous address with fixup information
 
get_bytes(ea, size, use_dbg=False)
Return the specified number of bytes of the program
 
get_color(ea, what)
Get item color
 
get_func_attr(ea, attr)
Get a function attribute
 
select_thread(tid)
Select the given thread as the current debugged thread.
 
calc_gtn_flags(fromaddr, ea)
Calculate flags for get_name() function
 
define_local_var(start, end, location, name)
Create a local variable
 
is_unknown(F)
 
get_operand_value(ea, n)
Get number used in the operand
 
next_not_tail(ea)
Get next not-tail address in the program This function searches for the next displayable address in the program.
 
check_bpt(ea)
Check a breakpoint
 
get_member_name(sid, member_offset)
Get name of a member of a structure
 
load_debugger(dbgname, use_remote)
Load the debugger
 
get_member_offset(sid, member_name)
Get offset of a member of a structure by the member name
 
SetPrcsr(processor)
 
get_event_bpt_hea()
Get hardware address for BREAKPOINT event
 
next_func_chunk(funcea, tailea)
Get the next function chunk of the specified function
 
get_fixup_target_type(ea)
Get fixup target type
 
get_debugger_event_cond()
Return the debugger event condition
 
set_remote_debugger(hostname, password, portnum)
Set remote debugging options
 
set_reg_value(value, name)
Set register value
 
set_local_type(ordinal, input, flags)
Parse one type declaration and store it in the specified slot
 
clear_trace(filename)
Clear the current trace buffer
 
set_struc_idx(sid, index)
Change structure index
 
create_qword(ea)
Convert the current item to a quadro word (8 bytes)
 
getn_enum(idx)
Get ID of the specified enum by its serial number
 
get_prev_enum_member(enum_id, value, bmask)
Get prev constant in the enum
 
get_member_flag(sid, member_offset)
Get type of a member
 
add_auto_stkpnt(func_ea, ea, delta)
Add automatical SP register change point
 
get_first_member(sid)
Get offset of the first member of a structure
 
set_array_params(ea, flags, litems, align)
Set array representation format
 
find_defined(ea, flag)
 
is_enum0(F)
 
is_enum1(F)
 
retrieve_input_file_md5()
Return the MD5 hash of the input binary file
 
get_first_cref_to(To)
Get first code xref to 'To'
 
get_entry_ordinal(index)
Retrieve entry point ordinal number
 
op_offset(ea, n, reftype, target, base, tdelta)
Convert operand to a complex offset expression This is a more powerful version of op_plain_offset() function.
 
get_input_file_path()
Get input file path
 
move_segm(ea, to, flags)
Move a segment to a new address This function moves all information to the new address It fixes up address sensitive information in the kernel The total effect is equal to reloading the segment to the target address
 
add_cref(From, To, flowtype)
 
put_bookmark(ea, lnnum, x, y, slot, comment)
Mark position
 
demangle_name(name, disable_mask)
demangle_name a name
 
set_debugger_options(opt)
Get/set debugger options
 
is_defarg0(F)
 
attach_process(pid, event_id)
Attach the debugger to a running process
 
get_array_id(name)
Get array array_id, by name.
 
suspend_process()
Suspend the running process Tries to suspend the process.
 
del_enum_member(enum_id, value, serial, bmask)
Delete a member of enum - a symbolic constant
 
patch_qword(ea, value)
Change value of a quad word
 
get_segm_name(ea)
Get name of a segment
 
get_first_dref_from(From)
Get first data xref from 'From'
 
get_process_state()
Get debugged process state
 
get_xref_type()
Return type of the last xref obtained by [RD]first/next[B0] functions.
 
get_member_id(sid, member_offset)
Returns: -1 if bad structure type ID is passed or there is no member at the specified offset.
 
value_is_func(var)
 
read_dbg_byte(ea)
Get value of program byte using the debugger memory
 
apply_type(ea, py_type, flags=1)
Apply the specified type to the address
 
get_call_tev_callee(tev)
Return the address of the callee for the specified event
 
is_seg1(F)
 
is_seg0(F)
 
get_idb_path()
Get IDB full path
 
op_flt(ea, n)
Convert operand to a floating-point number
 
get_array_element(tag, array_id, idx)
Get value of array element.
 
create_oword(ea)
Convert the current item to an octa word (16 bytes/128 bits)
 
value_is_float(var)
 
del_hidden_range(ea)
Delete a hidden range
 
get_entry(ordinal)
Retrieve entry point address
 
set_func_attr(ea, attr, value)
Set a function attribute
 
loadfile(filepath, pos, ea, size)
 
set_hash_long(hash_id, key, value)
Sets the long value of a hash element.
 
get_segm_end(ea)
Get end address of a segment
 
del_extra_cmt(ea, n)
Delete an extra comment line
 
is_oword(F)
 
add_dref(From, To, drefType)
Create Data Ref
 
get_reg_value(name)
Get register value
 
op_chr(ea, n)
 
set_frame_size(ea, lvsize, frregs, argsize)
Make function frame
 
AddSeg(startea, endea, base, use32, align, comb)
 
create_insn(ea)
Create an instruction at the specified address
 
set_storage_type(start_ea, end_ea, stt)
Set storage type
 
get_tev_mem_qty(tev)
Return the number of blobs of memory recorded, for the specified event
 
fgetc(handle)
 
read_dbg_qword(ea)
Get value of program quadro-word using the debugger memory
 
get_last_index(tag, array_id)
Get index of last existing array element.
 
set_ida_state(status)
Change IDA indicator.
 
ftell(handle)
 
set_segm_name(ea, name)
Change name of the segment
 
ltoa(n, radix)
 
del_array_element(tag, array_id, idx)
Delete an array element.
 
gen_file(filetype, path, ea1, ea2, flags)
Generate an output file
 
set_debugger_event_cond(cond)
Set the debugger event condition
 
rebase_program(delta, flags)
Rebase the whole program by 'delta' bytes
 
sel2para(sel)
Get a selector value
 
get_struc_size(sid)
Get size of a structure
 
del_segm(ea, flags)
Delete a segment
 
get_struc_cmt(sid, repeatable)
Get structure type comment
 
set_default_sreg_value(ea, reg, value)
Set default segment register value for a segment
 
del_idc_hotkey(hotkey)
Delete IDC function hotkey
 
isDec0(F)
 
isDec1(F)
 
get_enum_member_enum(const_id)
Get id of enum by id of constant
 
print_insn_mnem(ea)
Get instruction mnemonics
 
get_next_seg(ea)
Get next segment
 
get_bpt_ea(n)
Get breakpoint address
 
get_ordinal_qty()
Get number of local types + 1
 
get_first_dref_to(To)
Get first data xref to 'To'
 
get_member_strid(sid, member_offset)
Get structure id of a member
 
get_first_module()
Enumerate process modules
 
set_cmt(ea, comment, rptble)
Set an indented regular comment of an item
 
get_fixup_target_dis(ea)
Get fixup target displacement
 
get_entry_qty()
Retrieve number of entry points
 
is_stkvar0(F)
 
is_stkvar1(F)
 
op_plain_offset(ea, n, base)
Convert operand to an offset (for the explanations of 'ea' and 'n' please see op_bin())
 
op_bin(ea, n)
Convert an operand of the item (instruction or data) to a binary number
 
rename_array(array_id, newname)
Rename array, by its ID.
 
create_align(ea, count, align)
Convert the current item to an alignment directive
 
get_bookmark_desc(slot)
Get marked position comment
 
is_stroff1(F)
 
is_stroff0(F)
 
rotate_left(value, count, nbits, offset)
Rotate a value to the left (or right)
 
isRef(F)
 
get_last_struc_idx()
Get index of last structure type
 
to_ea(seg, off)
Return value of expression: ((seg<<4) + off)
 
get_hash_long(hash_id, key)
Gets the long value of a hash element.
 
generate_disasm_line(ea, flags)
Get disassembly line
 
get_item_head(ea)
Get starting address of the item (instruction or data)
 
get_tev_mem_ea(tev, idx)
Return the address of the blob of memory pointed to by 'index' for the specified event
 
auto_wait()
Process all entries in the autoanalysis queue Wait for the end of autoanalysis
 
find_binary(ea, flag, searchstr, radix=16)
Returns: ea of result or BADADDR if not found
 
set_flag(off, bit, value)
 
make_array(ea, nitems)
Create an array.
 
prev_not_tail(ea)
Get previous not-tail address in the program This function searches for the previous displayable address in the program.
 
get_wide_byte(ea)
Get value of program byte
 
read_dbg_memory(ea, size)
Read from debugger memory.
 
validate_idb_names()
check consistency of IDB name records
 
get_enum_member(enum_id, value, serial, bmask)
Get id of constant
 
patch_dword(ea, value)
Change value of a double word
 
get_numbered_type_name(ordinal)
Retrieve a local type name
 
op_hex(ea, n)
Convert an operand of the item (instruction or data) to a hexadecimal number
 
get_first_seg()
Get first segment
 
parse_decls(inputtype, flags=0)
Parse type declarations
 
get_last_bmask(enum_id)
Get last bitmask in the enum (bitfield)
 
del_stkpnt(func_ea, ea)
Delete SP register change point
 
create_float(ea)
Convert the current item to a floating point (4 bytes)
 
get_event_id()
Get ID of debug event
 
get_entry_name(ordinal)
Retrieve entry point name
 
print_decls(ordinals, flags)
Print types in a format suitable for use in a header file
 
set_manual_insn(ea, insn)
Specify instruction represenation manually.
 
expand_struc(sid, offset, delta, recalc)
Expand or shrink a structure type
 
set_enum_name(enum_id, name)
Rename enum
 
op_offset_high16(ea, n, target)
Convert operand to a high offset High offset is the upper 16bits of an offset.
 
get_last_hash_key(hash_id)
Get the last key in the hash.
 
get_event_exc_ea()
Get address for EXCEPTION event
 
is_flow(F)
 
create_dword(ea)
Convert the current item to a double word (4 bytes)
 
LoadFile(filepath, pos, ea, size)
Load file into IDA database
 
set_segm_alignment(ea, alignment)
Change alignment of the segment
 
auto_unmark(start, end, queuetype)
Remove range of addresses from a queue.
 
value_is_int64(var)
 
is_pack_real(F)
 
get_enum_member_value(const_id)
Get value of symbolic constant
 
import_type(idx, type_name)
Copy information from type library to database Copy structure, union, or enum definition from the type library to the IDA database.
 
set_step_trace_options(options)
Set step current tracing options.
 
set_segm_type(segea, segtype)
Set segment type
 
step_until_ret()
Execute instructions in the current thread until a function return instruction is reached.
 
get_extra_cmt(ea, n)
Get extra comment line
 
exit_process()
Stop the debugger Kills the currently debugger process and returns to the disassembly mode
 
create_pack_real(ea)
Convert the current item to a packed real (10 or 12 bytes)
 
del_source_linnum(ea)
Delete information about source line number
 
remove_fchunk(funcea, tailea)
Remove a function chunk from the function
 
SizeOf(typestr)
Returns the size of the type.
 
set_enum_flag(enum_id, flag)
Set flag of enum
 
is_tail(F)
 
plan_and_wait(sEA, eEA, final_pass=True)
Perform full analysis of the range
 
fputc(byte, handle)
 
get_step_trace_options()
Get step current tracing options
 
is_code(F)
 
patch_byte(ea, value)
Change value of a program byte If debugger was active then the debugged process memory will be patched too
 
del_bpt(ea)
Delete breakpoint
 
del_items(ea, flags=0, size=1)
Convert the current item to an explored item
 
selector_by_name(segname)
Get segment by name
 
op_stkvar(ea, n)
Convert operand to a stack variable
 
get_fixup_target_off(ea)
Get fixup target offset
 
op_dec(ea, n)
Convert an operand of the item (instruction or data) to a decimal number
 
rename_entry(ordinal, name)
Rename entry point
 
get_func_flags(ea)
Retrieve function flags
 
get_bmask_name(enum_id, bmask)
Get bitmask name (only for bitfields)
 
add_struc(index, name, is_union)
Define a new structure type
 
get_frame_regs_size(ea)
Get size of saved registers in function frame
 
set_selector(sel, value)
Set a selector value
 
read_selection_end()
Get end address of the selected range
 
set_enum_bf(enum_id, flag)
Set bitfield property of enum
 
get_enum_cmt(enum_id, repeatable)
Get comment of enum
 
get_struc_by_idx(index)
Get structure ID by structure index
 
read_selection_start()
Get start address of the selected range returns BADADDR - the user has not selected an range
 
get_manual_insn(ea)
Get manual representation of instruction
 
get_event_tid()
Get type ID for debug event
 
error(format)
Display a fatal message in a message box and quit IDA
 
func_contains(func_ea, ea)
Does the given function contain the given address?
 
set_fixup(ea, fixuptype, fixupflags, targetsel, targetoff, displ)
Set fixup information
 
parse_decl(inputtype, flags)
Parse type declaration
 
get_fchunk_attr(ea, attr)
Get a function chunk attribute
 
first_func_chunk(funcea)
Get the first function chunk of the specified function
 
get_struc_qty()
Get number of defined structure types
 
get_enum_member_name(const_id)
Get name of a constant
 
get_struc_idx(sid)
Get structure index by structure ID
 
op_enum(ea, n, enumid, serial)
Convert operand to a symbolic constant
 
get_prev_func(ea)
Find previous function
 
is_byte(F)
 
value_is_long(var)
 
strstr(s1, s2)
 
set_segment_bounds(ea, startea, endea, flags)
Change segment boundaries
 
get_func_cmt(ea, repeatable)
Retrieve function comment
 
get_last_enum_member(enum_id, bmask)
Get last constant in the enum
 
split_sreg_range(ea, reg, value, tag=2)
Set value of a segment register.
 
get_next_dref_from(From, current)
Get next data xref from 'From'
 
hasUserName(F)
 
get_fchunk_referer(ea, idx)
Get a function chunk referer
 
set_member_cmt(sid, member_offset, comment, repeatable)
Change structure member comment
 
get_event_ea()
Get ea for debug event
 
add_idc_hotkey(hotkey, idcfunc)
Add hotkey for IDC function
 
fopen(f, mode)
 
get_spd(ea)
Get current delta for the stack pointer
 
get_source_linnum(ea)
Get source line number
 
find_selector(val)
Find a selector which has the specifed value
 
get_next_fcref_to(To, current)
Get next xref to 'To'
 
readlong(handle, mostfirst)
 
atol(s)
 
atoa(ea)
Convert address value to a string Return address in the form 'seg000:1234' (the same as in line prefixes)
 
get_bpt_tev_ea(tev)
Return the address of the specified TEV_BPT event
 
find_func_end(ea)
Determine a new function boundaries
 
get_first_enum_member(enum_id, bmask)
Get first constant in the enum
 
warning(message)
Display a message in a message box
 
run_to(ea)
Execute the process until the given address is reached.
 
