Module ida_bytes

Each byte of the disassembled program is represented by a 32-bit value. We will call this value 'flags'. The structure of the flags is here.

You are not allowed to inspect individual bits of flags and modify them directly. Use special functions to inspect and/or modify flags.

Flags are kept in a virtual array file (*.id1). Addresses (ea) are all 32-bit (or 64-bit) quantities.

Global Variables

ALOPT_APPEND

ALOPT_APPEND = 32

ALOPT_IGNCLT

ALOPT_IGNCLT = 4

ALOPT_IGNHEADS

ALOPT_IGNHEADS = 1

ALOPT_IGNPRINT

ALOPT_IGNPRINT = 2

ALOPT_MAX4K

ALOPT_MAX4K = 8

ALOPT_ONLYTERM

ALOPT_ONLYTERM = 16

BIN_SEARCH_BACKWARD

BIN_SEARCH_BACKWARD = 16

BIN_SEARCH_BITMASK

BIN_SEARCH_BITMASK = 32

BIN_SEARCH_CASE

BIN_SEARCH_CASE = 1

BIN_SEARCH_FORWARD

BIN_SEARCH_FORWARD = 0

BIN_SEARCH_INITED

BIN_SEARCH_INITED = 4

BIN_SEARCH_NOBREAK

BIN_SEARCH_NOBREAK = 2

BIN_SEARCH_NOCASE

BIN_SEARCH_NOCASE = 0

BIN_SEARCH_NOSHOW

BIN_SEARCH_NOSHOW = 8

DELIT_DELNAMES

DELIT_DELNAMES = 2

DELIT_EXPAND

DELIT_EXPAND = 1

DELIT_KEEPFUNC

DELIT_KEEPFUNC = 32

DELIT_NOCMT

DELIT_NOCMT = 16

DELIT_NOTRUNC

DELIT_NOTRUNC = 4

DELIT_NOUNAME

DELIT_NOUNAME = 8

DELIT_SIMPLE

DELIT_SIMPLE = 0

DTP_NODUP

DTP_NODUP = 1

DT_TYPE

DT_TYPE = -268435456

FF_0CHAR

FF_0CHAR = 3145728

FF_0CUST

FF_0CUST = 13631488

FF_0ENUM

FF_0ENUM = 8388608

FF_0FLT

FF_0FLT = 12582912

FF_0FOP

FF_0FOP = 9437184

FF_0NUMB

FF_0NUMB = 6291456

FF_0NUMD

FF_0NUMD = 2097152

FF_0NUMH

FF_0NUMH = 1048576

FF_0NUMO

FF_0NUMO = 7340032

FF_0OFF

FF_0OFF = 5242880

FF_0SEG

FF_0SEG = 4194304

FF_0STK

FF_0STK = 11534336

FF_0STRO

FF_0STRO = 10485760

FF_0VOID

FF_0VOID = 0

FF_1CHAR

FF_1CHAR = 50331648

FF_1CUST

FF_1CUST = 218103808

FF_1ENUM

FF_1ENUM = 134217728

FF_1FLT

FF_1FLT = 201326592

FF_1FOP

FF_1FOP = 150994944

FF_1NUMB

FF_1NUMB = 100663296

FF_1NUMD

FF_1NUMD = 33554432

FF_1NUMH

FF_1NUMH = 16777216

FF_1NUMO

FF_1NUMO = 117440512

FF_1OFF

FF_1OFF = 83886080

FF_1SEG

FF_1SEG = 67108864

FF_1STK

FF_1STK = 184549376

FF_1STRO

FF_1STRO = 167772160

FF_1VOID

FF_1VOID = 0

FF_ALIGN

FF_ALIGN = -1342177280

FF_ANYNAME

FF_ANYNAME = 49152

FF_BNOT

FF_BNOT = 262144

FF_BYTE

FF_BYTE = 0

FF_CODE

FF_CODE = 1536

FF_COMM

FF_COMM = 2048

FF_CUSTOM

FF_CUSTOM = -805306368

FF_DATA

FF_DATA = 1024

FF_DOUBLE

FF_DOUBLE = -1879048192

FF_DWORD

FF_DWORD = 536870912

FF_FLOAT

FF_FLOAT = -2147483648

FF_FLOW

FF_FLOW = 65536

FF_FUNC

FF_FUNC = 268435456

FF_IMMD

FF_IMMD = 1073741824

FF_IVL

FF_IVL = 256

FF_JUMP

FF_JUMP = -2147483648

FF_LABL

FF_LABL = 32768

FF_LINE

FF_LINE = 8192

FF_NAME

FF_NAME = 16384

FF_N_CHAR

FF_N_CHAR = 3

FF_N_CUST

FF_N_CUST = 13

FF_N_ENUM

FF_N_ENUM = 8

FF_N_FLT

FF_N_FLT = 12

FF_N_FOP

FF_N_FOP = 9

FF_N_NUMB

FF_N_NUMB = 6

FF_N_NUMD

FF_N_NUMD = 2

FF_N_NUMH

FF_N_NUMH = 1

FF_N_NUMO

FF_N_NUMO = 7

FF_N_OFF

FF_N_OFF = 5

FF_N_SEG

FF_N_SEG = 4

