Contains functions that deal with individual byte characteristics. More...
Classes | |
struct | octet_generator_t |
Get 8 bits of the program at 'ea'. More... | |
struct | data_type_t |
Information about a data type. More... | |
struct | data_format_t |
Information about a data format. More... | |
struct | compiled_binpat_t |
struct | hidden_range_t |
Hidden ranges - address ranges which can be replaced by their descriptions. More... | |
Macros | |
#define | ITEM_END_FIXUP 0x0001 |
stop at the first fixup | |
#define | ITEM_END_INITED 0x0002 |
stop when initialization changes i.e. More... | |
#define | ITEM_END_NAME 0x0004 |
stop at the first named location | |
#define | ITEM_END_XREF 0x0008 |
stop at the first referenced location | |
#define | GFE_VALUE 0x0001 |
get flags with FF_IVL & MS_VAL. More... | |
#define | GFE_IDB_VALUE 0x0002 |
get flags with FF_IVL & MS_VAL. More... | |
#define | MS_VAL 0x000000FFLU |
Mask for byte value. | |
#define | FF_IVL 0x00000100LU |
Byte has value ? | |
#define | GMB_READALL 0x01 |
try to read all bytes; if this bit is not set, fail at first uninited byte | |
#define | GMB_WAITBOX 0x02 |
show wait box (may return -1 in this case) | |
#define | MS_CLS 0x00000600LU |
Mask for typing. | |
#define | FF_CODE 0x00000600LU |
Code ? | |
#define | FF_DATA 0x00000400LU |
Data ? | |
#define | FF_TAIL 0x00000200LU |
Tail ? | |
#define | FF_UNK 0x00000000LU |
Unknown ? | |
#define | DELIT_SIMPLE 0x0000 |
simply undefine the specified item(s) | |
#define | DELIT_EXPAND 0x0001 |
propagate undefined items; for example if removing an instruction removes all references to the next instruction, then plan to convert to unexplored the next instruction too. More... | |
#define | DELIT_DELNAMES 0x0002 |
delete any names at the specified address range (except for the starting address). More... | |
#define | DELIT_NOTRUNC 0x0004 |
don't truncate the current function even if AF_TRFUNC is set | |
#define | DELIT_NOUNAME 0x0008 |
reject to delete if a user name is in address range (except for the starting address). More... | |
#define | DELIT_NOCMT 0x0010 |
reject to delete if a comment is in address range (except for the starting address). More... | |
#define | DELIT_KEEPFUNC 0x0020 |
do not undefine the function start. More... | |
#define | MS_COMM 0x000FF800 |
Mask of common bits. | |
#define | FF_COMM 0x00000800 |
Has comment ? | |
#define | FF_REF 0x00001000 |
has references | |
#define | FF_LINE 0x00002000 |
Has next or prev lines ? | |
#define | FF_NAME 0x00004000 |
Has name ? | |
#define | FF_LABL 0x00008000 |
Has dummy name? | |
#define | FF_FLOW 0x00010000 |
Exec flow from prev instruction. | |
#define | FF_SIGN 0x00020000 |
Inverted sign of operands. | |
#define | FF_BNOT 0x00040000 |
Bitwise negation of operands. | |
#define | FF_UNUSED 0x00080000 |
unused bit (was used for variable bytes) | |
#define | FF_ANYNAME (FF_LABL|FF_NAME) |
#define | MS_0TYPE 0x00F00000LU |
Mask for 1st arg typing. | |
#define | FF_0VOID 0x00000000LU |
Void (unknown)? | |
#define | FF_0NUMH 0x00100000LU |
Hexadecimal number? | |
#define | FF_0NUMD 0x00200000LU |
Decimal number? | |
#define | FF_0CHAR 0x00300000LU |
Char ('x')? | |
#define | FF_0SEG 0x00400000LU |
Segment? | |
#define | FF_0OFF 0x00500000LU |
Offset? | |
#define | FF_0NUMB 0x00600000LU |
Binary number? | |
#define | FF_0NUMO 0x00700000LU |
Octal number? | |
#define | FF_0ENUM 0x00800000LU |
Enumeration? | |
#define | FF_0FOP 0x00900000LU |
Forced operand? | |
#define | FF_0STRO 0x00A00000LU |
Struct offset? | |
#define | FF_0STK 0x00B00000LU |
Stack variable? | |
#define | FF_0FLT 0x00C00000LU |
Floating point number? | |
#define | FF_0CUST 0x00D00000LU |
Custom representation? | |
#define | MS_1TYPE 0x0F000000LU |
Mask for the type of other operands. | |
#define | FF_1VOID 0x00000000LU |
Void (unknown)? | |
#define | FF_1NUMH 0x01000000LU |
Hexadecimal number? | |
#define | FF_1NUMD 0x02000000LU |
Decimal number? | |
#define | FF_1CHAR 0x03000000LU |
Char ('x')? | |
#define | FF_1SEG 0x04000000LU |
Segment? | |
#define | FF_1OFF 0x05000000LU |
Offset? | |
#define | FF_1NUMB 0x06000000LU |
Binary number? | |
#define | FF_1NUMO 0x07000000LU |
Octal number? | |
#define | FF_1ENUM 0x08000000LU |
Enumeration? | |
#define | FF_1FOP 0x09000000LU |
Forced operand? | |
#define | FF_1STRO 0x0A000000LU |
Struct offset? | |
#define | FF_1STK 0x0B000000LU |
Stack variable? | |
#define | FF_1FLT 0x0C000000LU |
Floating point number? | |
#define | FF_1CUST 0x0D000000LU |
Custom representation? | |
#define | OPND_OUTER 0x80 |
outer offset base (combined with operand number). More... | |
#define | OPND_MASK 0x0F |
mask for operand number | |
#define | OPND_ALL OPND_MASK |
all operands | |
#define | DT_TYPE 0xF0000000 |
Mask for DATA typing. | |
#define | FF_BYTE 0x00000000 |
byte | |
#define | FF_WORD 0x10000000 |
word | |
#define | FF_DWORD 0x20000000 |
double word | |
#define | FF_QWORD 0x30000000 |
quadro word | |
#define | FF_TBYTE 0x40000000 |
tbyte | |
#define | FF_STRLIT 0x50000000 |
string literal | |
#define | FF_STRUCT 0x60000000 |
struct variable | |
#define | FF_OWORD 0x70000000 |
octaword/xmm word (16 bytes/128 bits) | |
#define | FF_FLOAT 0x80000000 |
float | |
#define | FF_DOUBLE 0x90000000 |
double | |
#define | FF_PACKREAL 0xA0000000 |
packed decimal real | |
#define | FF_ALIGN 0xB0000000 |
alignment directive | |
#define | FF_CUSTOM 0xD0000000 |
custom data type | |
#define | FF_YWORD 0xE0000000 |
ymm word (32 bytes/256 bits) | |
#define | FF_ZWORD 0xF0000000 |
zmm word (64 bytes/512 bits) | |
#define | ALOPT_IGNHEADS 0x01 |
don't stop if another data item is encountered. More... | |
#define | ALOPT_IGNPRINT 0x02 |
if set, don't stop at non-printable codepoints, but only at the terminating character (or not unicode-mapped character (e.g., 0x8f in CP1252)) | |
#define | ALOPT_IGNCLT 0x04 |
if set, don't stop at codepoints that are not part of the current 'culture'; accept all those that are graphical (this is typically used used by user-initiated actions creating string literals.) | |
#define | ALOPT_MAX4K 0x08 |
if string length is more than 4K, return the accumulated length | |
#define | ALOPT_ONLYTERM 0x10 |
only the termination characters can be at the string end. More... | |
#define | STRCONV_ESCAPE 0x00000001 |
convert non-printable characters to C escapes ( , \xNN, \uNNNN) | |
#define | STRCONV_REPLCHAR 0x00000002 |
convert non-printable characters to the Unicode replacement character (U+FFFD) | |
#define | STRCONV_INCLLEN 0x00000004 |
for Pascal-style strings, include the prefixing length byte(s) as C-escaped sequence | |
#define | PSTF_TNORM 0 |
use normal name | |
#define | PSTF_TBRIEF 1 |
use brief name (e.g., in the 'Strings' window) | |
#define | PSTF_TINLIN 2 |
use 'inline' name (e.g., in the structures comments) | |
#define | PSTF_TMASK 3 |
type mask | |
#define | PSTF_HOTKEY 0x4 |
have hotkey markers part of the name | |
#define | PSTF_ENC 0x8 |
if encoding is specified, append it | |
#define | PSTF_ONLY_ENC 0xB |
generate only the encoding name | |
#define | MS_CODE 0xF0000000LU |
Mask for code bits. | |
#define | FF_FUNC 0x10000000LU |
function start? | |
#define | FF_IMMD 0x40000000LU |
Has Immediate value ? | |
#define | FF_JUMP 0x80000000LU |
Has jump table or switch_info? | |
#define | DTP_NODUP 0x0001 |
do not use dup construct | |
#define | PBSENC_DEF1BPU 0 |
#define | PBSENC_ALL -1 |
#define | BIN_SEARCH_CASE 0x01 |
case sensitive | |
#define | BIN_SEARCH_NOCASE 0x00 |
case insensitive | |
#define | BIN_SEARCH_NOBREAK 0x02 |
don't check for Ctrl-Break | |
#define | BIN_SEARCH_INITED 0x04 |
find_byte, find_byter: any initilized value | |
#define | BIN_SEARCH_NOSHOW 0x08 |
don't show search progress or update screen | |
#define | BIN_SEARCH_FORWARD 0x00 |
search forward for bytes | |
#define | BIN_SEARCH_BACKWARD 0x10 |
search backward for bytes | |
#define | BIN_SEARCH_BITMASK 0x20 |
searching using strict bit mask | |
#define | SKIP_FF_MASK ((const uchar *)0xFF) |
Used by equal_bytes() to skip 0xFF when searching the program. | |
#define | GET_ITEM_HEAD_BODY |
Typedefs | |
typedef tid_t | enum_t |
typedef bool idaapi | testf_t(flags64_t flags, void *ud) |
Flag tester - see next_that(), prev_that() | |
typedef bool idaapi | may_destroy_cb_t(ea_t) |
del_items' callback function | |
typedef qvector< compiled_binpat_t > | compiled_binpat_vec_t |
Functions | |
idaman error_t ida_export | enable_flags (ea_t start_ea, ea_t end_ea, storage_type_t stt) |
Allocate flags for address range. More... | |
idaman error_t ida_export | disable_flags (ea_t start_ea, ea_t end_ea) |
Deallocate flags for address range. More... | |
idaman error_t ida_export | change_storage_type (ea_t start_ea, ea_t end_ea, storage_type_t stt) |
Change flag storage type for address range. More... | |
idaman ea_t ida_export | next_addr (ea_t ea) |
Get next address in the program (i.e. More... | |
idaman ea_t ida_export | prev_addr (ea_t ea) |
Get previous address in the program. More... | |
idaman ea_t ida_export | next_chunk (ea_t ea) |
Get the first address of next contiguous chunk in the program. More... | |
idaman ea_t ida_export | prev_chunk (ea_t ea) |
Get the last address of previous contiguous chunk in the program. More... | |
idaman ea_t ida_export | chunk_start (ea_t ea) |
Get start of the contiguous address block containing 'ea'. More... | |
idaman asize_t ida_export | chunk_size (ea_t ea) |
Get size of the contiguous address block containing 'ea'. More... | |
idaman ea_t ida_export | find_free_chunk (ea_t start, asize_t size, asize_t alignment) |
Search for a hole in the addressing space of the program. More... | |
idaman ea_t ida_export | next_that (ea_t ea, ea_t maxea, testf_t *testf, void *ud=nullptr) |
Find next address with a flag satisfying the function 'testf'. More... | |
ea_t idaapi | next_unknown (ea_t ea, ea_t maxea) |
Similar to next_that(), but will find the next address that is unexplored. | |
idaman ea_t ida_export | prev_that (ea_t ea, ea_t minea, testf_t *testf, void *ud=nullptr) |
Find previous address with a flag satisfying the function 'testf'. More... | |
ea_t idaapi | prev_unknown (ea_t ea, ea_t minea) |
Similar to prev_that(), but will find the previous address that is unexplored. | |
idaman ea_t ida_export | prev_head (ea_t ea, ea_t minea) |
Get start of previous defined item. More... | |
idaman ea_t ida_export | next_head (ea_t ea, ea_t maxea) |
Get start of next defined item. More... | |
idaman ea_t ida_export | prev_not_tail (ea_t ea) |
Get address of previous non-tail byte. More... | |
idaman ea_t ida_export | next_not_tail (ea_t ea) |
Get address of next non-tail byte. More... | |
ea_t | adjust_visea (ea_t ea) |
Adjust the address and get the nearest visible address. More... | |
idaman ea_t ida_export | prev_visea (ea_t ea) |
Get previous visible address. More... | |
idaman ea_t ida_export | next_visea (ea_t ea) |
Get next visible address. More... | |
bool | is_first_visea (ea_t ea) |
Is an address the first visible address? | |
bool | is_last_visea (ea_t ea) |