is_manual1(F)
 
is_manual0(F)
 
get_frame_lvar_size(ea)
Get size of local variables in function frame
 
add_struc_member(sid, name, offset, flag, typeid, nbytes, target=-1, tdelta=0, reftype=2)
Add structure member
 
is_strlit(F)
 
append_func_tail(funcea, ea1, ea2)
Append a function chunk to the function
 
set_name(ea, name, flags=0)
Rename an address
 
fclose(handle)
 
gen_simple_call_chart(outfile, title, flags)
Generate a function call graph GDL file
 
get_first_hash_key(hash_id)
Get the first key in the hash.
 
get_next_struc_idx(index)
Get index of next structure type
 
get_processes()
Take a snapshot of running processes and return their description.
 
set_color(ea, what, color)
Set item color
 
rotate_dword(x, count)
 
get_min_spd_ea(func_ea)
Return the address with the minimal spd (stack pointer delta) If there are no SP change points, then return BADADDR.
 
get_prev_fchunk(ea)
Get previous function chunk
 
isHex1(F)
 
isHex0(F)
 
get_first_index(tag, array_id)
Get index of the first existing array element.
 
get_next_bmask(enum_id, value)
Get next bitmask in the enum (bitfield)
 
refresh_lists()
refresh_idaview_anyway all list views (names, functions, etc)
 
get_next_enum_member(enum_id, value, bmask)
Get next constant in the enum
 
get_member_size(sid, member_offset)
Get size of a member
 
set_segm_class(ea, segclass)
Change class of the segment
 
get_frame_args_size(ea)
Get size of arguments in function frame which are purged upon return
 
get_local_tinfo(ordinal)
Get local type information as 'typeinfo' object
 
GetDouble(ea)
Get value of a floating point number (8 bytes) This function assumes number stored using IEEE format and in the same endianness as integers.
 
fprintf(handle, format, *args)
 
create_custom_data(ea, size, dtid, fid)
Convert the item at address to custom data.
 
add_enum(idx, name, flag)
Add a new enum type
 
save_database(idbname, flags=0)
Save current database to the specified idb file
 
resume_thread(tid)
Resume thread
 
idadir()
Get IDA directory
 
op_num(ea, n)
Convert operand to a number (with default number base, radix)
 
get_cmt(ea, repeatable)
Get regular indented comment
 
get_next_func(ea)
Find next function
 
op_man(ea, n, opstr)
Specify operand represenation manually.
 
get_next_dref_to(To, current)
Get next data xref to 'To'
 
get_prev_hash_key(hash_id, key)
Get the previous key in the hash.
 
EVAL_FAILURE(code)
Check the result of eval_idc() for evaluation failures
 
set_enum_width(enum_id, width)
Set width of enum elements
 
set_array_long(array_id, idx, value)
Sets the long value of an array element.
 
isOct0(F)
 
isOct1(F)
 
qexit(code)
Stop execution of IDC program, close the database and exit to OS
 
set_segm_addressing(ea, bitness)
Change segment addressing
 
is_off1(F)
 
is_off0(F)
 
set_enum_member_cmt(const_id, cmt, repeatable)
Set a comment of a symbolic constant
 
op_stroff(ea, n, strid, delta)
Convert operand to an offset in a structure
 
get_enum_member_cmt(const_id, repeatable)
Get comment of a constant
 
set_root_filename(path)
Set input file name This function updates the file name that is stored in the database It is used by the debugger and other parts of IDA Use it when the database is moved to another location or when you use remote debugging.
 
create_strlit(ea, endea)
Create a string.
 
add_segm_ex(startea, endea, base, use32, align, comb, flags)
Create a new segment
 
set_bpt_cond(ea, cnd, is_lowcnd=0)
Set breakpoint condition
 
set_enum_idx(enum_id, idx)
Give another serial number to a enum
 
read_dbg_word(ea)
Get value of program word using the debugger memory
 
send_dbg_command(cmd)
Sends a command to the debugger module and returns the output string.
 
get_bmask_cmt(enum_id, bmask, repeatable)
Get bitmask comment (only for bitfields)
 
get_last_member(sid)
Get offset of the last member of a structure
 
get_enum_qty()
Get number of enum types
 
del_cref(From, To, undef)
Unmark exec flow 'from' 'to'
 
has_value(F)
 
op_seg(ea, n)
Convert operand to a segment expression
 
step_over()
Execute one instruction in the current thread, but without entering into functions Others threads keep suspended.
 
AutoMark(ea, qtype)
Plan to analyze an address
 
rotate_word(x, count)
 
savefile(filepath, pos, ea, size)
 
get_tev_ea(tev)
Return the address of the specified event
 
add_func(start, end=4294967295)
Create a function
 
writestr(handle, s)
 
fseek(handle, offset, origin)
 
get_module_name(base)
Get process module name
 
is_double(F)
 
set_func_cmt(ea, cmt, repeatable)
Set function comment
 
set_member_name(sid, member_offset, name)
Change structure member name
 
set_bmask_name(enum_id, bmask, name)
Set bitmask name (only for bitfields)
 
get_tev_reg(tev, reg)
Return the register value for the specified event
 
is_loaded(ea)
Is the byte initialized?
 
readshort(handle, mostfirst)
 
get_item_size(ea)
Get size of instruction or data item in bytes
 
print_operand(ea, n)
Get operand of an instruction or data
 
get_func_off_str(ea)
Convert address to 'funcname+offset' string
 
get_wide_word(ea)
Get value of program word (2 bytes)
 
patch_dbg_byte(ea, value)
Change a byte in the debugged process memory only
 
update_extra_cmt(ea, n, line)
Set or update extra comment line
 
writeshort(handle, word, mostfirst)
 
refresh_idaview_anyway()
refresh_idaview_anyway all disassembly views
 
diff_trace_file(filename)
Diff current trace buffer against given trace
 
get_module_size(base)
Get process module size
 
MakeVar(ea)
Mark the location as "variable"
 
SetType(ea, newtype)
Set type of function/variable
 
find_text(ea, flag, y, x, searchstr)
Returns: ea of result or BADADDR if not found
 
readstr(handle)
 
get_frame_size(ea)
Get full size of function frame
 
toggle_bnot(ea, n)
Toggle the bitwise not operator for the operand
 
start_process(path, args, sdir)
Launch the debugger
 
add_hidden_range(start, end, description, header, footer, color)
Hide a range
 
get_next_fcref_from(From, current)
Get next xref from
 
is_char1(F)
 
is_char0(F)
 
get_enum_member_bmask(const_id)
Get bit mask of symbolic constant
 
is_word(F)
 
prev_addr(ea)
Get previous address in the program
 
get_prev_index(tag, array_id, idx)
Get index of the previous existing array element.
 
patch_word(ea, value)
Change value of a program word (2 bytes)
 
del_selector(sel)
Delete a selector
 
set_enum_cmt(enum_id, cmt, repeatable)
Set comment of enum
 
set_target_assembler(asmidx)
Set target assembler
 
get_event_info()
Get debug event info
 
is_valid_trace_file(filename)
Check the given binary trace file
 
is_qword(F)
 
get_next_fchunk(ea)
Get next function chunk
 
update_hidden_range(ea, visible)
Set hidden range state
 
get_name(ea, gtn_flags=0)
Get name at the specified address
 
get_db_byte(ea)
Get one byte (8-bit) of the program at 'ea' from the database even if the debugger is active
 
create_data(ea, flags, size, tid)
Create a data item at the specified address
 
add_default_til(name)
Load a type library
 
next_head(ea, maxea=4294967295)
Get next defined item (instruction or data) in the program
 
get_str_type(ea)
Get string type
 
get_enum(name)
Get enum ID by the name of enum
 
set_hash_string(hash_id, key, value)
Sets the string value of a hash element.
 
get_operand_type(ea, n)
Get type of instruction operand
 
set_fchunk_attr(ea, attr, value)
Set a function chunk attribute
 
get_func_name(ea)
Retrieve function name
 
get_enum_flag(enum_id)
Get flag of enum
 
get_segm_by_sel(base)
Get segment by segment base
 
get_tev_mem(tev, idx)
Return the blob of memory pointed to by 'index', for the specified event
 
is_align(F)
 
get_type(ea)
Get type of function/variable
 
add_bpt(ea, size=0, bpttype=12)
Add a new breakpoint
 
get_inf_attr(offset)
 
set_struc_cmt(sid, comment, repeatable)
Change structure comment
 
can_exc_continue()
Can it continue after EXCEPTION event?
 
force_bl_jump(ea)
Some ARM compilers in Thumb mode use BL (branch-and-link) instead of B (branch) for long jumps, since BL has more range.
 
get_bpt_attr(ea, bptattr)
Get the characteristics of a breakpoint
 
del_dref(From, To)
Unmark Data Ref
 
process_config_line(directive)
Parse one or more ida.cfg config directives
 
MakeFunction(start, end=ida_idaapi.BADADDR)
 
MakeStr(ea, endea)
 
GetProcessorName()
 
SegStart(ea)
 
SegEnd(ea)
 
SetSegmentType(ea, type)
 
here()
 
is_mapped(ea)
Variables
  __X64__ = True
  __EA64__ = False
  SendDbgCommand = send_dbg_command
  ApplyType = apply_type
  GetManyBytes = get_bytes
  GetString = get_strlit_contents
  ClearTraceFile = clear_trace
  FindBinary = find_binary
  NextHead = next_head
  ParseTypes = parse_decls
  PrevHead = prev_head
  ProcessUiAction = process_ui_action
  SaveBase = save_database
  Eval = eval_idc
  ARGV = ['tools/docs/hrdoc.py']
The command line arguments passed to IDA via the -S switch.
  __package__ = None
Function Details

get_sourcefile(ea)

 

Get name of source file occupying the given address

Parameters:
  • ea - linear address
Returns:
NULL - source file information is not found otherwise returns pointer to file name

get_name_ea_simple(name)

 

Get linear address of a name

Parameters:
  • name - name of program byte
Returns:
address of the name BADADDR - No such name

get_event_module_size()

 

Get module size for debug event

Returns:
module size

batch(batch)

 

Enable/disable batch mode of operation

Parameters:
  • batch - batch mode 0 - ida will display dialog boxes and wait for the user input 1 - ida will not display dialog boxes, warnings, etc.
Returns:
old balue of batch flag

get_sp_delta(ea)

 

Get modification of SP made by the instruction

Parameters:
  • ea - end address of the instruction i.e.the last address of the instruction+1
Returns:
Get modification of SP made at the specified location If the specified location doesn't contain a SP change point, return 0 Otherwise return delta of SP modification

set_segm_attr(segea, attr, value)

 

Set segment attribute

Parameters:
  • segea - any address within segment
  • attr - one of SEGATTR_... constants

Note: Please note that not all segment attributes are modifiable. Also some of them should be modified using special functions like set_segm_addressing, etc.

del_hash_string(hash_id, key)

 

Delete a hash element.

Parameters:
  • hash_id - The hash ID.
  • key - Key of an element
Returns:
1 upon success, 0 otherwise.

get_frame_id(ea)

 

Get ID of function frame structure

Parameters:
  • ea - any address belonging to the function
Returns:
ID of function frame or None In order to access stack variables you need to use structure member manipulaion functions with the obtained ID.

get_trace_file_desc(filename)

 

Get the trace description of the given binary trace file

Parameters:
  • filename - trace file

create_word(ea)

 

Convert the current item to a word (2 bytes)

Parameters:
  • ea - linear address
Returns:
1-ok, 0-failure

set_bpt_attr(address, bptattr, value)

 

modifiable characteristics of a breakpoint

Parameters:
  • address - any address in the breakpoint range
  • bptattr - the attribute code, one of BPTATTR_* constants BPTATTR_CND is not allowed, see set_bpt_cond()
  • value - the attibute value
Returns:
success

del_func(ea)

 

Delete a function

Parameters:
  • ea - any address belonging to the function
Returns:
!=0 - ok

enable_bpt(ea, enable)

 

Enable/disable breakpoint

Parameters:
  • ea - any address in the process memory space
Returns:
success

Note: Disabled breakpoints are not written to the process memory

get_segm_start(ea)

 

Get start address of a segment

Parameters:
  • ea - any address in the segment
Returns:
start of segment BADADDR - the specified address doesn't belong to any segment

get_enum_size(enum_id)

 

Get size of enum

Parameters:
  • enum_id - ID of enum
Returns:
number of constants in the enum Returns 0 if enum_id is bad.

suspend_thread(tid)

 

Suspend thread

Parameters:
  • tid - thread id
Returns:
-1:network error, 0-failed, 1-ok

Note: Suspending a thread may deadlock the whole application if the suspended was owning some synchronization objects.

plan_to_apply_idasgn(name)

 

Load (plan to apply) a FLIRT signature file

Parameters:
  • name - signature name without path and extension
Returns:
0 if could not load the signature file, !=0 otherwise

get_next_fixup_ea(ea)

 

Find next address with fixup information

Parameters:
  • ea - current address
Returns:
BADADDR - no more fixups otherwise returns the next address with fixup information

load_trace_file(filename)

 

Load a previously recorded binary trace file

Parameters:
  • filename - trace file

next_addr(ea)

 

Get next address in the program

Parameters:
  • ea - linear address
Returns:
BADADDR - the specified address in the last used address

set_array_string(array_id, idx, value)

 

Sets the string value of an array element.

Parameters:
  • array_id - The array ID.
  • idx - Index of an element.
  • value - String value to store in the array
Returns:
1 in case of success, 0 otherwise

add_sourcefile(ea1, ea2, filename)

 

Mark a range of address as belonging to a source file An address range may belong only to one source file. A source file may be represented by several address ranges.

Parameters:
  • ea1 - linear address of start of the address range
  • ea2 - linear address of end of the address range
  • filename - name of source file.
Returns:
1-ok, 0-failed.

Note: IDA can keep information about source files used to create the program. Each source file is represented by a range of addresses. A source file may contains several address ranges.

qsleep(milliseconds)

 

qsleep the specified number of milliseconds This function suspends IDA for the specified amount of time

Parameters:
  • milliseconds - time to sleep

byte_value(F)

 

Get byte value from flags Get value of byte provided that the byte is initialized. This macro works ok only for 8-bit byte machines.

enable_tracing(trace_level, enable)

 

Enable step tracing

Parameters:
  • trace_level - what kind of trace to modify
  • enable - 0: turn off, 1: turn on
Returns:
success

get_qword(ea)

 

Get value of program quadro word (8 bytes)

Parameters:
  • ea - linear address
Returns:
the value of the quadro word. If failed, returns -1

set_func_end(ea, end)

 

Change function end address

Parameters:
  • ea - any address belonging to the function
  • end - new function end address
Returns:
!=0 - ok

take_memory_snapshot(only_loader_segs)

 

Take memory snapshot of the debugged process

Parameters:
  • only_loader_segs - 0-copy all segments to idb 1-copy only SFL_LOADER segments

get_tev_tid(tev)

 

Return the thread id of the specified event

Parameters:
  • tev - event number

get_sreg(ea, reg)

 

Get value of segment register at the specified address

Parameters:
  • ea - linear address
  • reg - name of segment register
Returns:
the value of the segment register or -1 on error

Note: The segment registers in 32bit program usually contain selectors, so to get paragraph pointed to by the segment register you need to call sel2para() function.

get_first_bmask(enum_id)

 

Get first bitmask in the enum (bitfield)

Parameters:
  • enum_id - id of enum (bitfield)
Returns:
the smallest bitmask of constant or -1 no bitmasks are defined yet All bitmasks are sorted by their values as unsigned longs.

create_struct(ea, size, strname)

 

Convert the current item to a structure instance

Parameters:
  • ea - linear address
  • size - structure size in bytes. -1 means that the size will be calculated automatically
  • strname - name of a structure type
Returns:
1-ok, 0-failure

GetLocalType(ordinal, flags)

 

Retrieve a local type declaration

Parameters:
  • flags - any of PRTYPE_* constants
Returns:
local type as a C declaration or ""

get_name_ea(fromaddr, name)

 

Get linear address of a name

Parameters:
  • fromaddr - the referring address. Allows to retrieve local label addresses in functions. If a local name is not found, then address of a global name is returned.
  • name - name of program byte
Returns:
address of the name (BADADDR - no such name)

Note: Dummy names (like byte_xxxx where xxxx are hex digits) are parsed by this function to obtain the address. The database is not consulted for them.

set_trace_file_desc(filename, description)

 

Update the trace description of the given binary trace file

Parameters:
  • filename - trace file

GetCommentEx(ea, repeatable)

 

Get regular indented comment

Parameters:
  • ea - linear address
  • repeatable - 1 to get the repeatable comment, 0 to get the normal comment
Returns:
string or None if it fails

get_bpt_qty()

 

Get number of breakpoints.