FF_N_STK

FF_N_STK = 11

FF_N_STRO

FF_N_STRO = 10

FF_N_VOID

FF_N_VOID = 0

FF_OWORD

FF_OWORD = 1879048192

FF_PACKREAL

FF_PACKREAL = -1610612736

FF_QWORD

FF_QWORD = 805306368

FF_REF

FF_REF = 4096

FF_SIGN

FF_SIGN = 131072

FF_STRLIT

FF_STRLIT = 1342177280

FF_STRUCT

FF_STRUCT = 1610612736

FF_TAIL

FF_TAIL = 512

FF_TBYTE

FF_TBYTE = 1073741824

FF_UNK

FF_UNK = 0

FF_UNUSED

FF_UNUSED = 524288

FF_WORD

FF_WORD = 268435456

FF_YWORD

FF_YWORD = -536870912

FF_ZWORD

FF_ZWORD = -268435456

GFE_IDB_VALUE

GFE_IDB_VALUE = 2

GFE_VALUE

GFE_VALUE = 1

GMB_READALL

GMB_READALL = 1

GMB_WAITBOX

GMB_WAITBOX = 2

ITEM_END_CANCEL

ITEM_END_CANCEL = 16

ITEM_END_FIXUP

ITEM_END_FIXUP = 1

ITEM_END_INITED

ITEM_END_INITED = 2

ITEM_END_NAME

ITEM_END_NAME = 4

ITEM_END_XREF

ITEM_END_XREF = 8

MS_0TYPE

MS_0TYPE = 15728640

MS_1TYPE

MS_1TYPE = 251658240

MS_CLS

MS_CLS = 1536

MS_CODE

MS_CODE = -268435456

MS_COMM

MS_COMM = 1046528

MS_N_TYPE

MS_N_TYPE = 15

MS_VAL

MS_VAL = 255

OPND_ALL

OPND_ALL = 15

OPND_MASK

OPND_MASK = 15

OPND_OUTER

OPND_OUTER = 128

PBSENC_ALL

PBSENC_ALL = -1

PBSENC_DEF1BPU

PBSENC_DEF1BPU = 0

PSTF_ATTRIB

PSTF_ATTRIB = 16

PSTF_ENC

PSTF_ENC = 8

PSTF_HOTKEY

PSTF_HOTKEY = 4

PSTF_ONLY_ENC

PSTF_ONLY_ENC = 11

PSTF_TBRIEF

PSTF_TBRIEF = 1

PSTF_TINLIN

PSTF_TINLIN = 2

PSTF_TMASK

PSTF_TMASK = 3

PSTF_TNORM

PSTF_TNORM = 0

STRCONV_ESCAPE

STRCONV_ESCAPE = 1

STRCONV_INCLLEN

STRCONV_INCLLEN = 4

STRCONV_REPLCHAR

STRCONV_REPLCHAR = 2

Functions

add_byte(ea: ea_t, value: uint32) ‑> void

add_byte(ea, value) Add a value to one byte of the program. This function works for wide byte processors too.

ea: (C++: ea_t) linear address
value: (C++: uint32) byte value

add_dword(ea: ea_t, value: uint64) ‑> void

add_dword(ea, value) Add a value to one dword of the program. This function works for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be() note: this function works incorrectly if processor_t::nbits > 16

ea: (C++: ea_t) linear address
value: (C++: uint64) byte value

add_hidden_range(*args) ‑> bool

add_hidden_range(ea1, ea2, description, header, footer, color=bgcolor_t(-1)) -> bool Mark a range of addresses as hidden. The range will be created in the invisible state with the default color

ea1: (C++: ea_t) linear address of start of the address range
ea2: (C++: ea_t) linear address of end of the address range
description: (C++: const char *) ,header,footer: range parameters
header: (C++: const char *) char const *
footer: (C++: const char *) char const *
color: (C++: bgcolor_t) the range color
return: success

add_mapping(_from: ea_t, to: ea_t, size: asize_t) ‑> bool

add_mapping(_from, to, size) -> bool IDA supports memory mapping. References to the addresses from the mapped range use data and meta-data from the mapping range. note: You should set flag PR2_MAPPING in ph.flag2 to use memory mapping Add memory mapping range.

