ida_regfinder Namespace Reference

Detailed Description

Classes
class	reg_value_def_t
	Proxy of C++ reg_value_def_t class. More...
class	reg_value_info_t
	Proxy of C++ reg_value_info_t class. More...

Functions
"reg_value_info_t"	reg_value_info_t_make_dead_end (*args)
	reg_value_info_t_make_dead_end(dead_end_ea) -> reg_value_info_t
"reg_value_info_t"	reg_value_info_t_make_aborted (*args)
	reg_value_info_t_make_aborted(bblk_ea) -> reg_value_info_t
"reg_value_info_t"	reg_value_info_t_make_badinsn (*args)
	reg_value_info_t_make_badinsn(insn_ea) -> reg_value_info_t
"reg_value_info_t"	reg_value_info_t_make_unkinsn (*args)
	reg_value_info_t_make_unkinsn(insn) -> reg_value_info_t
"reg_value_info_t"	reg_value_info_t_make_unkfunc (*args)
	reg_value_info_t_make_unkfunc(func_ea) -> reg_value_info_t
"reg_value_info_t"	reg_value_info_t_make_unkloop (*args)
	reg_value_info_t_make_unkloop(bblk_ea) -> reg_value_info_t
"reg_value_info_t"	reg_value_info_t_make_unkmult (*args)
	reg_value_info_t_make_unkmult(bblk_ea) -> reg_value_info_t
"reg_value_info_t"	reg_value_info_t_make_num (*args)
	reg_value_info_t_make_num(rval, insn, val_flags=0) -> reg_value_info_t
"reg_value_info_t"	reg_value_info_t_make_initial_sp (*args)
	reg_value_info_t_make_initial_sp(func_ea) -> reg_value_info_t
"uint64 *"	find_reg_value (*args)
	find_reg_value(ea, reg) -> int Find register value using the register tracker.
"int64 *"	find_sp_value (*args)
	find_sp_value(ea, reg=-1) -> int Find a value of the SP based register using the register tracker.
"bool"	find_reg_value_info (*args)
	find_reg_value_info(rvi, ea, reg, max_depth=0) -> bool Find register value using the register tracker.
"int"	find_nearest_rvi (*args)
	find_nearest_rvi(rvi, ea, reg) -> int Find the value of any of the two registers using the register tracker.
"void"	invalidate_regfinder_cache (*args)
	invalidate_regfinder_cache(ea=BADADDR) Remove from the register tracker cache all values at EA and all dependent values.

Variables
	cvar = _ida_regfinder.cvar

Function Documentation

find_nearest_rvi()

"int" find_nearest_rvi

(

*

args

)

First, this function tries to find the registers in the basic block of EA, and if it could not do this, then it tries to find in the entire function.

Parameters

rvi	(C++: reg_value_info_t *) the found value with additional attributes
ea	(C++: ea_t) the address to find a value at
reg	(C++: const int) the registers to find

Returns

: the index of the found register or -1

find_reg_value()

"uint64 *" find_reg_value

(

*

args

)

Note

: The returned value is valid before executing the instruction.

Parameters

ea	(C++: ea_t) the address to find a value at
reg	(C++: int) the register to find

Return values

0	no value (the value is varying or the find depth is not enough to find a value)
1	the found value is in VAL
-1	the processor module does not support a register tracker

find_reg_value_info()

"bool" find_reg_value_info

(

*

args

)

Note

: The returned value is valid before executing the instruction.

: The undefined value means that there is no execution flow to EA, e.g. we try to find a value after the call of NORET function.

: The unknown value means that the value is:

• a result of unsupported instruction, e.g. the result of a call,
• a function argument,
• is varying, e.g. it is a loop counter.

Parameters

rvi	(C++: reg_value_info_t *) the found value with additional attributes
ea	(C++: ea_t) the address to find a value at
reg	(C++: int) the register to find
max_depth	(C++: int) the number of basic blocks to look before aborting the search and returning the unknown value. 0 means the value of REGTRACK_MAX_DEPTH from ida.cfg for ordinal registers or REGTRACK_FUNC_MAX_DEPTH for the function-wide registers, -1 means the value of REGTRACK_FUNC_MAX_DEPTH from ida.cfg.

Return values

'false'	the processor module does not support a register tracker
'true'	the found value is in RVI

find_sp_value()

"int64 *" find_sp_value

(

*

args

)

Note

: The returned value is valid before executing the instruction.

Parameters

ea	(C++: ea_t) the address to find a value at
reg	(C++: int) the register to find. by default the SP register is used.

Return values

0	no value (the value is varying or the find depth is not enough to find a value)
1	the found value is in VAL
-1	the processor module does not support a register tracker

invalidate_regfinder_cache()

"void" invalidate_regfinder_cache

(

*

args

)

As if the control flow to this instruction has changed. if EA == BADADDR then clear the entire cache.

Parameters

ea	(C++: ea_t)

reg_value_info_t_make_aborted()

"reg_value_info_t" reg_value_info_t_make_aborted

(

*

args

)

Parameters

bblk_ea

ea_t

reg_value_info_t_make_badinsn()

"reg_value_info_t" reg_value_info_t_make_badinsn

(

*

args

)

Parameters

insn_ea

ea_t

reg_value_info_t_make_dead_end()

"reg_value_info_t" reg_value_info_t_make_dead_end

(

*

args

)

Parameters

dead_end_ea

ea_t

reg_value_info_t_make_initial_sp()

"reg_value_info_t" reg_value_info_t_make_initial_sp

(

*

args

)

Parameters

func_ea

ea_t

reg_value_info_t_make_num()

"reg_value_info_t" reg_value_info_t_make_num

(

*

args

)

Parameters

rval	uval_t
insn	an ida_ua.insn_t, or an address (C++: const insn_t &)
val_flags	uint16

reg_value_info_t_make_num(rval, val_ea, val_flags=0) -> reg_value_info_t

Parameters

rval	uval_t
val_ea	ea_t
val_flags	uint16

reg_value_info_t_make_unkfunc()

"reg_value_info_t" reg_value_info_t_make_unkfunc

(

*

args

)

Parameters

func_ea

ea_t

reg_value_info_t_make_unkinsn()

"reg_value_info_t" reg_value_info_t_make_unkinsn

(

*

args

)

Parameters

insn	an ida_ua.insn_t, or an address (C++: const insn_t &)

reg_value_info_t_make_unkloop()

"reg_value_info_t" reg_value_info_t_make_unkloop

(

*

args

)

Parameters

bblk_ea

ea_t

reg_value_info_t_make_unkmult()

"reg_value_info_t" reg_value_info_t_make_unkmult

(

*

args

)

Parameters

bblk_ea

ea_t

Variable Documentation

cvar

cvar = _ida_regfinder.cvar