 |
IDAPython 9.0
|
|
IDAPython 9.0
|
The frame is represented as a structure:
+------------------------------------------------+ | function arguments | +------------------------------------------------+ | return address (isn't stored in func_t) | +------------------------------------------------+ | saved registers (SI, DI, etc - func_t::frregs) | +------------------------------------------------+ <- typical BP | | | | | | func_t::fpd | | | | | <- real BP | local variables (func_t::frsize) | | | | | +------------------------------------------------+ <- SP
To access the structure of a function frame, use:
Classes | |
| class | regvar_t |
| Proxy of C++ regvar_t class. More... | |
| class | stkpnt_t |
| Proxy of C++ stkpnt_t class. More... | |
| class | stkpnts_t |
| Proxy of C++ stkpnts_t class. More... | |
| class | xreflist_entry_t |
| Proxy of C++ xreflist_entry_t class. More... | |
| class | xreflist_t |
| Proxy of C++ qvector< xreflist_entry_t > class. More... | |
Functions | |
| "bool" | is_funcarg_off ("func_t const *" pfn, "uval_t" frameoff) |
| is_funcarg_off(pfn, frameoff) -> bool | |
| "sval_t" | lvar_off ("func_t const *" pfn, "uval_t" frameoff) |
| lvar_off(pfn, frameoff) -> sval_t | |
| "bool" | add_frame ("func_t *" pfn, "sval_t" frsize, "ushort" frregs, "asize_t" argsize) |
| add_frame(pfn, frsize, frregs, argsize) -> bool Add function frame. | |
| "bool" | del_frame ("func_t *" pfn) |
| del_frame(pfn) -> bool Delete a function frame. | |
| "bool" | set_frame_size ("func_t *" pfn, "asize_t" frsize, "ushort" frregs, "asize_t" argsize) |
| set_frame_size(pfn, frsize, frregs, argsize) -> bool Set size of function frame. | |
| "asize_t" | get_frame_size ("func_t const *" pfn) |
| get_frame_size(pfn) -> asize_t Get full size of a function frame. | |
| "int" | get_frame_retsize ("func_t const *" pfn) |
| get_frame_retsize(pfn) -> int Get size of function return address. | |
| "void" | get_frame_part ("range_t" range, "func_t const *" pfn, "frame_part_t" part) |
| get_frame_part(range, pfn, part) Get offsets of the frame part in the frame. | |
| "ea_t" | frame_off_args ("func_t const *" pfn) |
| frame_off_args(pfn) -> ea_t Get starting address of arguments section. | |
| "ea_t" | frame_off_retaddr ("func_t const *" pfn) |
| frame_off_retaddr(pfn) -> ea_t Get starting address of return address section. | |
| "ea_t" | frame_off_savregs ("func_t const *" pfn) |
| frame_off_savregs(pfn) -> ea_t Get starting address of saved registers section. | |
| "ea_t" | frame_off_lvars ("func_t const *" pfn) |
| frame_off_lvars(pfn) -> ea_t Get start address of local variables section. | |
| "bool" | get_func_frame ("tinfo_t" out, "func_t const *" pfn) |
| get_func_frame(out, pfn) -> bool | |
| "sval_t" | soff_to_fpoff ("func_t *" pfn, "uval_t" soff) |
| soff_to_fpoff(pfn, soff) -> sval_t Convert struct offsets into fp-relative offsets. | |
| "bool" | update_fpd ("func_t *" pfn, "asize_t" fpd) |
| update_fpd(pfn, fpd) -> bool Update frame pointer delta. | |
| "bool" | set_purged ("ea_t" ea, "int" nbytes, "bool" override_old_value) |
| set_purged(ea, nbytes, override_old_value) -> bool Set the number of purged bytes for a function or data item (funcptr). | |
| "bool" | define_stkvar ("func_t *" pfn, "char const *" name, "sval_t" off, "tinfo_t" tif, "value_repr_t" repr=None) |
| define_stkvar(pfn, name, off, tif, repr=None) -> bool Define/redefine a stack variable. | |
| "bool" | add_frame_member ("func_t const *" pfn, "char const *" name, "uval_t" offset, "tinfo_t" tif, "value_repr_t" repr=None, "uint" etf_flags=0) |
| add_frame_member(pfn, name, offset, tif, repr=None, etf_flags=0) -> bool Add member to the frame type | |