Is an address the last visible address? | |
bool | is_visible_finally (ea_t ea) |
Is the address visible on the screen (not hidden)? | |
ea_t idaapi | get_item_head (ea_t ea) |
Get the start address of the item at 'ea'. More... | |
idaman ea_t ida_export | get_item_end (ea_t ea) |
Get the end address of the item at 'ea'. More... | |
idaman ea_t ida_export | calc_max_item_end (ea_t ea, int how=15) |
Calculate maximal reasonable end address of a new item. More... | |
asize_t | get_item_size (ea_t ea) |
Get size of item (instruction/data) in bytes. More... | |
idaman bool ida_export | is_mapped (ea_t ea) |
Is the specified address 'ea' present in the program? | |
idaman flags64_t ida_export | get_flags_ex (ea_t ea, int how) |
Get flags for the specified address, extended form. | |
flags64_t idaapi | get_flags (ea_t ea) |
get flags with FF_IVL & MS_VAL. More... | |
flags64_t idaapi | get_full_flags (ea_t ea) |
Get flags value for address 'ea'. More... | |
idaman flags64_t ida_export | get_item_flag (ea_t from, int n, ea_t ea, bool appzero) |
Get flag of the item at 'ea' even if it is a tail byte of some array or structure. More... | |
THREAD_SAFE bool idaapi | has_value (flags64_t F) |
Do flags contain byte value? | |
idaman void ida_export | del_value (ea_t ea) |
Delete byte value from flags. More... | |
idaman bool ida_export | is_loaded (ea_t ea) |
Does the specified address have a byte value (is initialized?) | |
idaman int ida_export | nbits (ea_t ea) |
Get number of bits in a byte at the given address. More... | |
int | bytesize (ea_t ea) |
Get number of bytes required to store a byte at the given address. | |
idaman uchar ida_export | get_byte (ea_t ea) |
Get one byte (8-bit) of the program at 'ea'. More... | |
idaman uchar ida_export | get_db_byte (ea_t ea) |
Get one byte (8-bit) of the program at 'ea' from the database. More... | |
idaman ushort ida_export | get_word (ea_t ea) |
Get one word (16-bit) of the program at 'ea'. More... | |
idaman uint32 ida_export | get_dword (ea_t ea) |
Get one dword (32-bit) of the program at 'ea'. More... | |
idaman uint64 ida_export | get_qword (ea_t ea) |
Get one qword (64-bit) of the program at 'ea'. More... | |
idaman uint64 ida_export | get_wide_byte (ea_t ea) |
Get one wide byte of the program at 'ea'. More... | |
idaman uint64 ida_export | get_wide_word (ea_t ea) |
Get one wide word (2 'byte') of the program at 'ea'. More... | |
idaman uint64 ida_export | get_wide_dword (ea_t ea) |
Get two wide words (4 'bytes') of the program at 'ea'. More... | |
idaman bool ida_export | get_octet2 (uchar *out, octet_generator_t *ogen) |
idaman uint32 ida_export | get_16bit (ea_t ea) |
Get 16bits of the program at 'ea'. More... | |
idaman uint32 ida_export | get_32bit (ea_t ea) |
Get not more than 32bits of the program at 'ea'. More... | |
idaman uint64 ida_export | get_64bit (ea_t ea) |
Get not more than 64bits of the program at 'ea'. More... | |
idaman bool ida_export | get_data_value (uval_t *v, ea_t ea, asize_t size) |
Get the value at of the item at 'ea'. More... | |
idaman int ida_export | visit_patched_bytes (ea_t ea1, ea_t ea2, int(idaapi *cb)(ea_t ea, qoff64_t fpos, uint64 o, uint64 v, void *ud), void *ud=nullptr) |
Visit all the patched bytes one byte at a time. More... | |
idaman uint64 ida_export | get_original_byte (ea_t ea) |
Get original byte value (that was before patching). More... | |
idaman uint64 ida_export | get_original_word (ea_t ea) |
Get original word value (that was before patching). More... | |
idaman uint64 ida_export | get_original_dword (ea_t ea) |
Get original dword (that was before patching) This function works for wide byte processors too. More... | |
idaman uint64 ida_export | get_original_qword (ea_t ea) |
Get original qword value (that was before patching) This function DOESN'T work for wide byte processors too. More... | |
idaman bool ida_export | put_byte (ea_t ea, uint64 x) |
Set value of one byte of the program. More... | |
idaman void ida_export | put_word (ea_t ea, uint64 x) |
Set value of one word of the program. More... | |
idaman void ida_export | put_dword (ea_t ea, uint64 x) |
Set value of one dword of the program. More... | |
idaman void ida_export | put_qword (ea_t ea, uint64 x) |
Set value of one qword (8 bytes) of the program. More... | |
idaman bool ida_export | patch_byte (ea_t ea, uint64 x) |
Patch a byte of the program. More... | |
idaman bool ida_export | patch_word (ea_t ea, uint64 x) |
Patch a word of the program. More... | |
idaman bool ida_export | patch_dword (ea_t ea, uint64 x) |
Patch a dword of the program. More... | |
idaman bool ida_export | patch_qword (ea_t ea, uint64 x) |
Patch a qword of the program. More... | |
idaman bool ida_export | revert_byte (ea_t ea) |
Revert patched byte. More... | |
idaman void ida_export | add_byte (ea_t ea, uint32 value) |
Add a value to one byte of the program. More... | |
idaman void ida_export | add_word (ea_t ea, uint64 value) |
Add a value to one word of the program. More... | |
idaman void ida_export | add_dword (ea_t ea, uint64 value) |
Add a value to one dword of the program. More... | |
idaman void ida_export | add_qword (ea_t ea, uint64 value) |
Add a value to one qword of the program. More... | |
idaman bool ida_export | get_zero_ranges (rangeset_t *zranges, const range_t *range) |
Return set of ranges with zero initialized bytes. More... | |
idaman ssize_t ida_export | get_bytes (void *buf, ssize_t size, ea_t ea, int gmb_flags=0, void *mask=nullptr) |
Get the specified number of bytes of the program into the buffer. More... | |
idaman void ida_export | put_bytes (ea_t ea, const void *buf, size_t size) |
Modify the specified number of bytes of the program. More... | |
idaman void ida_export | patch_bytes (ea_t ea, const void *buf, size_t size) |
Patch the specified number of bytes of the program. More... | |
THREAD_SAFE bool idaapi | is_code (flags64_t F) |
Does flag denote start of an instruction? | |
THREAD_SAFE bool idaapi | f_is_code (flags64_t F, void *) |
Does flag denote start of an instruction? More... | |
THREAD_SAFE bool idaapi | is_data (flags64_t F) |
Does flag denote start of data? | |
THREAD_SAFE bool idaapi | f_is_data (flags64_t F, void *) |
Does flag denote start of data? More... | |
THREAD_SAFE bool idaapi | is_tail (flags64_t F) |
Does flag denote tail byte? | |
THREAD_SAFE bool idaapi | f_is_tail (flags64_t F, void *) |
Does flag denote tail byte? More... | |
THREAD_SAFE bool idaapi | is_not_tail (flags64_t F) |
Does flag denote tail byte? More... | |
THREAD_SAFE bool idaapi | f_is_not_tail (flags64_t F, void *) |
Does flag denote tail byte? More... | |
THREAD_SAFE bool idaapi | is_unknown (flags64_t F) |
Does flag denote unexplored byte? | |
THREAD_SAFE bool idaapi | is_head (flags64_t F) |
Does flag denote start of instruction OR data? | |
THREAD_SAFE bool idaapi | f_is_head (flags64_t F, void *) |
Does flag denote start of instruction OR data? More... | |
idaman bool ida_export | del_items (ea_t ea, int flags=0, asize_t nbytes=1, may_destroy_cb_t *may_destroy=nullptr) |
Convert item (instruction/data) to unexplored bytes. More... | |
idaman bool ida_export | is_manual_insn (ea_t ea) |
Is the instruction overridden? More... | |
idaman ssize_t ida_export | get_manual_insn (qstring *buf, ea_t ea) |
Retrieve the user-specified string for the manual instruction. More... | |
idaman void ida_export | set_manual_insn (ea_t ea, const char *manual_insn) |
Set manual instruction string. More... | |
THREAD_SAFE bool idaapi | is_flow (flags64_t F) |
Does the previous instruction exist and pass execution flow to the current byte? | |
THREAD_SAFE bool idaapi | has_extra_cmts (flags64_t F) |
Does the current byte have additional anterior or posterior lines? | |
THREAD_SAFE bool idaapi | f_has_extra_cmts (flags64_t f, void *) |
THREAD_SAFE bool idaapi | has_cmt (flags64_t F) |
Does the current byte have an indented comment? | |
THREAD_SAFE bool idaapi | f_has_cmt (flags64_t f, void *) |
THREAD_SAFE bool idaapi | has_xref (flags64_t F) |
Does the current byte have cross-references to it? | |
THREAD_SAFE bool idaapi | f_has_xref (flags64_t f, void *) |
Does the current byte have cross-references to it? More... | |
THREAD_SAFE bool idaapi | has_name (flags64_t F) |
Does the current byte have non-trivial (non-dummy) name? | |
THREAD_SAFE bool idaapi | f_has_name (flags64_t f, void *) |
Does the current byte have non-trivial (non-dummy) name? More... | |
THREAD_SAFE bool idaapi | has_dummy_name (flags64_t F) |
Does the current byte have dummy (auto-generated, with special prefix) name? | |
THREAD_SAFE bool idaapi | f_has_dummy_name (flags64_t f, void *) |
Does the current byte have dummy (auto-generated, with special prefix) name? More... | |
THREAD_SAFE bool idaapi | has_auto_name (flags64_t F) |
Does the current byte have auto-generated (no special prefix) name? | |
THREAD_SAFE bool idaapi | has_any_name (flags64_t F) |
Does the current byte have any name? | |
THREAD_SAFE bool idaapi | has_user_name (flags64_t F) |
Does the current byte have user-specified name? | |
THREAD_SAFE bool idaapi | f_has_user_name (flags64_t F, void *) |
Does the current byte have user-specified name? More... | |
idaman bool ida_export | is_invsign (ea_t ea, flags64_t F, int n) |
Should sign of n-th operand inverted during output?. More... | |
idaman bool ida_export | toggle_sign (ea_t ea, int n) |
Toggle sign of n-th operand. More... | |
idaman bool ida_export | is_bnot (ea_t ea, flags64_t F, int n) |
Should we negate the operand?. More... | |
idaman bool ida_export | toggle_bnot (ea_t ea, int n) |
Toggle binary negation of operand. also see is_bnot() | |
idaman bool ida_export | is_lzero (ea_t ea, int n) |
Display leading zeroes? Display leading zeroes in operands. More... | |
idaman bool ida_export | set_lzero (ea_t ea, int n) |
Set toggle lzero bit. More... | |
idaman bool ida_export | clr_lzero (ea_t ea, int n) |
Clear toggle lzero bit. More... | |
bool idaapi | toggle_lzero (ea_t ea, int n) |
Toggle lzero bit. More... | |
idaman bool ida_export | leading_zero_important (ea_t ea, int n) |
Check if leading zeroes are important. | |
THREAD_SAFE bool idaapi | is_defarg0 (flags64_t F) |
Is the first operand defined? Initially operand has no defined representation. | |
THREAD_SAFE bool idaapi | is_defarg1 (flags64_t F) |
Is the second operand defined? Initially operand has no defined representation. | |
THREAD_SAFE bool idaapi | is_off0 (flags64_t F) |
Is the first operand offset? (example: push offset xxx) | |
THREAD_SAFE bool idaapi | is_off1 (flags64_t F) |
Is the second operand offset? (example: mov ax, offset xxx) | |
THREAD_SAFE bool idaapi | is_char0 (flags64_t F) |
Is the first operand character constant? (example: push 'a') | |
THREAD_SAFE bool idaapi | is_char1 (flags64_t F) |
Is the second operand character constant? (example: mov al, 'a') | |
THREAD_SAFE bool idaapi | is_seg0 (flags64_t F) |
Is the first operand segment selector? (example: push seg seg001) | |
THREAD_SAFE bool idaapi | is_seg1 (flags64_t F) |
