ida_expr ======== .. py:module:: ida_expr .. autoapi-nested-parse:: Functions that deal with C-like expressions and built-in IDC language. Functions marked THREAD_SAFE may be called from any thread. No simultaneous calls should be made for the same variable. We protect only global structures, individual variables must be protected manually. Attributes ---------- .. autoapisummary:: ida_expr.SWIG_PYTHON_LEGACY_BOOL ida_expr.IDC_LANG_EXT ida_expr.VARSLICE_SINGLE ida_expr.VREF_LOOP ida_expr.VREF_ONCE ida_expr.VREF_COPY ida_expr.VT_LONG ida_expr.VT_FLOAT ida_expr.VT_WILD ida_expr.VT_OBJ ida_expr.VT_FUNC ida_expr.VT_STR ida_expr.VT_PVOID ida_expr.VT_INT64 ida_expr.VT_REF ida_expr.eExecThrow ida_expr.HF_DEFAULT ida_expr.HF_KEYWORD1 ida_expr.HF_KEYWORD2 ida_expr.HF_KEYWORD3 ida_expr.HF_STRING ida_expr.HF_COMMENT ida_expr.HF_PREPROC ida_expr.HF_NUMBER ida_expr.HF_USER1 ida_expr.HF_USER2 ida_expr.HF_USER3 ida_expr.HF_USER4 ida_expr.HF_MAX ida_expr.CPL_DEL_MACROS ida_expr.CPL_USE_LABELS ida_expr.CPL_ONLY_SAFE ida_expr.EXTFUN_BASE ida_expr.EXTFUN_NORET ida_expr.EXTFUN_SAFE Classes ------- .. autoapisummary:: ida_expr.idc_value_t ida_expr.idc_global_t ida_expr.highlighter_cbs_t ida_expr.idc_values_t Functions --------- .. autoapisummary:: ida_expr.compile_idc_file ida_expr.compile_idc_text ida_expr.py_get_call_idc_func ida_expr.pyw_register_idc_func ida_expr.pyw_unregister_idc_func ida_expr.pyw_convert_defvals ida_expr.py_add_idc_func ida_expr.eval_expr ida_expr.eval_idc_expr ida_expr.idcv_long ida_expr.idcv_int64 ida_expr.idcv_num ida_expr.idcv_string ida_expr.idcv_float ida_expr.idcv_object ida_expr.move_idcv ida_expr.copy_idcv ida_expr.deep_copy_idcv ida_expr.free_idcv ida_expr.swap_idcvs ida_expr.get_idcv_class_name ida_expr.get_idcv_attr ida_expr.set_idcv_attr ida_expr.del_idcv_attr ida_expr.first_idcv_attr ida_expr.last_idcv_attr ida_expr.next_idcv_attr ida_expr.prev_idcv_attr ida_expr.print_idcv ida_expr.get_idcv_slice ida_expr.set_idcv_slice ida_expr.add_idc_class ida_expr.find_idc_class ida_expr.deref_idcv ida_expr.create_idcv_ref ida_expr.add_idc_gvar ida_expr.find_idc_gvar ida_expr.find_idc_func ida_expr.set_header_path ida_expr.get_idc_filename ida_expr.exec_system_script ida_expr.compile_idc_snippet ida_expr.exec_idc_script ida_expr.throw_idc_exception ida_expr.del_idc_func ida_expr.add_idc_func Module Contents --------------- .. py:data:: SWIG_PYTHON_LEGACY_BOOL .. py:function:: compile_idc_file(nonnul_line: str) -> str .. py:function:: compile_idc_text(nonnul_line: str) -> str .. py:function:: py_get_call_idc_func() -> size_t .. py:function:: pyw_register_idc_func(name: str, args: str, py_fp: PyObject *) -> size_t .. py:function:: pyw_unregister_idc_func(ctxptr: size_t) -> bool .. py:function:: pyw_convert_defvals(out: idc_values_t, py_seq: PyObject *) -> bool .. py:function:: py_add_idc_func(name: str, fp_ptr: size_t, args: str, defvals: idc_values_t, flags: int) -> bool .. py:function:: eval_expr(rv: idc_value_t, where: ida_idaapi.ea_t, line: str) -> str Compile and calculate an expression. :param rv: pointer to the result :param where: the current linear address in the addressing space of the program being disassembled. If will be used to resolve names of local variables etc. if not applicable, then should be BADADDR. :param line: the expression to evaluate :returns: true: ok :returns: false: error, see errbuf .. py:function:: eval_idc_expr(rv: idc_value_t, where: ida_idaapi.ea_t, line: str) -> str Same as eval_expr(), but will always use the IDC interpreter regardless of the currently installed extlang. .. py:data:: IDC_LANG_EXT IDC script extension. .. py:function:: idcv_long(v: idc_value_t) -> error_t Convert IDC variable to a long (32/64bit) number. :returns: v = 0 if impossible to convert to long .. py:function:: idcv_int64(v: idc_value_t) -> error_t Convert IDC variable to a 64bit number. :returns: v = 0 if impossible to convert to int64 .. py:function:: idcv_num(v: idc_value_t) -> error_t Convert IDC variable to a long number. :returns: * v = 0 if IDC variable = "false" string * v = 1 if IDC variable = "true" string * v = number if IDC variable is number or string containing a number * eTypeConflict if IDC variable = empty string .. py:function:: idcv_string(v: idc_value_t) -> error_t Convert IDC variable to a text string. .. py:function:: idcv_float(v: idc_value_t) -> error_t Convert IDC variable to a floating point. .. py:function:: idcv_object(v: