Module ida_bytes
Each byte of the disassembled program is represented by a 32-bit value. We will call this value 'flags'. The structure of the flags is here.
You are not allowed to inspect individual bits of flags and modify them directly. Use special functions to inspect and/or modify flags.
Flags are kept in a virtual array file (*.id1). Addresses (ea) are all 32-bit (or 64-bit) quantities.
Global Variables
ALOPT_APPEND
ALOPT_IGNCLT
ALOPT_IGNHEADS
ALOPT_IGNPRINT
ALOPT_MAX4K
ALOPT_ONLYTERM
BIN_SEARCH_BACKWARD
BIN_SEARCH_BITMASK
BIN_SEARCH_CASE
BIN_SEARCH_FORWARD
BIN_SEARCH_INITED
BIN_SEARCH_NOBREAK
BIN_SEARCH_NOCASE
BIN_SEARCH_NOSHOW
DELIT_DELNAMES
DELIT_EXPAND
DELIT_KEEPFUNC
DELIT_NOCMT
DELIT_NOTRUNC
DELIT_NOUNAME
DELIT_SIMPLE
DTP_NODUP
DT_TYPE
FF_0CHAR
FF_0CUST
FF_0ENUM
FF_0FLT
FF_0FOP
FF_0NUMB
FF_0NUMD
FF_0NUMH
FF_0NUMO
FF_0OFF
FF_0SEG
FF_0STK
FF_0STRO
FF_0VOID
FF_1CHAR
FF_1CUST
FF_1ENUM
FF_1FLT
FF_1FOP
FF_1NUMB
FF_1NUMD
FF_1NUMH
FF_1NUMO
FF_1OFF
FF_1SEG
FF_1STK
FF_1STRO
FF_1VOID
FF_ALIGN
FF_ANYNAME
FF_BNOT
FF_BYTE
FF_CODE
FF_COMM
FF_CUSTOM
FF_DATA
FF_DOUBLE
FF_DWORD
FF_FLOAT
FF_FLOW
FF_FUNC
FF_IMMD
FF_IVL
FF_JUMP
FF_LABL
FF_LINE
FF_NAME
FF_N_CHAR
FF_N_CUST
FF_N_ENUM
FF_N_FLT
FF_N_FOP
FF_N_NUMB
FF_N_NUMD
FF_N_NUMH
FF_N_NUMO
FF_N_OFF
FF_N_SEG
FF_N_STK
FF_N_STRO
FF_N_VOID
FF_OWORD
FF_PACKREAL
FF_QWORD
FF_REF
FF_SIGN
FF_STRLIT
FF_STRUCT
FF_TAIL
FF_TBYTE
FF_UNK
FF_UNUSED
FF_WORD
FF_YWORD
FF_ZWORD
GFE_IDB_VALUE
GFE_VALUE
GMB_READALL
GMB_WAITBOX
ITEM_END_CANCEL
ITEM_END_FIXUP
ITEM_END_INITED
ITEM_END_NAME
ITEM_END_XREF
MS_0TYPE
MS_1TYPE
MS_CLS
MS_CODE
MS_COMM
MS_N_TYPE
MS_VAL
OPND_ALL
OPND_MASK
OPND_OUTER
PBSENC_ALL
PBSENC_DEF1BPU
PSTF_ATTRIB
PSTF_ENC
PSTF_HOTKEY
PSTF_ONLY_ENC
PSTF_TBRIEF
PSTF_TINLIN
PSTF_TMASK
PSTF_TNORM
STRCONV_ESCAPE
STRCONV_INCLLEN
STRCONV_REPLCHAR
Functions
add_byte(ea: ea_t, value: uint32) ‑> void
add_byte(ea, value) Add a value to one byte of the program. This function works for wide byte processors too.