from: (C++: ea_t) start of the mapped range (nonexistent address)
to: (C++: ea_t) start of the mapping range (existent address)
size: (C++: asize_t) size of the range
return: success

add_qword(ea: ea_t, value: uint64) ‑> void

add_qword(ea, value) Add a value to one qword of the program. This function does not work for wide byte processors. This function takes into account order of bytes specified in idainfo::is_be()

ea: (C++: ea_t) linear address
value: (C++: uint64) byte value

add_word(ea: ea_t, value: uint64) ‑> void

add_word(ea, value) Add a value to one word of the program. This function works for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be()

ea: (C++: ea_t) linear address
value: (C++: uint64) byte value

align_flag() ‑> flags64_t

align_flag() -> flags64_t Get a flags64_t representing an alignment directive.

append_cmt(ea: ea_t, str: char const *, rptble: bool) ‑> bool

append_cmt(ea, str, rptble) -> bool Append to an indented comment. Creates a new comment if none exists. Appends a newline character and the specified string otherwise.

ea: (C++: ea_t) linear address
str: (C++: const char *) comment string to append
rptble: (C++: bool) append to repeatable comment?
return: success

attach_custom_data_format(dtid: int, dfid: int) ‑> bool

attach_custom_data_format(dtid, dfid) -> bool Attach the data format to the data type.

dtid: (C++: int) data type id that can use the data format. 0 means all standard
            data types. Such data formats can be applied to any data item or
            instruction operands. For instruction operands, the
            data_format_t::value_size check is not performed by the kernel.
dfid: (C++: int) data format id
retval true: ok
retval false: no such `dtid', or no such `dfid', or the data format has already
              been attached to the data type

bin_flag() ‑> flags64_t

bin_flag() -> flags64_t Get number flag of the base, regardless of current processor - better to use num_flag()

bin_search3(*args) ‑> ea_t

bin_search3(start_ea, end_ea, data, flags) -> ea_t

start_ea: ea_t
end_ea: ea_t
data: compiled_binpat_vec_t const &
flags: int

bin_search3(start_ea, end_ea, image, mask, len, flags) -> ea_t

start_ea: ea_t
end_ea: ea_t
image: uchar const *
mask: uchar const *
len: size_t
flags: int

byte_flag() ‑> flags64_t

byte_flag() -> flags64_t Get a flags64_t representing a byte.

bytesize(ea: ea_t) ‑> int

bytesize(ea) -> int Get number of bytes required to store a byte at the given address.

ea: (C++: ea_t)

calc_def_align(ea: ea_t, mina: int, maxa: int) ‑> int

calc_def_align(ea, mina, maxa) -> int Calculate the default alignment exponent.

ea: (C++: ea_t) linear address
mina: (C++: int) minimal possible alignment exponent.
maxa: (C++: int) minimal possible alignment exponent.

calc_dflags(f: flags64_t, force: bool) ‑> flags64_t

calc_dflags(f, force) -> flags64_t

f: flags64_t
force: bool

calc_max_align(endea: ea_t) ‑> int

calc_max_align(endea) -> int Calculate the maximal possible alignment exponent.

endea: (C++: ea_t) end address of the alignment item.
return: a value in the 0..32 range

calc_max_item_end(ea: ea_t, how: int = 15) ‑> ea_t

calc_max_item_end(ea, how=15) -> ea_t Calculate maximal reasonable end address of a new item. This function will limit the item with the current segment bounds.

ea: (C++: ea_t) linear address
how: (C++: int) when to stop the search. A combination of Item end search flags
return: end of new item. If it is not possible to create an item, it will
        return 'ea'. If operation was cancelled by user, it will return 'ea'

calc_min_align(length: asize_t) ‑> int

calc_min_align(length) -> int Calculate the minimal possible alignment exponent.

length: (C++: asize_t) size of the item in bytes.
return: a value in the 1..32 range

can_define_item(ea: ea_t, length: asize_t, flags: flags64_t) ‑> bool

can_define_item(ea, length, flags) -> bool Can define item (instruction/data) of the specified 'length', starting at 'ea'? note: if there is an item starting at 'ea', this function ignores it note: this function converts to unexplored all encountered data items with fixup information. Should be fixed in the future.

ea: (C++: ea_t) start of the range for the new item
length: (C++: asize_t) length of the new item in bytes
flags: (C++: flags64_t) if not 0, then the kernel will ignore the data types specified by
             the flags and destroy them. For example:

1000 dw 5 1002 db 5 ; undef 1003 db 5 ; undef 1004 dw 5 1006 dd 5 can_define_item(1000, 6, 0) - false because of dw at 1004 can_define_item(1000, 6, word_flag()) - true, word at 1004 is destroyed return: 1-yes, 0-no

  • a new item would cross segment boundaries

  • a new item would overlap with existing items (except items specified by 'flags')

change_storage_type(start_ea: ea_t, end_ea: ea_t, stt: storage_type_t) ‑> error_t

change_storage_type(start_ea, end_ea, stt) -> error_t Change flag storage type for address range.

