Module ida_bytes
Each byte of the disassembled program is represented by a 32-bit value. We will call this value 'flags'. The structure of the flags is here.
You are not allowed to inspect individual bits of flags and modify them directly. Use special functions to inspect and/or modify flags.
Flags are kept in a virtual array file (*.id1). Addresses (ea) are all 32-bit (or 64-bit) quantities.
Global Variables
ALOPT_APPEND
ALOPT_IGNCLT
ALOPT_IGNHEADS
ALOPT_IGNPRINT
ALOPT_MAX4K
ALOPT_ONLYTERM
BIN_SEARCH_BACKWARD
BIN_SEARCH_BITMASK
BIN_SEARCH_CASE
BIN_SEARCH_FORWARD
BIN_SEARCH_INITED
BIN_SEARCH_NOBREAK
BIN_SEARCH_NOCASE
BIN_SEARCH_NOSHOW
DELIT_DELNAMES
DELIT_EXPAND
DELIT_KEEPFUNC
DELIT_NOCMT
DELIT_NOTRUNC
DELIT_NOUNAME
DELIT_SIMPLE
DTP_NODUP
DT_TYPE
FF_0CHAR
FF_0CUST
FF_0ENUM
FF_0FLT
FF_0FOP
FF_0NUMB
FF_0NUMD
FF_0NUMH
FF_0NUMO
FF_0OFF
FF_0SEG
FF_0STK
FF_0STRO
FF_0VOID
FF_1CHAR
FF_1CUST
FF_1ENUM
FF_1FLT
FF_1FOP
FF_1NUMB
FF_1NUMD
FF_1NUMH
FF_1NUMO
FF_1OFF
FF_1SEG
FF_1STK
FF_1STRO
FF_1VOID
FF_ALIGN
FF_ANYNAME
FF_BNOT
FF_BYTE
FF_CODE
FF_COMM
FF_CUSTOM
FF_DATA
FF_DOUBLE
FF_DWORD
FF_FLOAT
FF_FLOW
FF_FUNC
FF_IMMD
FF_IVL
FF_JUMP
FF_LABL
FF_LINE
FF_NAME
FF_N_CHAR
FF_N_CUST
FF_N_ENUM
FF_N_FLT
FF_N_FOP
FF_N_NUMB
FF_N_NUMD
FF_N_NUMH
FF_N_NUMO
FF_N_OFF
FF_N_SEG
FF_N_STK
FF_N_STRO
FF_N_VOID
FF_OWORD
FF_PACKREAL
FF_QWORD
FF_REF
FF_SIGN
FF_STRLIT
FF_STRUCT
FF_TAIL
FF_TBYTE
FF_UNK
FF_UNUSED
FF_WORD
FF_YWORD
FF_ZWORD
GFE_IDB_VALUE
GFE_VALUE
GMB_READALL
GMB_WAITBOX
ITEM_END_CANCEL
ITEM_END_FIXUP
ITEM_END_INITED
ITEM_END_NAME
ITEM_END_XREF
MS_0TYPE
MS_1TYPE
MS_CLS
MS_CODE
MS_COMM
MS_N_TYPE
MS_VAL
OPND_ALL
OPND_MASK
OPND_OUTER
PBSENC_ALL
PBSENC_DEF1BPU
PSTF_ATTRIB
PSTF_ENC
PSTF_HOTKEY
PSTF_ONLY_ENC
PSTF_TBRIEF
PSTF_TINLIN
PSTF_TMASK
PSTF_TNORM
STRCONV_ESCAPE
STRCONV_INCLLEN
STRCONV_REPLCHAR
Functions
add_byte(ea: ea_t, value: uint32) ‑> void
add_byte(ea, value) Add a value to one byte of the program. This function works for wide byte processors too.
add_dword(ea: ea_t, value: uint64) ‑> void
add_dword(ea, value) Add a value to one dword of the program. This function works for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be() note: this function works incorrectly if processor_t::nbits > 16
add_hidden_range(*args) ‑> bool
add_hidden_range(ea1, ea2, description, header, footer, color=bgcolor_t(-1)) -> bool Mark a range of addresses as hidden. The range will be created in the invisible state with the default color
add_mapping(_from: ea_t, to: ea_t, size: asize_t) ‑> bool
add_mapping(_from, to, size) -> bool IDA supports memory mapping. References to the addresses from the mapped range use data and meta-data from the mapping range. note: You should set flag PR2_MAPPING in ph.flag2 to use memory mapping Add memory mapping range.