Is the second operand segment selector? (example: mov dx, seg dseg) | |
THREAD_SAFE bool idaapi | is_enum0 (flags64_t F) |
Is the first operand a symbolic constant (enum member)? | |
THREAD_SAFE bool idaapi | is_enum1 (flags64_t F) |
Is the second operand a symbolic constant (enum member)? | |
THREAD_SAFE bool idaapi | is_stroff0 (flags64_t F) |
Is the first operand an offset within a struct? | |
THREAD_SAFE bool idaapi | is_stroff1 (flags64_t F) |
Is the second operand an offset within a struct? | |
THREAD_SAFE bool idaapi | is_stkvar0 (flags64_t F) |
Is the first operand a stack variable? | |
THREAD_SAFE bool idaapi | is_stkvar1 (flags64_t F) |
Is the second operand a stack variable? | |
THREAD_SAFE bool idaapi | is_float0 (flags64_t F) |
Is the first operand a floating point number? | |
THREAD_SAFE bool idaapi | is_float1 (flags64_t F) |
Is the second operand a floating point number? | |
THREAD_SAFE bool idaapi | is_custfmt0 (flags64_t F) |
Does the first operand use a custom data representation? | |
THREAD_SAFE bool idaapi | is_custfmt1 (flags64_t F) |
Does the second operand use a custom data representation? | |
idaman bool ida_export | is_numop0 (flags64_t F) |
Is the first operand a number (i.e. binary, octal, decimal or hex?) | |
idaman bool ida_export | is_numop1 (flags64_t F) |
Is the second operand a number (i.e. binary, octal, decimal or hex?) | |
THREAD_SAFE flags64_t | get_optype_flags0 (flags64_t F) |
Get flags for first operand. | |
THREAD_SAFE flags64_t | get_optype_flags1 (flags64_t F) |
Get flags for second operand. | |
idaman bool ida_export | is_defarg (flags64_t F, int n) |
is defined? | |
idaman bool ida_export | is_off (flags64_t F, int n) |
is offset? | |
idaman bool ida_export | is_char (flags64_t F, int n) |
is character constant? | |
idaman bool ida_export | is_seg (flags64_t F, int n) |
is segment? | |
idaman bool ida_export | is_enum (flags64_t F, int n) |
is enum? | |
idaman bool ida_export | is_manual (flags64_t F, int n) |
is forced operand? (use is_forced_operand()) | |
idaman bool ida_export | is_stroff (flags64_t F, int n) |
is struct offset? | |
idaman bool ida_export | is_stkvar (flags64_t F, int n) |
is stack variable? | |
idaman bool ida_export | is_fltnum (flags64_t F, int n) |
is floating point number? | |
idaman bool ida_export | is_custfmt (flags64_t F, int n) |
is custom data format? | |
idaman bool ida_export | is_numop (flags64_t F, int n) |
is number (bin, oct, dec, hex)? | |
idaman bool ida_export | is_suspop (ea_t ea, flags64_t F, int n) |
is suspicious operand? | |
idaman bool ida_export | op_adds_xrefs (flags64_t F, int n) |
Should processor module create xrefs from the operand?. More... | |
idaman bool ida_export | set_op_type (ea_t ea, flags64_t type, int n) |
(internal function) change representation of operand(s). More... | |
idaman bool ida_export | op_seg (ea_t ea, int n) |
Set operand representation to be 'segment'. More... | |
idaman bool ida_export | op_enum (ea_t ea, int n, enum_t id, uchar serial) |
Set operand representation to be 'enum_t'. More... | |
idaman enum_t ida_export | get_enum_id (uchar *serial, ea_t ea, int n) |
Get enum id of 'enum' operand. More... | |
idaman bool ida_export | op_stroff (const insn_t &insn, int n, const tid_t *path, int path_len, adiff_t delta) |
Set operand representation to be 'struct offset'. More... | |
idaman int ida_export | get_stroff_path (tid_t *path, adiff_t *delta, ea_t ea, int n) |
Get struct path of operand. More... | |
idaman bool ida_export | op_stkvar (ea_t ea, int n) |
Set operand representation to be 'stack variable'. More... | |
idaman bool ida_export | set_forced_operand (ea_t ea, int n, const char *op) |
Set forced operand. More... | |
idaman ssize_t ida_export | get_forced_operand (qstring *buf, ea_t ea, int n) |
Get forced operand. More... | |
idaman bool ida_export | is_forced_operand (ea_t ea, int n) |
Is operand manually defined?. More... | |
constexpr flags64_t idaapi | char_flag (void) |
see Bits: instruction operand types | |
constexpr flags64_t idaapi | off_flag (void) |
see Bits: instruction operand types | |
constexpr flags64_t idaapi | enum_flag (void) |
see Bits: instruction operand types | |
constexpr flags64_t idaapi | stroff_flag (void) |
see Bits: instruction operand types | |
constexpr flags64_t idaapi | stkvar_flag (void) |
see Bits: instruction operand types | |
constexpr flags64_t idaapi | flt_flag (void) |
see Bits: instruction operand types | |
constexpr flags64_t idaapi | custfmt_flag (void) |
see Bits: instruction operand types | |
constexpr flags64_t idaapi | seg_flag (void) |
see Bits: instruction operand types | |
idaman flags64_t ida_export | num_flag (void) |
Get number of default base (bin, oct, dec, hex) | |
constexpr flags64_t idaapi | hex_flag (void) |
Get number flag of the base, regardless of current processor - better to use num_flag() | |
constexpr flags64_t idaapi | dec_flag (void) |
Get number flag of the base, regardless of current processor - better to use num_flag() More... | |
constexpr flags64_t idaapi | oct_flag (void) |
Get number flag of the base, regardless of current processor - better to use num_flag() More... | |
constexpr flags64_t idaapi | bin_flag (void) |
Get number flag of the base, regardless of current processor - better to use num_flag() More... | |
bool idaapi | op_chr (ea_t ea, int n) |
set op type to char_flag() | |
bool idaapi | op_num (ea_t ea, int n) |
set op type to num_flag() | |
bool idaapi | op_hex (ea_t ea, int n) |
set op type to hex_flag() | |
bool idaapi | op_dec (ea_t ea, int n) |
set op type to dec_flag() | |
bool idaapi | op_oct (ea_t ea, int n) |
set op type to oct_flag() | |
bool idaapi | op_bin (ea_t ea, int n) |
set op type to bin_flag() | |
bool idaapi | op_flt (ea_t ea, int n) |
set op type to flt_flag() | |
idaman bool ida_export | op_custfmt (ea_t ea, int n, int fid) |
Set custom data format for operand (fid-custom data format id) | |
idaman bool ida_export | clr_op_type (ea_t ea, int n) |
Remove operand representation information. More... | |
idaman int ida_export | get_default_radix (void) |
Get default base of number for the current processor. More... | |
idaman int ida_export | get_radix (flags64_t F, int n) |
Get radix of the operand, in: flags. More... | |
constexpr flags64_t idaapi | code_flag (void) |
FF_CODE | |
constexpr flags64_t idaapi | byte_flag (void) |
Get a flags64_t representing a byte. | |
constexpr flags64_t idaapi | word_flag (void) |
Get a flags64_t representing a word. | |
constexpr flags64_t idaapi | dword_flag (void) |
Get a flags64_t representing a double word. | |
constexpr flags64_t idaapi | qword_flag (void) |
Get a flags64_t representing a quad word. | |
constexpr flags64_t idaapi | oword_flag (void) |
Get a flags64_t representing a octaword. | |
constexpr flags64_t idaapi | yword_flag (void) |
Get a flags64_t representing a ymm word. | |
constexpr flags64_t idaapi | zword_flag (void) |
Get a flags64_t representing a zmm word. | |
constexpr flags64_t idaapi | tbyte_flag (void) |
Get a flags64_t representing a tbyte. | |
constexpr flags64_t idaapi | strlit_flag (void) |
Get a flags64_t representing a string literal. | |
constexpr flags64_t idaapi | stru_flag (void) |
Get a flags64_t representing a struct. | |
constexpr flags64_t idaapi | cust_flag (void) |
Get a flags64_t representing custom type data. | |
constexpr flags64_t idaapi | align_flag (void) |
Get a flags64_t representing an alignment directive. | |
constexpr flags64_t idaapi | float_flag (void) |
Get a flags64_t representing a float. | |
constexpr flags64_t idaapi | double_flag (void) |
Get a flags64_t representing a double. | |
constexpr flags64_t idaapi | packreal_flag (void) |
Get a flags64_t representing a packed decimal real. | |
THREAD_SAFE bool idaapi | is_byte (flags64_t F) |
FF_BYTE | |
THREAD_SAFE bool idaapi | is_word (flags64_t F) |
FF_WORD | |
THREAD_SAFE bool idaapi | is_dword (flags64_t F) |
FF_DWORD | |
THREAD_SAFE bool idaapi | is_qword (flags64_t F) |
FF_QWORD | |
THREAD_SAFE bool idaapi | is_oword (flags64_t F) |
FF_OWORD | |
THREAD_SAFE bool idaapi | is_yword (flags64_t F) |
FF_YWORD | |
THREAD_SAFE bool idaapi | is_zword (flags64_t F) |
FF_ZWORD | |
THREAD_SAFE bool idaapi | is_tbyte (flags64_t F) |
FF_TBYTE | |
THREAD_SAFE bool idaapi | is_float (flags64_t F) |
FF_FLOAT | |
THREAD_SAFE bool idaapi | is_double (flags64_t F) |
FF_DOUBLE | |
THREAD_SAFE bool idaapi | is_pack_real (flags64_t F) |
FF_PACKREAL | |
THREAD_SAFE bool idaapi | is_strlit (flags64_t F) |
FF_STRLIT | |
THREAD_SAFE bool idaapi | is_struct (flags64_t F) |
FF_STRUCT | |
THREAD_SAFE bool idaapi | is_align (flags64_t F) |
FF_ALIGN | |
THREAD_SAFE bool idaapi | is_custom (flags64_t F) |
FF_CUSTOM | |
THREAD_SAFE bool idaapi | f_is_byte (flags64_t F, void *) |
See is_byte() | |
THREAD_SAFE bool idaapi | f_is_word (flags64_t F, void *) |
See is_word() | |
THREAD_SAFE bool idaapi | f_is_dword (flags64_t F, void *) |
See is_dword() | |
THREAD_SAFE bool idaapi | f_is_qword (flags64_t F, void *) |
See is_qword() | |
THREAD_SAFE bool idaapi | f_is_oword (flags64_t F, void *) |
See is_oword() | |
THREAD_SAFE bool idaapi | f_is_yword (flags64_t F, void *) |
See is_yword() | |
THREAD_SAFE bool idaapi | f_is_tbyte (flags64_t F, void *) |
See is_tbyte() | |
THREAD_SAFE bool idaapi | f_is_float (flags64_t F, void *) |
See is_float() | |
THREAD_SAFE bool idaapi | f_is_double (flags64_t F, void *) |
See is_double() | |
THREAD_SAFE bool idaapi | f_is_pack_real (flags64_t F, void *) |
See is_pack_real() | |
THREAD_SAFE bool idaapi | f_is_strlit (flags64_t F, void *) |
See is_strlit() | |
THREAD_SAFE bool idaapi | f_is_struct (flags64_t F, void *) |
See is_struct() | |
THREAD_SAFE bool idaapi | f_is_align (flags64_t F, void *) |
See is_align() | |
THREAD_SAFE bool idaapi | f_is_custom (flags64_t F, void *) |
See is_custom() | |
THREAD_SAFE bool idaapi | is_same_data_type (flags64_t F1, flags64_t F2) |
Do the given flags specify the same data type? | |
idaman flags64_t ida_export | get_flags_by_size (size_t size) |
Get flags from size (in bytes). More... | |
idaman bool ida_export | create_data (ea_t ea, flags64_t dataflag, asize_t size, tid_t tid) |
Convert to data (byte, word, dword, etc). More... | |
THREAD_SAFE flags64_t idaapi | calc_dflags (flags64_t f, bool force) |
bool idaapi | create_byte (ea_t ea, asize_t length, bool force=false) |
Convert to byte. | |
bool idaapi | create_word (ea_t ea, asize_t length, bool force=false) |
Convert to word. | |
bool idaapi | create_dword (ea_t ea, asize_t length, bool force=false) |
Convert to dword. | |
bool idaapi | create_qword (ea_t ea, asize_t length, bool force=false) |
Convert to quadword. | |
bool idaapi | create_oword (ea_t ea, asize_t length, bool force=false) |
Convert to octaword/xmm word. | |
bool idaapi | create_yword (ea_t ea, asize_t length, bool force=false) |
Convert to ymm word. | |
bool idaapi | create_zword (ea_t ea, asize_t length, bool force=false) |
Convert to zmm word. | |
bool idaapi | create_tbyte (ea_t ea, asize_t length, bool force=false) |
Convert to tbyte. | |