start_ea: (C++: ea_t) should be lower than end_ea.
end_ea: (C++: ea_t) does not belong to the range.
stt: (C++: storage_type_t)
return: error code

char_flag() ‑> flags64_t

char_flag() -> flags64_t see FF_opbits

chunk_size(ea: ea_t) ‑> asize_t

chunk_size(ea) -> asize_t Get size of the contiguous address block containing 'ea'.

ea: (C++: ea_t)
return: 0 if 'ea' doesn't belong to the program.

chunk_start(ea: ea_t) ‑> ea_t

chunk_start(ea) -> ea_t Get start of the contiguous address block containing 'ea'.

ea: (C++: ea_t)
return: BADADDR if 'ea' doesn't belong to the program.

clr_lzero(ea: ea_t, n: int) ‑> bool

clr_lzero(ea, n) -> bool Clear toggle lzero bit. This function reset the display of leading zeroes for the specified operand to the default. If the default is not to display leading zeroes, leading zeroes will not be displayed, as vice versa.

ea: (C++: ea_t) the item (insn/data) address
n: (C++: int) the operand number (0-first operand, 1-other operands)
return: success

clr_op_type(ea: ea_t, n: int) ‑> bool

clr_op_type(ea, n) -> bool Remove operand representation information. (set operand representation to be 'undefined')

ea: (C++: ea_t) linear address
n: (C++: int) 0..UA_MAXOP-1 operand number, OPND_ALL all operands
return: success

code_flag() ‑> flags64_t

code_flag() -> flags64_t FF_CODE

combine_flags(F: flags64_t) ‑> flags64_t

combine_flags(F) -> flags64_t

F: flags64_t

create_16bit_data(ea: ea_t, length: asize_t) ‑> bool

create_16bit_data(ea, length) -> bool Convert to 16-bit quantity (take the byte size into account)

ea: (C++: ea_t)
length: (C++: asize_t)

create_32bit_data(ea: ea_t, length: asize_t) ‑> bool

create_32bit_data(ea, length) -> bool Convert to 32-bit quantity (take the byte size into account)

ea: (C++: ea_t)
length: (C++: asize_t)

create_align(ea: ea_t, length: asize_t, alignment: int) ‑> bool

create_align(ea, length, alignment) -> bool Create an alignment item.

ea: (C++: ea_t) linear address
length: (C++: asize_t) size of the item in bytes. 0 means to infer from ALIGNMENT
alignment: (C++: int) alignment exponent. Example: 3 means align to 8 bytes. 0 means
                 to infer from LENGTH It is forbidden to specify both LENGTH
                 and ALIGNMENT as 0.
return: success

create_byte(ea: ea_t, length: asize_t, force: bool = False) ‑> bool

create_byte(ea, length, force=False) -> bool Convert to byte.

ea: (C++: ea_t)
length: (C++: asize_t)
force: (C++: bool)

create_custdata(ea: ea_t, length: asize_t, dtid: int, fid: int, force: bool = False) ‑> bool

create_custdata(ea, length, dtid, fid, force=False) -> bool Convert to custom data type.

ea: (C++: ea_t)
length: (C++: asize_t)
dtid: (C++: int)
fid: (C++: int)
force: (C++: bool)

create_data(ea: ea_t, dataflag: flags64_t, size: asize_t, tid: tid_t) ‑> bool

create_data(ea, dataflag, size, tid) -> bool Convert to data (byte, word, dword, etc). This function may be used to create arrays.

ea: (C++: ea_t) linear address
dataflag: (C++: flags64_t) type of data. Value of function byte_flag(), word_flag(), etc.
size: (C++: asize_t) size of array in bytes. should be divisible by the size of one item
            of the specified type. for variable sized items it can be specified
            as 0, and the kernel will try to calculate the size.
tid: (C++: tid_t) type id. If the specified type is a structure, then tid is structure
           id. Otherwise should be BADNODE.
return: success

create_double(ea: ea_t, length: asize_t, force: bool = False) ‑> bool

create_double(ea, length, force=False) -> bool Convert to double.

ea: (C++: ea_t)
length: (C++: asize_t)
force: (C++: bool)

create_dword(ea: ea_t, length: asize_t, force: bool = False) ‑> bool

create_dword(ea, length, force=False) -> bool Convert to dword.

ea: (C++: ea_t)
length: (C++: asize_t)
force: (C++: bool)

create_float(ea: ea_t, length: asize_t, force: bool = False) ‑> bool

create_float(ea, length, force=False) -> bool Convert to float.

ea: (C++: ea_t)
length: (C++: asize_t)
force: (C++: bool)

create_oword(ea: ea_t, length: asize_t, force: bool = False) ‑> bool

create_oword(ea, length, force=False) -> bool Convert to octaword/xmm word.