add_qword(ea: ea_t, value: uint64) ‑> void
add_qword(ea, value) Add a value to one qword of the program. This function does not work for wide byte processors. This function takes into account order of bytes specified in idainfo::is_be()
add_word(ea: ea_t, value: uint64) ‑> void
add_word(ea, value) Add a value to one word of the program. This function works for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be()
align_flag() ‑> flags64_t
align_flag() -> flags64_t Get a flags64_t representing an alignment directive.
append_cmt(ea: ea_t, str: char const *, rptble: bool) ‑> bool
append_cmt(ea, str, rptble) -> bool Append to an indented comment. Creates a new comment if none exists. Appends a newline character and the specified string otherwise.
attach_custom_data_format(dtid: int, dfid: int) ‑> bool
attach_custom_data_format(dtid, dfid) -> bool Attach the data format to the data type.
bin_flag() ‑> flags64_t
bin_flag() -> flags64_t Get number flag of the base, regardless of current processor - better to use num_flag()
bin_search3(*args) ‑> ea_t
bin_search3(start_ea, end_ea, data, flags) -> ea_t
bin_search3(start_ea, end_ea, image, mask, len, flags) -> ea_t
byte_flag() ‑> flags64_t
byte_flag() -> flags64_t Get a flags64_t representing a byte.
bytesize(ea: ea_t) ‑> int
bytesize(ea) -> int Get number of bytes required to store a byte at the given address.
calc_def_align(ea: ea_t, mina: int, maxa: int) ‑> int
calc_def_align(ea, mina, maxa) -> int Calculate the default alignment exponent.
calc_dflags(f: flags64_t, force: bool) ‑> flags64_t
calc_dflags(f, force) -> flags64_t
calc_max_align(endea: ea_t) ‑> int
calc_max_align(endea) -> int Calculate the maximal possible alignment exponent.
calc_max_item_end(ea: ea_t, how: int = 15) ‑> ea_t
calc_max_item_end(ea, how=15) -> ea_t Calculate maximal reasonable end address of a new item. This function will limit the item with the current segment bounds.
calc_min_align(length: asize_t) ‑> int
calc_min_align(length) -> int Calculate the minimal possible alignment exponent.
can_define_item(ea: ea_t, length: asize_t, flags: flags64_t) ‑> bool
can_define_item(ea, length, flags) -> bool Can define item (instruction/data) of the specified 'length', starting at 'ea'? note: if there is an item starting at 'ea', this function ignores it note: this function converts to unexplored all encountered data items with fixup information. Should be fixed in the future.
1000 dw 5 1002 db 5 ; undef 1003 db 5 ; undef 1004 dw 5 1006 dd 5 can_define_item(1000, 6, 0) - false because of dw at 1004 can_define_item(1000, 6, word_flag()) - true, word at 1004 is destroyed return: 1-yes, 0-no
a new item would cross segment boundaries
a new item would overlap with existing items (except items specified by 'flags')
change_storage_type(start_ea: ea_t, end_ea: ea_t, stt: storage_type_t) ‑> error_t
change_storage_type(start_ea, end_ea, stt) -> error_t Change flag storage type for address range.
char_flag() ‑> flags64_t
char_flag() -> flags64_t see FF_opbits
chunk_size(ea: ea_t) ‑> asize_t
chunk_size(ea) -> asize_t Get size of the contiguous address block containing 'ea'.
chunk_start(ea: ea_t) ‑> ea_t
chunk_start(ea) -> ea_t Get start of the contiguous address block containing 'ea'.
clr_lzero(ea: ea_t, n: int) ‑> bool
clr_lzero(ea, n) -> bool Clear toggle lzero bit. This function reset the display of leading zeroes for the specified operand to the default. If the default is not to display leading zeroes, leading zeroes will not be displayed, as vice versa.
clr_op_type(ea: ea_t, n: int) ‑> bool
clr_op_type(ea, n) -> bool Remove operand representation information. (set operand representation to be 'undefined')
code_flag() ‑> flags64_t
code_flag() -> flags64_t FF_CODE
combine_flags(F: flags64_t) ‑> flags64_t
combine_flags(F) -> flags64_t
create_16bit_data(ea: ea_t, length: asize_t) ‑> bool
create_16bit_data(ea, length) -> bool Convert to 16-bit quantity (take the byte size into account)
create_32bit_data(ea: ea_t, length: asize_t) ‑> bool
create_32bit_data(ea, length) -> bool Convert to 32-bit quantity (take the byte size into account)
create_align(ea: ea_t, length: asize_t, alignment: int) ‑> bool
create_align(ea, length, alignment) -> bool Create an alignment item.