| "bool" | is_anonymous_member_name ("char const *" name) |
| is_anonymous_member_name(name) -> bool Is member name prefixed with "anonymous"? | |
| "bool" | is_dummy_member_name ("char const *" name) |
| is_dummy_member_name(name) -> bool Is member name an auto-generated name? | |
| "bool" | is_special_frame_member ("tid_t" tid) |
| is_special_frame_member(tid) -> bool Is stkvar with TID the return address slot or the saved registers slot ? | |
| "bool" | set_frame_member_type ("func_t const *" pfn, "uval_t" offset, "tinfo_t" tif, "value_repr_t" repr=None, "uint" etf_flags=0) |
| set_frame_member_type(pfn, offset, tif, repr=None, etf_flags=0) -> bool Change type of the frame member | |
| "bool" | delete_frame_members ("func_t const *" pfn, "uval_t" start_offset, "uval_t" end_offset) |
| delete_frame_members(pfn, start_offset, end_offset) -> bool Delete frame members | |
| "qstring *" | build_stkvar_name ("func_t const *" pfn, "sval_t" v) |
| build_stkvar_name(pfn, v) -> str Build automatic stack variable name. | |
| "ea_t" | calc_stkvar_struc_offset ("func_t *" pfn, "insn_t const &" insn, "int" n) |
| calc_stkvar_struc_offset(pfn, insn, n) -> ea_t Calculate offset of stack variable in the frame structure. | |
| "sval_t" | calc_frame_offset ("func_t *" pfn, "sval_t" off, "insn_t const *" insn=None, "op_t const *" op=None) |
| calc_frame_offset(pfn, off, insn=None, op=None) -> sval_t Calculate the offset of stack variable in the frame. | |
| "void" | free_regvar ("regvar_t" v) |
| free_regvar(v) | |
| "int" | add_regvar ("func_t *" pfn, "ea_t" ea1, "ea_t" ea2, "char const *" canon, "char const *" user, "char const *" cmt) |
| add_regvar(pfn, ea1, ea2, canon, user, cmt) -> int Define a register variable. | |
| "regvar_t *" | find_regvar (*args) |
| find_regvar(pfn, ea1, ea2, canon, user) -> regvar_t Find a register variable definition. | |
| "bool" | has_regvar ("func_t *" pfn, "ea_t" ea) |
| has_regvar(pfn, ea) -> bool Is there a register variable definition? | |
| "int" | rename_regvar ("func_t *" pfn, "regvar_t" v, "char const *" user) |
| rename_regvar(pfn, v, user) -> int Rename a register variable. | |
| "int" | set_regvar_cmt ("func_t *" pfn, "regvar_t" v, "char const *" cmt) |
| set_regvar_cmt(pfn, v, cmt) -> int Set comment for a register variable. | |
| "int" | del_regvar ("func_t *" pfn, "ea_t" ea1, "ea_t" ea2, "char const *" canon) |
| del_regvar(pfn, ea1, ea2, canon) -> int Delete a register variable definition. | |
| "bool" | add_auto_stkpnt ("func_t *" pfn, "ea_t" ea, "sval_t" delta) |
| add_auto_stkpnt(pfn, ea, delta) -> bool Add automatic SP register change point. | |
| "bool" | add_user_stkpnt ("ea_t" ea, "sval_t" delta) |
| add_user_stkpnt(ea, delta) -> bool Add user-defined SP register change point. | |
| "bool" | del_stkpnt ("func_t *" pfn, "ea_t" ea) |
| del_stkpnt(pfn, ea) -> bool Delete SP register change point. | |
| "sval_t" | get_spd ("func_t *" pfn, "ea_t" ea) |
| get_spd(pfn, ea) -> sval_t Get difference between the initial and current values of ESP. | |
| "sval_t" | get_effective_spd ("func_t *" pfn, "ea_t" ea) |
| get_effective_spd(pfn, ea) -> sval_t Get effective difference between the initial and current values of ESP. | |
| "sval_t" | get_sp_delta ("func_t *" pfn, "ea_t" ea) |
| get_sp_delta(pfn, ea) -> sval_t Get modification of SP made at the specified location | |
| "bool" | set_auto_spd ("func_t *" pfn, "ea_t" ea, "sval_t" new_spd) |
| set_auto_spd(pfn, ea, new_spd) -> bool Add such an automatic SP register change point so that at EA the new cumulative SP delta (that is, the difference between the initial and current values of SP) would be equal to NEW_SPD. | |