Returns:
number of breakpoints

get_fixup_target_flags(ea)

 

Get fixup target flags

Parameters:
  • ea - address to get information about
Returns:
0 - no fixup at the specified address otherwise returns fixup target flags

get_struc_name(sid)

 

Get structure type name

Parameters:
  • sid - structure type ID
Returns:
None if bad structure type ID is passed otherwise returns structure type name.

get_root_filename()

 

Get input file name

This function returns name of the file being disassembled

step_into()

 

Execute one instruction in the current thread. Other threads are kept suspended.

Returns:
success

Note: You must call wait_for_next_event() after this call in order to find out what happened. Normally you will get the STEP event but other events are possible (for example, an exception might occur or the process might exit). This remark applies to all execution control functions. The event codes depend on the issued command.

set_enum_member_name(const_id, name)

 

Rename a member of enum - a symbolic constant

Parameters:
  • const_id - id of const
  • name - new name of constant
Returns:
1-ok, 0-failed

SaveFile(filepath, pos, ea, size)

 

Save from IDA database to file

Parameters:
  • filepath - path to output file
  • pos - position in the file
  • ea - linear address to save from
  • size - number of bytes to save
Returns:
0 - error, 1 - ok

get_event_exc_code()

 

Get exception code for EXCEPTION event

Returns:
exception code

delete_array(array_id)

 

Delete array, by its ID.

Parameters:
  • array_id - The ID of the array to delete.

call_system(command)

 

Execute an OS command.

Parameters:
  • command - command line to execute
Returns:
error code from OS

Note: IDA will wait for the started program to finish. In order to start the command in parallel, use OS methods. For example, you may start another program in parallel using "start" command.

del_struc_member(sid, member_offset)

 

Delete structure member

Parameters:
  • sid - structure type ID
  • member_offset - offset of the member
Returns:
!= 0 - ok.

Note: IDA allows 'holes' between members of a structure. It treats these 'holes' as unnamed arrays of bytes.

is_event_handled()

 

Is the debug event handled?

Returns:
boolean

create_double(ea)

 

Convert the current item to a double floating point (8 bytes)

Parameters:
  • ea - linear address
Returns:
1-ok, 0-failure

load_and_run_plugin(name, arg)

 

Load and run a plugin

Parameters:
  • name - The plugin name is a short plugin name without an extension
  • arg - integer argument
Returns:
0 if could not load the plugin, 1 if ok

set_tail_owner(tailea, funcea)

 

Change the function chunk owner

Parameters:
  • tailea - any address in the function chunk
  • funcea - the starting address of the new owner
Returns:
False if failed, True if success

Note: The new owner must already have the chunk appended before the call

get_thread_qty()

 

Get number of threads.

Returns:
number of threads

set_segm_combination(segea, comb)

 

Change combination of the segment

Parameters:
  • segea - any address in the segment
  • comb - new combination of the segment (one of the sc... constants)
Returns:
success (boolean)

is_union(sid)

 

Is a structure a union?

Parameters:
  • sid - structure type ID
Returns:
1: yes, this is a union id 0: no

Note: Unions are a special kind of structures

get_prev_struc_idx(index)

 

Get index of previous structure type

Parameters:
  • index - current structure index
Returns:
BADADDR if no (more) structure type is defined index of the presiouvs structure type. See get_first_struc_idx() for the explanation of structure indices and IDs.

set_source_linnum(ea, lnnum)

 

Set source line number

Parameters:
  • ea - linear address
  • lnnum - number of line in the source file
Returns:
None

create_yword(ea)

 

Convert the current item to a ymm word (32 bytes/256 bits)

Parameters:
  • ea - linear address
Returns:
1-ok, 0-failure

get_next_offset(sid, offset)

 

Get next offset in a structure

Parameters:
  • sid - structure type ID
  • offset - current offset
Returns:
-1 if bad structure type ID is passed, ida_idaapi.BADADDR if no (more) offsets in the structure, otherwise returns next offset in a structure.
Notes:
  • IDA allows 'holes' between members of a structure. It treats these 'holes' as unnamed arrays of bytes. This function returns a member offset or a hole offset. It will return size of the structure if input 'offset' belongs to the last member of the structure.
  • Union members are, in IDA's internals, located at subsequent byte offsets: member 0 -> offset 0x0, member 1 -> offset 0x1, etc...

add_user_stkpnt(ea, delta)

 

Add user-defined SP register change point.

Parameters:
  • ea - linear address where SP changes
  • delta - difference between old and new values of SP
Returns:
1-ok, 0-failed

refresh_debugger_memory()

 

refresh_idaview_anyway debugger memory Upon this call IDA will forget all cached information about the debugged process. This includes the segmentation information and memory contents (register cache is managed automatically). Also, this function refreshes exported name from loaded DLLs. You must call this function before using the segmentation information, memory contents, or names of a non-suspended process. This is an expensive call.

set_func_flags(ea, flags)

 

Change function flags

Parameters:
  • ea - any address belonging to the function
  • flags - see get_func_flags() for explanations
Returns:
!=0 - ok

set_processor_type(processor, level)

 

Change current processor

Parameters:
  • processor - name of processor in short form. run 'ida ?' to get list of allowed processor types
  • level - the request leve:
    • SETPROC_IDB set processor type for old idb
    • SETPROC_LOADER set processor type for new idb; if the user has specified a compatible processor, return success without changing it. if failure, call loader_failure()
    • SETPROC_LOADER_NON_FATAL the same as SETPROC_LOADER but non-fatal failures
    • SETPROC_USER set user-specified processor used for -p and manual processor change at later time

get_member_cmt(sid, member_offset, repeatable)

 

Get comment of a member

Parameters:
  • sid - structure type ID
  • member_offset - member offset. The offset can be any offset in the member. For example, is a member is 4 bytes long and starts at offset 2, then 2,3,4,5 denote the same structure member.
  • repeatable - 1: get repeatable comment 0: get regular comment
Returns:
None if bad structure type ID is passed or no such member in the structure otherwise returns comment of the specified member.

get_enum_idx(enum_id)

 

Get serial number of enum by its ID

Parameters:
  • enum_id - ID of enum
Returns:
(0..get_enum_qty()-1) or -1 if error

set_bmask_cmt(enum_id, bmask, cmt, repeatable)

 

Set bitmask comment (only for bitfields)

Parameters:
  • enum_id - id of enum
  • bmask - bitmask of the constant
  • cmt - comment repeatable - type of comment, 0-regular, 1-repeatable
Returns:
1-ok, 0-failed

get_event_module_name()

 

Get module name for debug event

Returns:
module name

get_full_flags(ea)

 

Get internal flags

Parameters:
  • ea - linear address
Returns:
32-bit value of internal flags. See start of IDC.IDC file for explanations.

create_array(name)

 

Create array.

Parameters:
  • name - The array name.
Returns:
-1 in case of failure, a valid array_id otherwise.

get_enum_name(enum_id)

 

Get name of enum

Parameters:
  • enum_id - ID of enum
Returns:
name of enum or empty string

get_bookmark(slot)

 

Get marked position

Parameters:
  • slot - slot number: 1..1024 if the specifed value is <= 0 range, IDA will ask the user to select slot.
Returns:
BADADDR - the slot doesn't contain a marked address otherwise returns the marked address

get_event_exc_info()

 

Get info for EXCEPTION event

Returns:
info string

is_bf(enum_id)

 

Is enum a bitfield?

Parameters:
  • enum_id - id of enum
Returns:
1-yes, 0-no, ordinary enum

set_member_type(sid, member_offset, flag, typeid, nitems, target=-1, tdelta=0, reftype=2)

 

Change structure member type

Parameters:
  • sid - structure type ID
  • member_offset - offset of the member
  • flag - new type of the member. Should be one of FF_BYTE..FF_PACKREAL (see above) combined with FF_DATA
  • typeid - if isStruc(flag) then typeid specifies the structure id for the member if is_off0(flag) then typeid specifies the offset base. if is_strlit(flag) then typeid specifies the string type (STRTYPE_...). if is_stroff(flag) then typeid specifies the structure id if is_enum(flag) then typeid specifies the enum id if is_custom(flags) then typeid specifies the dtid and fid: dtid|(fid<<16) Otherwise typeid should be -1.
  • nitems - number of items in the member
  • target - target address of the offset expr. You may specify it as -1, ida will calculate it itself
  • tdelta - offset target delta. usually 0
  • reftype - see REF_... definitions
Returns:
!=0 - ok.

Note: The remaining arguments are allowed only if is_off0(flag) and you want to specify a complex offset expression

force_bl_call(ea)

 

Force BL instruction to be a call

Parameters:
  • ea - address of the BL instruction
Returns:
1-ok, 0-failed

get_prev_offset(sid, offset)

 

Get previous offset in a structure

Parameters:
  • sid - structure type ID
  • offset - current offset
Returns:
-1 if bad structure type ID is passed, ida_idaapi.BADADDR if no (more) offsets in the structure, otherwise returns previous offset in a structure.
Notes:
  • IDA allows 'holes' between members of a structure. It treats these 'holes' as unnamed arrays of bytes. This function returns a member offset or a hole offset. It will return size of the structure if input 'offset' is bigger than the structure size.
  • Union members are, in IDA's internals, located at subsequent byte offsets: member 0 -> offset 0x0, member 1 -> offset 0x1, etc...

get_item_end(ea)

 

Get address of the end of the item (instruction or data)

Parameters:
  • ea - linear address
Returns:
address past end of the item at 'ea'

GetFloat(ea)

 

Get value of a floating point number (4 bytes) This function assumes number stored using IEEE format and in the same endianness as integers.

Parameters:
  • ea - linear address
Returns:
float

get_current_thread()

 

Get current thread ID

Returns:
-1 if failure

get_event_module_base()

 

Get module base for debug event

Returns:
module base

recalc_spd(cur_ea)

 

Recalculate SP delta for an instruction that stops execution.

Parameters:
  • cur_ea - linear address of the current instruction
Returns:
1 - new stkpnt is added, 0 - nothing is changed

del_enum(enum_id)

 

Delete enum type

Parameters:
  • enum_id - id of enum
Returns:
None

get_fixup_target_sel(ea)

 

Get fixup target selector

Parameters:
  • ea - address to get information about
Returns:
BADSEL - no fixup at the specified address otherwise returns fixup target selector

ask_seg(defval, prompt)

 

Ask the user to enter a segment value

Parameters:
  • defval - the default value. This value will appear in the dialog box.
  • prompt - the prompt to display in the dialog box
Returns:
the entered segment selector or BADSEL.

getn_thread(idx)

 

Get the ID of a thread

Parameters:
  • idx - number of thread, is in range 0..get_thread_qty()-1
Returns:
-1 if failure

save_trace_file(filename, description)

 

Save current trace to a binary trace file

Parameters:
  • filename - trace file
  • description - trace description

get_enum_member_by_name(name)

 

Get member of enum - a symbolic constant ID

Parameters:
  • name - name of symbolic constant
Returns:
ID of constant or -1

jumpto(ea)

 

Move cursor to the specifed linear address

Parameters:
  • ea - linear address

set_struc_name(sid, name)

 

Change structure name

Parameters:
  • sid - structure type ID
  • name - new name of the structure
Returns:
!= 0 - ok

gen_flow_graph(outfile, title, ea1, ea2, flags)

 

Generate a flow chart GDL file

Parameters:
  • outfile - output file name. GDL extension will be used
  • title - graph title
  • ea1 - beginning of the range to flow chart
  • ea2 - end of the range to flow chart.
  • flags - combination of CHART_... constants

Note: If ea2 == BADADDR then ea1 is treated as an address within a function. That function will be flow charted.

add_entry(ordinal, ea, name, makecode)

 

Add entry point

Parameters:
  • ordinal - entry point number if entry point doesn't have an ordinal number, 'ordinal' should be equal to 'ea'
  • ea - address of the entry point
  • name - name of the entry point. If null string, the entry point won't be renamed.
  • makecode - if 1 then this entry point is a start of a function. Otherwise it denotes data bytes.
Returns:
0 - entry point with the specifed ordinal already exists 1 - ok

wait_for_next_event(wfne, timeout)

 

Wait for the next event This function (optionally) resumes the process execution and wait for a debugger event until timeout

Parameters:
  • wfne - combination of WFNE_... constants
  • timeout - number of seconds to wait, -1-infinity
Returns:
debugger event codes, see below

delete_all_segments()

 

Delete all segments, instructions, comments, i.e. everything except values of bytes.

get_first_struc_idx()

 

Get index of first structure type

Returns:
BADADDR if no structure type is defined index of first structure type. Each structure type has an index and ID. INDEX determines position of structure definition in the list of structure definitions. Index 1 is listed first, after index 2 and so on. The index of a structure type can be changed any time, leading to movement of the structure definition in the list of structure definitions. ID uniquely denotes a structure type. A structure gets a unique ID at the creation time and this ID can't be changed. Even when the structure type gets deleted, its ID won't be resued in the future.

read_dbg_dword(ea)

 

Get value of program double-word using the debugger memory

Parameters:
  • ea - linear address
Returns:
The value or None on failure.

get_event_exit_code()

 

Get exit code for debug event

Returns:
exit code for PROCESS_EXIT, THREAD_EXIT events

get_next_hash_key(hash_id, key)

 

Get the next key in the hash.