add_dword(ea: ea_t, value: uint64) ‑> void
add_dword(ea, value) Add a value to one dword of the program. This function works for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be() note: this function works incorrectly if processor_t::nbits > 16
add_hidden_range(*args) ‑> bool
add_hidden_range(ea1, ea2, description, header, footer, color=bgcolor_t(-1)) -> bool Mark a range of addresses as hidden. The range will be created in the invisible state with the default color
add_mapping(_from: ea_t, to: ea_t, size: asize_t) ‑> bool
add_mapping(_from, to, size) -> bool IDA supports memory mapping. References to the addresses from the mapped range use data and meta-data from the mapping range. note: You should set flag PR2_MAPPING in ph.flag2 to use memory mapping Add memory mapping range.
add_qword(ea: ea_t, value: uint64) ‑> void
add_qword(ea, value) Add a value to one qword of the program. This function does not work for wide byte processors. This function takes into account order of bytes specified in idainfo::is_be()
add_word(ea: ea_t, value: uint64) ‑> void
add_word(ea, value) Add a value to one word of the program. This function works for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be()
align_flag() ‑> flags64_t
align_flag() -> flags64_t Get a flags64_t representing an alignment directive.
append_cmt(ea: ea_t, str: char const *, rptble: bool) ‑> bool
append_cmt(ea, str, rptble) -> bool Append to an indented comment. Creates a new comment if none exists. Appends a newline character and the specified string otherwise.
attach_custom_data_format(dtid: int, dfid: int) ‑> bool
attach_custom_data_format(dtid, dfid) -> bool Attach the data format to the data type.
bin_flag() ‑> flags64_t
bin_flag() -> flags64_t Get number flag of the base, regardless of current processor - better to use num_flag()
bin_search3(*args) ‑> ea_t
bin_search3(start_ea, end_ea, data, flags) -> ea_t
bin_search3(start_ea, end_ea, image, mask, len, flags) -> ea_t
byte_flag() ‑> flags64_t
byte_flag() -> flags64_t Get a flags64_t representing a byte.
bytesize(ea: ea_t) ‑> int
bytesize(ea) -> int Get number of bytes required to store a byte at the given address.
calc_def_align(ea: ea_t, mina: int, maxa: int) ‑> int
calc_def_align(ea, mina, maxa) -> int Calculate the default alignment exponent.
calc_dflags(f: flags64_t, force: bool) ‑> flags64_t
calc_dflags(f, force) -> flags64_t
calc_max_align(endea: ea_t) ‑> int
calc_max_align(endea) -> int Calculate the maximal possible alignment exponent.
calc_max_item_end(ea: ea_t, how: int = 15) ‑> ea_t
calc_max_item_end(ea, how=15) -> ea_t Calculate maximal reasonable end address of a new item. This function will limit the item with the current segment bounds.
calc_min_align(length: asize_t) ‑> int
calc_min_align(length) -> int Calculate the minimal possible alignment exponent.
can_define_item(ea: ea_t, length: asize_t, flags: flags64_t) ‑> bool
can_define_item(ea, length, flags) -> bool Can define item (instruction/data) of the specified 'length', starting at 'ea'? note: if there is an item starting at 'ea', this function ignores it note: this function converts to unexplored all encountered data items with fixup information. Should be fixed in the future.
1000 dw 5 1002 db 5 ; undef 1003 db 5 ; undef 1004 dw 5 1006 dd 5 can_define_item(1000, 6, 0) - false because of dw at 1004 can_define_item(1000, 6, word_flag()) - true, word at 1004 is destroyed return: 1-yes, 0-no
a new item would cross segment boundaries
a new item would overlap with existing items (except items specified by 'flags')
change_storage_type(start_ea: ea_t, end_ea: ea_t, stt: storage_type_t) ‑> error_t
change_storage_type(start_ea, end_ea, stt) -> error_t Change flag storage type for address range.
char_flag() ‑> flags64_t
char_flag() -> flags64_t see FF_opbits
chunk_size(ea: ea_t) ‑> asize_t
chunk_size(ea) -> asize_t Get size of the contiguous address block containing 'ea'.
chunk_start(ea: ea_t) ‑> ea_t
chunk_start(ea) -> ea_t Get start of the contiguous address block containing 'ea'.
clr_lzero(ea: ea_t, n: int) ‑> bool
clr_lzero(ea, n) -> bool Clear toggle lzero bit. This function reset the display of leading zeroes for the specified operand to the default. If the default is not to display leading zeroes, leading zeroes will not be displayed, as vice versa.