| "bool" | recalc_spd ("ea_t" cur_ea) |
| recalc_spd(cur_ea) -> bool Recalculate SP delta for an instruction that stops execution. | |
| "bool" | recalc_spd_for_basic_block ("func_t *" pfn, "ea_t" cur_ea) |
| "void" | build_stkvar_xrefs ("xreflist_t" out, "func_t *" pfn, "uval_t" start_offset, "uval_t" end_offset) |
| build_stkvar_xrefs(out, pfn, start_offset, end_offset) Fill 'out' with a list of all the xrefs made from function 'pfn' to specified range of the pfn's stack frame. | |
Variables | |
| FRAME_UDM_NAME_R = _ida_frame.FRAME_UDM_NAME_R | |
| FRAME_UDM_NAME_S = _ida_frame.FRAME_UDM_NAME_S | |
| FPC_ARGS = _ida_frame.FPC_ARGS | |
| FPC_RETADDR = _ida_frame.FPC_RETADDR | |
| FPC_SAVREGS = _ida_frame.FPC_SAVREGS | |
| FPC_LVARS = _ida_frame.FPC_LVARS | |
| STKVAR_VALID_SIZE = _ida_frame.STKVAR_VALID_SIZE | |
| REGVAR_ERROR_OK = _ida_frame.REGVAR_ERROR_OK | |
| REGVAR_ERROR_ARG = _ida_frame.REGVAR_ERROR_ARG | |
| REGVAR_ERROR_RANGE = _ida_frame.REGVAR_ERROR_RANGE | |
| REGVAR_ERROR_NAME = _ida_frame.REGVAR_ERROR_NAME | |
| "bool" add_auto_stkpnt | ( | "func_t *" | pfn, |
| "ea_t" | ea, | ||
| "sval_t" | delta ) |
| pfn | (C++: func_t *) pointer to the function. may be nullptr. |
| ea | (C++: ea_t) linear address where SP changes. usually this is the end of the instruction which modifies the stack pointer ( insn_t::ea+ insn_t::size) |
| delta | (C++: sval_t) difference between old and new values of SP |
| "bool" add_frame | ( | "func_t *" | pfn, |
| "sval_t" | frsize, | ||
| "ushort" | frregs, | ||
| "asize_t" | argsize ) |
| pfn | (C++: func_t *) pointer to function structure |
| frsize | (C++: sval_t) size of function local variables |
| frregs | (C++: ushort) size of saved registers |
| argsize | (C++: asize_t) size of function arguments range which will be purged upon return. this parameter is used for __stdcall and __pascal calling conventions. for other calling conventions please pass 0. |
| 1 | ok |
| 0 | failed (no function, frame already exists) |
| "bool" add_frame_member | ( | "func_t const *" | pfn, |
| "char const *" | name, | ||
| "uval_t" | offset, | ||
| "tinfo_t" | tif, | ||
| "value_repr_t" | repr = None, | ||
| "uint" | etf_flags = 0 ) |
| pfn | (C++: const func_t *) pointer to function |
| name | (C++: const char *) variable name, nullptr means autogenerate a name |
| offset | (C++: uval_t) member offset in the frame structure, in bytes |
| tif | (C++: const tinfo_t &) variable type |
| repr | (C++: const struct value_repr_t *) variable representation |
| etf_flags | (C++: uint) |
| "int" add_regvar | ( | "func_t *" | pfn, |
| "ea_t" | ea1, | ||
| "ea_t" | ea2, | ||
| "char const *" | canon, | ||
| "char const *" | user, | ||
| "char const *" | cmt ) |
| pfn | (C++: func_t *) function in which the definition will be created |
| ea1 | (C++: ea_t) ,ea2: range of addresses within the function where the definition will be used |
| canon | (C++: const char *) name of a general register |
| canon | (C++: const char *) name of a general register |
| user | (C++: const char *) user-defined name for the register |
| cmt | (C++: const char *) comment for the definition |
| "bool" add_user_stkpnt | ( | "ea_t" | ea, |
| "sval_t" | delta ) |
| ea | (C++: ea_t) linear address where SP changes |
| delta | (C++: sval_t) difference between old and new values of SP |
| "qstring *" build_stkvar_name | ( | "func_t const *" | pfn, |
| "sval_t" | v ) |
| pfn | (C++: const func_t *) pointer to function (can't be nullptr!) |
| v | (C++: sval_t) value of variable offset |
| "void" build_stkvar_xrefs | ( | "xreflist_t" | out, |