idc_value_t, icls: idc_class_t const * = None) -> error_t Create an IDC object. The original value of 'v' is discarded (freed). :param v: variable to hold the object. any previous value will be cleaned :param icls: ptr to the desired class. nullptr means "object" class this ptr must be returned by add_idc_class() or find_idc_class() :returns: always eOk .. py:function:: move_idcv(dst: idc_value_t, src: idc_value_t) -> error_t Move 'src' to 'dst'. This function is more effective than copy_idcv since it never copies big amounts of data. .. py:function:: copy_idcv(dst: idc_value_t, src: idc_value_t) -> error_t Copy 'src' to 'dst'. For idc objects only a reference is copied. .. py:function:: deep_copy_idcv(dst: idc_value_t, src: idc_value_t) -> error_t Deep copy an IDC object. This function performs deep copy of idc objects. If 'src' is not an object, copy_idcv() will be called .. py:function:: free_idcv(v: idc_value_t) -> None Free storage used by VT_STR/VT_OBJ IDC variables. After this call the variable has a numeric value 0 .. py:function:: swap_idcvs(v1: idc_value_t, v2: idc_value_t) -> None Swap 2 variables. .. py:function:: get_idcv_class_name(obj: idc_value_t) -> str Retrieves the IDC object class name. :param obj: class instance variable :returns: error code, eOk on success .. py:function:: get_idcv_attr(res: idc_value_t, obj: idc_value_t, attr: str, may_use_getattr: bool = False) -> error_t Get an object attribute. :param res: buffer for the attribute value :param obj: variable that holds an object reference. if obj is nullptr it searches global variables, then user functions :param attr: attribute name :param may_use_getattr: may call getattr functions to calculate the attribute if it does not exist :returns: error code, eOk on success .. py:function:: set_idcv_attr(obj: idc_value_t, attr: str, value: idc_value_t, may_use_setattr: bool = False) -> error_t Set an object attribute. :param obj: variable that holds an object reference. if obj is nullptr then it tries to modify a global variable with the attribute name :param attr: attribute name :param value: new attribute value :param may_use_setattr: may call setattr functions for the class :returns: error code, eOk on success .. py:function:: del_idcv_attr(obj: idc_value_t, attr: str) -> error_t Delete an object attribute. :param obj: variable that holds an object reference :param attr: attribute name :returns: error code, eOk on success .. py:function:: first_idcv_attr(obj: idc_value_t) -> str .. py:function:: last_idcv_attr(obj: idc_value_t) -> str .. py:function:: next_idcv_attr(obj: idc_value_t, attr: str) -> str .. py:function:: prev_idcv_attr(obj: idc_value_t, attr: str) -> str .. py:function:: print_idcv(v: idc_value_t, name: str = None, indent: int = 0) -> str Get text representation of idc_value_t. .. py:function:: get_idcv_slice(res: idc_value_t, v: idc_value_t, i1: int, i2: int, flags: int = 0) -> error_t Get slice. :param res: output variable that will contain the slice :param v: input variable (string or object) :param i1: slice start index :param i2: slice end index (excluded) :param flags: IDC variable slice flags or 0 :returns: eOk if success .. py:data:: VARSLICE_SINGLE return single index (i2 is ignored) .. py:function:: set_idcv_slice(v: idc_value_t, i1: int, i2: int, _in: idc_value_t, flags: int = 0) -> error_t Set slice. :param v: variable to modify (string or object) :param i1: slice start index :param i2: slice end index (excluded) :param flags: IDC variable slice flags or 0 :returns: eOk on success .. py:function:: add_idc_class(name: str, super: idc_class_t const * = None) -> idc_class_t * Create a new IDC class. :param name: name of the new class :param super: the base class for the new class. if the new class is not based on any other class, pass nullptr :returns: pointer to the created class. If such a class already exists, a pointer to it will be returned. Pointers to other existing classes may be invalidated by this call. .. py:function:: find_idc_class(name: str) -> idc_class_t * Find an existing IDC class by its name. :param name: name of the class :returns: pointer to the class or nullptr. The returned pointer is valid until a new call to add_idc_class() .. py:function:: deref_idcv(v: idc_value_t, vref_flags: int) -> idc_value_t * Dereference a VT_REF variable. :param v: variable to dereference :param vref_flags: Dereference IDC variable flags :returns: pointer to the dereference