bool idaapi | create_float (ea_t ea, asize_t length, bool force=false) |
Convert to float. | |
bool idaapi | create_double (ea_t ea, asize_t length, bool force=false) |
Convert to double. | |
bool idaapi | create_packed_real (ea_t ea, asize_t length, bool force=false) |
Convert to packed decimal real. | |
bool idaapi | create_struct (ea_t ea, asize_t length, tid_t tid, bool force=false) |
Convert to struct. | |
bool idaapi | create_custdata (ea_t ea, asize_t length, int dtid, int fid, bool force=false) |
Convert to custom data type. | |
idaman bool ida_export | create_align (ea_t ea, asize_t length, int alignment) |
Create an alignment item. More... | |
idaman int ida_export | calc_min_align (asize_t length) |
Calculate the minimal possible alignment exponent. More... | |
idaman int ida_export | calc_max_align (ea_t endea) |
Calculate the maximal possible alignment exponent. More... | |
idaman int ida_export | calc_def_align (ea_t ea, int mina, int maxa) |
Calculate the default alignment exponent. More... | |
idaman bool ida_export | create_16bit_data (ea_t ea, asize_t length) |
Convert to 16-bit quantity (take the byte size into account) | |
idaman bool ida_export | create_32bit_data (ea_t ea, asize_t length) |
Convert to 32-bit quantity (take the byte size into account) | |
idaman size_t ida_export | get_max_strlit_length (ea_t ea, int32 strtype, int options=0) |
Determine maximum length of string literal. More... | |
idaman ssize_t ida_export | get_strlit_contents (qstring *utf8, ea_t ea, size_t len, int32 type, size_t *maxcps=nullptr, int flags=0) |
Get contents of string literal, as UTF-8-encoded codepoints. More... | |
idaman bool ida_export | create_strlit (ea_t start, size_t len, int32 strtype) |
Convert to string literal and give a meaningful name. More... | |
idaman bool ida_export | print_strlit_type (qstring *out, int32 strtype, qstring *out_tooltip=nullptr, int flags=0) |
Get string type information: the string type name (possibly decorated with hotkey markers), and the tooltip. More... | |
idaman opinfo_t *ida_export | get_opinfo (opinfo_t *buf, ea_t ea, int n, flags64_t flags) |
Get additional information about an operand representation. More... | |
idaman bool ida_export | set_opinfo (ea_t ea, int n, flags64_t flag, const opinfo_t *ti, bool suppress_events=false) |
Set additional information about an operand representation. More... | |
idaman asize_t ida_export | get_data_elsize (ea_t ea, flags64_t F, const opinfo_t *ti=nullptr) |
Get size of data type specified in flags 'F'. More... | |
asize_t | get_full_data_elsize (ea_t ea, flags64_t F, const opinfo_t *ti=nullptr) |
Get full size of data type specified in flags 'F'. More... | |
idaman int ida_export | is_varsize_item (ea_t ea, flags64_t F, const opinfo_t *ti=nullptr, asize_t *itemsize=nullptr) |
Is the item at 'ea' variable size?. More... | |
idaman bool ida_export | can_define_item (ea_t ea, asize_t length, flags64_t flags) |
Can define item (instruction/data) of the specified 'length', starting at 'ea'? More... | |
THREAD_SAFE bool idaapi | has_immd (flags64_t F) |
Has immediate value? | |
THREAD_SAFE bool idaapi | is_func (flags64_t F) |
Is function start? | |
idaman bool ida_export | set_immd (ea_t ea) |
Set 'has immediate operand' flag. More... | |
idaman int ida_export | register_custom_data_type (const data_type_t *dtinfo) |
Register a new data type. More... | |
idaman bool ida_export | unregister_custom_data_type (int dtid) |
Unregister a data type. More... | |
idaman int ida_export | register_custom_data_format (const data_format_t *dtform) |
Register a new data format. More... | |
idaman bool ida_export | unregister_custom_data_format (int dfid) |
Unregister a data format. More... | |
idaman const data_type_t *ida_export | get_custom_data_type (int dtid) |
Get definition of a registered custom data type. More... | |
idaman const data_format_t *ida_export | get_custom_data_format (int dfid) |
Get definition of a registered custom data format. More... | |
idaman bool ida_export | attach_custom_data_format (int dtid, int dfid) |
Attach the data format to the data type. More... | |
idaman bool ida_export | detach_custom_data_format (int dtid, int dfid) |
Detach the data format from the data type. More... | |
idaman bool ida_export | is_attached_custom_data_format (int dtid, int dfid) |
Is the custom data format attached to the custom data type? More... | |
idaman int ida_export | get_custom_data_types (intvec_t *out, asize_t min_size=0, asize_t max_size=BADADDR) |
Get list of registered custom data type ids. More... | |
idaman int ida_export | get_custom_data_formats (intvec_t *out, int dtid) |
Get list of attached custom data formats for the specified data type. More... | |
idaman int ida_export | find_custom_data_type (const char *name) |
Get id of a custom data type. More... | |
idaman int ida_export | find_custom_data_format (const char *name) |
Get id of a custom data format. More... | |
idaman bool ida_export | set_cmt (ea_t ea, const char *comm, bool rptble) |
Set an indented comment. More... | |
idaman ssize_t ida_export | get_cmt (qstring *buf, ea_t ea, bool rptble) |
Get an indented comment. More... | |
idaman bool ida_export | append_cmt (ea_t ea, const char *str, bool rptble) |
Append to an indented comment. More... | |
idaman ssize_t ida_export | get_predef_insn_cmt (qstring *buf, const insn_t &ins) |
Get predefined comment. More... | |
idaman ea_t ida_export | find_byte (ea_t sEA, asize_t size, uchar value, int bin_search_flags) |
Find forward a byte with the specified value (only 8-bit value from the database). More... | |
idaman ea_t ida_export | find_byter (ea_t sEA, asize_t size, uchar value, int bin_search_flags) |
Find reverse a byte with the specified value (only 8-bit value from the database). More... | |
idaman bool ida_export | parse_binpat_str (compiled_binpat_vec_t *out, ea_t ea, const char *in, int radix, int strlits_encoding=PBSENC_DEF1BPU, qstring *errbuf=nullptr) |
Convert user-specified binary string to internal representation. More... | |
idaman ea_t ida_export | bin_search2 (ea_t start_ea, ea_t end_ea, const compiled_binpat_vec_t &data, int flags) |
Search for a string in the program. More... | |
ea_t | bin_search2 (ea_t start_ea, ea_t end_ea, const uchar *image, const uchar *mask, size_t len, int flags) |
idaman ea_t ida_export | bin_search3 (size_t *out_matched_idx, ea_t start_ea, ea_t end_ea, const compiled_binpat_vec_t &data, int flags) |
Search for a patter in the program. More... | |
ea_t idaapi | next_inited (ea_t ea, ea_t maxea) |
Find the next initialized address. | |
ea_t idaapi | prev_inited (ea_t ea, ea_t minea) |
Find the previous initialized address. | |
idaman bool ida_export | equal_bytes (ea_t ea, const uchar *image, const uchar *mask, size_t len, int bin_search_flags) |
Compare 'len' bytes of the program starting from 'ea' with 'image'. More... | |
bool | bytes_match_for_bin_search (uchar c1, uchar c2, const uchar *mask, int i, int bin_search_flags) |
idaman bool ida_export | update_hidden_range (const hidden_range_t *ha) |
Update hidden range information in the database. More... | |
idaman bool ida_export | add_hidden_range (ea_t ea1, ea_t ea2, const char *description, const char *header, const char *footer, bgcolor_t color=DEFCOLOR) |
Mark a range of addresses as hidden. More... | |
idaman hidden_range_t *ida_export | get_hidden_range (ea_t ea) |
Get pointer to hidden range structure, in: linear address. More... | |
idaman hidden_range_t *ida_export | getn_hidden_range (int n) |
Get pointer to hidden range structure, in: number of hidden range. More... | |
idaman int ida_export | get_hidden_range_qty (void) |
Get number of hidden ranges. | |
idaman int ida_export | get_hidden_range_num (ea_t ea) |
Get number of a hidden range. More... | |
idaman hidden_range_t *ida_export | get_prev_hidden_range (ea_t ea) |
Get pointer to previous hidden range. More... | |
idaman hidden_range_t *ida_export | get_next_hidden_range (ea_t ea) |
Get pointer to next hidden range. More... | |
idaman hidden_range_t *ida_export | get_first_hidden_range (void) |
Get pointer to the first hidden range. More... | |
idaman hidden_range_t *ida_export | get_last_hidden_range (void) |
Get pointer to the last hidden range. More... | |
idaman bool ida_export | del_hidden_range (ea_t ea) |
Delete hidden range. More... | |
idaman bool ida_export | add_mapping (ea_t from, ea_t to, asize_t size) |
IDA supports memory mapping. More... | |
idaman void ida_export | del_mapping (ea_t ea) |
Delete memory mapping range. More... | |
idaman ea_t ida_export | use_mapping (ea_t ea) |
Translate address according to current mappings. More... | |
idaman size_t ida_export | get_mappings_qty (void) |
Get number of mappings. | |
idaman bool ida_export | get_mapping (ea_t *from, ea_t *to, asize_t *size, size_t n) |
Get memory mapping range by its number. More... | |
THREAD_SAFE ssize_t | get_hex_string (char *buf, size_t bufsize, const uchar *bytes, size_t len) |
Detailed Description
Contains functions that deal with individual byte characteristics.
Each byte of the disassembled program is represented by a 32-bit value. We will call this value 'flags'. The structure of the flags is here.
You are not allowed to inspect individual bits of flags and modify them directly. Use special functions to inspect and/or modify flags.
Flags are kept in a virtual array file (*.id1). Addresses (ea) are all 32-bit (or 64-bit) quantities.
Macro Definition Documentation
◆ ITEM_END_INITED
#define ITEM_END_INITED 0x0002 |
stop when initialization changes i.e.
- if is_loaded(ea): stop if uninitialized byte is encountered
- if !is_loaded(ea): stop if initialized byte is encountered
◆ GFE_VALUE
#define GFE_VALUE 0x0001 |
◆ GFE_IDB_VALUE
◆ DELIT_EXPAND
#define DELIT_EXPAND 0x0001 |
propagate undefined items; for example if removing an instruction removes all references to the next instruction, then plan to convert to unexplored the next instruction too.
◆ DELIT_DELNAMES
#define DELIT_DELNAMES 0x0002 |
delete any names at the specified address range (except for the starting address).
this bit is valid if nbytes > 1
◆ DELIT_NOUNAME
#define DELIT_NOUNAME 0x0008 |
reject to delete if a user name is in address range (except for the starting address).
this bit is valid if nbytes > 1
◆ DELIT_NOCMT
#define DELIT_NOCMT 0x0010 |
reject to delete if a comment is in address range (except for the starting address).
this bit is valid if nbytes > 1
◆ DELIT_KEEPFUNC
#define DELIT_KEEPFUNC 0x0020 |
do not undefine the function start.
Just delete xrefs, ops e.t.c.
◆ OPND_OUTER
#define OPND_OUTER 0x80 |
outer offset base (combined with operand number).
used only in set, get, del_offset() functions
◆ ALOPT_IGNHEADS
#define ALOPT_IGNHEADS 0x01 |
don't stop if another data item is encountered.
only the byte values will be used to determine the string length. if not set, a defined data item or instruction will truncate the string
◆ ALOPT_ONLYTERM
#define ALOPT_ONLYTERM 0x10 |
only the termination characters can be at the string end.