Parameters:
  • hash_id - The hash ID.
  • key - The current key.
Returns:
the next key, 0 otherwise

eval_idc(expr)

 

Evaluate an IDC expression

Parameters:
  • expr - an expression
Returns:
the expression value. If there are problems, the returned value will be "IDC_FAILURE: xxx" where xxx is the error description

Note: Python implementation evaluates IDC only, while IDC can call other registered languages

guess_type(ea)

 

Guess type of function/variable

Parameters:
  • ea - the address of the object, can be the structure member id too
Returns:
type string or None if failed

get_ret_tev_return(tev)

 

Return the return address for the specified event

Parameters:
  • tev - event number

get_forced_operand(ea, n)

 

Get manually entered operand string

Parameters:
  • ea - linear address
  • n - number of operand: 0 - the first operand 1 - the second operand
Returns:
string or None if it fails

get_hash_string(hash_id, key)

 

Gets the string value of a hash element.

Parameters:
  • hash_id - The hash ID.
  • key - Key of an element.
Returns:
the string value of the element, or None if no such element.

toggle_sign(ea, n)

 

Change sign of the operand

Parameters:
  • ea - linear address
  • n - number of operand
    • 0 - the first operand
    • 1 - the second, third and all other operands
    • -1 - all operands

ask_yn(defval, prompt)

 

Ask the user a question and let him answer Yes/No/Cancel

Parameters:
  • defval - the default answer. This answer will be selected if the user presses Enter. -1:cancel,0-no,1-ok
  • prompt - the prompt to display in the dialog box
Returns:
-1:cancel,0-no,1-ok

create_byte(ea)

 

Convert the current item to a byte

Parameters:
  • ea - linear address
Returns:
1-ok, 0-failure

get_event_pid()

 

Get process ID for debug event

Returns:
process ID

del_sourcefile(ea)

 

Delete information about the source file

Parameters:
  • ea - linear address belonging to the source file
Returns:
NULL - source file information is not found otherwise returns pointer to file name

get_tev_type(tev)

 

Return the type of the specified event (TEV_... constants)

Parameters:
  • tev - event number

create_tbyte(ea)

 

Convert the current item to a tbyte (10 or 12 bytes)

Parameters:
  • ea - linear address
Returns:
1-ok, 0-failure

detach_process()

 

Detach the debugger from the debugged process.

Returns:
success

get_strlit_contents(ea, length=-1, strtype=0)

 

Get string contents

Parameters:
  • ea - linear address
  • length - string length. -1 means to calculate the max string length
  • strtype - the string type (one of STRTYPE_... constants)
Returns:
string contents or empty string

get_original_byte(ea)

 

Get original value of program byte

Parameters:
  • ea - linear address
Returns:
the original value of byte before any patch applied to it

get_prev_bmask(enum_id, value)

 

Get prev bitmask in the enum (bitfield)

Parameters:
  • enum_id - id of enum
  • value - value of the current bitmask
Returns:
value of a bitmask with value lower than the specified value. -1 no such bitmasks exist. All bitmasks are sorted by their values as unsigned longs.

op_oct(ea, n)

 

Convert an operand of the item (instruction or data) to an octal number

Parameters:
  • ea - linear address
  • n - number of operand
    • 0 - the first operand
    • 1 - the second, third and all other operands
    • -1 - all operands

get_member_qty(sid)

 

Get number of members of a structure

Parameters:
  • sid - structure type ID
Returns:
-1 if bad structure type ID is passed otherwise returns number of members.

Note: Union members are, in IDA's internals, located at subsequent byte offsets: member 0 -> offset 0x0, member 1 -> offset 0x1, etc...

get_curline()

 

Get the disassembly line at the cursor

Returns:
string

get_next_index(tag, array_id, idx)

 

Get index of the next existing array element.

Parameters:
  • tag - Tag of array, specifies one of two array types: AR_LONG, AR_STR
  • array_id - The array ID.
  • idx - Index of the current element.
Returns:
-1 if no more elements, otherwise returns index of the next array element of given type.

get_tinfo(ea)

 

Get type information of function/variable as 'typeinfo' object

Parameters:
  • ea - the address of the object
Returns:
None on failure, or (type, fields) tuple.

get_struc_id(name)

 

Get structure ID by structure name

Parameters:
  • name - structure type name
Returns:
BADADDR if bad structure type name is passed otherwise returns structure ID.

del_struc(sid)

 

Delete a structure type

Parameters:
  • sid - structure type ID
Returns:
0 if bad structure type ID is passed 1 otherwise the structure type is deleted. All data and other structure types referencing to the deleted structure type will be displayed as array of bytes.

process_ui_action(name, flags=0)

 

Invokes an IDA UI action by name

Parameters:
  • name - Command name
  • flags - Reserved. Must be zero
Returns:
Boolean

prev_head(ea, minea=0)

 

Get previous defined item (instruction or data) in the program

Parameters:
  • ea - linear address to start search from
  • minea - the search will stop at the address minea is included in the search range
Returns:
BADADDR - no (more) defined items

get_segm_attr(segea, attr)

 

Get segment attribute

Parameters:
  • segea - any address within segment
  • attr - one of SEGATTR_... constants

get_enum_width(enum_id)

 

Get width of enum elements

Parameters:
  • enum_id - ID of enum
Returns:
size of enum elements in bytes (0 if enum_id is bad or the width is unknown).

auto_mark_range(start, end, queuetype)

 

Plan to perform an action in the future. This function will put your request to a special autoanalysis queue. Later IDA will retrieve the request from the queue and process it. There are several autoanalysis queue types. IDA will process all queries from the first queue and then switch to the second queue, etc.

del_fixup(ea)

 

Delete fixup information

Parameters:
  • ea - address to delete fixup information about
Returns:
None

msg(message)

 

Display an UTF-8 string in the message window

The result of the stringification of the arguments will be treated as an UTF-8 string.

Parameters:
  • message - message to print (formatting is done in Python)

    This function can be used to debug IDC scripts

write_dbg_memory(ea, data)

 

Write to debugger memory.

Parameters:
  • ea - linear address
  • data - string to write
Returns:
number of written bytes (-1 - network/debugger error)

Thread-safe function (may be called only from the main thread and debthread)

GetDisasm(ea)

 

Get disassembly line

Parameters:
  • ea - linear address of instruction
Returns:
"" - could not decode instruction at the specified location

Note: this function may not return exactly the same mnemonics as you see on the screen.

choose_func(title)

 

Ask the user to select a function

Arguments:

Parameters:
  • title - title of the dialog box
Returns:
-1 - user refused to select a function otherwise returns the selected function start address

add_enum_member(enum_id, name, value, bmask)

 

Add a member of enum - a symbolic constant

Parameters:
  • enum_id - id of enum
  • name - name of symbolic constant. Must be unique in the program.
  • value - value of symbolic constant.
  • bmask - bitmask of the constant ordinary enums accept only ida_enum.DEFMASK as a bitmask all bits set in value should be set in bmask too
Returns:
0-ok, otherwise error code (one of ENUM_MEMBER_ERROR_*)

get_next_module(base)

 

Enumerate process modules

Parameters:
  • base - previous module's base address
Returns:
next module's base address or None on failure

define_exception(code, name, desc, flags)

 

Add exception handling information

Parameters:
  • code - exception code
  • name - exception name
  • desc - exception description
  • flags - exception flags (combination of EXC_...)
Returns:
failure description or ""

get_wide_dword(ea)

 

Get value of program double word (4 bytes)

Parameters:
  • ea - linear address
Returns:
the value of the double word. If failed returns -1

get_prev_fixup_ea(ea)

 

Find previous address with fixup information

Parameters:
  • ea - current address
Returns:
BADADDR - no more fixups otherwise returns the previous address with fixup information

get_bytes(ea, size, use_dbg=False)

 

Return the specified number of bytes of the program

Parameters:
  • ea - linear address
  • size - size of buffer in normal 8-bit bytes
  • use_dbg - if True, use debugger memory, otherwise just the database
Returns:
None on failure otherwise a string containing the read bytes

get_color(ea, what)

 

Get item color

Parameters:
  • ea - address of the item
  • what - type of the item (one of CIC_* constants)
Returns:
color code in RGB (hex 0xBBGGRR)

get_func_attr(ea, attr)

 

Get a function attribute

Parameters:
  • ea - any address belonging to the function
  • attr - one of FUNCATTR_... constants
Returns:
BADADDR - error otherwise returns the attribute value

select_thread(tid)

 

Select the given thread as the current debugged thread.

Parameters:
  • tid - ID of the thread to select
Returns:
success

Note: The process must be suspended to select a new thread.

calc_gtn_flags(fromaddr, ea)

 

Calculate flags for get_name() function

Parameters:
  • fromaddr - the referring address. May be BADADDR.
  • ea - linear address
Returns:
success

define_local_var(start, end, location, name)

 

Create a local variable

Parameters:
  • start - start of address range for the local variable
  • end - end of address range for the local variable
  • location - the variable location in the "[bp+xx]" form where xx is a number. The location can also be specified as a register name.
  • name - name of the local variable
Returns:
1-ok, 0-failure

Note: For the stack variables the end address is ignored. If there is no function at 'start' then this function. will fail.

get_operand_value(ea, n)

 

Get number used in the operand

This function returns an immediate number used in the operand

Parameters:
  • ea - linear address of instruction
  • n - the operand number
Returns:
value operand is an immediate value => immediate value operand has a displacement => displacement operand is a direct memory ref => memory address operand is a register => register number operand is a register phrase => phrase number otherwise => -1

next_not_tail(ea)

 

Get next not-tail address in the program This function searches for the next displayable address in the program. The tail bytes of instructions and data are not displayable.

Parameters:
  • ea - linear address
Returns:
BADADDR - no (more) not-tail addresses

check_bpt(ea)

 

Check a breakpoint

Parameters:
  • ea - address in the process memory space
Returns:
one of BPTCK_... constants

get_member_name(sid, member_offset)

 

Get name of a member of a structure

Parameters:
  • sid - structure type ID
  • member_offset - member offset. The offset can be any offset in the member. For example, is a member is 4 bytes long and starts at offset 2, then 2,3,4,5 denote the same structure member.
Returns:
None if bad structure type ID is passed or no such member in the structure otherwise returns name of the specified member.

load_debugger(dbgname, use_remote)

 

Load the debugger

Parameters:
  • dbgname - debugger module name Examples: win32, linux, mac.
  • use_remote - 0/1: use remote debugger or not

Note: This function is needed only when running idc scripts from the command line. In other cases IDA loads the debugger module automatically.

get_member_offset(sid, member_name)

 

Get offset of a member of a structure by the member name

Parameters:
  • sid - structure type ID
  • member_name - name of structure member
Returns:
-1 if bad structure type ID is passed or no such member in the structure otherwise returns offset of the specified member.

Note: Union members are, in IDA's internals, located at subsequent byte offsets: member 0 -> offset 0x0, member 1 -> offset 0x1, etc...

get_event_bpt_hea()

 

Get hardware address for BREAKPOINT event

Returns:
hardware address

next_func_chunk(funcea, tailea)

 

Get the next function chunk of the specified function

Parameters:
  • funcea - any address in the function
  • tailea - any address in the current chunk
Returns:
the starting address of the next function chunk or BADADDR

Note: This function returns the next chunk of the specified function

get_fixup_target_type(ea)

 

Get fixup target type

Parameters:
  • ea - address to get information about
Returns:
0 - no fixup at the specified address otherwise returns fixup type

set_remote_debugger(hostname, password, portnum)

 

Set remote debugging options

Parameters:
  • hostname - remote host name or address if empty, revert to local debugger
  • password - password for the debugger server
  • portnum - port number to connect (-1: don't change)
Returns:
nothing

set_reg_value(value, name)

 

Set register value

Parameters:
  • name - the register name
  • value - new register value

Note: The debugger should be running It is not necessary to use this function to set register values. A register name in the left side of an assignment will do too.

set_local_type(ordinal, input, flags)

 

Parse one type declaration and store it in the specified slot

Parameters:
  • ordinal - slot number (1...NumberOfLocalTypes) -1 means allocate new slot or reuse the slot of the existing named type
  • input - C declaration. Empty input empties the slot
  • flags - combination of PT_... constants or 0
Returns:
slot number or 0 if error

set_struc_idx(sid, index)

 

Change structure index

Parameters:
  • sid - structure type ID
  • index - new index of the structure
Returns:
!= 0 - ok

Note: See get_first_struc_idx() for the explanation of structure indices and IDs.

create_qword(ea)

 

Convert the current item to a quadro word (8 bytes)

Parameters:
  • ea - linear address
Returns:
1-ok, 0-failure

getn_enum(idx)

 

Get ID of the specified enum by its serial number

Parameters:
  • idx - number of enum (0..get_enum_qty()-1)
Returns:
ID of enum or -1 if error

get_prev_enum_member(enum_id, value, bmask)

 

Get prev constant in the enum

Parameters:
  • enum_id - id of enum
  • bmask - bitmask of the constant ordinary enums accept only ida_enum.DEFMASK as a bitmask
  • value - value of the current constant
Returns:
value of a constant with value lower than the specified value. idaapi.BADNODE no such constants exist. All constants are sorted by their values as unsigned longs.

get_member_flag(sid, member_offset)

 

Get type of a member

Parameters:
  • sid - structure type ID
  • member_offset - member offset. The offset can be any offset in the member. For example, is a member is 4 bytes long and starts at offset 2, then 2,3,4,5 denote the same structure member.
Returns:
-1 if bad structure type ID is passed or no such member in the structure otherwise returns type of the member, see bit definitions above. If the member type is a structure then function GetMemberStrid() should be used to get the structure type id.

add_auto_stkpnt(func_ea, ea, delta)

 

Add automatical SP register change point

Parameters:
  • func_ea - function start
  • ea - linear address where SP changes usually this is the end of the instruction which modifies the stack pointer (insn.ea+insn.size)
  • delta - difference between old and new values of SP
Returns:
1-ok, 0-failed

get_first_member(sid)

 

Get offset of the first member of a structure

Parameters:
  • sid - structure type ID
Returns:
-1 if bad structure type ID is passed, ida_idaapi.BADADDR if structure has no members, otherwise returns offset of the first member.
Notes:
  • IDA allows 'holes' between members of a structure. It treats these 'holes' as unnamed arrays of bytes.
  • Union members are, in IDA's internals, located at subsequent byte offsets: member 0 -> offset 0x0, member 1 -> offset 0x1, etc...

set_array_params(ea, flags, litems, align)

 

Set array representation format

Parameters:
  • ea - linear address
  • flags - combination of AP_... constants or 0
  • litems - number of items per line. 0 means auto
  • align - element alignment
    • -1: do not align
    • 0: automatic alignment
    • other values: element width
Returns:
1-ok, 0-failure

retrieve_input_file_md5()

 

Return the MD5 hash of the input binary file

Returns:
MD5 string or None on error

get_entry_ordinal(index)

 

Retrieve entry point ordinal number

Parameters:
  • index - 0..get_entry_qty()-1
Returns:
0 if entry point doesn't exist otherwise entry point ordinal

op_offset(ea, n, reftype, target, base, tdelta)

 