clr_op_type(ea: ea_t, n: int) ‑> bool
clr_op_type(ea, n) -> bool Remove operand representation information. (set operand representation to be 'undefined')
code_flag() ‑> flags64_t
code_flag() -> flags64_t FF_CODE
combine_flags(F: flags64_t) ‑> flags64_t
combine_flags(F) -> flags64_t
create_16bit_data(ea: ea_t, length: asize_t) ‑> bool
create_16bit_data(ea, length) -> bool Convert to 16-bit quantity (take the byte size into account)
create_32bit_data(ea: ea_t, length: asize_t) ‑> bool
create_32bit_data(ea, length) -> bool Convert to 32-bit quantity (take the byte size into account)
create_align(ea: ea_t, length: asize_t, alignment: int) ‑> bool
create_align(ea, length, alignment) -> bool Create an alignment item.
create_byte(ea: ea_t, length: asize_t, force: bool = False) ‑> bool
create_byte(ea, length, force=False) -> bool Convert to byte.
create_custdata(ea: ea_t, length: asize_t, dtid: int, fid: int, force: bool = False) ‑> bool
create_custdata(ea, length, dtid, fid, force=False) -> bool Convert to custom data type.
create_data(ea: ea_t, dataflag: flags64_t, size: asize_t, tid: tid_t) ‑> bool
create_data(ea, dataflag, size, tid) -> bool Convert to data (byte, word, dword, etc). This function may be used to create arrays.
create_double(ea: ea_t, length: asize_t, force: bool = False) ‑> bool
create_double(ea, length, force=False) -> bool Convert to double.
create_dword(ea: ea_t, length: asize_t, force: bool = False) ‑> bool
create_dword(ea, length, force=False) -> bool Convert to dword.
create_float(ea: ea_t, length: asize_t, force: bool = False) ‑> bool
create_float(ea, length, force=False) -> bool Convert to float.
create_oword(ea: ea_t, length: asize_t, force: bool = False) ‑> bool
create_oword(ea, length, force=False) -> bool Convert to octaword/xmm word.
create_packed_real(ea: ea_t, length: asize_t, force: bool = False) ‑> bool
create_packed_real(ea, length, force=False) -> bool Convert to packed decimal real.
create_qword(ea: ea_t, length: asize_t, force: bool = False) ‑> bool
create_qword(ea, length, force=False) -> bool Convert to quadword.
create_strlit(start: ea_t, len: size_t, strtype: int32) ‑> bool
create_strlit(start, len, strtype) -> bool Convert to string literal and give a meaningful name. 'start' may be higher than 'end', the kernel will swap them in this case
create_struct(ea: ea_t, length: asize_t, tid: tid_t, force: bool = False) ‑> bool
create_struct(ea, length, tid, force=False) -> bool Convert to struct.
create_tbyte(ea: ea_t, length: asize_t, force: bool = False) ‑> bool
create_tbyte(ea, length, force=False) -> bool Convert to tbyte.
create_word(ea: ea_t, length: asize_t, force: bool = False) ‑> bool
create_word(ea, length, force=False) -> bool Convert to word.
create_yword(ea: ea_t, length: asize_t, force: bool = False) ‑> bool
create_yword(ea, length, force=False) -> bool Convert to ymm word.
create_zword(ea: ea_t, length: asize_t, force: bool = False) ‑> bool
create_zword(ea, length, force=False) -> bool Convert to zmm word.
cust_flag() ‑> flags64_t
cust_flag() -> flags64_t Get a flags64_t representing custom type data.
custfmt_flag() ‑> flags64_t
custfmt_flag() -> flags64_t see FF_opbits
dec_flag() ‑> flags64_t
dec_flag() -> flags64_t Get number flag of the base, regardless of current processor - better to use num_flag()
del_hidden_range(ea: ea_t) ‑> bool
del_hidden_range(ea) -> bool Delete hidden range.
