Functions | Macros
search.hpp File Reference

Detailed Description

Middle-level search functions.

They all are controlled by Search flags


bool search_down (int sflag)
 Is the SEARCH_DOWN bit set?
idaman int ida_export search (void *ud, place_t *start, const place_t *end, int *startx, const char *str, int sflag)
 Search for a text substring (low level function). More...
idaman int ida_export user2bin (uchar *out, uchar *mask, ea_t ea, const char *in, int radix, bool unicode)
 Convert user-specified binary string to internal representation. More...
find_... functions
eastart ea
sflagcombination of Search flags
[out]opnumfilled with operand number whenever relevant
first ea at which the search criteria is met
idaman ea_t ida_export find_error (ea_t ea, int sflag, int *opnum=NULL)
 Find next error or problem.
idaman ea_t ida_export find_notype (ea_t ea, int sflag, int *opnum=NULL)
 Find next operand without any type info.
idaman ea_t ida_export find_unknown (ea_t ea, int sflag)
 Find next unexplored address.
idaman ea_t ida_export find_defined (ea_t ea, int sflag)
 Find next ea that is the start of an instruction or data.
idaman ea_t ida_export find_suspop (ea_t ea, int sflag, int *opnum=NULL)
 Find next suspicious operand.
idaman ea_t ida_export find_data (ea_t ea, int sflag)
 Find next data address.
idaman ea_t ida_export find_code (ea_t ea, int sflag)
 Find next code address.
idaman ea_t ida_export find_not_func (ea_t ea, int sflag)
 Find next code address that does not belong to a function.
idaman ea_t ida_export find_imm (ea_t newEA, int sflag, uval_t srchValue, int *opnum=NULL)
 Find next immediate operand with the given value.
idaman ea_t ida_export find_binary (ea_t startea, ea_t endea, const char *ubinstr, int radix, int sflag)
 Find next address that denotes the start of the specified binary sequence (specified in text form). More...
idaman ea_t ida_export find_text (ea_t start_ea, int y, int x, const char *ustr, int sflag)
 See search()


#define SEARCH_UP   0x000
 search towards lower addresses
#define SEARCH_DOWN   0x001
 search towards higher addresses
#define SEARCH_NEXT   0x002
 useful only for search() and find_binary(). More...
#define SEARCH_CASE   0x004
 case-sensitive search (case-insensitive otherwise)
#define SEARCH_REGEX   0x008
 regular expressions in search string (only supported for txt search)
#define SEARCH_NOBRK   0x010
 don't test for ctrl-break to interrupt the search
#define SEARCH_NOSHOW   0x020
 don't display the search progress/refresh screen
#define SEARCH_UNICODE   0x040
 treat literal strings as unicode (find_binary() only)
#define SEARCH_IDENT   0x080
 search for an identifier (text search). More...
#define SEARCH_BRK   0x100
 return BADADDR if Ctrl-Break wass pressed during search

Function Documentation

idaman ea_t ida_export find_binary ( ea_t  startea,
ea_t  endea,
const char *  ubinstr,
int  radix,
int  sflag 

Find next address that denotes the start of the specified binary sequence (specified in text form).

startea,endearange to search
ubinstr,radixsee user2bin()
idaman int ida_export search ( void *  ud,
place_t start,
const place_t end,
int *  startx,
const char *  str,
int  sflag 

Search for a text substring (low level function).

udline array parameter
[in,out]startpointer to starting place:
  • start->ea: starting address
  • start->lnnum: starting Y coordinate
endpointer to ending place:
  • end->ea: ending address
  • end->lnnum: ending Y coordinate
[in,out]startxpointer to starting X coordinate
strsubstring to search for.
sflagSearch flags
Return values
0substring not found
1substring found. The matching position is returned in:
  • start->ea: address
  • start->lnnum: Y coordinate
  • *startx: X coordinate
2search was cancelled by ctrl-break. The farthest searched address is returned in the same manner as in the successful return (1).
3the input regular expression is bad. The error message was displayed.
idaman int ida_export user2bin ( uchar out,
uchar mask,
ea_t  ea,
const char *  in,
int  radix,
bool  unicode 

Convert user-specified binary string to internal representation.

[out]outbuffer for the output sequence of bytes
[out]maskbuffer for the output comparison mask. if mask[0] == 0xFF upon return, then there were question marks in the input text string.
ealinear address to convert for (the conversion depends on the address, because the number of bits in a byte depend on the segment type)
ininput text string. contains space-separated:
  • numbers (numeric base is determined by 'radix')
    • if value of number fits a byte, it is considered as a byte
    • if value of number fits a word, it is considered as 2 bytes
    • if value of number fits a dword,it is considered as 4 bytes
  • "..." string constants
  • 'x' single-character constants
  • ? variable bytes
Examples of search strings (assuming base 16): CD 21 - bytes 0xCD, 0x21 21CD - bytes 0xCD, 0x21 (little endian ) or 0x21, 0xCD (big-endian) "Hello", 0 - the null terminated string "Hello" L"Hello" - 'H', 0, 'e', 0, 'l', 0, 'l', 0, 'o', 0 B8 ? ? ? ? 90 - byte 0xB8, 4 bytes with any value, byte 0x90
radixnumeric base of numbers (8,10,16)
unicodetreat strings as unicode
L"string" is another way to enter unicode strings
length of output string. -1 if the input string has bad format (warning is displayed).
the output buffers are assumed to be MAXSTR bytes