Convert operand to a complex offset expression This is a more powerful version of op_plain_offset() function. It allows to explicitly specify the reference type (off8,off16, etc) and the expression target with a possible target delta. The complex expressions are represented by IDA in the following form:

target + tdelta - base

If the target is not present, then it will be calculated using

target = operand_value - tdelta + base

The target must be present for LOW.. and HIGH.. reference types

Parameters:
  • ea - linear address of the instruction/data
  • n - number of operand to convert (the same as in op_plain_offset)
  • reftype - one of REF_... constants
  • target - an explicitly specified expression target. if you don't want to specify it, use -1. Please note that LOW... and HIGH... reference type requre the target.
  • base - the offset base (a linear address)
  • tdelta - a displacement from the target which will be displayed in the expression.
Returns:
success (boolean)

get_input_file_path()

 

Get input file path

This function returns the full path of the file being disassembled

move_segm(ea, to, flags)

 

Move a segment to a new address This function moves all information to the new address It fixes up address sensitive information in the kernel The total effect is equal to reloading the segment to the target address

Parameters:
  • ea - any address within the segment to move
  • to - new segment start address
  • flags - combination MFS_... constants
Returns:
MOVE_SEGM_... error code

put_bookmark(ea, lnnum, x, y, slot, comment)

 

Mark position

Parameters:
  • ea - address to mark
  • lnnum - number of generated line for the 'ea'
  • x - x coordinate of cursor
  • y - y coordinate of cursor
  • slot - slot number: 1..1024 if the specifed value is not within the range, IDA will ask the user to select slot.
  • comment - description of the mark. Should be not empty.
Returns:
None

demangle_name(name, disable_mask)

 

demangle_name a name

Parameters:
  • name - name to demangle
  • disable_mask - a mask that tells how to demangle the name it is a good idea to get this mask using get_inf_attr(INF_SHORT_DN) or get_inf_attr(INF_LONG_DN)
Returns:
a demangled name If the input name cannot be demangled, returns None

set_debugger_options(opt)

 

Get/set debugger options

Parameters:
  • opt - combination of DOPT_... constants
Returns:
old options

attach_process(pid, event_id)

 

Attach the debugger to a running process

Parameters:
  • pid - PID of the process to attach to. If NO_PROCESS, a dialog box will interactively ask the user for the process to attach to.
  • event_id - reserved, must be -1
Returns:
  • -2: impossible to find a compatible process
  • -1: impossible to attach to the given process (process died, privilege needed, not supported by the debugger plugin, ...)
  • 0: the user cancelled the attaching to the process
  • 1: the debugger properly attached to the process

Note: See the important note to the step_into() function

get_array_id(name)

 

Get array array_id, by name.

Parameters:
  • name - The array name.
Returns:
-1 in case of failure (i.e., no array with that name exists), a valid array_id otherwise.

suspend_process()

 

Suspend the running process Tries to suspend the process. If successful, the PROCESS_SUSPEND debug event will arrive (see wait_for_next_event)

Returns:
success

Note: To resume a suspended process use the wait_for_next_event function. See the important note to the step_into() function

del_enum_member(enum_id, value, serial, bmask)

 

Delete a member of enum - a symbolic constant

Parameters:
  • enum_id - id of enum
  • value - value of symbolic constant.
  • serial - serial number of the constant in the enumeration. See op_enum() for for details.
  • bmask - bitmask of the constant ordinary enums accept only ida_enum.DEFMASK as a bitmask
Returns:
1-ok, 0-failed

patch_qword(ea, value)

 

Change value of a quad word

@param ea: linear address
@param value: new value of the quad word

@return: 1 if the database has been modified,
         0 if either the debugger is running and the process' memory
           has value 'value' at address 'ea',
           or the debugger is not running, and the IDB
           has value 'value' at address 'ea already.

get_segm_name(ea)

 

Get name of a segment

Parameters:
  • ea - any address in the segment
Returns:
"" - no segment at the specified address

get_process_state()

 

Get debugged process state

Returns:
one of the DBG_... constants (see below)

get_xref_type()

 

Return type of the last xref obtained by [RD]first/next[B0] functions.

Returns:
constants fl_* or dr_*

get_member_id(sid, member_offset)

 
Parameters:
  • sid - structure type ID
  • member_offset - . The offset can be any offset in the member. For example, is a member is 4 bytes long and starts at offset 2, then 2,3,4,5 denote the same structure member.
Returns:
-1 if bad structure type ID is passed or there is no member at the specified offset. otherwise returns the member id.

read_dbg_byte(ea)

 

Get value of program byte using the debugger memory

Parameters:
  • ea - linear address
Returns:
The value or None on failure.

apply_type(ea, py_type, flags=1)

 

Apply the specified type to the address

@param ea: the address of the object
@param py_type: typeinfo tuple (type, fields) as get_tinfo() returns
             or tuple (name, type, fields) as parse_decl() returns
             or None
            if specified as None, then the
            item associated with 'ea' will be deleted.
@param flags: combination of TINFO_... constants or 0
@return: Boolean

get_call_tev_callee(tev)

 

Return the address of the callee for the specified event

Parameters:
  • tev - event number

get_idb_path()

 

Get IDB full path

This function returns full path of the current IDB database

op_flt(ea, n)

 

Convert operand to a floating-point number

Parameters:
  • ea - linear address
  • n - number of operand
    • 0 - the first operand
    • 1 - the second, third and all other operands
    • -1 - all operands
Returns:
1-ok, 0-failure

get_array_element(tag, array_id, idx)

 

Get value of array element.

Parameters:
  • tag - Tag of array, specifies one of two array types: AR_LONG, AR_STR
  • array_id - The array ID.
  • idx - Index of an element.
Returns:
Value of the specified array element. Note that this function may return char or long result. Unexistent array elements give zero as a result.

create_oword(ea)

 

Convert the current item to an octa word (16 bytes/128 bits)

Parameters:
  • ea - linear address
Returns:
1-ok, 0-failure

del_hidden_range(ea)

 

Delete a hidden range

Parameters:
  • ea - any address belonging to the hidden range
Returns:
!= 0 - ok

get_entry(ordinal)

 

Retrieve entry point address

Parameters:
  • ordinal - entry point number it is returned by GetEntryPointOrdinal()
Returns:
BADADDR if entry point doesn't exist otherwise entry point address. If entry point address is equal to its ordinal number, then the entry point has no ordinal.

set_func_attr(ea, attr, value)

 

Set a function attribute

Parameters:
  • ea - any address belonging to the function
  • attr - one of FUNCATTR_... constants
  • value - new value of the attribute
Returns:
1-ok, 0-failed

set_hash_long(hash_id, key, value)

 

Sets the long value of a hash element.

Parameters:
  • hash_id - The hash ID.
  • key - Key of an element.
  • value - 32bit or 64bit value to store in the hash
Returns:
1 in case of success, 0 otherwise

get_segm_end(ea)

 

Get end address of a segment

Parameters:
  • ea - any address in the segment
Returns:
end of segment (an address past end of the segment) BADADDR - the specified address doesn't belong to any segment

del_extra_cmt(ea, n)

 

Delete an extra comment line

Parameters:
  • ea - linear address
  • n - number of anterior additional line (0..MAX_ITEM_LINES)
Returns:
None

To delete anterior line #n use (E_PREV + n) To delete posterior line #n use (E_NEXT + n)

get_reg_value(name)

 

Get register value

Parameters:
  • name - the register name
Returns:
register value (integer or floating point)

Note: The debugger should be running. otherwise the function fails the register name should be valid. It is not necessary to use this function to get register values because a register name in the script will do too.

op_chr(ea, n)

 
Parameters:
  • ea - linear address
  • n - number of operand
    • 0 - the first operand
    • 1 - the second, third and all other operands
    • -1 - all operands

set_frame_size(ea, lvsize, frregs, argsize)

 

Make function frame

Parameters:
  • ea - any address belonging to the function
  • lvsize - size of function local variables
  • frregs - size of saved registers
  • argsize - size of function arguments
Returns:
ID of function frame or -1 If the function did not have a frame, the frame will be created. Otherwise the frame will be modified

create_insn(ea)

 

Create an instruction at the specified address

Parameters:
  • ea - linear address
Returns:
0 - can not create an instruction (no such opcode, the instruction would overlap with existing items, etc) otherwise returns length of the instruction in bytes

set_storage_type(start_ea, end_ea, stt)

 

Set storage type

Parameters:
  • start_ea - starting address
  • end_ea - ending address
  • stt - new storage type, one of STT_VA and STT_MM
Returns:
0 - ok, otherwise internal error code

get_tev_mem_qty(tev)

 

Return the number of blobs of memory recorded, for the specified event

Note: this requires that the tracing options have been set to record pieces of memory for instruction events

Parameters:
  • tev - event number

read_dbg_qword(ea)

 

Get value of program quadro-word using the debugger memory

Parameters:
  • ea - linear address
Returns:
The value or None on failure.

get_last_index(tag, array_id)

 

Get index of last existing array element.

Parameters:
  • tag - Tag of array, specifies one of two array types: AR_LONG, AR_STR
  • array_id - The array ID.
Returns:
-1 if the array is empty, otherwise index of first array element of given type.

set_ida_state(status)

 

Change IDA indicator.

Parameters:
  • status - new status
Returns:
the previous status.

set_segm_name(ea, name)

 

Change name of the segment

Parameters:
  • ea - any address in the segment
  • name - new name of the segment
Returns:
success (boolean)

del_array_element(tag, array_id, idx)

 

Delete an array element.

Parameters:
  • tag - Tag of array, specifies one of two array types: AR_LONG, AR_STR
  • array_id - The array ID.
  • idx - Index of an element.
Returns:
1 in case of success, 0 otherwise.

gen_file(filetype, path, ea1, ea2, flags)

 

Generate an output file

Parameters:
  • filetype - type of output file. One of OFILE_... symbols. See below.
  • path - the output file path (will be overwritten!)
  • ea1 - start address. For some file types this argument is ignored
  • ea2 - end address. For some file types this argument is ignored
  • flags - bit combination of GENFLG_...
Returns:
number of the generated lines. -1 if an error occured OFILE_EXE: 0-can't generate exe file, 1-ok

rebase_program(delta, flags)

 

Rebase the whole program by 'delta' bytes

Parameters:
  • delta - number of bytes to move the program
  • flags - combination of MFS_... constants it is recommended to use MSF_FIXONCE so that the loader takes care of global variables it stored in the database
Returns:
error code MOVE_SEGM_...

sel2para(sel)

 

Get a selector value

Parameters:
  • sel - the selector number
Returns:
selector value if found otherwise the input value (sel)

Note: selector values are always in paragraphs

get_struc_size(sid)

 

Get size of a structure

Parameters:
  • sid - structure type ID
Returns:
0 if bad structure type ID is passed otherwise returns size of structure in bytes.

del_segm(ea, flags)

 

Delete a segment

Parameters:
  • ea - any address in the segment
  • flags - combination of SEGMOD_* flags
Returns:
boolean success

get_struc_cmt(sid, repeatable)

 

Get structure type comment

Parameters:
  • sid - structure type ID
  • repeatable - 1: get repeatable comment 0: get regular comment
Returns:
None if bad structure type ID is passed otherwise returns comment.

set_default_sreg_value(ea, reg, value)

 

Set default segment register value for a segment

Parameters:
  • ea - any address in the segment if no segment is present at the specified address then all segments will be affected
  • reg - name of segment register
  • value - default value of the segment register. -1-undefined.

del_idc_hotkey(hotkey)

 

Delete IDC function hotkey

Parameters:
  • hotkey - hotkey code to delete

get_enum_member_enum(const_id)

 

Get id of enum by id of constant

Parameters:
  • const_id - id of symbolic constant
Returns:
id of enum the constant belongs to. -1 if const_id is bad.

print_insn_mnem(ea)

 

Get instruction mnemonics

Parameters:
  • ea - linear address of instruction
Returns:
"" - no instruction at the specified location

Note: this function may not return exactly the same mnemonics as you see on the screen.

get_next_seg(ea)

 

Get next segment

Parameters:
  • ea - linear address
Returns:
start of the next segment BADADDR - no next segment

get_bpt_ea(n)

 

Get breakpoint address

Parameters:
  • n - number of breakpoint, is in range 0..get_bpt_qty()-1
Returns:
address of the breakpoint or BADADDR

get_ordinal_qty()

 

Get number of local types + 1

Returns:
value >= 1. 1 means that there are no local types.

get_member_strid(sid, member_offset)

 

Get structure id of a member

Parameters:
  • sid - structure type ID
  • member_offset - member offset. The offset can be any offset in the member. For example, is a member is 4 bytes long and starts at offset 2, then 2,3,4,5 denote the same structure member.
Returns:
-1 if bad structure type ID is passed or no such member in the structure otherwise returns structure id of the member. If the current member is not a structure, returns -1.

get_first_module()

 

Enumerate process modules

Returns:
first module's base address or None on failure

set_cmt(ea, comment, rptble)

 

Set an indented regular comment of an item

Parameters:
  • ea - linear address
  • comment - comment string
  • rptble - is repeatable?
Returns:
None

get_fixup_target_dis(ea)

 

Get fixup target displacement

Parameters:
  • ea - address to get information about
Returns:
0 - no fixup at the specified address otherwise returns fixup target displacement

get_entry_qty()

 

Retrieve number of entry points

Returns:
number of entry points

op_plain_offset(ea, n, base)

 

Convert operand to an offset (for the explanations of 'ea' and 'n' please see op_bin())

Example:

seg000:2000 dw 1234h

and there is a segment at paragraph 0x1000 and there is a data item within the segment at 0x1234:

seg000:1234 MyString db 'Hello, world!',0

Then you need to specify a linear address of the segment base to create a proper offset:

op_plain_offset(["seg000",0x2000],0,0x10000);

and you will have:

seg000:2000 dw offset MyString

Motorola 680x0 processor have a concept of "outer offsets". If you want to create an outer offset, you need to combine number of the operand with the following bit:

Please note that the outer offsets are meaningful only for Motorola 680x0.

Parameters:
  • ea - linear address
  • n - number of operand
    • 0 - the first operand
    • 1 - the second, third and all other operands
    • -1 - all operands
  • base - base of the offset as a linear address If base == BADADDR then the current operand becomes non-offset

op_bin(ea, n)

 

Convert an operand of the item (instruction or data) to a binary number

Parameters:
  • ea - linear address
  • n - number of operand
    • 0 - the first operand
    • 1 - the second, third and all other operands
    • -1 - all operands
Returns:
1-ok, 0-failure

Note: the data items use only the type of the first operand

rename_array(array_id, newname)

 

Rename array, by its ID.

Parameters:
  • id - The ID of the array to rename.
  • newname - The new name of the array.
Returns:
1 in case of success, 0 otherwise

create_align(ea, count, align)

 

Convert the current item to an alignment directive

Parameters:
  • ea - linear address
  • count - number of bytes to convert
  • align - 0 or 1..32 if it is 0, the correct alignment will be calculated by the kernel
Returns:
1-ok, 0-failure

get_bookmark_desc(slot)

 

Get marked position comment

Parameters:
  • slot - slot number: 1..1024
Returns:
None if the slot doesn't contain a marked address otherwise returns the marked address comment

rotate_left(value, count, nbits, offset)

 

Rotate a value to the left (or right)

Parameters:
  • value - value to rotate
  • count - number of times to rotate. negative counter means rotate to the right
  • nbits - number of bits to rotate
  • offset - offset of the first bit to rotate
Returns:
the value with the specified field rotated all other bits are not modified

get_last_struc_idx()

 

Get index of last structure type

Returns:
BADADDR if no structure type is defined index of last structure type. See get_first_struc_idx() for the explanation of structure indices and IDs.

get_hash_long(hash_id, key)

 

Gets the long value of a hash element.