del_items(ea: ea_t, flags: int = 0, nbytes: asize_t = 1, may_destroy: may_destroy_cb_t * = None) ‑> bool
del_items(ea, flags=0, nbytes=1, may_destroy=None) -> bool Convert item (instruction/data) to unexplored bytes. The whole item (including the head and tail bytes) will be destroyed. It is allowed to pass any address in the item to this function
del_mapping(ea: ea_t) ‑> void
del_mapping(ea) Delete memory mapping range.
del_value(ea: ea_t) ‑> void
del_value(ea) Delete byte value from flags. The corresponding byte becomes uninitialized.
detach_custom_data_format(dtid: int, dfid: int) ‑> bool
detach_custom_data_format(dtid, dfid) -> bool Detach the data format from the data type. Unregistering a custom data type detaches all attached data formats, no need to detach them explicitly. You still need unregister them. Unregistering a custom data format detaches it from all attached data types.
disable_flags(start_ea: ea_t, end_ea: ea_t) ‑> error_t
disable_flags(start_ea, end_ea) -> error_t Deallocate flags for address range. Exit with an error message if not enough disk space (this may occur too).
double_flag() ‑> flags64_t
double_flag() -> flags64_t Get a flags64_t representing a double.
dword_flag() ‑> flags64_t
dword_flag() -> flags64_t Get a flags64_t representing a double word.
enable_flags(start_ea: ea_t, end_ea: ea_t, stt: storage_type_t) ‑> error_t
enable_flags(start_ea, end_ea, stt) -> error_t Allocate flags for address range. This function does not change the storage type of existing ranges. Exit with an error message if not enough disk space.
enum_flag() ‑> flags64_t
enum_flag() -> flags64_t see FF_opbits
equal_bytes(ea: ea_t, image: uchar const *, mask: uchar const *, len: size_t, bin_search_flags: int) ‑> bool
equal_bytes(ea, image, mask, len, bin_search_flags) -> bool Compare 'len' bytes of the program starting from 'ea' with 'image'.
f_has_cmt(f: flags64_t, arg2: void *) ‑> bool
f_has_cmt(f, arg2) -> bool
f_has_dummy_name(f: flags64_t, arg2: void *) ‑> bool
f_has_dummy_name(f, arg2) -> bool Does the current byte have dummy (auto-generated, with special prefix) name?
f_has_extra_cmts(f: flags64_t, arg2: void *) ‑> bool
f_has_extra_cmts(f, arg2) -> bool
f_has_name(f: flags64_t, arg2: void *) ‑> bool
f_has_name(f, arg2) -> bool Does the current byte have non-trivial (non-dummy) name?
f_has_user_name(F: flags64_t, arg2: void *) ‑> bool
f_has_user_name(F, arg2) -> bool Does the current byte have user-specified name?
f_has_xref(f: flags64_t, arg2: void *) ‑> bool
f_has_xref(f, arg2) -> bool Does the current byte have cross-references to it?
f_is_align(F: flags64_t, arg2: void *) ‑> bool
f_is_align(F, arg2) -> bool See is_align()
f_is_byte(F: flags64_t, arg2: void *) ‑> bool
f_is_byte(F, arg2) -> bool See is_byte()
f_is_code(F: flags64_t, arg2: void *) ‑> bool
f_is_code(F, arg2) -> bool Does flag denote start of an instruction?
f_is_custom(F: flags64_t, arg2: void *) ‑> bool
f_is_custom(F, arg2) -> bool See is_custom()
f_is_data(F: flags64_t, arg2: void *) ‑> bool
f_is_data(F, arg2) -> bool Does flag denote start of data?
f_is_double(F: flags64_t, arg2: void *) ‑> bool
f_is_double(F, arg2) -> bool See is_double()
f_is_dword(F: flags64_t, arg2: void *) ‑> bool
f_is_dword(F, arg2) -> bool See is_dword()
f_is_float(F: flags64_t, arg2: void *) ‑> bool
f_is_float(F, arg2) -> bool See is_float()
f_is_head(F: flags64_t, arg2: void *) ‑> bool
f_is_head(F, arg2) -> bool Does flag denote start of instruction OR data?