Without this option illegal characters also terminate the string.
◆ GET_ITEM_HEAD_BODY
#define GET_ITEM_HEAD_BODY |
Function Documentation
◆ enable_flags()
idaman error_t ida_export enable_flags | ( | ea_t | start_ea, |
ea_t | end_ea, | ||
storage_type_t | stt | ||
) |
Allocate flags for address range.
This function does not change the storage type of existing ranges. Exit with an error message if not enough disk space.
- Parameters
-
start_ea should be lower than end_ea. end_ea does not belong to the range. stt storage_type_t
- Returns
- 0 if ok, otherwise an error code
◆ disable_flags()
idaman error_t ida_export disable_flags | ( | ea_t | start_ea, |
ea_t | end_ea | ||
) |
Deallocate flags for address range.
Exit with an error message if not enough disk space (this may occur too).
- Parameters
-
start_ea should be lower than end_ea. end_ea does not belong to the range.
- Returns
- 0 if ok, otherwise return error code
◆ change_storage_type()
idaman error_t ida_export change_storage_type | ( | ea_t | start_ea, |
ea_t | end_ea, | ||
storage_type_t | stt | ||
) |
Change flag storage type for address range.
- Parameters
-
start_ea should be lower than end_ea. end_ea does not belong to the range. stt storage_type_t
- Returns
- error code
◆ next_addr()
idaman ea_t ida_export next_addr | ( | ea_t | ea | ) |
Get next address in the program (i.e.
next address which has flags).
- Returns
- BADADDR if no such address exist.
◆ prev_addr()
idaman ea_t ida_export prev_addr | ( | ea_t | ea | ) |
Get previous address in the program.
- Returns
- BADADDR if no such address exist.
◆ next_chunk()
idaman ea_t ida_export next_chunk | ( | ea_t | ea | ) |
Get the first address of next contiguous chunk in the program.
- Returns
- BADADDR if next chunk doesn't exist.
◆ prev_chunk()
idaman ea_t ida_export prev_chunk | ( | ea_t | ea | ) |
Get the last address of previous contiguous chunk in the program.
- Returns
- BADADDR if previous chunk doesn't exist.
◆ chunk_start()
idaman ea_t ida_export chunk_start | ( | ea_t | ea | ) |
Get start of the contiguous address block containing 'ea'.
- Returns
- BADADDR if 'ea' doesn't belong to the program.
◆ chunk_size()
idaman asize_t ida_export chunk_size | ( | ea_t | ea | ) |
Get size of the contiguous address block containing 'ea'.
- Returns
- 0 if 'ea' doesn't belong to the program.
◆ find_free_chunk()
idaman ea_t ida_export find_free_chunk | ( | ea_t | start, |
asize_t | size, | ||
asize_t | alignment | ||
) |
Search for a hole in the addressing space of the program.
- Parameters
-
start Address to start searching from size Size of the desired empty range alignment Alignment bitmask, must be a pow2-1. (for example, 0xF would align the returned range to 16 bytes).
- Returns
- Start of the found empty range or BADADDR
◆ next_that()
idaman ea_t ida_export next_that | ( | ea_t | ea, |
ea_t | maxea, | ||
testf_t * | testf, | ||
void * | ud = nullptr |
||
) |
Find next address with a flag satisfying the function 'testf'.
- Note
- do not pass is_unknown() to this function to find unexplored bytes. It will fail under the debugger. To find unexplored bytes, use next_unknown().
- Parameters
-
ea start searching at this address + 1 maxea not included in the search range. testf test function to find next address ud user data - may point to anything. it will be passed to testf.
- Returns
- the found address or BADADDR.
◆ prev_that()
idaman ea_t ida_export prev_that | ( | ea_t | ea, |
ea_t | minea, | ||
testf_t * | testf, | ||
void * | ud = nullptr |
||
) |
Find previous address with a flag satisfying the function 'testf'.
- Note
- do not pass is_unknown() to this function to find unexplored bytes It will fail under the debugger. To find unexplored bytes, use prev_unknown().
- Parameters
-
ea start searching from this address - 1. minea included in the search range. testf test function to find previous address ud user data - may point to anything. it will be passed to testf.
- Returns
- the found address or BADADDR.
◆ prev_head()
idaman ea_t ida_export prev_head | ( | ea_t | ea, |
ea_t | minea | ||
) |
Get start of previous defined item.
- Parameters
-
ea begin search at this address minea included in the search range
- Returns
- BADADDR if none exists.
◆ next_head()
idaman ea_t ida_export next_head | ( | ea_t | ea, |
ea_t | maxea | ||
) |
Get start of next defined item.
- Parameters
-
ea begin search at this address maxea not included in the search range
- Returns
- BADADDR if none exists.
◆ prev_not_tail()
idaman ea_t ida_export prev_not_tail | ( | ea_t | ea | ) |
Get address of previous non-tail byte.
- Returns
- BADADDR if none exists.
◆ next_not_tail()
idaman ea_t ida_export next_not_tail | ( | ea_t | ea | ) |
Get address of next non-tail byte.
- Returns
- BADADDR if none exists.
◆ adjust_visea()
ea_t adjust_visea | ( | ea_t | ea | ) |
Adjust the address and get the nearest visible address.
(i.e. an address which will appear in the disassembly)
- Returns
- BADADDR only if no addresses are valid
◆ prev_visea()
idaman ea_t ida_export prev_visea | ( | ea_t | ea | ) |
Get previous visible address.
- Returns
- BADADDR if none exists.
◆ next_visea()
idaman ea_t ida_export next_visea | ( | ea_t | ea | ) |
Get next visible address.
- Returns
- BADADDR if none exists.
◆ get_item_head()
|
inline |
Get the start address of the item at 'ea'.
If there is no current item, then 'ea' will be returned (see definition at the end of bytes.hpp source)
◆ get_item_end()
idaman ea_t ida_export get_item_end | ( | ea_t | ea | ) |
Get the end address of the item at 'ea'.
The returned address doesn't belong to the current item. Unexplored bytes are counted as 1 byte entities.
◆ calc_max_item_end()
idaman ea_t ida_export calc_max_item_end | ( | ea_t | ea, |
int | how = 15 |
||
) |
Calculate maximal reasonable end address of a new item.
This function will limit the item with the current segment bounds.
- Parameters
-
ea linear address how when to stop the search. A combination of Item end search flags
- Returns
- end of new item. If it is not possible to create an item, it will return 'ea'.
◆ get_item_size()
|
inline |
Get size of item (instruction/data) in bytes.
Unexplored bytes have length of 1 byte. This function never returns 0.
◆ get_flags()
|
inline |
◆ get_full_flags()
|
inline |
Get flags value for address 'ea'.
- Returns
- 0 if address is not present in the program
◆ get_item_flag()
idaman flags64_t ida_export get_item_flag | ( | ea_t | from, |
int | n, | ||
ea_t | ea, | ||
bool | appzero | ||
) |
Get flag of the item at 'ea' even if it is a tail byte of some array or structure.
This function is used to get flags of structure members or array elements.
- Parameters
-
from linear address of the instruction which refers to 'ea' n number of operand which refers to 'ea' ea the referenced address appzero append a struct field name if the field offset is zero? meaningful only if the name refers to a structure.
- Returns
- flags or 0 (if failed)
◆ del_value()
idaman void ida_export del_value | ( | ea_t | ea | ) |
Delete byte value from flags.
The corresponding byte becomes uninitialized.
◆ nbits()
idaman int ida_export nbits | ( | ea_t | ea | ) |
Get number of bits in a byte at the given address.
- Returns
- processor_t::dnbits() if the address doesn't belong to a segment, otherwise the result depends on the segment type
◆ get_byte()
idaman uchar ida_export get_byte | ( | ea_t | ea | ) |
Get one byte (8-bit) of the program at 'ea'.
This function works only for 8bit byte processors.
◆ get_db_byte()
idaman uchar ida_export get_db_byte | ( | ea_t | ea | ) |
Get one byte (8-bit) of the program at 'ea' from the database.
Works even if the debugger is active. See also get_dbg_byte() to read the process memory directly. This function works only for 8bit byte processors.
◆ get_word()
idaman ushort ida_export get_word | ( | ea_t | ea | ) |
Get one word (16-bit) of the program at 'ea'.
This function takes into account order of bytes specified in idainfo::is_be() This function works only for 8bit byte processors.
◆ get_dword()
idaman uint32 ida_export get_dword | ( | ea_t | ea | ) |
Get one dword (32-bit) of the program at 'ea'.
This function takes into account order of bytes specified in idainfo::is_be() This function works only for 8bit byte processors.
◆ get_qword()
idaman uint64 ida_export get_qword | ( | ea_t | ea | ) |
Get one qword (64-bit) of the program at 'ea'.
This function takes into account order of bytes specified in idainfo::is_be() This function works only for 8bit byte processors.
◆ get_wide_byte()
idaman uint64 ida_export get_wide_byte | ( | ea_t | ea | ) |
Get one wide byte of the program at 'ea'.
Some processors may access more than 8bit quantity at an address. These processors have 32-bit byte organization from the IDA's point of view.
◆ get_wide_word()
idaman uint64 ida_export get_wide_word | ( | ea_t | ea | ) |
Get one wide word (2 'byte') of the program at 'ea'.
Some processors may access more than 8bit quantity at an address. These processors have 32-bit byte organization from the IDA's point of view. This function takes into account order of bytes specified in idainfo::is_be()
◆ get_wide_dword()
idaman uint64 ida_export get_wide_dword | ( | ea_t | ea | ) |
Get two wide words (4 'bytes') of the program at 'ea'.
Some processors may access more than 8bit quantity at an address. These processors have 32-bit byte organization from the IDA's point of view. This function takes into account order of bytes specified in idainfo::is_be()
- Note
- this function works incorrectly if processor_t::nbits > 16
◆ get_16bit()
idaman uint32 ida_export get_16bit | ( | ea_t | ea | ) |
Get 16bits of the program at 'ea'.
- Returns
- 1 byte (getFullByte()) if the current processor has 16-bit byte, otherwise return get_word()
◆ get_32bit()
idaman uint32 ida_export get_32bit | ( | ea_t | ea | ) |
Get not more than 32bits of the program at 'ea'.
- Returns
- 32 bit value, depending on processor_t::nbits:
- if ( nbits <= 8 ) return get_dword(ea);
- if ( nbits <= 16) return get_wide_word(ea);
- return get_wide_byte(ea);
◆ get_64bit()
idaman uint64 ida_export get_64bit | ( | ea_t | ea | ) |
Get not more than 64bits of the program at 'ea'.
- Returns
- 64 bit value, depending on processor_t::nbits:
- if ( nbits <= 8 ) return get_qword(ea);
- if ( nbits <= 16) return get_wide_dword(ea);
- return get_wide_byte(ea);
◆ get_data_value()
idaman bool ida_export get_data_value | ( | uval_t * | v, |
ea_t | ea, | ||
asize_t | size | ||
) |
Get the value at of the item at 'ea'.
This function works with entities up to sizeof(ea_t) (bytes, word, etc)
- Parameters
-
v pointer to the result. may be nullptr ea linear address size size of data to read. If 0, then the item type at 'ea' will be used
- Returns
- success
◆ visit_patched_bytes()
idaman int ida_export visit_patched_bytes | ( | ea_t | ea1, |
ea_t | ea2, | ||
int(idaapi *)(ea_t ea, qoff64_t fpos, uint64 o, uint64 v, void *ud) | cb, | ||
void * | ud = nullptr |
||
) |
Visit all the patched bytes one byte at a time.
- Parameters
-
ea1 start linear address ea2 end linear address cb callback called for each found byte. if the callback returns non-zero then that value will be returned to the caller and the enumeration will be interrupted. ud user data passed to the callback
- Returns
- the return value returned by the callback (if any) or zero if the enumeration was completed.
◆ get_original_byte()
idaman uint64 ida_export get_original_byte | ( | ea_t | ea | ) |
Get original byte value (that was before patching).
This function works for wide byte processors too.
◆ get_original_word()
idaman uint64 ida_export get_original_word | ( | ea_t | ea | ) |
Get original word value (that was before patching).