ea: (C++: ea_t)
length: (C++: asize_t)
force: (C++: bool)

create_packed_real(ea: ea_t, length: asize_t, force: bool = False) ‑> bool

create_packed_real(ea, length, force=False) -> bool Convert to packed decimal real.

ea: (C++: ea_t)
length: (C++: asize_t)
force: (C++: bool)

create_qword(ea: ea_t, length: asize_t, force: bool = False) ‑> bool

create_qword(ea, length, force=False) -> bool Convert to quadword.

ea: (C++: ea_t)
length: (C++: asize_t)
force: (C++: bool)

create_strlit(start: ea_t, len: size_t, strtype: int32) ‑> bool

create_strlit(start, len, strtype) -> bool Convert to string literal and give a meaningful name. 'start' may be higher than 'end', the kernel will swap them in this case

start: (C++: ea_t) starting address
len: (C++: size_t) length of the string in bytes. if 0, then get_max_strlit_length()
           will be used to determine the length
strtype: (C++: int32) string type. one of String type codes
return: success

create_struct(ea: ea_t, length: asize_t, tid: tid_t, force: bool = False) ‑> bool

create_struct(ea, length, tid, force=False) -> bool Convert to struct.

ea: (C++: ea_t)
length: (C++: asize_t)
tid: (C++: tid_t)
force: (C++: bool)

create_tbyte(ea: ea_t, length: asize_t, force: bool = False) ‑> bool

create_tbyte(ea, length, force=False) -> bool Convert to tbyte.

ea: (C++: ea_t)
length: (C++: asize_t)
force: (C++: bool)

create_word(ea: ea_t, length: asize_t, force: bool = False) ‑> bool

create_word(ea, length, force=False) -> bool Convert to word.

ea: (C++: ea_t)
length: (C++: asize_t)
force: (C++: bool)

create_yword(ea: ea_t, length: asize_t, force: bool = False) ‑> bool

create_yword(ea, length, force=False) -> bool Convert to ymm word.

ea: (C++: ea_t)
length: (C++: asize_t)
force: (C++: bool)

create_zword(ea: ea_t, length: asize_t, force: bool = False) ‑> bool

create_zword(ea, length, force=False) -> bool Convert to zmm word.

ea: (C++: ea_t)
length: (C++: asize_t)
force: (C++: bool)

cust_flag() ‑> flags64_t

cust_flag() -> flags64_t Get a flags64_t representing custom type data.

custfmt_flag() ‑> flags64_t

custfmt_flag() -> flags64_t see FF_opbits

dec_flag() ‑> flags64_t

dec_flag() -> flags64_t Get number flag of the base, regardless of current processor - better to use num_flag()

del_hidden_range(ea: ea_t) ‑> bool

del_hidden_range(ea) -> bool Delete hidden range.

ea: (C++: ea_t) any address in the hidden range
return: success

del_items(ea: ea_t, flags: int = 0, nbytes: asize_t = 1, may_destroy: may_destroy_cb_t * = None) ‑> bool

del_items(ea, flags=0, nbytes=1, may_destroy=None) -> bool Convert item (instruction/data) to unexplored bytes. The whole item (including the head and tail bytes) will be destroyed. It is allowed to pass any address in the item to this function

ea: (C++: ea_t) any address within the first item to delete
flags: (C++: int) combination of Unexplored byte conversion flags
nbytes: (C++: asize_t) number of bytes in the range to be undefined
may_destroy: (C++: may_destroy_cb_t *) optional routine invoked before deleting a head item. If
                   callback returns false then item is not to be deleted and
                   operation fails
return: true on sucessful operation, otherwise false

del_mapping(ea: ea_t) ‑> void

del_mapping(ea) Delete memory mapping range.

ea: (C++: ea_t) any address in the mapped range

del_value(ea: ea_t) ‑> void

del_value(ea) Delete byte value from flags. The corresponding byte becomes uninitialized.

ea: (C++: ea_t)

detach_custom_data_format(dtid: int, dfid: int) ‑> bool

detach_custom_data_format(dtid, dfid) -> bool Detach the data format from the data type. Unregistering a custom data type detaches all attached data formats, no need to detach them explicitly. You still need unregister them. Unregistering a custom data format detaches it from all attached data types.

dtid: (C++: int) data type id to detach data format from
dfid: (C++: int) data format id to detach
retval true: ok
retval false: no such `dtid', or no such `dfid', or the data format was not
              attached to the data type

disable_flags(start_ea: ea_t, end_ea: ea_t) ‑> error_t

disable_flags(start_ea, end_ea) -> error_t Deallocate flags for address range. Exit with an error message if not enough disk space (this may occur too).

start_ea: (C++: ea_t) should be lower than end_ea.
end_ea: (C++: ea_t) does not belong to the range.
return: 0 if ok, otherwise return error code

double_flag() ‑> flags64_t

double_flag() -> flags64_t Get a flags64_t representing a double.