| "func_t *" | pfn, | ||
| "uval_t" | start_offset, | ||
| "uval_t" | end_offset ) |
| out | (C++: xreflist_t *) the list of xrefs to fill. |
| pfn | (C++: func_t *) the function to scan. |
| start_offset | (C++: uval_t) start frame structure offset, in bytes |
| end_offset | (C++: uval_t) end frame structure offset, in bytes |
| "sval_t" calc_frame_offset | ( | "func_t *" | pfn, |
| "sval_t" | off, | ||
| "insn_t const *" | insn = None, | ||
| "op_t const *" | op = None ) |
| pfn | (C++: func_t *) pointer to function (cannot be nullptr) |
| off | (C++: sval_t) the offset relative to stack pointer or frame pointer |
| insn | (C++: const insn_t *) the instruction |
| op | (C++: const op_t *) the operand |
| "ea_t" calc_stkvar_struc_offset | ( | "func_t *" | pfn, |
| "insn_t const &" | insn, | ||
| "int" | n ) |
| pfn | (C++: func_t *) pointer to function (cannot be nullptr) |
| insn | (C++: const insn_t &) the instruction |
| n | (C++: int) 0..UA_MAXOP-1 operand number -1 if error, return BADADDR |
| "bool" define_stkvar | ( | "func_t *" | pfn, |
| "char const *" | name, | ||
| "sval_t" | off, | ||
| "tinfo_t" | tif, | ||
| "value_repr_t" | repr = None ) |
| pfn | (C++: func_t *) pointer to function |
| name | (C++: const char *) variable name, nullptr means autogenerate a name |
| off | (C++: sval_t) offset of the stack variable in the frame. negative values denote local variables, positive - function arguments. |
| tif | (C++: const tinfo_t &) variable type |
| repr | (C++: const struct value_repr_t *) variable representation |
| "bool" del_frame | ( | "func_t *" | pfn | ) |
| pfn | (C++: func_t *) pointer to function structure |
| "int" del_regvar | ( | "func_t *" | pfn, |
| "ea_t" | ea1, | ||
| "ea_t" | ea2, | ||
| "char const *" | canon ) |
| pfn | (C++: func_t *) function in question |
| ea1 | (C++: ea_t) ,ea2: range of addresses within the function where the definition holds |
| canon | (C++: const char *) name of a general register |
| canon | (C++: const char *) name of a general register |
| "bool" del_stkpnt | ( | "func_t *" | pfn, |
| "ea_t" | ea ) |
| pfn | (C++: func_t *) pointer to the function. may be nullptr. |
| ea | (C++: ea_t) linear address |
| "bool" delete_frame_members | ( | "func_t const *" | pfn, |
| "uval_t" | start_offset, | ||
| "uval_t" | end_offset ) |
| pfn | (C++: const func_t *) pointer to function |
| start_offset | (C++: uval_t) member offset to start deletion from, in bytes |
| end_offset | (C++: uval_t) member offset which not included in the deletion, in bytes |
| "regvar_t *" find_regvar | ( | * | args | ) |
| pfn | (C++: func_t *) function in question |
| ea1 | ea_t |
| canon | (C++: const char *) name of a general register |
| canon | (C++: const char *) name of a general register |
| user | char const * |
| pfn | func_t * |
| ea | ea_t |
| canon | char const * |
| "ea_t" frame_off_args | ( | "func_t const *" | pfn | ) |
| pfn | (C++: const func_t *) func_t const * |
| "ea_t" frame_off_lvars | ( | "func_t const *" | pfn | ) |
| pfn | (C++: const func_t *) func_t const * |
| "ea_t" frame_off_retaddr | ( | "func_t const *" | pfn | ) |
| pfn | (C++: const func_t *) func_t const * |
| "ea_t" frame_off_savregs | ( | "func_t const *" | pfn | ) |
| pfn | (C++: const func_t *) func_t const * |
| "void" free_regvar | ( | "regvar_t" | v | ) |
| v | regvar_t * |
| "sval_t" get_effective_spd | ( | "func_t *" | pfn, |
| "ea_t" | ea ) |
This function returns the sp-diff used by the instruction. The difference between get_spd() and get_effective_spd() is present only for instructions like "pop [esp+N]": they modify sp and use the modified value.