This function works for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be()
◆ get_original_dword()
idaman uint64 ida_export get_original_dword | ( | ea_t | ea | ) |
Get original dword (that was before patching) This function works for wide byte processors too.
This function takes into account order of bytes specified in idainfo::is_be()
◆ get_original_qword()
idaman uint64 ida_export get_original_qword | ( | ea_t | ea | ) |
Get original qword value (that was before patching) This function DOESN'T work for wide byte processors too.
This function takes into account order of bytes specified in idainfo::is_be()
◆ put_byte()
idaman bool ida_export put_byte | ( | ea_t | ea, |
uint64 | x | ||
) |
Set value of one byte of the program.
This function modifies the database. If the debugger is active then the debugged process memory is patched too.
- Note
- The original value of the byte is completely lost and can't be recovered by the get_original_byte() function. See also put_dbg_byte() to write to the process memory directly when the debugger is active. This function can handle wide byte processors.
- Parameters
-
ea linear address x byte value
- Returns
- true if the database has been modified
◆ put_word()
idaman void ida_export put_word | ( | ea_t | ea, |
uint64 | x | ||
) |
Set value of one word of the program.
This function takes into account order of bytes specified in idainfo::is_be() This function works for wide byte processors too.
- Note
- The original value of the word is completely lost and can't be recovered by the get_original_word() function. ea - linear address x - word value
◆ put_dword()
idaman void ida_export put_dword | ( | ea_t | ea, |
uint64 | x | ||
) |
Set value of one dword of the program.
This function takes into account order of bytes specified in idainfo::is_be() This function works for wide byte processors too.
- Parameters
-
ea linear address x dword value
- Note
- the original value of the dword is completely lost and can't be recovered by the get_original_dword() function.
◆ put_qword()
idaman void ida_export put_qword | ( | ea_t | ea, |
uint64 | x | ||
) |
Set value of one qword (8 bytes) of the program.
This function takes into account order of bytes specified in idainfo::is_be() This function DOESN'T works for wide byte processors.
- Parameters
-
ea linear address x qword value
◆ patch_byte()
idaman bool ida_export patch_byte | ( | ea_t | ea, |
uint64 | x | ||
) |
Patch a byte of the program.
The original value of the byte is saved and can be obtained by get_original_byte(). This function works for wide byte processors too.
- Return values
-
true the database has been modified, false the debugger is running and the process' memory has value 'x' at address 'ea', or the debugger is not running, and the IDB has value 'x' at address 'ea already.
◆ patch_word()
idaman bool ida_export patch_word | ( | ea_t | ea, |
uint64 | x | ||
) |
Patch a word of the program.
The original value of the word is saved and can be obtained by get_original_word(). This function works for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be()
- Return values
-
true the database has been modified, false the debugger is running and the process' memory has value 'x' at address 'ea', or the debugger is not running, and the IDB has value 'x' at address 'ea already.
◆ patch_dword()
idaman bool ida_export patch_dword | ( | ea_t | ea, |
uint64 | x | ||
) |
Patch a dword of the program.
The original value of the dword is saved and can be obtained by get_original_dword(). This function DOESN'T work for wide byte processors. This function takes into account order of bytes specified in idainfo::is_be()
- Return values
-
true the database has been modified, false the debugger is running and the process' memory has value 'x' at address 'ea', or the debugger is not running, and the IDB has value 'x' at address 'ea already.
◆ patch_qword()
idaman bool ida_export patch_qword | ( | ea_t | ea, |
uint64 | x | ||
) |
Patch a qword of the program.
The original value of the qword is saved and can be obtained by get_original_qword(). This function DOESN'T work for wide byte processors. This function takes into account order of bytes specified in idainfo::is_be()
- Return values
-
true the database has been modified, false the debugger is running and the process' memory has value 'x' at address 'ea', or the debugger is not running, and the IDB has value 'x' at address 'ea already.
◆ revert_byte()
idaman bool ida_export revert_byte | ( | ea_t | ea | ) |
Revert patched byte.
- Return values
-
true byte was patched before and reverted now
◆ add_byte()
idaman void ida_export add_byte | ( | ea_t | ea, |
uint32 | value | ||
) |
Add a value to one byte of the program.
This function works for wide byte processors too.
- Parameters
-
ea linear address value byte value
◆ add_word()
idaman void ida_export add_word | ( | ea_t | ea, |
uint64 | value | ||
) |
Add a value to one word of the program.
This function works for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be()
- Parameters
-
ea linear address value byte value
◆ add_dword()
idaman void ida_export add_dword | ( | ea_t | ea, |
uint64 | value | ||
) |
Add a value to one dword of the program.
This function works for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be()
- Note
- this function works incorrectly if processor_t::nbits > 16
- Parameters
-
ea linear address value byte value
◆ add_qword()
idaman void ida_export add_qword | ( | ea_t | ea, |
uint64 | value | ||
) |
Add a value to one qword of the program.
This function does not work for wide byte processors. This function takes into account order of bytes specified in idainfo::is_be()
- Parameters
-
ea linear address value byte value
◆ get_zero_ranges()
idaman bool ida_export get_zero_ranges | ( | rangeset_t * | zranges, |
const range_t * | range | ||
) |
Return set of ranges with zero initialized bytes.
The returned set includes only big zero initialized ranges (at least >1KB). Some zero initialized byte ranges may be not included. Only zero bytes that use the sparse storage method (STT_MM) are reported.
- Parameters
-
zranges pointer to the return value. cannot be nullptr range the range of addresses to verify. can be nullptr - means all ranges
- Returns
- true if the result is a non-empty set
◆ get_bytes()
idaman ssize_t ida_export get_bytes | ( | void * | buf, |
ssize_t | size, | ||
ea_t | ea, | ||
int | gmb_flags = 0 , |
||
void * | mask = nullptr |
||
) |
Get the specified number of bytes of the program into the buffer.
If mask was specified it will contain a bitmap of initialized / uninitialized database bytes.
- Parameters
-
ea linear address buf buffer to hold bytes size size of buffer in normal 8-bit bytes (sizeof(buf)) gmb_flags combination of flags for get_bytes() bits mask bitmap of initialize/uninitialized bytes (may be nullptr; must be at least (size+7)/8)
- Returns
- if the user cancelled, return -1; otherwise number of read bytes.
◆ put_bytes()
idaman void ida_export put_bytes | ( | ea_t | ea, |
const void * | buf, | ||
size_t | size | ||
) |
Modify the specified number of bytes of the program.
This function does not save the original values of bytes. See also patch_bytes().
- Parameters
-
ea linear address buf buffer with new values of bytes size size of buffer in normal 8-bit bytes (sizeof(buf))
◆ patch_bytes()
idaman void ida_export patch_bytes | ( | ea_t | ea, |
const void * | buf, | ||
size_t | size | ||
) |
Patch the specified number of bytes of the program.
Original values of bytes are saved and are available with get_original...() functions. See also put_bytes().
- Parameters
-
ea linear address buf buffer with new values of bytes size size of buffer in normal 8-bit bytes (sizeof(buf))
◆ f_is_code()
|
inline |
Does flag denote start of an instruction?
◆ f_is_data()
|
inline |
Does flag denote start of data?
◆ f_is_tail()
|
inline |
Does flag denote tail byte?
◆ is_not_tail()
|
inline |
Does flag denote tail byte?
◆ f_is_not_tail()
|
inline |
Does flag denote tail byte?
◆ f_is_head()
|
inline |
Does flag denote start of instruction OR data?
◆ del_items()
idaman bool ida_export del_items | ( | ea_t | ea, |
int | flags = 0 , |
||
asize_t | nbytes = 1 , |
||
may_destroy_cb_t * | may_destroy = nullptr |
||
) |
Convert item (instruction/data) to unexplored bytes.
The whole item (including the head and tail bytes) will be destroyed. It is allowed to pass any address in the item to this function
- Parameters
-
ea any address within the first item to delete flags combination of Unexplored byte conversion flags nbytes number of bytes in the range to be undefined may_destroy optional routine invoked before deleting a head item. If callback returns false then item is not to be deleted and operation fails
- Returns
- true on sucessful operation, otherwise false
◆ is_manual_insn()
idaman bool ida_export is_manual_insn | ( | ea_t | ea | ) |
Is the instruction overridden?
- Parameters
-
ea linear address of the instruction or data item
◆ get_manual_insn()
Retrieve the user-specified string for the manual instruction.
- Parameters
-
buf output buffer ea linear address of the instruction or data item
- Returns
- size of manual instruction or -1
◆ set_manual_insn()
idaman void ida_export set_manual_insn | ( | ea_t | ea, |
const char * | manual_insn | ||
) |
Set manual instruction string.
- Parameters
-
ea linear address of the instruction or data item manual_insn "" - delete manual string. nullptr - do nothing
◆ f_has_xref()
|
inline |
Does the current byte have cross-references to it?
◆ f_has_name()
|
inline |
Does the current byte have non-trivial (non-dummy) name?
◆ f_has_dummy_name()
|
inline |
Does the current byte have dummy (auto-generated, with special prefix) name?
◆ f_has_user_name()
|
inline |
Does the current byte have user-specified name?
◆ is_invsign()
idaman bool ida_export is_invsign | ( | ea_t | ea, |
flags64_t | F, | ||
int | n | ||
) |
Should sign of n-th operand inverted during output?.
allowed values of n: 0-first operand, 1-other operands
◆ toggle_sign()
idaman bool ida_export toggle_sign | ( | ea_t | ea, |
int | n | ||
) |
Toggle sign of n-th operand.
allowed values of n: 0-first operand, 1-other operands
◆ is_bnot()
idaman bool ida_export is_bnot | ( | ea_t | ea, |
flags64_t | F, | ||
int | n | ||
) |
Should we negate the operand?.
asm_t::a_bnot should be defined in the idp module in order to work with this function
◆ is_lzero()
idaman bool ida_export is_lzero | ( | ea_t | ea, |
int | n | ||
) |
Display leading zeroes? Display leading zeroes in operands.
The global switch for the leading zeroes is in idainfo::s_genflags Note: the leading zeroes doesn't work if for the target assembler octal numbers start with 0.
- Parameters
-
ea the item (insn/data) address n the operand number (0-first operand, 1-other operands)
- Returns
- success
◆ set_lzero()
idaman bool ida_export set_lzero | ( | ea_t | ea, |
int | n | ||
) |
Set toggle lzero bit.
This function changes the display of leading zeroes for the specified operand. If the default is not to display leading zeroes, this function will display them and vice versa.
- Parameters
-
ea the item (insn/data) address n the operand number (0-first operand, 1-other operands)
- Returns
- success
◆ clr_lzero()
idaman bool ida_export clr_lzero | ( | ea_t | ea, |
int | n | ||
) |
Clear toggle lzero bit.
This function reset the display of leading zeroes for the specified operand to the default. If the default is not to display leading zeroes, leading zeroes will not be displayed, as vice versa.
- Parameters
-
ea the item (insn/data) address n the operand number (0-first operand, 1-other operands)
- Returns
- success
◆ toggle_lzero()
|
inline |
Toggle lzero bit.
- Parameters
-
ea the item (insn/data) address n the operand number (0-first operand, 1-other operands)
- Returns
- success
◆ op_adds_xrefs()
idaman bool ida_export op_adds_xrefs | ( | flags64_t | F, |
int | n | ||
) |
Should processor module create xrefs from the operand?.
Currently 'offset' and 'structure offset' operands create xrefs
◆ set_op_type()
idaman bool ida_export set_op_type | ( | ea_t | ea, |
flags64_t | type, | ||
int | n | ||
) |
(internal function) change representation of operand(s).
- Parameters
-
ea linear address type new flag value (should be obtained from char_flag(), num_flag() and similar functions) n number of operand (0, 1, -1)
- Return values
-
1 ok 0 failed (applied to a tail byte)
◆ op_seg()
idaman bool ida_export op_seg | ( | ea_t | ea, |
int | n | ||
) |
Set operand representation to be 'segment'.
If applied to unexplored bytes, converts them to 16/32bit word data
- Parameters
-
ea linear address n number of operand (0, 1, -1)
- Returns
- success
◆ op_enum()
Set operand representation to be 'enum_t'.
If applied to unexplored bytes, converts them to 16/32bit word data
- Parameters
-
ea linear address n number of operand (0, 1, -1) id id of enum serial the serial number of the constant in the enumeration, usually 0. the serial numbers are used if the enumeration contains several constants with the same value
- Returns
- success
◆ get_enum_id()
Get enum id of 'enum' operand.