dword_flag() ‑> flags64_t

dword_flag() -> flags64_t Get a flags64_t representing a double word.

enable_flags(start_ea: ea_t, end_ea: ea_t, stt: storage_type_t) ‑> error_t

enable_flags(start_ea, end_ea, stt) -> error_t Allocate flags for address range. This function does not change the storage type of existing ranges. Exit with an error message if not enough disk space.

start_ea: (C++: ea_t) should be lower than end_ea.
end_ea: (C++: ea_t) does not belong to the range.
stt: (C++: storage_type_t)
return: 0 if ok, otherwise an error code

enum_flag() ‑> flags64_t

enum_flag() -> flags64_t see FF_opbits

equal_bytes(ea: ea_t, image: uchar const *, mask: uchar const *, len: size_t, bin_search_flags: int) ‑> bool

equal_bytes(ea, image, mask, len, bin_search_flags) -> bool Compare 'len' bytes of the program starting from 'ea' with 'image'.

ea: (C++: ea_t) linear address
image: (C++: const uchar *) bytes to compare with
mask: (C++: const uchar *) array of mask bytes, it's length is 'len'. if the flag
            BIN_SEARCH_BITMASK is passsed, 'bitwise AND' is used to compare. if
            not; 1 means to perform the comparison of the corresponding byte. 0
            means not to perform. if mask == nullptr, then all bytes of 'image'
            will be compared. if mask == SKIP_FF_MASK then 0xFF bytes will be
            skipped
len: (C++: size_t) length of block to compare in bytes.
bin_search_flags: (C++: int) combination of Search flags
retval 1: equal
retval 0: not equal

f_has_cmt(f: flags64_t, arg2: void *) ‑> bool

f_has_cmt(f, arg2) -> bool

f: flags64_t
arg2: void *

f_has_dummy_name(f: flags64_t, arg2: void *) ‑> bool

f_has_dummy_name(f, arg2) -> bool Does the current byte have dummy (auto-generated, with special prefix) name?

f: (C++: flags64_t)
arg2: void *

f_has_extra_cmts(f: flags64_t, arg2: void *) ‑> bool

f_has_extra_cmts(f, arg2) -> bool

f: flags64_t
arg2: void *

f_has_name(f: flags64_t, arg2: void *) ‑> bool

f_has_name(f, arg2) -> bool Does the current byte have non-trivial (non-dummy) name?

f: (C++: flags64_t)
arg2: void *

f_has_user_name(F: flags64_t, arg2: void *) ‑> bool

f_has_user_name(F, arg2) -> bool Does the current byte have user-specified name?

F: (C++: flags64_t)
arg2: void *

f_has_xref(f: flags64_t, arg2: void *) ‑> bool

f_has_xref(f, arg2) -> bool Does the current byte have cross-references to it?

f: (C++: flags64_t)
arg2: void *

f_is_align(F: flags64_t, arg2: void *) ‑> bool

f_is_align(F, arg2) -> bool See is_align()

F: (C++: flags64_t)
arg2: void *

f_is_byte(F: flags64_t, arg2: void *) ‑> bool

f_is_byte(F, arg2) -> bool See is_byte()

F: (C++: flags64_t)
arg2: void *

f_is_code(F: flags64_t, arg2: void *) ‑> bool

f_is_code(F, arg2) -> bool Does flag denote start of an instruction?

F: (C++: flags64_t)
arg2: void *

f_is_custom(F: flags64_t, arg2: void *) ‑> bool

f_is_custom(F, arg2) -> bool See is_custom()

F: (C++: flags64_t)
arg2: void *

f_is_data(F: flags64_t, arg2: void *) ‑> bool

f_is_data(F, arg2) -> bool Does flag denote start of data?

F: (C++: flags64_t)
arg2: void *

f_is_double(F: flags64_t, arg2: void *) ‑> bool

f_is_double(F, arg2) -> bool See is_double()

F: (C++: flags64_t)
arg2: void *

f_is_dword(F: flags64_t, arg2: void *) ‑> bool

f_is_dword(F, arg2) -> bool See is_dword()

F: (C++: flags64_t)
arg2: void *

f_is_float(F: flags64_t, arg2: void *) ‑> bool

f_is_float(F, arg2) -> bool See is_float()

F: (C++: flags64_t)
arg2: void *

f_is_head(F: flags64_t, arg2: void *) ‑> bool

f_is_head(F, arg2) -> bool Does flag denote start of instruction OR data?

F: (C++: flags64_t)
arg2: void *

f_is_not_tail(F: flags64_t, arg2: void *) ‑> bool

f_is_not_tail(F, arg2) -> bool Does flag denote tail byte?