Parameters:
  • hash_id - The hash ID.
  • key - Key of an element.
Returns:
the 32bit or 64bit value of the element, or 0 if no such element.

generate_disasm_line(ea, flags)

 

Get disassembly line

Parameters:
  • ea - linear address of instruction
  • flags - combination of the GENDSM_ flags, or 0
Returns:
"" - could not decode instruction at the specified location

Note: this function may not return exactly the same mnemonics as you see on the screen.

get_item_head(ea)

 

Get starting address of the item (instruction or data)

Parameters:
  • ea - linear address
Returns:
the starting address of the item if the current address is unexplored, returns 'ea'

get_tev_mem_ea(tev, idx)

 

Return the address of the blob of memory pointed to by 'index' for the specified event

Note: this requires that the tracing options have been set to record pieces of memory for instruction events

Parameters:
  • tev - event number
  • idx - memory address index

auto_wait()

 

Process all entries in the autoanalysis queue Wait for the end of autoanalysis

Note: This function will suspend execution of the calling script till the autoanalysis queue is empty.

find_binary(ea, flag, searchstr, radix=16)

 
Parameters:
  • ea - start address
  • flag - combination of SEARCH_* flags
  • searchstr - a string as a user enters it for Search Text in Core
  • radix - radix of the numbers (default=16)
Returns:
ea of result or BADADDR if not found

Note: Example: "41 42" - find 2 bytes 41h,42h (radix is 16)

make_array(ea, nitems)

 

Create an array.

Parameters:
  • ea - linear address
  • nitems - size of array in items

Note: This function will create an array of the items with the same type as the type of the item at 'ea'. If the byte at 'ea' is undefined, then this function will create an array of bytes.

prev_not_tail(ea)

 

Get previous not-tail address in the program This function searches for the previous displayable address in the program. The tail bytes of instructions and data are not displayable.

Parameters:
  • ea - linear address
Returns:
BADADDR - no (more) not-tail addresses

get_wide_byte(ea)

 

Get value of program byte

Parameters:
  • ea - linear address
Returns:
value of byte. If byte has no value then returns 0xFF If the current byte size is different from 8 bits, then the returned value might have more 1's. To check if a byte has a value, use is_loaded()

read_dbg_memory(ea, size)

 

Read from debugger memory.

Parameters:
  • ea - linear address
  • size - size of data to read
Returns:
data as a string. If failed, If failed, throws an exception

Thread-safe function (may be called only from the main thread and debthread)

validate_idb_names()

 

check consistency of IDB name records

Returns:
number of inconsistent name records

get_enum_member(enum_id, value, serial, bmask)

 

Get id of constant

Parameters:
  • enum_id - id of enum
  • value - value of constant
  • serial - serial number of the constant in the enumeration. See op_enum() for details.
  • bmask - bitmask of the constant ordinary enums accept only ida_enum.DEFMASK as a bitmask
Returns:
id of constant or -1 if error

patch_dword(ea, value)

 

Change value of a double word

@param ea: linear address
@param value: new value of the double word

@return: 1 if the database has been modified,
         0 if either the debugger is running and the process' memory
           has value 'value' at address 'ea',
           or the debugger is not running, and the IDB
           has value 'value' at address 'ea already.

get_numbered_type_name(ordinal)

 

Retrieve a local type name

Parameters:
  • ordinal - slot number (1...NumberOfLocalTypes)

    returns: local type name or None

op_hex(ea, n)

 

Convert an operand of the item (instruction or data) to a hexadecimal number

Parameters:
  • ea - linear address
  • n - number of operand
    • 0 - the first operand
    • 1 - the second, third and all other operands
    • -1 - all operands

get_first_seg()

 

Get first segment

Returns:
address of the start of the first segment BADADDR - no segments are defined

parse_decls(inputtype, flags=0)

 

Parse type declarations

Parameters:
  • inputtype - file name or C declarations (depending on the flags)
  • flags - combination of PT_... constants or 0
Returns:
number of parsing errors (0 no errors)

get_last_bmask(enum_id)

 

Get last bitmask in the enum (bitfield)

Parameters:
  • enum_id - id of enum
Returns:
the biggest bitmask or -1 no bitmasks are defined yet All bitmasks are sorted by their values as unsigned longs.

del_stkpnt(func_ea, ea)

 

Delete SP register change point

Parameters:
  • func_ea - function start
  • ea - linear address
Returns:
1-ok, 0-failed

create_float(ea)

 

Convert the current item to a floating point (4 bytes)

Parameters:
  • ea - linear address
Returns:
1-ok, 0-failure

get_event_id()

 

Get ID of debug event

Returns:
event ID

get_entry_name(ordinal)

 

Retrieve entry point name

Parameters:
  • ordinal - entry point number, ass returned by GetEntryPointOrdinal()
Returns:
entry point name or None

print_decls(ordinals, flags)

 

Print types in a format suitable for use in a header file

Parameters:
  • ordinals - comma-separated list of type ordinals
  • flags - combination of PDF_... constants or 0
Returns:
string containing the type definitions

set_manual_insn(ea, insn)

 

Specify instruction represenation manually.

Parameters:
  • ea - linear address
  • insn - a string represenation of the operand

Note: IDA will not check the specified instruction, it will simply display it instead of the orginal representation.

expand_struc(sid, offset, delta, recalc)

 

Expand or shrink a structure type

Parameters:
  • id - structure type ID
  • offset - offset in the structure
  • delta - how many bytes to add or remove
  • recalc - recalculate the locations where the structure type is used
Returns:
!= 0 - ok

set_enum_name(enum_id, name)

 

Rename enum

Parameters:
  • enum_id - id of enum
  • name - new name of enum
Returns:
1-ok,0-failed

op_offset_high16(ea, n, target)

 

Convert operand to a high offset High offset is the upper 16bits of an offset. This type is used by TMS320C6 processors (and probably by other RISC processors too)

Parameters:
  • ea - linear address
  • n - number of operand
    • 0 - the first operand
    • 1 - the second, third and all other operands
    • -1 - all operands
  • target - the full value (all 32bits) of the offset

get_last_hash_key(hash_id)

 

Get the last key in the hash.

Parameters:
  • hash_id - The hash ID.
Returns:
the key, 0 otherwise.

get_event_exc_ea()

 

Get address for EXCEPTION event

Returns:
adress of exception

create_dword(ea)

 

Convert the current item to a double word (4 bytes)

Parameters:
  • ea - linear address
Returns:
1-ok, 0-failure

LoadFile(filepath, pos, ea, size)

 

Load file into IDA database

Parameters:
  • filepath - path to input file
  • pos - position in the file
  • ea - linear address to load
  • size - number of bytes to load
Returns:
0 - error, 1 - ok

set_segm_alignment(ea, alignment)

 

Change alignment of the segment

Parameters:
  • ea - any address in the segment
  • alignment - new alignment of the segment (one of the sa... constants)
Returns:
success (boolean)

get_enum_member_value(const_id)

 

Get value of symbolic constant

Parameters:
  • const_id - id of symbolic constant
Returns:
value of constant or 0

import_type(idx, type_name)

 

Copy information from type library to database Copy structure, union, or enum definition from the type library to the IDA database.

Parameters:
  • idx - the position of the new type in the list of types (structures or enums) -1 means at the end of the list
  • type_name - name of type to copy
Returns:
BADNODE-failed, otherwise the type id (structure id or enum id)

set_step_trace_options(options)

 

Set step current tracing options.

Parameters:
  • options - combination of ST_... constants

set_segm_type(segea, segtype)

 

Set segment type

Parameters:
  • segea - any address within segment
  • segtype - new segment type:
Returns:
!=0 - ok

step_until_ret()

 

Execute instructions in the current thread until a function return instruction is reached. Other threads are kept suspended. See the important note to the step_into() function

Returns:
success

get_extra_cmt(ea, n)

 

Get extra comment line

@param ea: linear address
@param n: number of line (0..MAX_ITEM_LINES)
      MAX_ITEM_LINES is defined in IDA.CFG

To get anterior  line #n use (E_PREV + n)
To get posterior line #n use (E_NEXT + n)

@return: extra comment line string

exit_process()

 

Stop the debugger Kills the currently debugger process and returns to the disassembly mode

Returns:
success

create_pack_real(ea)

 

Convert the current item to a packed real (10 or 12 bytes)

Parameters:
  • ea - linear address
Returns:
1-ok, 0-failure

del_source_linnum(ea)

 

Delete information about source line number

Parameters:
  • ea - linear address
Returns:
None

remove_fchunk(funcea, tailea)

 

Remove a function chunk from the function

Parameters:
  • funcea - any address in the function
  • tailea - any address in the function chunk to remove
Returns:
0 if failed, 1 if success

SizeOf(typestr)

 

Returns the size of the type. It is equivalent to IDC's sizeof(). Use name, tp, fld = idc.parse_decl() ; SizeOf(tp) to retrieve the size

Returns:
-1 if typestring is not valid otherwise the size of the type

set_enum_flag(enum_id, flag)

 

Set flag of enum

Parameters:
  • enum_id - id of enum
  • flag - flags for representation of numeric constants in the definition of enum.
Returns:
1-ok,0-failed

plan_and_wait(sEA, eEA, final_pass=True)

 

Perform full analysis of the range

Parameters:
  • sEA - starting linear address
  • eEA - ending linear address (excluded)
  • final_pass - make the final pass over the specified range
Returns:
1-ok, 0-Ctrl-Break was pressed.

get_step_trace_options()

 

Get step current tracing options

Returns:
a combination of ST_... constants

patch_byte(ea, value)

 

Change value of a program byte
If debugger was active then the debugged process memory will be patched too

@param ea: linear address
@param value: new value of the byte

@return: 1 if the database has been modified,
         0 if either the debugger is running and the process' memory
           has value 'value' at address 'ea',
           or the debugger is not running, and the IDB
           has value 'value' at address 'ea already.

del_bpt(ea)

 

Delete breakpoint

Parameters:
  • ea - any address in the process memory space:
Returns:
success

del_items(ea, flags=0, size=1)

 

Convert the current item to an explored item

Parameters:
  • ea - linear address
  • flags - combination of DELIT_* constants
  • size - size of the range to undefine
Returns:
None

selector_by_name(segname)

 

Get segment by name

Parameters:
  • segname - name of segment
Returns:
segment selector or BADADDR

op_stkvar(ea, n)

 

Convert operand to a stack variable

Parameters:
  • ea - linear address
  • n - number of operand
    • 0 - the first operand
    • 1 - the second, third and all other operands
    • -1 - all operands

get_fixup_target_off(ea)

 

Get fixup target offset

Parameters:
  • ea - address to get information about
Returns:
BADADDR - no fixup at the specified address otherwise returns fixup target offset

op_dec(ea, n)

 

Convert an operand of the item (instruction or data) to a decimal number

Parameters:
  • ea - linear address
  • n - number of operand
    • 0 - the first operand
    • 1 - the second, third and all other operands
    • -1 - all operands

rename_entry(ordinal, name)

 

Rename entry point

Parameters:
  • ordinal - entry point number
  • name - new name
Returns:
!=0 - ok

get_func_flags(ea)

 

Retrieve function flags

Parameters:
  • ea - any address belonging to the function
Returns:
-1 - function doesn't exist otherwise returns the flags

get_bmask_name(enum_id, bmask)

 

Get bitmask name (only for bitfields)

Parameters:
  • enum_id - id of enum
  • bmask - bitmask of the constant
Returns:
name of bitmask or None

add_struc(index, name, is_union)

 

Define a new structure type

Parameters:
  • index - index of new structure type If another structure has the specified index, then index of that structure and all other structures will be incremented, freeing the specifed index. If index is == -1, then the biggest index number will be used. See get_first_struc_idx() for the explanation of structure indices and IDs.
  • name - name of the new structure type.
  • is_union - 0: structure 1: union
Returns:
-1 if can't define structure type because of bad structure name: the name is ill-formed or is already used in the program. otherwise returns ID of the new structure type

get_frame_regs_size(ea)

 

Get size of saved registers in function frame

Parameters:
  • ea - any address belonging to the function
Returns:
Size of saved registers in bytes. If the function doesn't have a frame, return 0 This value is used as offset for BP (if FUNC_FRAME is set) If the function does't exist, return None

set_selector(sel, value)

 

Set a selector value

Parameters:
  • sel - the selector number
  • value - value of selector
Returns:
None

Note: ida supports up to 4096 selectors. if 'sel' == 'val' then the selector is destroyed because it has no significance

read_selection_end()

 

Get end address of the selected range

Returns:
BADADDR - the user has not selected an range

set_enum_bf(enum_id, flag)

 

Set bitfield property of enum

Parameters:
  • enum_id - id of enum
  • flag - flags
    • 1: convert to bitfield
    • 0: convert to ordinary enum
Returns:
1-ok,0-failed

get_enum_cmt(enum_id, repeatable)

 

Get comment of enum

Parameters:
  • enum_id - ID of enum
  • repeatable - 0:get regular comment 1:get repeatable comment
Returns:
comment of enum

get_struc_by_idx(index)

 

Get structure ID by structure index

Parameters:
  • index - structure index
Returns:
BADADDR if bad structure index is passed otherwise returns structure ID.

Note: See get_first_struc_idx() for the explanation of structure indices and IDs.

get_manual_insn(ea)

 

Get manual representation of instruction

Parameters:
  • ea - linear address

Note: This function returns value set by set_manual_insn earlier.

get_event_tid()

 

Get type ID for debug event

Returns:
type ID

error(format)

 

Display a fatal message in a message box and quit IDA

Parameters:
  • format - message to print

func_contains(func_ea, ea)

 

Does the given function contain the given address?