- Parameters
-
ea linear address n number of operand (0, 1, -1) serial pointer to variable to hold the serial number of the constant in the enumeration
- Returns
- id of enum or BADNODE
◆ op_stroff()
idaman bool ida_export op_stroff | ( | const insn_t & | insn, |
int | n, | ||
const tid_t * | path, | ||
int | path_len, | ||
adiff_t | delta | ||
) |
Set operand representation to be 'struct offset'.
If applied to unexplored bytes, converts them to 16/32bit word data
- Parameters
-
insn the instruction n number of operand (0, 1, -1) path structure path (strpath). see nalt.hpp for more info. path_len length of the structure path delta struct offset delta. usually 0. denotes the difference between the structure base and the pointer into the structure.
- Returns
- success
◆ get_stroff_path()
idaman int ida_export get_stroff_path | ( | tid_t * | path, |
adiff_t * | delta, | ||
ea_t | ea, | ||
int | n | ||
) |
Get struct path of operand.
- Parameters
-
path buffer for structure path (strpath). see nalt.hpp for more info. delta struct offset delta ea linear address n number of operand (0, 1, -1)
- Returns
- length of strpath
◆ op_stkvar()
idaman bool ida_export op_stkvar | ( | ea_t | ea, |
int | n | ||
) |
Set operand representation to be 'stack variable'.
Should be applied to an instruction within a function. Should be applied after creating a stack var using insn_t::create_stkvar().
- Parameters
-
ea linear address n number of operand (0, 1, -1)
- Returns
- success
◆ set_forced_operand()
idaman bool ida_export set_forced_operand | ( | ea_t | ea, |
int | n, | ||
const char * | op | ||
) |
Set forced operand.
- Parameters
-
ea linear address n number of operand (0, 1, 2) op text of operand - nullptr: do nothing (return 0)
- "" : delete forced operand
- Returns
- success
◆ get_forced_operand()
Get forced operand.
- Parameters
-
buf output buffer, may be nullptr ea linear address n number of operand (0, 1, 2)
- Returns
- size of forced operand or -1
◆ is_forced_operand()
idaman bool ida_export is_forced_operand | ( | ea_t | ea, |
int | n | ||
) |
Is operand manually defined?.
- Parameters
-
ea linear address n number of operand (0, 1, 2)
◆ dec_flag()
|
inlineconstexpr |
Get number flag of the base, regardless of current processor - better to use num_flag()
◆ oct_flag()
|
inlineconstexpr |
Get number flag of the base, regardless of current processor - better to use num_flag()
◆ bin_flag()
|
inlineconstexpr |
Get number flag of the base, regardless of current processor - better to use num_flag()
◆ clr_op_type()
idaman bool ida_export clr_op_type | ( | ea_t | ea, |
int | n | ||
) |
Remove operand representation information.
(set operand representation to be 'undefined')
- Parameters
-
ea linear address n number of operand (0, 1, -1)
- Returns
- success
◆ get_default_radix()
idaman int ida_export get_default_radix | ( | void | ) |
Get default base of number for the current processor.
- Returns
- 2, 8, 10, 16
◆ get_radix()
idaman int ida_export get_radix | ( | flags64_t | F, |
int | n | ||
) |
Get radix of the operand, in: flags.
If the operand is not a number, returns get_default_radix()
- Parameters
-
F flags n number of operand (0, 1, -1)
- Returns
- 2, 8, 10, 16
◆ get_flags_by_size()
idaman flags64_t ida_export get_flags_by_size | ( | size_t | size | ) |
Get flags from size (in bytes).
Supported sizes: 1, 2, 4, 8, 16, 32. For other sizes returns 0
◆ create_data()
Convert to data (byte, word, dword, etc).
This function may be used to create arrays.
- Parameters
-
ea linear address dataflag type of data. Value of function byte_flag(), word_flag(), etc. size size of array in bytes. should be divisible by the size of one item of the specified type. for variable sized items it can be specified as 0, and the kernel will try to calculate the size. tid type id. If the specified type is a structure, then tid is structure id. Otherwise should be BADNODE.
- Returns
- success
◆ create_align()
idaman bool ida_export create_align | ( | ea_t | ea, |
asize_t | length, | ||
int | alignment | ||
) |
Create an alignment item.
- Parameters
-
ea linear address length size of the item in bytes. 0 means to infer from ALIGNMENT alignment alignment exponent. Example: 3 means align to 8 bytes. 0 means to infer from LENGTH It is forbidden to specify both LENGTH and ALIGNMENT as 0.
- Returns
- success
◆ calc_min_align()
idaman int ida_export calc_min_align | ( | asize_t | length | ) |
Calculate the minimal possible alignment exponent.
- Parameters
-
length size of the item in bytes.
- Returns
- a value in the 1..32 range
◆ calc_max_align()
idaman int ida_export calc_max_align | ( | ea_t | endea | ) |
Calculate the maximal possible alignment exponent.
- Parameters
-
endea end address of the alignment item.
- Returns
- a value in the 0..32 range
◆ calc_def_align()
idaman int ida_export calc_def_align | ( | ea_t | ea, |
int | mina, | ||
int | maxa | ||
) |
Calculate the default alignment exponent.
- Parameters
-
ea linear address mina minimal possible alignment exponent. maxa minimal possible alignment exponent.
◆ get_max_strlit_length()
idaman size_t ida_export get_max_strlit_length | ( | ea_t | ea, |
int32 | strtype, | ||
int | options = 0 |
||
) |
Determine maximum length of string literal.
If the string literal has a length prefix (e.g., STRTYPE_LEN2 has a two-byte length prefix), the length of that prefix (i.e., 2) will be part of the returned value.
- Parameters
-
ea starting address strtype string type. one of String type codes options combination of string literal length options
- Returns
- length of the string in octets (octet==8bit)
◆ get_strlit_contents()
idaman ssize_t ida_export get_strlit_contents | ( | qstring * | utf8, |
ea_t | ea, | ||
size_t | len, | ||
int32 | type, | ||
size_t * | maxcps = nullptr , |
||
int | flags = 0 |
||
) |
Get contents of string literal, as UTF-8-encoded codepoints.
This function returns the displayed part of the string It works even if the string has not been created in the database yet.
If 'len' is size_t(-1), it will be computed like so:
- if a string literal is present at 'ea', get_item_size() * bytesize(ea) will be used
- otherwise, get_max_strlit_length(..., ALOPT_IGNHEADS) will be used
About 'maxcps': this specifies a limit to the number of codepoints, not bytes in the UTF-8 output buffer. So for example although U+4e12 will use 3 bytes in the output buffer, it still counts as only 1 character – unless STRCONV_ESCAPE is used. If 'STRCONV_ESCAPE' is used, U+4e12 will be converted to the string "\u4E12", and will use 6 bytes in the output buffer and also count as 6 codepoints.
If 'STRCONV_REPLCHAR', any undecodable byte will re represented as U+FFFD, occupy 3 bytes in the output buffer, and count for 1 codepoint.
- Parameters
-
[out] utf8 output buffer [in] ea linear address of the string [in] len length of the string, in octets (octet=8bit) [in] type type of the string. one of String type codes [in,out] maxcps maximum length of codepoints, after possible escaping, in output buffer (not counting terminating zero) on exit, will be set to 0 if string got truncated can be nullptr if not needed [in] flags combination of string conversion flags
- Returns
- length of generated text (in bytes) or -1
◆ create_strlit()
idaman bool ida_export create_strlit | ( | ea_t | start, |
size_t | len, | ||
int32 | strtype | ||
) |
Convert to string literal and give a meaningful name.
'start' may be higher than 'end', the kernel will swap them in this case
- Parameters
-
start starting address len length of the string in bytes. if 0, then get_max_strlit_length() will be used to determine the length strtype string type. one of String type codes
- Returns
- success
◆ print_strlit_type()
idaman bool ida_export print_strlit_type | ( | qstring * | out, |
int32 | strtype, | ||
qstring * | out_tooltip = nullptr , |
||
int | flags = 0 |
||
) |
Get string type information: the string type name (possibly decorated with hotkey markers), and the tooltip.
- Parameters
-
out the output buffer strtype the string type out_tooltip an optional output buffer for the tooltip flags or'ed PSTF_* constants
- Returns
- length of generated text
◆ get_opinfo()
Get additional information about an operand representation.
- Parameters
-
buf buffer to receive the result. may not be nullptr ea linear address of item n number of operand, 0 or 1 flags flags of the item
- Returns
- nullptr if no additional representation information
◆ set_opinfo()
idaman bool ida_export set_opinfo | ( | ea_t | ea, |
int | n, | ||
flags64_t | flag, | ||
const opinfo_t * | ti, | ||
bool | suppress_events = false |
||
) |
Set additional information about an operand representation.
This function is a low level one. Only the kernel should use it.
- Parameters
-
ea linear address of the item n number of operand, 0 or 1 (see the note below) flag flags of the item ti additional representation information suppress_events do not generate changing_op_type and op_type_changed events
- Returns
- success
- Note
- for custom formats (if is_custfmt(flag, n) is true) or for offsets (if is_off(flag, n) is true) N can be in range -1..UA_MAXOP-1. In the case of -1 the additional information about all operands will be set.
◆ get_data_elsize()
Get size of data type specified in flags 'F'.
- Parameters
-
ea linear address of the item F flags ti additional information about the data type. For example, if the current item is a structure instance, then ti->tid is structure id. Otherwise is ignored (may be nullptr). If specified as nullptr, will be automatically retrieved from the database
- Returns
- byte : 1
- word : 2
- etc...
If flags doesn't specify a data, then return 1
◆ get_full_data_elsize()
Get full size of data type specified in flags 'F'.
takes into account processors with wide bytes e.g. returns 2 for a byte element with 16-bit bytes
◆ is_varsize_item()
idaman int ida_export is_varsize_item | ( | ea_t | ea, |
flags64_t | F, | ||
const opinfo_t * | ti = nullptr , |
||
asize_t * | itemsize = nullptr |
||
) |
Is the item at 'ea' variable size?.
- Parameters
-
ea linear address of the item F flags ti additional information about the data type. For example, if the current item is a structure instance, then ti->tid is structure id. Otherwise is ignored (may be nullptr). If specified as nullptr, will be automatically retrieved from the database itemsize if not nullptr and the item is varsize, itemsize will contain the calculated item size (for struct types, the minimal size is returned)
- Return values
-
1 varsize item 0 fixed item -1 error (bad data definition)
◆ can_define_item()
idaman bool ida_export can_define_item | ( | ea_t | ea, |
asize_t | length, | ||
flags64_t | flags | ||
) |
Can define item (instruction/data) of the specified 'length', starting at 'ea'?
- Note
- if there is an item starting at 'ea', this function ignores it
- this function converts to unexplored all encountered data items with fixup information. Should be fixed in the future.
- Parameters
-
ea start of the range for the new item length length of the new item in bytes flags if not 0, then the kernel will ignore the data types specified by the flags and destroy them. For example: 1000 dw 5 1002 db 5 ; undef 1003 db 5 ; undef 1004 dw 5 1006 dd 5
can_define_item(1000, 6, 0) - false because of dw at 1004
can_define_item(1000, 6, word_flag()) - true, word at 1004 is destroyed
- Returns
- 1-yes, 0-no
This function may return 0 if:
- a new item would cross segment boundaries
- a new item would overlap with existing items (except items specified by 'flags')
◆ set_immd()
idaman bool ida_export set_immd | ( | ea_t | ea | ) |
Set 'has immediate operand' flag.
Returns true if the FF_IMMD bit was not set and now is set
◆ register_custom_data_type()
idaman int ida_export register_custom_data_type | ( | const data_type_t * | dtinfo | ) |
Register a new data type.
- Parameters
-
dtinfo description of the new data type
- Returns
- > 0 : id of the new custom data type, < 0 : error when the custom data type with the same name has already been registered
- Note
- dtid 0 is reserved for built-in data types.
◆ unregister_custom_data_type()
idaman bool ida_export unregister_custom_data_type | ( | int | dtid | ) |
Unregister a data type.
When the idb is closed, all custom data types are automatically unregistered, but since it happens too late (plugin modules could already be unloaded) one has to unregister custom data types explicitly. The ids of unregistered custom data types remain allocated and when the same name is reused to register a custom data type, it will get assigned the same id.