F: (C++: flags64_t)
arg2: void *

f_is_oword(F: flags64_t, arg2: void *) ‑> bool

f_is_oword(F, arg2) -> bool See is_oword()

F: (C++: flags64_t)
arg2: void *

f_is_pack_real(F: flags64_t, arg2: void *) ‑> bool

f_is_pack_real(F, arg2) -> bool See is_pack_real()

F: (C++: flags64_t)
arg2: void *

f_is_qword(F: flags64_t, arg2: void *) ‑> bool

f_is_qword(F, arg2) -> bool See is_qword()

F: (C++: flags64_t)
arg2: void *

f_is_strlit(F: flags64_t, arg2: void *) ‑> bool

f_is_strlit(F, arg2) -> bool See is_strlit()

F: (C++: flags64_t)
arg2: void *

f_is_struct(F: flags64_t, arg2: void *) ‑> bool

f_is_struct(F, arg2) -> bool See is_struct()

F: (C++: flags64_t)
arg2: void *

f_is_tail(F: flags64_t, arg2: void *) ‑> bool

f_is_tail(F, arg2) -> bool Does flag denote tail byte?

F: (C++: flags64_t)
arg2: void *

f_is_tbyte(F: flags64_t, arg2: void *) ‑> bool

f_is_tbyte(F, arg2) -> bool See is_tbyte()

F: (C++: flags64_t)
arg2: void *

f_is_word(F: flags64_t, arg2: void *) ‑> bool

f_is_word(F, arg2) -> bool See is_word()

F: (C++: flags64_t)
arg2: void *

f_is_yword(F: flags64_t, arg2: void *) ‑> bool

f_is_yword(F, arg2) -> bool See is_yword()

F: (C++: flags64_t)
arg2: void *

find_byte(sEA: ea_t, size: asize_t, value: uchar, bin_search_flags: int) ‑> ea_t

find_byte(sEA, size, value, bin_search_flags) -> ea_t Find forward a byte with the specified value (only 8-bit value from the database). example: ea=4 size=3 will inspect addresses 4, 5, and 6

sEA: (C++: ea_t) linear address
size: (C++: asize_t) number of bytes to inspect
value: (C++: uchar) value to find
bin_search_flags: (C++: int) combination of Search flags
return: address of byte or BADADDR

find_byter(sEA: ea_t, size: asize_t, value: uchar, bin_search_flags: int) ‑> ea_t

find_byter(sEA, size, value, bin_search_flags) -> ea_t Find reverse a byte with the specified value (only 8-bit value from the database). example: ea=4 size=3 will inspect addresses 6, 5, and 4

sEA: (C++: ea_t) the lower address of the search range
size: (C++: asize_t) number of bytes to inspect
value: (C++: uchar) value to find
bin_search_flags: (C++: int) combination of Search flags
return: address of byte or BADADDR

find_bytes(bs: Union[bytes, bytearray, str], range_start: int, range_size: Optional[int] = None, range_end: Optional[int] = 18446744073709551615, mask: Union[bytes, bytearray, NoneType] = None, flags: Optional[int] = 8, radix: Optional[int] = 16, strlit_encoding: Union[int, str, NoneType] = 0) ‑> int

find_custom_data_format(name: char const *) ‑> int

find_custom_data_format(name) -> int Get id of a custom data format.

name: (C++: const char *) name of the custom data format
return: id or -1

find_custom_data_type(name: char const *) ‑> int

find_custom_data_type(name) -> int Get id of a custom data type.

name: (C++: const char *) name of the custom data type
return: id or -1

find_free_chunk(start: ea_t, size: asize_t, alignment: asize_t) ‑> ea_t

find_free_chunk(start, size, alignment) -> ea_t Search for a hole in the addressing space of the program.

start: (C++: ea_t) Address to start searching from
size: (C++: asize_t) Size of the desired empty range
alignment: (C++: asize_t) Alignment bitmask, must be a pow2-1. (for example, 0xF would
                 align the returned range to 16 bytes).
return: Start of the found empty range or BADADDR

find_string(_str: str, range_start: int, range_end: Optional[int] = 18446744073709551615, range_size: Optional[int] = None, strlit_encoding: Union[int, str, NoneType] = 0, flags: Optional[int] = 8) ‑> int

float_flag() ‑> flags64_t

float_flag() -> flags64_t Get a flags64_t representing a float.

flt_flag() ‑> flags64_t

flt_flag() -> flags64_t see FF_opbits

get_16bit(ea: ea_t) ‑> uint32

get_16bit(ea) -> uint32 Get 16bits of the program at 'ea'.

ea: (C++: ea_t)
return: 1 byte (getFullByte()) if the current processor has 16-bit byte,
        otherwise return get_word()

get_32bit(ea: ea_t) ‑> uint32

get_32bit(ea) -> uint32 Get not more than 32bits of the program at 'ea'.

ea: (C++: ea_t)
return: 32 bit value, depending on processor_t::nbits:
  • if ( nbits <= 8 ) return get_dword(ea);