result or nullptr. If returns nullptr, qerrno is set to eExecBadRef "Illegal variable reference" .. py:data:: VREF_LOOP dereference until we get a non VT_REF .. py:data:: VREF_ONCE dereference only once, do not loop .. py:data:: VREF_COPY copy the result to the input var (v) .. py:function:: create_idcv_ref(ref: idc_value_t, v: idc_value_t) -> bool Create a variable reference. Currently only references to global variables can be created. :param ref: ptr to the result :param v: variable to reference :returns: success .. py:function:: add_idc_gvar(name: str) -> idc_value_t * Add global IDC variable. :param name: name of the global variable :returns: pointer to the created variable or existing variable. NB: the returned pointer is valid until a new global var is added. .. py:function:: find_idc_gvar(name: str) -> idc_value_t * Find an existing global IDC variable by its name. :param name: name of the global variable :returns: pointer to the variable or nullptr. NB: the returned pointer is valid until a new global var is added. FIXME: it is difficult to use this function in a thread safe manner .. py:class:: idc_value_t(*args) Bases: :py:obj:`object` .. py:attribute:: thisown .. py:attribute:: vtype :type: char IDC value types .. py:attribute:: num :type: int VT_LONG .. py:attribute:: e :type: fpvalue_t VT_FLOAT .. py:attribute:: obj :type: idc_object_t * .. py:attribute:: funcidx :type: int VT_FUNC .. py:attribute:: pvoid :type: void * VT_PVOID .. py:attribute:: i64 :type: int64 VT_INT64 .. py:attribute:: reserve :type: uchar [sizeof(qstring)] VT_STR. .. py:method:: clear() -> None See free_idcv() .. py:method:: qstr() -> str VT_STR .. py:method:: c_str() -> str VT_STR .. py:method:: u_str() -> uchar const * VT_STR .. py:method:: swap(v: idc_value_t) -> None Set this = r and v = this. .. py:method:: is_zero() -> bool Does value represent the integer 0? .. py:method:: is_integral() -> bool Does value represent a whole number? .. py:method:: is_convertible() -> bool Convertible types are VT_LONG, VT_FLOAT, VT_INT64, and VT_STR. .. py:method:: create_empty_string() -> None .. py:method:: set_string(*args) -> None .. py:method:: set_long(v: int) -> None .. py:method:: set_pvoid(p: void *) -> None .. py:method:: set_int64(v: int64) -> None .. py:method:: set_float(f: fpvalue_t const &) -> None .. py:attribute:: str .. py:data:: VT_LONG Integer (see idc_value_t::num) .. py:data:: VT_FLOAT Floating point (see idc_value_t::e) .. py:data:: VT_WILD Function with arbitrary number of arguments. The actual number of arguments will be passed in idc_value_t::num. This value should not be used for idc_value_t. .. py:data:: VT_OBJ Object (see idc_value_t::obj) .. py:data:: VT_FUNC Function (see idc_value_t::funcidx) .. py:data:: VT_STR String (see qstr() and similar functions) .. py:data:: VT_PVOID void * .. py:data:: VT_INT64 i64 .. py:data:: VT_REF Reference. .. py:class:: idc_global_t(*args) Bases: :py:obj:`object` .. py:attribute:: thisown .. py:attribute:: name :type: str .. py:attribute:: value :type: idc_value_t .. py:data:: eExecThrow See return value of idc_func_t. .. py:function:: find_idc_func(prefix: str, n: int = 0) -> str .. py:data:: HF_DEFAULT .. py:data:: HF_KEYWORD1 .. py:data:: HF_KEYWORD2 .. py:data:: HF_KEYWORD3 .. py:data:: HF_STRING .. py:data:: HF_COMMENT .. py:data:: HF_PREPROC .. py:data:: HF_NUMBER .. py:data:: HF_USER1 .. py:data:: HF_USER2 .. py:data:: HF_USER3 .. py:data:: HF_USER4 .. py:data:: HF_MAX .. py:class:: highlighter_cbs_t Bases: :py:obj:`object` .. py:attribute:: thisown .. py:method:: set_style(arg0: int, arg1: int, arg2: syntax_highlight_style) -> None .. py:method:: prev_block_state() -> int .. py:method:: cur_block_state() -> int .. py:method:: set_block_state(arg0: int) -> None .. py:function:: set_header_path(path: str, add: bool) -> bool Set or append a header path. IDA looks for the include files in the appended header paths, then in the ida executable directory. :param path: list of directories to add (separated by ';') may be nullptr, in this case nothing is added :param add: true: append. false: remove old paths. :returns: true: success :returns: false: no memory .. py:function:: get_idc_filename(file: str) -> str Get full name of IDC file name. Search for file in list of include directories, IDCPATH directory and system directories. :param file: file name without full path :returns: nullptr is file not found. otherwise returns