 |
IDAPython 8.4
|
|
IDAPython 8.4
|
idautils.py - High level utility functions for IDA
Classes | |
| class | _cpu |
| class | _procregs |
| class | _reg_dtyp_t |
| class | peutils_t |
| class | Strings |
Functions | |
| CodeRefsTo (ea, flow) | |
| CodeRefsFrom (ea, flow) | |
| DataRefsTo (ea) | |
| DataRefsFrom (ea) | |
| XrefTypeName (typecode) | |
| XrefsFrom (ea, flags=0) | |
| XrefsTo (ea, flags=0) | |
| Threads () | |
| Heads (start=None, end=None) | |
| Functions (start=None, end=None) | |
| Chunks (start) | |
| Modules () | |
| Names () | |
| Segments () | |
| Entries () | |
| FuncItems (start) | |
| Structs () | |
| StructMembers (sid) | |
| DecodePrecedingInstruction (ea) | |
| DecodePreviousInstruction (ea) | |
| DecodeInstruction (ea) | |
| GetDataList (ea, count, itemsize=1) | |
| PutDataList (ea, datalist, itemsize=1) | |
| MapDataList (ea, length, func, wordsize=1) | |
| GetIdbDir () | |
| GetRegisterList () | |
| GetInstructionList () | |
| Assemble (ea, line) | |
| _copy_obj (src, dest, skip_list=None) | |
| ProcessUiActions (actions, flags=0) | |
Variables | |
| dict | _ref_types |
| GetInputFileMD5 = ida_nalt.retrieve_input_file_md5 | |
| _Assemble = Assemble | |
| cpu = _cpu() | |
| procregs = _procregs() | |
|
protected |
Copy non private/non callable attributes from a class instance to another
@param src: Source class to copy from
@param dest: If it is a string then it designates the new class type that will be created and copied to.
Otherwise dest should be an instance of another class
@return: A new instance or "dest"
| Assemble | ( | ea, | |
| line ) |
Assembles one or more lines (does not display an message dialogs) If line is a list then this function will attempt to assemble all the lines This function will turn on batch mode temporarily so that no messages are displayed on the screen @param ea: start address @return: (False, "Error message") or (True, asm_buf) or (True, [asm_buf1, asm_buf2, asm_buf3])
| Chunks | ( | start | ) |
Get a list of function chunks
See also ida_funcs.func_tail_iterator_t
@param start: address of the function
@return: list of function chunks (tuples of the form (start_ea, end_ea))
belonging to the function
| CodeRefsFrom | ( | ea, | |
| flow ) |
Get a list of code references from 'ea'
@param ea: Target address
@param flow: Follow normal code flow or not
@type flow: Boolean (0/1, False/True)
@return: list of references (may be empty list)
Example::
for ref in CodeRefsFrom(get_screen_ea(), 1):
print(ref)
| CodeRefsTo | ( | ea, | |
| flow ) |
Get a list of code references to 'ea'
@param ea: Target address
@param flow: Follow normal code flow or not
@type flow: Boolean (0/1, False/True)
@return: list of references (may be empty list)
Example::
for ref in CodeRefsTo(get_screen_ea(), 1):
print(ref)
| DataRefsFrom | ( | ea | ) |
Get a list of data references from 'ea'
@param ea: Target address
@return: list of references (may be empty list)
Example::
for ref in DataRefsFrom(get_screen_ea()):
print(ref)
| DataRefsTo | ( | ea | ) |
Get a list of data references to 'ea'
@param ea: Target address
@return: list of references (may be empty list)
Example::
for ref in DataRefsTo(get_screen_ea()):
print(ref)
| DecodeInstruction | ( | ea | ) |
Decodes an instruction and returns an insn_t like class @param ea: address to decode @return: None or a new insn_t instance
| DecodePrecedingInstruction | ( | ea | ) |
Decode preceding instruction in the execution flow.