create_byte(ea: ea_t, length: asize_t, force: bool = False) ‑> bool
create_byte(ea, length, force=False) -> bool Convert to byte.
create_custdata(ea: ea_t, length: asize_t, dtid: int, fid: int, force: bool = False) ‑> bool
create_custdata(ea, length, dtid, fid, force=False) -> bool Convert to custom data type.
create_data(ea: ea_t, dataflag: flags64_t, size: asize_t, tid: tid_t) ‑> bool
create_data(ea, dataflag, size, tid) -> bool Convert to data (byte, word, dword, etc). This function may be used to create arrays.
create_double(ea: ea_t, length: asize_t, force: bool = False) ‑> bool
create_double(ea, length, force=False) -> bool Convert to double.
create_dword(ea: ea_t, length: asize_t, force: bool = False) ‑> bool
create_dword(ea, length, force=False) -> bool Convert to dword.
create_float(ea: ea_t, length: asize_t, force: bool = False) ‑> bool
create_float(ea, length, force=False) -> bool Convert to float.
create_oword(ea: ea_t, length: asize_t, force: bool = False) ‑> bool
create_oword(ea, length, force=False) -> bool Convert to octaword/xmm word.
create_packed_real(ea: ea_t, length: asize_t, force: bool = False) ‑> bool
create_packed_real(ea, length, force=False) -> bool Convert to packed decimal real.
create_qword(ea: ea_t, length: asize_t, force: bool = False) ‑> bool
create_qword(ea, length, force=False) -> bool Convert to quadword.
create_strlit(start: ea_t, len: size_t, strtype: int32) ‑> bool
create_strlit(start, len, strtype) -> bool Convert to string literal and give a meaningful name. 'start' may be higher than 'end', the kernel will swap them in this case
create_struct(ea: ea_t, length: asize_t, tid: tid_t, force: bool = False) ‑> bool
create_struct(ea, length, tid, force=False) -> bool Convert to struct.
create_tbyte(ea: ea_t, length: asize_t, force: bool = False) ‑> bool
create_tbyte(ea, length, force=False) -> bool Convert to tbyte.
create_word(ea: ea_t, length: asize_t, force: bool = False) ‑> bool
create_word(ea, length, force=False) -> bool Convert to word.
create_yword(ea: ea_t, length: asize_t, force: bool = False) ‑> bool
create_yword(ea, length, force=False) -> bool Convert to ymm word.
create_zword(ea: ea_t, length: asize_t, force: bool = False) ‑> bool
create_zword(ea, length, force=False) -> bool Convert to zmm word.
cust_flag() ‑> flags64_t
cust_flag() -> flags64_t Get a flags64_t representing custom type data.
custfmt_flag() ‑> flags64_t
custfmt_flag() -> flags64_t see FF_opbits
dec_flag() ‑> flags64_t
dec_flag() -> flags64_t Get number flag of the base, regardless of current processor - better to use num_flag()
del_hidden_range(ea: ea_t) ‑> bool
del_hidden_range(ea) -> bool Delete hidden range.
del_items(ea: ea_t, flags: int = 0, nbytes: asize_t = 1, may_destroy: may_destroy_cb_t * = None) ‑> bool
del_items(ea, flags=0, nbytes=1, may_destroy=None) -> bool Convert item (instruction/data) to unexplored bytes. The whole item (including the head and tail bytes) will be destroyed. It is allowed to pass any address in the item to this function
del_mapping(ea: ea_t) ‑> void
del_mapping(ea) Delete memory mapping range.
del_value(ea: ea_t) ‑> void
del_value(ea) Delete byte value from flags. The corresponding byte becomes uninitialized.
detach_custom_data_format(dtid: int, dfid: int) ‑> bool
detach_custom_data_format(dtid, dfid) -> bool Detach the data format from the data type. Unregistering a custom data type detaches all attached data formats, no need to detach them explicitly. You still need unregister them. Unregistering a custom data format detaches it from all attached data types.
disable_flags(start_ea: ea_t, end_ea: ea_t) ‑> error_t
disable_flags(start_ea, end_ea) -> error_t Deallocate flags for address range. Exit with an error message if not enough disk space (this may occur too).
double_flag() ‑> flags64_t
double_flag() -> flags64_t Get a flags64_t representing a double.
dword_flag() ‑> flags64_t
dword_flag() -> flags64_t Get a flags64_t representing a double word.
enable_flags(start_ea: ea_t, end_ea: ea_t, stt: storage_type_t) ‑> error_t
enable_flags(start_ea, end_ea, stt) -> error_t Allocate flags for address range. This function does not change the storage type of existing ranges. Exit with an error message if not enough disk space.
