Module ida_auto
The autoanalyzer works when IDA is not busy processing the user keystrokes. It has several queues, each queue having its own priority. The analyzer stops when all queues are empty.
A queue contains addresses or address ranges. The addresses are kept sorted by their values. The analyzer will process all addresses from the first queue, then switch to the second queue and so on. There are no limitations on the size of the queues.
This file also contains functions that deal with the IDA status indicator and the autoanalysis indicator. You may use these functions to change the indicator value.
Global Variables
AU_CHLB
AU_CODE
AU_FCHUNK
AU_FINAL
AU_LBF2
AU_LBF3
AU_LIBF
AU_NONE
AU_PROC
AU_TAIL
AU_TYPE
AU_UNK
AU_USD2
AU_USED
AU_WEAK
st_Ready
st_Think
st_Waiting
st_Work
Functions
auto_apply_tail(tail_ea: ea_t, parent_ea: ea_t) ‑> void
auto_apply_tail(tail_ea, parent_ea) Plan to apply the tail_ea chunk to the parent
auto_apply_type(caller: ea_t, callee: ea_t) ‑> void
auto_apply_type(caller, callee) Plan to apply the callee's type to the calling point.
auto_cancel(ea1: ea_t, ea2: ea_t) ‑> void
auto_cancel(ea1, ea2) Remove an address range (ea1..ea2) from queues AU_CODE, AU_PROC, AU_USED. To remove an address range from other queues use auto_unmark() function. 'ea1' may be higher than 'ea2', the kernel will swap them in this case. 'ea2' doesn't belong to the range.
auto_get(type: atype_t *, lowEA: ea_t, highEA: ea_t) ‑> ea_t
auto_get(type, lowEA, highEA) -> ea_t Retrieve an address from queues regarding their priority. Returns BADADDR if no addresses not lower than 'lowEA' and less than 'highEA' are found in the queues. Otherwise *type will have queue type.
auto_is_ok() ‑> bool
auto_is_ok() -> bool Are all queues empty? (i.e. has autoanalysis finished?).
auto_make_code(ea: ea_t) ‑> void
auto_make_code(ea) Plan to make code.
auto_make_proc(ea: ea_t) ‑> void
auto_make_proc(ea) Plan to make code&function.
auto_make_step(ea1: ea_t, ea2: ea_t) ‑> bool
auto_make_step(ea1, ea2) -> bool Analyze one address in the specified range and return true.
auto_mark(ea: ea_t, type: atype_t) ‑> void
auto_mark(ea, type) Put single address into a queue. Queues keep addresses sorted.
auto_mark_range(start: ea_t, end: ea_t, type: atype_t) ‑> void
auto_mark_range(start, end, type) Put range of addresses into a queue. 'start' may be higher than 'end', the kernel will swap them in this case. 'end' doesn't belong to the range.
auto_postpone_analysis(ea: ea_t) ‑> bool
auto_postpone_analysis(ea) -> bool Plan to reanalyze on the second pass The typical usage of this function in emu.cpp is: if ( !auto_postpone_analysis(ea) ) op_offset(ea, 0, ...); (we make an offset only on the second pass)
auto_recreate_insn(ea: ea_t) ‑> int
auto_recreate_insn(ea) -> int Try to create instruction
auto_unmark(start: ea_t, end: ea_t, type: atype_t) ‑> void
auto_unmark(start, end, type) Remove range of addresses from a queue. 'start' may be higher than 'end', the kernel will swap them in this case. 'end' doesn't belong to the range.
auto_wait() ‑> bool
auto_wait() -> bool Process everything in the queues and return true.
auto_wait_range(ea1: ea_t, ea2: ea_t) ‑> ssize_t
auto_wait_range(ea1, ea2) -> ssize_t Process everything in the specified range and return true.
enable_auto(enable: bool) ‑> bool
enable_auto(enable) -> bool Temporarily enable/disable autoanalyzer. Not user-facing, but rather because IDA sometimes need to turn AA on/off regardless of inf.s_genflags:INFFL_AUTO
get_auto_display(auto_display: auto_display_t) ‑> bool
get_auto_display(auto_display) -> bool Get structure which holds the autoanalysis indicator contents.
get_auto_state() ‑> atype_t
get_auto_state() -> atype_t Get current state of autoanalyzer. If auto_state == AU_NONE, IDA is currently not running the analysis (it could be temporarily interrupted to perform the user's requests, for example).
is_auto_enabled() ‑> bool
is_auto_enabled() -> bool Get autoanalyzer state.
may_create_stkvars() ‑> bool
may_create_stkvars() -> bool Is it allowed to create stack variables automatically?. This function should be used by IDP modules before creating stack vars.
may_trace_sp() ‑> bool
may_trace_sp() -> bool Is it allowed to trace stack pointer automatically?. This function should be used by IDP modules before tracing sp.
peek_auto_queue(low_ea: ea_t, type: atype_t) ‑> ea_t
peek_auto_queue(low_ea, type) -> ea_t Peek into a queue 'type' for an address not lower than 'low_ea'. Do not remove address from the queue.
plan_and_wait(ea1: ea_t, ea2: ea_t, final_pass: bool = True) ‑> int
plan_and_wait(ea1, ea2, final_pass=True) -> int Analyze the specified range. Try to create instructions where possible. Make the final pass over the specified range if specified. This function doesn't return until the range is analyzed. retval 1: ok retval 0: Ctrl-Break was pressed
plan_ea(ea: ea_t) ‑> void
plan_ea(ea) Plan to perform reanalysis.
plan_range(sEA: ea_t, eEA: ea_t) ‑> void
plan_range(sEA, eEA) Plan to perform reanalysis.
reanalyze_callers(ea: ea_t, noret: bool) ‑> void
reanalyze_callers(ea, noret) Plan to reanalyze callers of the specified address. This function will add to AU_USED queue all instructions that call (not jump to) the specified address.
revert_ida_decisions(ea1: ea_t, ea2: ea_t) ‑> void
revert_ida_decisions(ea1, ea2) Delete all analysis info that IDA generated for for the given range.
set_auto_state(new_state: atype_t) ‑> atype_t
set_auto_state(new_state) -> atype_t Set current state of autoanalyzer.
set_ida_state(st: idastate_t) ‑> idastate_t
set_ida_state(st) -> idastate_t Change IDA status indicator value
show_addr(ea: ea_t) ‑> void
show_addr(ea) Show an address on the autoanalysis indicator. The address is displayed in the form " @:12345678".
show_auto(*args) ‑> void
show_auto(ea, type=AU_NONE) Change autoanalysis indicator value.
Classes
auto_display_t()
: Proxy of C++ auto_display_t class.
Instance variables
ea: ea_t
ea
state: idastate_t
state
type: atype_t
type
Last updated