@param ea: address to decode
@return: (None or the decode instruction, farref)
farref will contain 'true' if followed an xref, false otherwise
| DecodePreviousInstruction | ( | ea | ) |
Decodes the previous instruction and returns an insn_t like class @param ea: address to decode @return: None or a new insn_t instance
| Entries | ( | ) |
Returns a list of entry points (exports) @return: List of tuples (index, ordinal, ea, name)
| FuncItems | ( | start | ) |
Get a list of function items (instruction or data items inside function boundaries) See also ida_funcs.func_item_iterator_t @param start: address of the function @return: ea of each item in the function
| Functions | ( | start = None, | |
| end = None ) |
Get a list of functions @param start: start address (default: inf.min_ea) @param end: end address (default: inf.max_ea) @return: list of function entrypoints between start and end @note: The last function that starts before 'end' is included even if it extends beyond 'end'. Any function that has its chunks scattered in multiple segments will be reported multiple times, once in each segment as they are listed.
| GetDataList | ( | ea, | |
| count, | |||
| itemsize = 1 ) |
Get data list - INTERNAL USE ONLY
| GetIdbDir | ( | ) |
Get IDB directory This function returns directory path of the current IDB database
| GetInstructionList | ( | ) |
Returns the instruction list of the current processor module
| GetRegisterList | ( | ) |
Returns the register list
| Heads | ( | start = None, | |
| end = None ) |
Get a list of heads (instructions or data items) @param start: start address (default: inf.min_ea) @param end: end address (default: inf.max_ea) @return: list of heads between start and end
| MapDataList | ( | ea, | |
| length, | |||
| func, | |||
| wordsize = 1 ) |
Map through a list of data words in the database @param ea: start address @param length: number of words to map @param func: mapping function @param wordsize: size of words to map [default: 1 byte] @return: None
| Modules | ( | ) |
Returns a list of module objects with name,size,base and the rebase_to attributes
| Names | ( | ) |
Returns a list of names @return: List of tuples (ea, name)
| ProcessUiActions | ( | actions, | |
| flags = 0 ) |
@param actions: A string containing a list of actions separated by semicolon, a list or a tuple @param flags: flags to be passed to process_ui_action() @return: Boolean. Returns False if the action list was empty or execute_ui_requests() failed.
| PutDataList | ( | ea, | |
| datalist, | |||
| itemsize = 1 ) |
Put data list - INTERNAL USE ONLY
| Segments | ( | ) |
Get list of segments (sections) in the binary image @return: List of segment start addresses.
| StructMembers | ( | sid | ) |
Get a list of structure members information (or stack vars if given a frame).
@param sid: ID of the structure.
@return: List of tuples (offset, name, size)
@note: If 'sid' does not refer to a valid structure,
an exception will be raised.
@note: This will not return 'holes' in structures/stack frames;
it only returns defined structure members.
| Structs | ( | ) |
Get a list of structures @return: List of tuples (idx, sid, name)
| Threads | ( | ) |
Returns all thread IDs for the current debugee
| XrefsFrom | ( | ea, | |
| flags = 0 ) |
Return all references from address 'ea'
@param ea: Reference address
@param flags: one of ida_xref.XREF_ALL (default), ida_xref.XREF_FAR, ida_xref.XREF_DATA
Example::
for xref in XrefsFrom(here(), 0):
print(xref.type, XrefTypeName(xref.type), \
'from', hex(xref.frm), 'to', hex(xref.to))
| XrefsTo | ( | ea, | |
| flags = 0 ) |
Return all references to address 'ea'
@param ea: Reference address
@param flags: one of ida_xref.XREF_ALL (default), ida_xref.XREF_FAR, ida_xref.XREF_DATA
Example::
for xref in XrefsTo(here(), 0):
print(xref.type, XrefTypeName(xref.type), \
'from', hex(xref.frm), 'to', hex(xref.to))
| XrefTypeName | ( | typecode | ) |
Convert cross-reference type codes to readable names @param typecode: cross-reference type code
|
protected |
|
protected |
| cpu = _cpu() |
| GetInputFileMD5 = ida_nalt.retrieve_input_file_md5 |
| procregs = _procregs() |
1.12.0