enum_flag() ‑> flags64_t
enum_flag() -> flags64_t see FF_opbits
equal_bytes(ea: ea_t, image: uchar const *, mask: uchar const *, len: size_t, bin_search_flags: int) ‑> bool
equal_bytes(ea, image, mask, len, bin_search_flags) -> bool Compare 'len' bytes of the program starting from 'ea' with 'image'.
f_has_cmt(f: flags64_t, arg2: void *) ‑> bool
f_has_cmt(f, arg2) -> bool
f_has_dummy_name(f: flags64_t, arg2: void *) ‑> bool
f_has_dummy_name(f, arg2) -> bool Does the current byte have dummy (auto-generated, with special prefix) name?
f_has_extra_cmts(f: flags64_t, arg2: void *) ‑> bool
f_has_extra_cmts(f, arg2) -> bool
f_has_name(f: flags64_t, arg2: void *) ‑> bool
f_has_name(f, arg2) -> bool Does the current byte have non-trivial (non-dummy) name?
f_has_user_name(F: flags64_t, arg2: void *) ‑> bool
f_has_user_name(F, arg2) -> bool Does the current byte have user-specified name?
f_has_xref(f: flags64_t, arg2: void *) ‑> bool
f_has_xref(f, arg2) -> bool Does the current byte have cross-references to it?
f_is_align(F: flags64_t, arg2: void *) ‑> bool
f_is_align(F, arg2) -> bool See is_align()
f_is_byte(F: flags64_t, arg2: void *) ‑> bool
f_is_byte(F, arg2) -> bool See is_byte()
f_is_code(F: flags64_t, arg2: void *) ‑> bool
f_is_code(F, arg2) -> bool Does flag denote start of an instruction?
f_is_custom(F: flags64_t, arg2: void *) ‑> bool
f_is_custom(F, arg2) -> bool See is_custom()
f_is_data(F: flags64_t, arg2: void *) ‑> bool
f_is_data(F, arg2) -> bool Does flag denote start of data?
f_is_double(F: flags64_t, arg2: void *) ‑> bool
f_is_double(F, arg2) -> bool See is_double()
f_is_dword(F: flags64_t, arg2: void *) ‑> bool
f_is_dword(F, arg2) -> bool See is_dword()
f_is_float(F: flags64_t, arg2: void *) ‑> bool
f_is_float(F, arg2) -> bool See is_float()
f_is_head(F: flags64_t, arg2: void *) ‑> bool
f_is_head(F, arg2) -> bool Does flag denote start of instruction OR data?
f_is_not_tail(F: flags64_t, arg2: void *) ‑> bool
f_is_not_tail(F, arg2) -> bool Does flag denote tail byte?
f_is_oword(F: flags64_t, arg2: void *) ‑> bool
f_is_oword(F, arg2) -> bool See is_oword()
f_is_pack_real(F: flags64_t, arg2: void *) ‑> bool
f_is_pack_real(F, arg2) -> bool See is_pack_real()
f_is_qword(F: flags64_t, arg2: void *) ‑> bool
f_is_qword(F, arg2) -> bool See is_qword()
f_is_strlit(F: flags64_t, arg2: void *) ‑> bool
f_is_strlit(F, arg2) -> bool See is_strlit()
f_is_struct(F: flags64_t, arg2: void *) ‑> bool
f_is_struct(F, arg2) -> bool See is_struct()
f_is_tail(F: flags64_t, arg2: void *) ‑> bool
f_is_tail(F, arg2) -> bool Does flag denote tail byte?
f_is_tbyte(F: flags64_t, arg2: void *) ‑> bool
f_is_tbyte(F, arg2) -> bool See is_tbyte()
f_is_word(F: flags64_t, arg2: void *) ‑> bool
f_is_word(F, arg2) -> bool See is_word()
f_is_yword(F: flags64_t, arg2: void *) ‑> bool
f_is_yword(F, arg2) -> bool See is_yword()
find_byte(sEA: ea_t, size: asize_t, value: uchar, bin_search_flags: int) ‑> ea_t
find_byte(sEA, size, value, bin_search_flags) -> ea_t Find forward a byte with the specified value (only 8-bit value from the database). example: ea=4 size=3 will inspect addresses 4, 5, and 6
find_byter(sEA: ea_t, size: asize_t, value: uchar, bin_search_flags: int) ‑> ea_t
find_byter(sEA, size, value, bin_search_flags) -> ea_t Find reverse a byte with the specified value (only 8-bit value from the database). example: ea=4 size=3 will inspect addresses 6, 5, and 4
find_bytes(bs: Union[bytes, bytearray, str], range_start: int, range_size: Optional[int] = None, range_end: Optional[int] = 18446744073709551615, mask: Union[bytes, bytearray, NoneType] = None, flags: Optional[int] = 8, radix: Optional[int] = 16, strlit_encoding: Union[int, str, NoneType] = 0) ‑> int
find_custom_data_format(name: char const *) ‑> int
find_custom_data_format(name) -> int Get id of a custom data format.