Parameters:
  • func_ea - any address belonging to the function
  • ea - linear address
Returns:
success

set_fixup(ea, fixuptype, fixupflags, targetsel, targetoff, displ)

 

Set fixup information

Parameters:
  • ea - address to set fixup information about
  • fixuptype - fixup type. see get_fixup_target_type() for possible fixup types.
  • fixupflags - fixup flags. see get_fixup_target_flags() for possible fixup types.
  • targetsel - target selector
  • targetoff - target offset
  • displ - displacement
Returns:
none

parse_decl(inputtype, flags)

 

Parse type declaration

Parameters:
  • inputtype - file name or C declarations (depending on the flags)
  • flags - combination of PT_... constants or 0
Returns:
None on failure or (name, type, fields) tuple

get_fchunk_attr(ea, attr)

 

Get a function chunk attribute

Parameters:
  • ea - any address in the chunk
  • attr - one of: FUNCATTR_START, FUNCATTR_END, FUNCATTR_OWNER, FUNCATTR_REFQTY
Returns:
desired attribute or -1

first_func_chunk(funcea)

 

Get the first function chunk of the specified function

Parameters:
  • funcea - any address in the function
Returns:
the function entry point or BADADDR

Note: This function returns the first (main) chunk of the specified function

get_struc_qty()

 

Get number of defined structure types

Returns:
number of structure types

get_enum_member_name(const_id)

 

Get name of a constant

Parameters:
  • const_id - id of const

    Returns: name of constant

get_struc_idx(sid)

 

Get structure index by structure ID

Parameters:
  • sid - structure ID
Returns:
BADADDR if bad structure ID is passed otherwise returns structure index. See get_first_struc_idx() for the explanation of structure indices and IDs.

op_enum(ea, n, enumid, serial)

 

Convert operand to a symbolic constant

Parameters:
  • ea - linear address
  • n - number of operand
    • 0 - the first operand
    • 1 - the second, third and all other operands
    • -1 - all operands
  • enumid - id of enumeration type
  • serial - serial number of the constant in the enumeration The serial numbers are used if there are more than one symbolic constant with the same value in the enumeration. In this case the first defined constant get the serial number 0, then second 1, etc. There could be 256 symbolic constants with the same value in the enumeration.

get_prev_func(ea)

 

Find previous function

Parameters:
  • ea - any address belonging to the function
Returns:
BADADDR - no more functions otherwise returns the previous function start address

set_segment_bounds(ea, startea, endea, flags)

 

Change segment boundaries

Parameters:
  • ea - any address in the segment
  • startea - new start address of the segment
  • endea - new end address of the segment
  • flags - combination of SEGMOD_... flags
Returns:
boolean success

get_func_cmt(ea, repeatable)

 

Retrieve function comment

Parameters:
  • ea - any address belonging to the function
  • repeatable - 1: get repeatable comment 0: get regular comment
Returns:
function comment string

get_last_enum_member(enum_id, bmask)

 

Get last constant in the enum

Parameters:
  • enum_id - id of enum
  • bmask - bitmask of the constant (ordinary enums accept only ida_enum.DEFMASK as a bitmask)
Returns:
value of constant or idaapi.BADNODE no constants are defined All constants are sorted by their values as unsigned longs.

split_sreg_range(ea, reg, value, tag=2)

 

Set value of a segment register.

Parameters:
  • ea - linear address
  • reg - name of a register, like "cs", "ds", "es", etc.
  • value - new value of the segment register.
  • tag - of SR_... constants

Note: IDA keeps tracks of all the points where segment register change their values. This function allows you to specify the correct value of a segment register if IDA is not able to find the corrent value.

get_fchunk_referer(ea, idx)

 

Get a function chunk referer

Parameters:
  • ea - any address in the chunk
  • idx - referer index (0..get_fchunk_attr(FUNCATTR_REFQTY))
Returns:
referer address or BADADDR

set_member_cmt(sid, member_offset, comment, repeatable)

 

Change structure member comment

Parameters:
  • sid - structure type ID
  • member_offset - offset of the member
  • comment - new comment of the structure member
  • repeatable - 1: change repeatable comment 0: change regular comment
Returns:
!= 0 - ok

get_event_ea()

 

Get ea for debug event

Returns:
ea

add_idc_hotkey(hotkey, idcfunc)

 

Add hotkey for IDC function

Parameters:
  • hotkey - hotkey name ('a', "Alt-A", etc)
  • idcfunc - IDC function name
Returns:
None

get_spd(ea)

 

Get current delta for the stack pointer

Parameters:
  • ea - end address of the instruction i.e.the last address of the instruction+1
Returns:
The difference between the original SP upon entering the function and SP for the specified address

get_source_linnum(ea)

 

Get source line number

Parameters:
  • ea - linear address
Returns:
number of line in the source file or -1

find_selector(val)

 

Find a selector which has the specifed value

Parameters:
  • val - value to search for
Returns:
the selector number if found, otherwise the input value (val & 0xFFFF)

Note: selector values are always in paragraphs

atoa(ea)

 

Convert address value to a string Return address in the form 'seg000:1234' (the same as in line prefixes)

Parameters:
  • ea - address to format

get_bpt_tev_ea(tev)

 

Return the address of the specified TEV_BPT event

Parameters:
  • tev - event number

find_func_end(ea)

 

Determine a new function boundaries

Parameters:
  • ea - starting address of a new function
Returns:
if a function already exists, then return its end address. If a function end cannot be determined, the return BADADDR otherwise return the end address of the new function

get_first_enum_member(enum_id, bmask)

 

Get first constant in the enum

Parameters:
  • enum_id - id of enum
  • bmask - bitmask of the constant (ordinary enums accept only ida_enum.DEFMASK as a bitmask)
Returns:
value of constant or idaapi.BADNODE no constants are defined All constants are sorted by their values as unsigned longs.

warning(message)

 

Display a message in a message box

Parameters:
  • message - message to print (formatting is done in Python)

    This function can be used to debug IDC scripts The user will be able to hide messages if they appear twice in a row on the screen

run_to(ea)

 

Execute the process until the given address is reached. If no process is active, a new process is started. See the important note to the step_into() function

Returns:
success

get_frame_lvar_size(ea)

 

Get size of local variables in function frame

Parameters:
  • ea - any address belonging to the function
Returns:
Size of local variables in bytes. If the function doesn't have a frame, return 0 If the function does't exist, return None

add_struc_member(sid, name, offset, flag, typeid, nbytes, target=-1, tdelta=0, reftype=2)

 

Add structure member

Parameters:
  • sid - structure type ID
  • name - name of the new member
  • offset - offset of the new member -1 means to add at the end of the structure
  • flag - type of the new member. Should be one of FF_BYTE..FF_PACKREAL (see above) combined with FF_DATA
  • typeid - if isStruc(flag) then typeid specifies the structure id for the member if is_off0(flag) then typeid specifies the offset base. if is_strlit(flag) then typeid specifies the string type (STRTYPE_...). if is_stroff(flag) then typeid specifies the structure id if is_enum(flag) then typeid specifies the enum id if is_custom(flags) then typeid specifies the dtid and fid: dtid|(fid<<16) Otherwise typeid should be -1.
  • nbytes - number of bytes in the new member
  • target - target address of the offset expr. You may specify it as -1, ida will calculate it itself
  • tdelta - offset target delta. usually 0
  • reftype - see REF_... definitions
Returns:
0 - ok, otherwise error code (one of STRUC_ERROR_*)

Note: The remaining arguments are allowed only if is_off0(flag) and you want to specify a complex offset expression

append_func_tail(funcea, ea1, ea2)

 

Append a function chunk to the function

Parameters:
  • funcea - any address in the function
  • ea1 - start of function tail
  • ea2 - end of function tail
Returns:
0 if failed, 1 if success

Note: If a chunk exists at the specified addresses, it must have exactly the specified boundaries

set_name(ea, name, flags=0)

 

Rename an address

Parameters:
  • ea - linear address
  • name - new name of address. If name == "", then delete old name
  • flags - combination of SN_... constants
Returns:
1-ok, 0-failure

gen_simple_call_chart(outfile, title, flags)

 

Generate a function call graph GDL file

Parameters:
  • outfile - output file name. GDL extension will be used
  • title - graph title
  • flags - combination of CHART_GEN_GDL, CHART_WINGRAPH, CHART_NOLIBFUNCS

get_first_hash_key(hash_id)

 

Get the first key in the hash.

Parameters:
  • hash_id - The hash ID.
Returns:
the key, 0 otherwise.

get_next_struc_idx(index)

 

Get index of next structure type

Parameters:
  • index - current structure index
Returns:
BADADDR if no (more) structure type is defined index of the next structure type. See get_first_struc_idx() for the explanation of structure indices and IDs.

get_processes()

 

Take a snapshot of running processes and return their description.

Returns:
-1:network error, 0-failed, 1-ok

set_color(ea, what, color)

 

Set item color

Parameters:
  • ea - address of the item
  • what - type of the item (one of CIC_* constants)
  • color - new color code in RGB (hex 0xBBGGRR)
Returns:
success (True or False)

get_min_spd_ea(func_ea)

 

Return the address with the minimal spd (stack pointer delta) If there are no SP change points, then return BADADDR.

Parameters:
  • func_ea - function start
Returns:
BADDADDR - no such function

get_prev_fchunk(ea)

 

Get previous function chunk

Parameters:
  • ea - any address
Returns:
the starting address of the function chunk or BADADDR

Note: This function enumerates all chunks of all functions in the database

get_first_index(tag, array_id)

 

Get index of the first existing array element.

Parameters:
  • tag - Tag of array, specifies one of two array types: AR_LONG, AR_STR
  • array_id - The array ID.
Returns:
-1 if the array is empty, otherwise index of first array element of given type.

get_next_bmask(enum_id, value)

 

Get next bitmask in the enum (bitfield)

Parameters:
  • enum_id - id of enum
  • value - value of the current bitmask
Returns:
value of a bitmask with value higher than the specified value. -1 if no such bitmasks exist. All bitmasks are sorted by their values as unsigned longs.

get_next_enum_member(enum_id, value, bmask)

 

Get next constant in the enum

Parameters:
  • enum_id - id of enum
  • bmask - bitmask of the constant ordinary enums accept only ida_enum.DEFMASK as a bitmask
  • value - value of the current constant
Returns:
value of a constant with value higher than the specified value. idaapi.BADNODE no such constants exist. All constants are sorted by their values as unsigned longs.

get_member_size(sid, member_offset)

 

Get size of a member

Parameters:
  • sid - structure type ID
  • member_offset - member offset. The offset can be any offset in the member. For example, is a member is 4 bytes long and starts at offset 2, then 2,3,4,5 denote the same structure member.
Returns:
None if bad structure type ID is passed, or no such member in the structure otherwise returns size of the specified member in bytes.

set_segm_class(ea, segclass)

 

Change class of the segment

Parameters:
  • ea - any address in the segment
  • segclass - new class of the segment
Returns:
success (boolean)

get_frame_args_size(ea)

 

Get size of arguments in function frame which are purged upon return

Parameters:
  • ea - any address belonging to the function
Returns:
Size of function arguments in bytes. If the function doesn't have a frame, return 0 If the function does't exist, return -1

get_local_tinfo(ordinal)

 

Get local type information as 'typeinfo' object

Parameters:
  • ordinal - slot number (1...NumberOfLocalTypes)
Returns:
None on failure, or (type, fields, name) tuple.

GetDouble(ea)

 

Get value of a floating point number (8 bytes) This function assumes number stored using IEEE format and in the same endianness as integers.

Parameters:
  • ea - linear address
Returns:
double

create_custom_data(ea, size, dtid, fid)

 

Convert the item at address to custom data.

Parameters:
  • ea - linear address.
  • size - custom data size in bytes.
  • dtid - data type ID.
  • fid - data format ID.
Returns:
1-ok, 0-failure

add_enum(idx, name, flag)

 

Add a new enum type

Parameters:
  • idx - serial number of the new enum. If another enum with the same serial number exists, then all enums with serial numbers >= the specified idx get their serial numbers incremented (in other words, the new enum is put in the middle of the list of enums).

    If idx >= get_enum_qty() or idx == idaapi.BADNODE then the new enum is created at the end of the list of enums.

  • name - name of the enum.
  • flag - flags for representation of numeric constants in the definition of enum.
Returns:
id of new enum or BADADDR

save_database(idbname, flags=0)

 

Save current database to the specified idb file

Parameters:
  • idbname - name of the idb file. if empty, the current idb file will be used.
  • flags - combination of ida_loader.DBFL_... bits or 0

resume_thread(tid)

 

Resume thread

Parameters:
  • tid - thread id
Returns:
-1:network error, 0-failed, 1-ok

idadir()

 

Get IDA directory

This function returns the directory where IDA.EXE resides

op_num(ea, n)

 

Convert operand to a number (with default number base, radix)

Parameters:
  • ea - linear address
  • n - number of operand
    • 0 - the first operand
    • 1 - the second, third and all other operands
    • -1 - all operands

get_cmt(ea, repeatable)

 

Get regular indented comment

Parameters:
  • ea - linear address
  • repeatable - 1 to get the repeatable comment, 0 to get the normal comment
Returns:
string or None if it fails

get_next_func(ea)

 

Find next function

Parameters:
  • ea - any address belonging to the function
Returns:
BADADDR - no more functions otherwise returns the next function start address

op_man(ea, n, opstr)

 

Specify operand represenation manually.

Parameters:
  • ea - linear address
  • n - number of operand
    • 0 - the first operand
    • 1 - the second, third and all other operands
    • -1 - all operands
  • opstr - a string represenation of the operand

Note: IDA will not check the specified operand, it will simply display it instead of the orginal representation of the operand.

get_prev_hash_key(hash_id, key)

 

Get the previous key in the hash.

Parameters:
  • hash_id - The hash ID.
  • key - The current key.
Returns:
the previous key, 0 otherwise

EVAL_FAILURE(code)

 

Check the result of eval_idc() for evaluation failures

Parameters:
  • code - result of eval_idc()
Returns:
True if there was an evaluation error

set_enum_width(enum_id, width)

 

Set width of enum elements

Parameters:
  • enum_id - id of enum
  • width - element width in bytes (0-unknown)
Returns:
1-ok, 0-failed

set_array_long(array_id, idx, value)

 

Sets the long value of an array element.

Parameters:
  • array_id - The array ID.
  • idx - Index of an element.
  • value - 32bit or 64bit value to store in the array
Returns:
1 in case of success, 0 otherwise

qexit(code)

 

Stop execution of IDC program, close the database and exit to OS

Parameters:
  • code - code to exit with.
Returns:
-

set_segm_addressing(ea, bitness)

 

Change segment addressing

Parameters:
  • ea - any address in the segment
  • bitness - 0: 16bit, 1: 32bit, 2: 64bit
Returns:
success (boolean)

set_enum_member_cmt(const_id, cmt, repeatable)

 

Set a comment of a symbolic constant

Parameters:
  • const_id - id of const
  • cmt - new comment for the constant
  • repeatable - is the comment repeatable? 0: set regular comment 1: set repeatable comment
Returns:
1-ok, 0-failed

op_stroff(ea, n, strid, delta)

 

Convert operand to an offset in a structure

Parameters:
  • ea - linear address
  • n - number of operand
    • 0 - the first operand
    • 1 - the second, third and all other operands
    • -1 - all operands
  • strid - id of a structure type
  • delta - struct offset delta. usually 0. denotes the difference between the structure base and the pointer into the structure.

get_enum_member_cmt(const_id, repeatable)

 

Get comment of a constant

Parameters:
  • const_id - id of const
  • repeatable - 0:get regular comment, 1:get repeatable comment
Returns:
comment string

set_root_filename(path)

 

Set input file name This function updates the file name that is stored in the database It is used by the debugger and other parts of IDA Use it when the database is moved to another location or when you use remote debugging.

Parameters:
  • path - new input file path

create_strlit(ea, endea)

 

Create a string.