  • if ( nbits <= 16) return get_wide_word(ea);

  • return get_wide_byte(ea);

get_64bit(ea: ea_t) ‑> uint64

get_64bit(ea) -> uint64 Get not more than 64bits of the program at 'ea'.

ea: (C++: ea_t)
return: 64 bit value, depending on processor_t::nbits:
  • if ( nbits <= 8 ) return get_qword(ea);

  • if ( nbits <= 16) return get_wide_dword(ea);

  • return get_wide_byte(ea);

get_byte(ea: ea_t) ‑> uchar

get_byte(ea) -> uchar Get one byte (8-bit) of the program at 'ea'. This function works only for 8bit byte processors.

ea: (C++: ea_t)

get_bytes(ea: ea_t, size: unsigned int, gmb_flags: int = 1) ‑> PyObject *

get_bytes(ea, size, gmb_flags=0x01) -> PyObject Get the specified number of bytes of the program.

ea: program address
size: number of bytes to return
gmb_flags: int
return: the bytes (as bytes object), or None in case of failure

get_bytes_and_mask(ea: ea_t, size: unsigned int, gmb_flags: int = 1) ‑> PyObject *

get_bytes_and_mask(ea, size, gmb_flags=0x01) -> PyObject Get the specified number of bytes of the program, and a bitmask specifying what bytes are defined and what bytes are not.

ea: program address
size: number of bytes to return
gmb_flags: int
return: a tuple (bytes, mask), or None in case of failure.
        Both 'bytes' and 'mask' are 'str' instances.

get_cmt(ea: ea_t, rptble: bool) ‑> qstring *

get_cmt(ea, rptble) -> str Get an indented comment.

ea: (C++: ea_t) linear address. may point to tail byte, the function will find start
          of the item
rptble: (C++: bool) get repeatable comment?
return: size of comment or -1

get_custom_data_format(dfid: int) ‑> data_format_t const *

get_custom_data_format(dfid) -> data_format_t Get definition of a registered custom data format.

dfid: (C++: int) data format id
return: data format definition or nullptr

get_custom_data_formats(out: intvec_t *, dtid: int) ‑> int

get_custom_data_formats(out, dtid) -> int Get list of attached custom data formats for the specified data type.

out: (C++: intvec_t *) buffer for the output. may be nullptr
dtid: (C++: int) data type id
return: number of returned custom data formats. if error, returns -1

get_custom_data_type(dtid: int) ‑> data_type_t const *

get_custom_data_type(dtid) -> data_type_t Get definition of a registered custom data type.

dtid: (C++: int) data type id
return: data type definition or nullptr

get_custom_data_types(*args) ‑> int

get_custom_data_types(out, min_size=0, max_size=BADADDR) -> int Get list of registered custom data type ids.

out: (C++: intvec_t *) buffer for the output. may be nullptr
min_size: (C++: asize_t) minimum value size
max_size: (C++: asize_t) maximum value size
return: number of custom data types with the specified size limits

get_data_elsize(ea: ea_t, F: flags64_t, ti: opinfo_t = None) ‑> asize_t

get_data_elsize(ea, F, ti=None) -> asize_t Get size of data type specified in flags 'F'.

ea: (C++: ea_t) linear address of the item
F: (C++: flags64_t) flags
ti: (C++: const opinfo_t *) additional information about the data type. For example, if the
          current item is a structure instance, then ti->tid is structure id.
          Otherwise is ignored (may be nullptr). If specified as nullptr, will
          be automatically retrieved from the database
return: * byte : 1
  • word : 2

  • etc...

get_data_value(v: uval_t *, ea: ea_t, size: asize_t) ‑> bool

get_data_value(v, ea, size) -> bool Get the value at of the item at 'ea'. This function works with entities up to sizeof(ea_t) (bytes, word, etc)

v: (C++: uval_t *) pointer to the result. may be nullptr
ea: (C++: ea_t) linear address
size: (C++: asize_t) size of data to read. If 0, then the item type at 'ea' will be used
return: success

get_db_byte(ea: ea_t) ‑> uchar

get_db_byte(ea) -> uchar Get one byte (8-bit) of the program at 'ea' from the database. Works even if the debugger is active. See also get_dbg_byte() to read the process memory directly. This function works only for 8bit byte processors.

ea: (C++: ea_t)

get_default_radix() ‑> int

get_default_radix() -> int Get default base of number for the current processor.

return: 2, 8, 10, 16

get_dword(ea: ea_t) ‑> uint32

get_dword(ea) -> uint32 Get one dword (32-bit) of the program at 'ea'. This function takes into account order of bytes specified in idainfo::is_be() This function works only for 8bit byte processors.

ea: (C++: ea_t)

get_enum_id(ea: ea_t, n: int) ‑> uchar *

get_enum_id(ea, n) -> tid_t Get enum id of 'enum' operand.