| pfn | (C++: func_t *) pointer to the function. may be nullptr. |
| ea | (C++: ea_t) linear address |
| "void" get_frame_part | ( | "range_t" | range, |
| "func_t const *" | pfn, | ||
| "frame_part_t" | part ) |
| range | (C++: range_t *) pointer to the output buffer with the frame part start/end(exclusive) offsets, can't be nullptr |
| pfn | (C++: const func_t *) pointer to function structure, can't be nullptr |
| part | (C++: frame_part_t) frame part |
| "int" get_frame_retsize | ( | "func_t const *" | pfn | ) |
| pfn | (C++: const func_t *) pointer to function structure, can't be nullptr |
| "asize_t" get_frame_size | ( | "func_t const *" | pfn | ) |
This function takes into account size of local variables + size of saved registers + size of return address + number of purged bytes. The purged bytes correspond to the arguments of the functions with __stdcall and __fastcall calling conventions.
| pfn | (C++: const func_t *) pointer to function structure, may be nullptr |
| "bool" get_func_frame | ( | "tinfo_t" | out, |
| "func_t const *" | pfn ) |
| out | tinfo_t * |
| pfn | func_t const * |
| "sval_t" get_sp_delta | ( | "func_t *" | pfn, |
| "ea_t" | ea ) |
| pfn | (C++: func_t *) pointer to the function. may be nullptr. |
| ea | (C++: ea_t) linear address |
| "sval_t" get_spd | ( | "func_t *" | pfn, |
| "ea_t" | ea ) |
| pfn | (C++: func_t *) pointer to the function. may be nullptr. |
| ea | (C++: ea_t) linear address of the instruction |
| "bool" has_regvar | ( | "func_t *" | pfn, |
| "ea_t" | ea ) |
| pfn | (C++: func_t *) function in question |
| ea | (C++: ea_t) current address |
| "bool" is_anonymous_member_name | ( | "char const *" | name | ) |
| name | (C++: const char *) char const * |
| "bool" is_dummy_member_name | ( | "char const *" | name | ) |
| name | (C++: const char *) char const * |
| "bool" is_funcarg_off | ( | "func_t const *" | pfn, |
| "uval_t" | frameoff ) |
| pfn | func_t const * |
| frameoff | uval_t |
| "bool" is_special_frame_member | ( | "tid_t" | tid | ) |
| tid | (C++: tid_t) frame member type id return address or saved registers member? |
| "sval_t" lvar_off | ( | "func_t const *" | pfn, |
| "uval_t" | frameoff ) |
| pfn | func_t const * |
| frameoff | uval_t |
| "bool" recalc_spd | ( | "ea_t" | cur_ea | ) |
The next instruction is not reached from the current instruction. We need to recalculate SP for the next instruction.
This function will create a new automatic SP register change point if necessary. It should be called from the emulator (emu.cpp) when auto_state == AU_USED if the current instruction doesn't pass the execution flow to the next instruction.
| cur_ea | (C++: ea_t) linear address of the current instruction |
| 1 | new stkpnt is added |
| 0 | nothing is changed |
| "bool" recalc_spd_for_basic_block | ( | "func_t *" | pfn, |
| "ea_t" | cur_ea ) |
recalc_spd_for_basic_block(pfn, cur_ea) -> bool Recalculate SP delta for the current instruction. The typical code snippet to calculate SP delta in a proc module is: if ( may_trace_sp() && pfn != nullptr ) if ( !recalc_spd_for_basic_block(pfn, insn.ea) )
trace_sp(pfn, insn);
where trace_sp() is a typical name for a function that emulates the SP change of
an instruction.