This function creates a string (the string type is determined by the value of get_inf_attr(INF_STRTYPE))

Parameters:
  • ea - linear address
  • endea - ending address of the string (excluded) if endea == BADADDR, then length of string will be calculated by the kernel
Returns:
1-ok, 0-failure

Note: The type of an existing string is returned by get_str_type()

add_segm_ex(startea, endea, base, use32, align, comb, flags)

 

Create a new segment

Parameters:
  • startea - linear address of the start of the segment
  • endea - linear address of the end of the segment this address will not belong to the segment 'endea' should be higher than 'startea'
  • base - base paragraph or selector of the segment. a paragraph is 16byte memory chunk. If a selector value is specified, the selector should be already defined.
  • use32 - 0: 16bit segment, 1: 32bit segment, 2: 64bit segment
  • align - segment alignment. see below for alignment values
  • comb - segment combination. see below for combination values.
  • flags - combination of ADDSEG_... bits
Returns:
0-failed, 1-ok

set_bpt_cond(ea, cnd, is_lowcnd=0)

 

Set breakpoint condition

Parameters:
  • ea - any address in the breakpoint range
  • cnd - breakpoint condition
  • is_lowcnd - 0 - regular condition, 1 - low level condition
Returns:
success

set_enum_idx(enum_id, idx)

 

Give another serial number to a enum

Parameters:
  • enum_id - id of enum
  • idx - new serial number. If another enum with the same serial number exists, then all enums with serial numbers >= the specified idx get their serial numbers incremented (in other words, the new enum is put in the middle of the list of enums).

    If idx >= get_enum_qty() then the enum is moved to the end of the list of enums.

Returns:
comment string

read_dbg_word(ea)

 

Get value of program word using the debugger memory

Parameters:
  • ea - linear address
Returns:
The value or None on failure.

send_dbg_command(cmd)

 

Sends a command to the debugger module and returns the output string. An exception will be raised if the debugger is not running or the current debugger does not export the 'send_dbg_command' IDC command.

get_bmask_cmt(enum_id, bmask, repeatable)

 

Get bitmask comment (only for bitfields)

Parameters:
  • enum_id - id of enum
  • bmask - bitmask of the constant
  • repeatable - type of comment, 0-regular, 1-repeatable
Returns:
comment attached to bitmask or None

get_last_member(sid)

 

Get offset of the last member of a structure

Parameters:
  • sid - structure type ID
Returns:
-1 if bad structure type ID is passed, ida_idaapi.BADADDR if structure has no members, otherwise returns offset of the last member.
Notes:
  • IDA allows 'holes' between members of a structure. It treats these 'holes' as unnamed arrays of bytes.
  • Union members are, in IDA's internals, located at subsequent byte offsets: member 0 -> offset 0x0, member 1 -> offset 0x1, etc...

get_enum_qty()

 

Get number of enum types

Returns:
number of enumerations

del_cref(From, To, undef)

 

Unmark exec flow 'from' 'to'

Parameters:
  • undef - make 'To' undefined if no more references to it
Returns:
1 - planned to be made undefined

op_seg(ea, n)

 

Convert operand to a segment expression

Parameters:
  • ea - linear address
  • n - number of operand
    • 0 - the first operand
    • 1 - the second, third and all other operands
    • -1 - all operands

step_over()

 

Execute one instruction in the current thread, but without entering into functions Others threads keep suspended. See the important note to the step_into() function

Returns:
success

get_tev_ea(tev)

 

Return the address of the specified event

Parameters:
  • tev - event number

add_func(start, end=4294967295)

 

Create a function

Parameters:
  • start - function bounds
  • end - function bounds

    If the function end address is BADADDR, then IDA will try to determine the function bounds automatically. IDA will define all necessary instructions to determine the function bounds.

Returns:
!=0 - ok

Note: an instruction should be present at the start address

get_module_name(base)

 

Get process module name

Parameters:
  • base - the base address of the module
Returns:
required info or None

set_func_cmt(ea, cmt, repeatable)

 

Set function comment

Parameters:
  • ea - any address belonging to the function
  • cmt - a function comment line
  • repeatable - 1: get repeatable comment 0: get regular comment

set_member_name(sid, member_offset, name)

 

Change structure member name

Parameters:
  • sid - structure type ID
  • member_offset - offset of the member
  • name - new name of the member
Returns:
!= 0 - ok.

set_bmask_name(enum_id, bmask, name)

 

Set bitmask name (only for bitfields)

Parameters:
  • enum_id - id of enum
  • bmask - bitmask of the constant
  • name - name of bitmask
Returns:
1-ok, 0-failed

get_tev_reg(tev, reg)

 

Return the register value for the specified event

Parameters:
  • tev - event number
  • reg - register name (like EAX, RBX, ...)

get_item_size(ea)

 

Get size of instruction or data item in bytes

Parameters:
  • ea - linear address
Returns:
1..n

print_operand(ea, n)

 

Get operand of an instruction or data

Parameters:
  • ea - linear address of the item
  • n - number of operand: 0 - the first operand 1 - the second operand
Returns:
the current text representation of operand or ""

get_func_off_str(ea)

 

Convert address to 'funcname+offset' string

Parameters:
  • ea - address to convert
Returns:
if the address belongs to a function then return a string formed as 'name+offset' where 'name' is a function name 'offset' is offset within the function else return null string

get_wide_word(ea)

 

Get value of program word (2 bytes)

Parameters:
  • ea - linear address
Returns:
the value of the word. If word has no value then returns 0xFFFF If the current byte size is different from 8 bits, then the returned value might have more 1's.

patch_dbg_byte(ea, value)

 

Change a byte in the debugged process memory only

Parameters:
  • ea - address
  • value - new value of the byte
Returns:
1 if successful, 0 if not

update_extra_cmt(ea, n, line)

 

Set or update extra comment line

Parameters:
  • ea - linear address
  • n - number of additional line (0..MAX_ITEM_LINES)
  • line - the line to display
Returns:
None

Note: IDA displays additional lines from number 0 up to the first unexisting additional line. So, if you specify additional line #150 and there is no additional line #149, your line will not be displayed. MAX_ITEM_LINES is defined in IDA.CFG

To set anterior line #n use (E_PREV + n) To set posterior line #n use (E_NEXT + n)

diff_trace_file(filename)

 

Diff current trace buffer against given trace

Parameters:
  • filename - trace file

get_module_size(base)

 

Get process module size

Parameters:
  • base - the base address of the module
Returns:
required info or -1

MakeVar(ea)

 

Mark the location as "variable"

Parameters:
  • ea - address to mark
Returns:
None

Note: All that IDA does is to mark the location as "variable". Nothing else, no additional analysis is performed. This function may disappear in the future.

SetType(ea, newtype)

 

Set type of function/variable

Parameters:
  • ea - the address of the object
  • newtype - the type string in C declaration form. Must contain the closing ';' if specified as an empty string, then the item associated with 'ea' will be deleted.
Returns:
1-ok, 0-failed.

find_text(ea, flag, y, x, searchstr)

 
Parameters:
  • ea - start address
  • flag - combination of SEARCH_* flags
  • y - number of text line at ea to start from (0..MAX_ITEM_LINES)
  • x - coordinate in this line
  • searchstr - search string
Returns:
ea of result or BADADDR if not found

get_frame_size(ea)

 

Get full size of function frame

Parameters:
  • ea - any address belonging to the function
Returns:
Size of function frame in bytes. This function takes into account size of local variables + size of saved registers + size of return address + size of function arguments If the function doesn't have a frame, return size of function return address in the stack. If the function does't exist, return 0

toggle_bnot(ea, n)

 

Toggle the bitwise not operator for the operand

Parameters:
  • ea - linear address
  • n - number of operand
    • 0 - the first operand
    • 1 - the second, third and all other operands
    • -1 - all operands

start_process(path, args, sdir)

 

Launch the debugger

Parameters:
  • path - path to the executable file.
  • args - command line arguments
  • sdir - initial directory for the process
Returns:
-1-failed, 0-cancelled by the user, 1-ok

Note: For all args: if empty, the default value from the database will be used See the important note to the step_into() function

add_hidden_range(start, end, description, header, footer, color)

 

Hide a range

Hidden ranges - address ranges which can be replaced by their descriptions

Parameters:
  • start - range start
  • end - range end
  • description - description to display if the range is collapsed
  • header - header lines to display if the range is expanded
  • footer - footer lines to display if the range is expanded
  • color - RGB color code (-1 means default color)
Returns:
!=0 - ok

get_enum_member_bmask(const_id)

 

Get bit mask of symbolic constant

Parameters:
  • const_id - id of symbolic constant
Returns:
bitmask of constant or 0 ordinary enums have bitmask = -1

prev_addr(ea)

 

Get previous address in the program

Parameters:
  • ea - linear address
Returns:
BADADDR - the specified address in the first address

get_prev_index(tag, array_id, idx)

 

Get index of the previous existing array element.

Parameters:
  • tag - Tag of array, specifies one of two array types: AR_LONG, AR_STR
  • array_id - The array ID.
  • idx - Index of the current element.
Returns:
-1 if no more elements, otherwise returns index of the previous array element of given type.

patch_word(ea, value)

 

Change value of a program word (2 bytes)

@param ea: linear address
@param value: new value of the word

@return: 1 if the database has been modified,
         0 if either the debugger is running and the process' memory
           has value 'value' at address 'ea',
           or the debugger is not running, and the IDB
           has value 'value' at address 'ea already.

del_selector(sel)

 

Delete a selector

Parameters:
  • sel - the selector number to delete
Returns:
None

Note: if the selector is found, it will be deleted

set_enum_cmt(enum_id, cmt, repeatable)

 

Set comment of enum

Parameters:
  • enum_id - id of enum
  • cmt - new comment for the enum
  • repeatable - is the comment repeatable?
    • 0:set regular comment
    • 1:set repeatable comment
Returns:
1-ok,0-failed

set_target_assembler(asmidx)

 

Set target assembler

Parameters:
  • asmidx - index of the target assembler in the array of assemblers for the current processor.
Returns:
1-ok, 0-failed

get_event_info()

 

Get debug event info

Returns:
event info: for LIBRARY_UNLOAD (unloaded library name) for INFORMATION (message to display)

is_valid_trace_file(filename)

 

Check the given binary trace file

Parameters:
  • filename - trace file

get_next_fchunk(ea)

 

Get next function chunk

Parameters:
  • ea - any address
Returns:
the starting address of the next function chunk or BADADDR

Note: This function enumerates all chunks of all functions in the database

update_hidden_range(ea, visible)

 

Set hidden range state

Parameters:
  • ea - any address belonging to the hidden range
  • visible - new state of the range
Returns:
!= 0 - ok

get_name(ea, gtn_flags=0)

 

Get name at the specified address

Parameters:
  • ea - linear address
  • gtn_flags - how exactly the name should be retrieved. combination of GN_ bits
Returns:
"" - byte has no name

get_db_byte(ea)

 

Get one byte (8-bit) of the program at 'ea' from the database even if the debugger is active

Parameters:
  • ea - linear address
Returns:
byte value. If the byte has no value then 0xFF is returned.

Note: If the current byte size is different from 8 bits, then the returned value may have more 1's. To check if a byte has a value, use is_loaded()

create_data(ea, flags, size, tid)

 

Create a data item at the specified address

Parameters:
  • ea - linear address
  • flags - FF_BYTE..FF_PACKREAL
  • size - size of item in bytes
  • tid - for FF_STRUCT the structure id
Returns:
1-ok, 0-failure

add_default_til(name)

 

Load a type library

Parameters:
  • name - name of type library.
Returns:
1-ok, 0-failed.

next_head(ea, maxea=4294967295)

 

Get next defined item (instruction or data) in the program

Parameters:
  • ea - linear address to start search from
  • maxea - the search will stop at the address maxea is not included in the search range
Returns:
BADADDR - no (more) defined items

get_str_type(ea)

 

Get string type

Parameters:
  • ea - linear address
Returns:
One of STRTYPE_... constants

get_enum(name)

 

Get enum ID by the name of enum

Arguments: name - name of enum

returns: ID of enum or -1 if no such enum exists

set_hash_string(hash_id, key, value)

 

Sets the string value of a hash element.

Parameters:
  • hash_id - The hash ID.
  • key - Key of an element.
  • value - string value to store in the hash
Returns:
1 in case of success, 0 otherwise

get_operand_type(ea, n)

 

Get type of instruction operand

Parameters:
  • ea - linear address of instruction
  • n - number of operand: 0 - the first operand 1 - the second operand
Returns:
any of o_* constants or -1 on error

set_fchunk_attr(ea, attr, value)

 

Set a function chunk attribute

Parameters:
  • ea - any address in the chunk
  • attr - only FUNCATTR_START, FUNCATTR_END, FUNCATTR_OWNER
  • value - desired value
Returns:
0 if failed, 1 if success

get_func_name(ea)

 

Retrieve function name

Parameters:
  • ea - any address belonging to the function
Returns:
null string - function doesn't exist otherwise returns function name

get_enum_flag(enum_id)

 

Get flag of enum

Parameters:
  • enum_id - ID of enum
Returns:
flags of enum. These flags determine representation of numeric constants (binary,octal,decimal,hex) in the enum definition. See start of this file for more information about flags. Returns 0 if enum_id is bad.

get_segm_by_sel(base)

 

Get segment by segment base

Parameters:
  • base - segment base paragraph or selector
Returns:
linear address of the start of the segment or BADADDR if no such segment

get_tev_mem(tev, idx)

 

Return the blob of memory pointed to by 'index', for the specified event

Note: this requires that the tracing options have been set to record pieces of memory for instruction events

Parameters:
  • tev - event number
  • idx - memory address index

get_type(ea)

 

Get type of function/variable

Parameters:
  • ea - the address of the object
Returns:
type string or None if failed

add_bpt(ea, size=0, bpttype=12)

 

Add a new breakpoint

Parameters:
  • ea - any address in the process memory space:
  • size - size of the breakpoint (irrelevant for software breakpoints):
  • bpttype - type of the breakpoint (one of BPT_... constants)
Returns:
success

Note: Only one breakpoint can exist at a given address.

set_struc_cmt(sid, comment, repeatable)

 

Change structure comment

Parameters:
  • sid - structure type ID
  • comment - new comment of the structure
  • repeatable - 1: change repeatable comment 0: change regular comment
Returns:
!= 0 - ok

can_exc_continue()

 

Can it continue after EXCEPTION event?

Returns:
boolean

force_bl_jump(ea)

 

Some ARM compilers in Thumb mode use BL (branch-and-link) instead of B (branch) for long jumps, since BL has more range. By default, IDA tries to determine if BL is a jump or a call. You can override IDA's decision using commands in Edit/Other menu (Force BL call/Force BL jump) or the following two functions.

Force BL instruction to be a jump

Parameters:
  • ea - address of the BL instruction
Returns:
1-ok, 0-failed

get_bpt_attr(ea, bptattr)

 

Get the characteristics of a breakpoint

Parameters:
  • ea - any address in the breakpoint range
  • bptattr - the desired attribute code, one of BPTATTR_... constants
Returns:
the desired attribute value or -1

process_config_line(directive)

 

Parse one or more ida.cfg config directives

Parameters:
  • directive - directives to process, for example: PACK_DATABASE=2

Note: If the directives are erroneous, a fatal error will be generated. The settings are permanent: effective for the current session and the next ones