- Parameters
-
dtid data type to unregister
- Return values
-
true ok false no such dtid
◆ register_custom_data_format()
idaman int ida_export register_custom_data_format | ( | const data_format_t * | dtform | ) |
Register a new data format.
- Parameters
-
dtform description of the new data format
- Returns
- > 0 : id of the new custom data format, < 0 : error when the custom data format with the same name has already been registered to the data type
- Note
- dfid 0 is unused.
◆ unregister_custom_data_format()
idaman bool ida_export unregister_custom_data_format | ( | int | dfid | ) |
Unregister a data format.
- See also
- unregister_custom_data_type()
- Parameters
-
dfid data format to unregister
- Return values
-
true ok false no such dfid
◆ get_custom_data_type()
idaman const data_type_t *ida_export get_custom_data_type | ( | int | dtid | ) |
Get definition of a registered custom data type.
- Parameters
-
dtid data type id
- Returns
- data type definition or nullptr
◆ get_custom_data_format()
idaman const data_format_t *ida_export get_custom_data_format | ( | int | dfid | ) |
Get definition of a registered custom data format.
- Parameters
-
dfid data format id
- Returns
- data format definition or nullptr
◆ attach_custom_data_format()
idaman bool ida_export attach_custom_data_format | ( | int | dtid, |
int | dfid | ||
) |
Attach the data format to the data type.
- Parameters
-
dtid data type id that can use the data format. 0 means all standard data types. Such data formats can be applied to any data item or instruction operands. For instruction operands, the data_format_t::value_size check is not performed by the kernel. dfid data format id
- Return values
-
true ok false no such `dtid', or no such `dfid', or the data format has already been attached to the data type
◆ detach_custom_data_format()
idaman bool ida_export detach_custom_data_format | ( | int | dtid, |
int | dfid | ||
) |
Detach the data format from the data type.
Unregistering a custom data type detaches all attached data formats, no need to detach them explicitly. You still need unregister them. Unregistering a custom data format detaches it from all attached data types.
- Parameters
-
dtid data type id to detach data format from dfid data format id to detach
- Return values
-
true ok false no such `dtid', or no such `dfid', or the data format was not attached to the data type
◆ is_attached_custom_data_format()
idaman bool ida_export is_attached_custom_data_format | ( | int | dtid, |
int | dfid | ||
) |
Is the custom data format attached to the custom data type?
- Parameters
-
dtid data type id dfid data format id
- Returns
- true or false
◆ get_custom_data_types()
idaman int ida_export get_custom_data_types | ( | intvec_t * | out, |
asize_t | min_size = 0 , |
||
asize_t | max_size = BADADDR |
||
) |
Get list of registered custom data type ids.
- Parameters
-
out buffer for the output. may be nullptr min_size minimum value size max_size maximum value size
- Returns
- number of custom data types with the specified size limits
◆ get_custom_data_formats()
idaman int ida_export get_custom_data_formats | ( | intvec_t * | out, |
int | dtid | ||
) |
Get list of attached custom data formats for the specified data type.
- Parameters
-
out buffer for the output. may be nullptr dtid data type id
- Returns
- number of returned custom data formats. if error, returns -1
◆ find_custom_data_type()
idaman int ida_export find_custom_data_type | ( | const char * | name | ) |
Get id of a custom data type.
- Parameters
-
name name of the custom data type
- Returns
- id or -1
◆ find_custom_data_format()
idaman int ida_export find_custom_data_format | ( | const char * | name | ) |
Get id of a custom data format.
- Parameters
-
name name of the custom data format
- Returns
- id or -1
◆ set_cmt()
idaman bool ida_export set_cmt | ( | ea_t | ea, |
const char * | comm, | ||
bool | rptble | ||
) |
Set an indented comment.
- Parameters
-
ea linear address comm comment string - nullptr: do nothing (return 0)
- "" : delete comment
rptble is repeatable?
- Returns
- success
◆ get_cmt()
Get an indented comment.
- Parameters
-
buf output buffer, may be nullptr ea linear address. may point to tail byte, the function will find start of the item rptble get repeatable comment?
- Returns
- size of comment or -1
◆ append_cmt()
idaman bool ida_export append_cmt | ( | ea_t | ea, |
const char * | str, | ||
bool | rptble | ||
) |
Append to an indented comment.
Creates a new comment if none exists. Appends a newline character and the specified string otherwise.
- Parameters
-
ea linear address str comment string to append rptble append to repeatable comment?
- Returns
- success
◆ get_predef_insn_cmt()
Get predefined comment.
- Parameters
-
buf buffer for the comment ins current instruction information
- Returns
- size of comment or -1
◆ find_byte()
idaman ea_t ida_export find_byte | ( | ea_t | sEA, |
asize_t | size, | ||
uchar | value, | ||
int | bin_search_flags | ||
) |
Find forward a byte with the specified value (only 8-bit value from the database).
example: ea=4 size=3 will inspect addresses 4, 5, and 6
- Parameters
-
sEA linear address size number of bytes to inspect value value to find bin_search_flags combination of Search flags
- Returns
- address of byte or BADADDR
◆ find_byter()
idaman ea_t ida_export find_byter | ( | ea_t | sEA, |
asize_t | size, | ||
uchar | value, | ||
int | bin_search_flags | ||
) |
Find reverse a byte with the specified value (only 8-bit value from the database).
example: ea=4 size=3 will inspect addresses 6, 5, and 4
- Parameters
-
sEA the lower address of the search range size number of bytes to inspect value value to find bin_search_flags combination of Search flags
- Returns
- address of byte or BADADDR
◆ parse_binpat_str()
idaman bool ida_export parse_binpat_str | ( | compiled_binpat_vec_t * | out, |
ea_t | ea, | ||
const char * | in, | ||
int | radix, | ||
int | strlits_encoding = PBSENC_DEF1BPU , |
||
qstring * | errbuf = nullptr |
||
) |
Convert user-specified binary string to internal representation.
The 'in' parameter contains space-separated tokens:
Note that string constants are surrounded with double quotes.
Here are a few examples (assuming base 16):
- Parameters
-
[out] out a vector of compiled binary patterns, for use with bin_search2() ea linear address to convert for (the conversion depends on the address, because the number of bits in a byte depend on the segment type) in input text string radix numeric base of numbers (8,10,16) strlits_encoding the target encoding into which the string literals present in 'in', should be encoded. Can be any from [1, get_encoding_qty()), or the special values PBSENC_* errbuf error buffer (can be nullptr)
- Returns
- false either in case of parsing error, or if at least one requested target encoding couldn't encode the string literals present in "in".
◆ bin_search2()
idaman ea_t ida_export bin_search2 | ( | ea_t | start_ea, |
ea_t | end_ea, | ||
const compiled_binpat_vec_t & | data, | ||
int | flags | ||
) |
Search for a string in the program.
- Parameters
-
start_ea linear address, start of range to search end_ea linear address, end of range to search (exclusive) data the prepared data to search for (see parse_binpat_str()) flags combination of Search flags
- Returns
- BADADDR (if pressed Ctrl-Break or not found) or string address.
◆ bin_search3()
idaman ea_t ida_export bin_search3 | ( | size_t * | out_matched_idx, |
ea_t | start_ea, | ||
ea_t | end_ea, | ||
const compiled_binpat_vec_t & | data, | ||
int | flags | ||
) |
Search for a patter in the program.
- Parameters
-
out_matched_idx index in data when pattern found start_ea linear address, start of range to search end_ea linear address, end of range to search (exclusive) data the prepared data to search for (see parse_binpat_str()) flags combination of Search flags
- Returns
- BADADDR (if pressed Ctrl-Break or not found) or pattern address.
◆ equal_bytes()
idaman bool ida_export equal_bytes | ( | ea_t | ea, |
const uchar * | image, | ||
const uchar * | mask, | ||
size_t | len, | ||
int | bin_search_flags | ||
) |
Compare 'len' bytes of the program starting from 'ea' with 'image'.
- Parameters
-
ea linear address image bytes to compare with mask array of mask bytes, it's length is 'len'. if the flag BIN_SEARCH_BITMASK is passsed, 'bitwise AND' is used to compare. if not; 1 means to perform the comparison of the corresponding byte. 0 means not to perform. if mask == nullptr, then all bytes of 'image' will be compared. if mask == SKIP_FF_MASK then 0xFF bytes will be skipped len length of block to compare in bytes. bin_search_flags combination of Search flags
- Return values
-
1 equal 0 not equal
◆ update_hidden_range()
idaman bool ida_export update_hidden_range | ( | const hidden_range_t * | ha | ) |
Update hidden range information in the database.
You cannot use this function to change the range boundaries
- Parameters
-
ha range to update
- Returns
- success
◆ add_hidden_range()
idaman bool ida_export add_hidden_range | ( | ea_t | ea1, |
ea_t | ea2, | ||
const char * | description, | ||
const char * | header, | ||
const char * | footer, | ||
bgcolor_t | color = DEFCOLOR |
||
) |
Mark a range of addresses as hidden.
The range will be created in the invisible state with the default color
- Parameters
-
ea1 linear address of start of the address range ea2 linear address of end of the address range description,header,footer range parameters color the range color
- Returns
- success
◆ get_hidden_range()
idaman hidden_range_t *ida_export get_hidden_range | ( | ea_t | ea | ) |
Get pointer to hidden range structure, in: linear address.
- Parameters
-
ea any address in the hidden range
◆ getn_hidden_range()
idaman hidden_range_t *ida_export getn_hidden_range | ( | int | n | ) |
Get pointer to hidden range structure, in: number of hidden range.
- Parameters
-
n number of hidden range, is in range 0..get_hidden_range_qty()-1
◆ get_hidden_range_num()
idaman int ida_export get_hidden_range_num | ( | ea_t | ea | ) |
Get number of a hidden range.
- Parameters
-
ea any address in the hidden range
- Returns
- number of hidden range (0..get_hidden_range_qty()-1)
◆ get_prev_hidden_range()
idaman hidden_range_t *ida_export get_prev_hidden_range | ( | ea_t | ea | ) |
Get pointer to previous hidden range.
- Parameters
-
ea any address in the program
- Returns
- ptr to hidden range or nullptr if previous hidden range doesn't exist
◆ get_next_hidden_range()
idaman hidden_range_t *ida_export get_next_hidden_range | ( | ea_t | ea | ) |
Get pointer to next hidden range.
- Parameters
-
ea any address in the program
- Returns
- ptr to hidden range or nullptr if next hidden range doesn't exist
◆ get_first_hidden_range()
idaman hidden_range_t *ida_export get_first_hidden_range | ( | void | ) |
Get pointer to the first hidden range.
- Returns
- ptr to hidden range or nullptr
◆ get_last_hidden_range()
idaman hidden_range_t *ida_export get_last_hidden_range | ( | void | ) |
Get pointer to the last hidden range.
- Returns
- ptr to hidden range or nullptr
◆ del_hidden_range()
idaman bool ida_export del_hidden_range | ( | ea_t | ea | ) |
Delete hidden range.
- Parameters
-
ea any address in the hidden range
- Returns
- success
◆ add_mapping()
idaman bool ida_export add_mapping | ( | ea_t | from, |
ea_t | to, | ||
asize_t | size | ||
) |
IDA supports memory mapping.
References to the addresses from the mapped range use data and meta-data from the mapping range.
- Note
- You should set flag PR2_MAPPING in ph.flag2 to use memory mapping Add memory mapping range.
- Parameters
-
from start of the mapped range (nonexistent address) to start of the mapping range (existent address) size size of the range
- Returns
- success
◆ del_mapping()
idaman void ida_export del_mapping | ( | ea_t | ea | ) |
Delete memory mapping range.
- Parameters
-
ea any address in the mapped range
◆ use_mapping()
idaman ea_t ida_export use_mapping | ( | ea_t | ea | ) |
Translate address according to current mappings.
- Parameters
-
ea address to translate
- Returns
- translated address
◆ get_mapping()
idaman bool ida_export get_mapping | ( | ea_t * | from, |
ea_t * | to, | ||
asize_t * | size, | ||
size_t | n | ||
) |
Get memory mapping range by its number.
- Parameters
-
from start of the mapped range to start of the mapping range size size of the range n number of mapping range (0..get_mappings_qty()-1)
- Returns
- false if the specified range doesn't exist, otherwise returns `from', `to', `size'
Generated by