@param pfn: (C++: func_t *) pointer to the function
@param cur_ea: (C++: ea_t) linear address of the current instruction
@retval true: the cumulative SP delta is set
@retval false: the instruction at CUR_EA passes flow to the next instruction. SP
delta must be set as a result of emulating the current
instruction.
| "int" rename_regvar | ( | "func_t *" | pfn, |
| "regvar_t" | v, | ||
| "char const *" | user ) |
| pfn | (C++: func_t *) function in question |
| v | (C++: regvar_t *) variable to rename |
| user | (C++: const char *) new user-defined name for the register |
| "bool" set_auto_spd | ( | "func_t *" | pfn, |
| "ea_t" | ea, | ||
| "sval_t" | new_spd ) |
| pfn | (C++: func_t *) pointer to the function. may be nullptr. |
| ea | (C++: ea_t) linear address of the instruction |
| new_spd | (C++: sval_t) new value of the cumulative SP delta |
| "bool" set_frame_member_type | ( | "func_t const *" | pfn, |
| "uval_t" | offset, | ||
| "tinfo_t" | tif, | ||
| "value_repr_t" | repr = None, | ||
| "uint" | etf_flags = 0 ) |
| pfn | (C++: const func_t *) pointer to function |
| offset | (C++: uval_t) member offset in the frame structure, in bytes |
| tif | (C++: const tinfo_t &) variable type |
| repr | (C++: const struct value_repr_t *) variable representation |
| etf_flags | (C++: uint) |
| "bool" set_frame_size | ( | "func_t *" | pfn, |
| "asize_t" | frsize, | ||
| "ushort" | frregs, | ||
| "asize_t" | argsize ) |
Note: The returned size may not include all stack arguments. It does so only for __stdcall and __fastcall calling conventions. To get the entire frame size for all cases use frame.get_func_frame(pfn).get_size()
| pfn | (C++: func_t *) pointer to function structure |
| frsize | (C++: asize_t) size of function local variables |
| frregs | (C++: ushort) size of saved registers |
| argsize | (C++: asize_t) size of function arguments that will be purged from the stack upon return |
| "bool" set_purged | ( | "ea_t" | ea, |
| "int" | nbytes, | ||
| "bool" | override_old_value ) |
This function will update the database and plan to reanalyze items referencing the specified address. It works only for processors with PR_PURGING bit in 16 and 32 bit modes.
| ea | (C++: ea_t) address of the function of item |
| nbytes | (C++: int) number of purged bytes |
| override_old_value | (C++: bool) may overwrite old information about purged bytes |
| "int" set_regvar_cmt | ( | "func_t *" | pfn, |
| "regvar_t" | v, | ||
| "char const *" | cmt ) |
| pfn | (C++: func_t *) function in question |
| v | (C++: regvar_t *) variable to rename |
| cmt | (C++: const char *) new comment |
| "sval_t" soff_to_fpoff | ( | "func_t *" | pfn, |
| "uval_t" | soff ) |
This function converts the offsets inside the udt_type_data_t object into the frame pointer offsets (for example, EBP-relative).
| pfn | (C++: func_t *) |
| soff | (C++: uval_t) |
| "bool" update_fpd | ( | "func_t *" | pfn, |
| "asize_t" | fpd ) |
| pfn | (C++: func_t *) pointer to function structure |
| fpd | (C++: asize_t) new fpd value. cannot be bigger than the local variable range size. |
| FPC_ARGS = _ida_frame.FPC_ARGS |
| FPC_LVARS = _ida_frame.FPC_LVARS |
| FPC_RETADDR = _ida_frame.FPC_RETADDR |
| FPC_SAVREGS = _ida_frame.FPC_SAVREGS |
| FRAME_UDM_NAME_R = _ida_frame.FRAME_UDM_NAME_R |
| FRAME_UDM_NAME_S = _ida_frame.FRAME_UDM_NAME_S |
| REGVAR_ERROR_ARG = _ida_frame.REGVAR_ERROR_ARG |
| REGVAR_ERROR_NAME = _ida_frame.REGVAR_ERROR_NAME |
| REGVAR_ERROR_OK = _ida_frame.REGVAR_ERROR_OK |
| REGVAR_ERROR_RANGE = _ida_frame.REGVAR_ERROR_RANGE |
| STKVAR_VALID_SIZE = _ida_frame.STKVAR_VALID_SIZE |
1.12.0