pointer to buf .. py:function:: exec_system_script(file: str, complain_if_no_file: bool = True) -> bool Compile and execute "main" function from system file. :param file: file name with IDC function(s). The file will be searched using get_idc_filename(). :param complain_if_no_file: * 1: display warning if the file is not found * 0: don't complain if file doesn't exist :returns: 1: ok, file is compiled and executed :returns: 0: failure, compilation or execution error, warning is displayed .. py:data:: CPL_DEL_MACROS delete macros at the end of compilation .. py:data:: CPL_USE_LABELS allow program labels in the script .. py:data:: CPL_ONLY_SAFE allow calls of only thread-safe functions .. py:function:: compile_idc_snippet(func: str, text: str, resolver: idc_resolver_t * = None, only_safe_funcs: bool = False) -> str Compile text with IDC statements. :param func: name of the function to create out of the snippet :param text: text to compile :param resolver: callback object to get values of undefined variables This object will be called if IDC function contains references to undefined variables. May be nullptr. :param only_safe_funcs: if true, any calls to functions without EXTFUN_SAFE flag will lead to a compilation error. :returns: true: ok :returns: false: error, see errbuf .. py:function:: exec_idc_script(result: idc_value_t, path: str, func: str, args: idc_value_t, argsnum: size_t) -> str Compile and execute IDC function(s) from file. :param result: ptr to idc_value_t to hold result of the function. If execution fails, this variable will contain the exception information. You may pass nullptr if you are not interested in the returned value. :param path: text file containing text of IDC functions :param func: function name to execute :param args: array of parameters :param argsnum: number of parameters to pass to 'fname' This number should be equal to number of parameters the function expects. :returns: true: ok :returns: false: error, see errbuf .. py:function:: throw_idc_exception(r: idc_value_t, desc: str) -> error_t Create an idc execution exception object. This helper function can be used to return an exception from C++ code to IDC. In other words this function can be called from idc_func_t() callbacks. Sample usage: if ( !ok ) return throw_idc_exception(r, "detailed error msg"); :param r: object to hold the exception object :param desc: exception description :returns: eExecThrow .. py:class:: idc_values_t(*args) Bases: :py:obj:`object` .. py:attribute:: thisown .. py:method:: push_back(*args) -> idc_value_t & .. py:method:: pop_back() -> None .. py:method:: size() -> size_t .. py:method:: empty() -> bool .. py:method:: at(_idx: size_t) -> idc_value_t const & .. py:method:: qclear() -> None .. py:method:: clear() -> None .. py:method:: resize(*args) -> None .. py:method:: grow(*args) -> None .. py:method:: capacity() -> size_t .. py:method:: reserve(cnt: size_t) -> None .. py:method:: truncate() -> None .. py:method:: swap(r: idc_values_t) -> None .. py:method:: extract() -> idc_value_t * .. py:method:: inject(s: idc_value_t, len: size_t) -> None .. py:method:: begin(*args) -> qvector< idc_value_t >::const_iterator .. py:method:: end(*args) -> qvector< idc_value_t >::const_iterator .. py:method:: insert(it: idc_value_t, x: idc_value_t) -> qvector< idc_value_t >::iterator .. py:method:: erase(*args) -> qvector< idc_value_t >::iterator .. py:method:: append(x: idc_value_t) -> None .. py:method:: extend(x: idc_values_t) -> None .. py:attribute:: front .. py:attribute:: back .. py:data:: EXTFUN_BASE :value: 1 requires open database. .. py:data:: EXTFUN_NORET :value: 2 does not return. the interpreter may clean up its state before calling it. .. py:data:: EXTFUN_SAFE :value: 4 thread safe function. may be called from any thread. .. py:function:: del_idc_func(name) Delete an IDC function .. py:function:: add_idc_func(name, fp, args, defvals=(), flags=0) Add an IDC function. This function does not modify the predefined kernel functions. Example: error_t idaapi myfunc5(idc_value_t *argv, idc_value_t *res) msg("myfunc is called with arg0=%a and arg1=%s\n", argv[0].num, argv[1].str); res->num = 5; // let's return 5 return eOk; const char myfunc5_args[] = { VT_LONG, VT_STR, 0 }; const ext_idcfunc_t myfunc_desc = { "MyFunc5", myfunc5, myfunc5_args, nullptr, 0, EXTFUN_BASE }; after this: there is a new IDC function which can be called like this: "test"); :returns: success