find_custom_data_type(name: char const *) ‑> int
find_custom_data_type(name) -> int Get id of a custom data type.
find_free_chunk(start: ea_t, size: asize_t, alignment: asize_t) ‑> ea_t
find_free_chunk(start, size, alignment) -> ea_t Search for a hole in the addressing space of the program.
find_string(_str: str, range_start: int, range_end: Optional[int] = 18446744073709551615, range_size: Optional[int] = None, strlit_encoding: Union[int, str, NoneType] = 0, flags: Optional[int] = 8) ‑> int
float_flag() ‑> flags64_t
float_flag() -> flags64_t Get a flags64_t representing a float.
flt_flag() ‑> flags64_t
flt_flag() -> flags64_t see FF_opbits
get_16bit(ea: ea_t) ‑> uint32
get_16bit(ea) -> uint32 Get 16bits of the program at 'ea'.
get_32bit(ea: ea_t) ‑> uint32
get_32bit(ea) -> uint32 Get not more than 32bits of the program at 'ea'.
if ( nbits <= 8 ) return get_dword(ea);
if ( nbits <= 16) return get_wide_word(ea);
return get_wide_byte(ea);
get_64bit(ea: ea_t) ‑> uint64
get_64bit(ea) -> uint64 Get not more than 64bits of the program at 'ea'.
if ( nbits <= 8 ) return get_qword(ea);
if ( nbits <= 16) return get_wide_dword(ea);
return get_wide_byte(ea);
get_byte(ea: ea_t) ‑> uchar
get_byte(ea) -> uchar Get one byte (8-bit) of the program at 'ea'. This function works only for 8bit byte processors.
get_bytes(ea: ea_t, size: unsigned int, gmb_flags: int = 1) ‑> PyObject *
get_bytes(ea, size, gmb_flags=0x01) -> PyObject Get the specified number of bytes of the program.
get_bytes_and_mask(ea: ea_t, size: unsigned int, gmb_flags: int = 1) ‑> PyObject *
get_bytes_and_mask(ea, size, gmb_flags=0x01) -> PyObject Get the specified number of bytes of the program, and a bitmask specifying what bytes are defined and what bytes are not.
get_cmt(ea: ea_t, rptble: bool) ‑> qstring *
get_cmt(ea, rptble) -> str Get an indented comment.
get_custom_data_format(dfid: int) ‑> data_format_t const *
get_custom_data_format(dfid) -> data_format_t Get definition of a registered custom data format.
get_custom_data_formats(out: intvec_t *, dtid: int) ‑> int
get_custom_data_formats(out, dtid) -> int Get list of attached custom data formats for the specified data type.
get_custom_data_type(dtid: int) ‑> data_type_t const *
get_custom_data_type(dtid) -> data_type_t Get definition of a registered custom data type.
get_custom_data_types(*args) ‑> int
get_custom_data_types(out, min_size=0, max_size=BADADDR) -> int Get list of registered custom data type ids.
get_data_elsize(ea: ea_t, F: flags64_t, ti: opinfo_t = None) ‑> asize_t
get_data_elsize(ea, F, ti=None) -> asize_t Get size of data type specified in flags 'F'.
word : 2
etc...
get_data_value(v: uval_t *, ea: ea_t, size: asize_t) ‑> bool
get_data_value(v, ea, size) -> bool Get the value at of the item at 'ea'. This function works with entities up to sizeof(ea_t) (bytes, word, etc)
get_db_byte(ea: ea_t) ‑> uchar
get_db_byte(ea) -> uchar Get one byte (8-bit) of the program at 'ea' from the database. Works even if the debugger is active. See also get_dbg_byte() to read the process memory directly. This function works only for 8bit byte processors.
get_default_radix() ‑> int
get_default_radix() -> int Get default base of number for the current processor.
get_dword(ea: ea_t) ‑> uint32
get_dword(ea) -> uint32 Get one dword (32-bit) of the program at 'ea'. This function takes into account order of bytes specified in idainfo::is_be() This function works only for 8bit byte processors.
get_enum_id(ea: ea_t, n: int) ‑> uchar *
get_enum_id(ea, n) -> tid_t Get enum id of 'enum' operand.