f_is_not_tail(F: flags64_t, arg2: void *) ‑> bool
f_is_not_tail(F, arg2) -> bool Does flag denote tail byte?
f_is_oword(F: flags64_t, arg2: void *) ‑> bool
f_is_oword(F, arg2) -> bool See is_oword()
f_is_pack_real(F: flags64_t, arg2: void *) ‑> bool
f_is_pack_real(F, arg2) -> bool See is_pack_real()
f_is_qword(F: flags64_t, arg2: void *) ‑> bool
f_is_qword(F, arg2) -> bool See is_qword()
f_is_strlit(F: flags64_t, arg2: void *) ‑> bool
f_is_strlit(F, arg2) -> bool See is_strlit()
f_is_struct(F: flags64_t, arg2: void *) ‑> bool
f_is_struct(F, arg2) -> bool See is_struct()
f_is_tail(F: flags64_t, arg2: void *) ‑> bool
f_is_tail(F, arg2) -> bool Does flag denote tail byte?
f_is_tbyte(F: flags64_t, arg2: void *) ‑> bool
f_is_tbyte(F, arg2) -> bool See is_tbyte()
f_is_word(F: flags64_t, arg2: void *) ‑> bool
f_is_word(F, arg2) -> bool See is_word()
f_is_yword(F: flags64_t, arg2: void *) ‑> bool
f_is_yword(F, arg2) -> bool See is_yword()
find_byte(sEA: ea_t, size: asize_t, value: uchar, bin_search_flags: int) ‑> ea_t
find_byte(sEA, size, value, bin_search_flags) -> ea_t Find forward a byte with the specified value (only 8-bit value from the database). example: ea=4 size=3 will inspect addresses 4, 5, and 6
find_byter(sEA: ea_t, size: asize_t, value: uchar, bin_search_flags: int) ‑> ea_t
find_byter(sEA, size, value, bin_search_flags) -> ea_t Find reverse a byte with the specified value (only 8-bit value from the database). example: ea=4 size=3 will inspect addresses 6, 5, and 4
find_bytes(bs: Union[bytes, bytearray, str], range_start: int, range_size: Optional[int] = None, range_end: Optional[int] = 18446744073709551615, mask: Union[bytes, bytearray, NoneType] = None, flags: Optional[int] = 8, radix: Optional[int] = 16, strlit_encoding: Union[int, str, NoneType] = 0) ‑> int
find_custom_data_format(name: char const *) ‑> int
find_custom_data_format(name) -> int Get id of a custom data format.
find_custom_data_type(name: char const *) ‑> int
find_custom_data_type(name) -> int Get id of a custom data type.
find_free_chunk(start: ea_t, size: asize_t, alignment: asize_t) ‑> ea_t
find_free_chunk(start, size, alignment) -> ea_t Search for a hole in the addressing space of the program.
find_string(_str: str, range_start: int, range_end: Optional[int] = 18446744073709551615, range_size: Optional[int] = None, strlit_encoding: Union[int, str, NoneType] = 0, flags: Optional[int] = 8) ‑> int
float_flag() ‑> flags64_t
float_flag() -> flags64_t Get a flags64_t representing a float.
flt_flag() ‑> flags64_t
flt_flag() -> flags64_t see FF_opbits
get_16bit(ea: ea_t) ‑> uint32
get_16bit(ea) -> uint32 Get 16bits of the program at 'ea'.
get_32bit(ea: ea_t) ‑> uint32
get_32bit(ea) -> uint32 Get not more than 32bits of the program at 'ea'.
if ( nbits <= 8 ) return get_dword(ea);
if ( nbits <= 16) return get_wide_word(ea);
return get_wide_byte(ea);
get_64bit(ea: ea_t) ‑> uint64
get_64bit(ea) -> uint64 Get not more than 64bits of the program at 'ea'.
if ( nbits <= 8 ) return get_qword(ea);
if ( nbits <= 16) return get_wide_dword(ea);
return get_wide_byte(ea);
get_byte(ea: ea_t) ‑> uchar
get_byte(ea) -> uchar Get one byte (8-bit) of the program at 'ea'. This function works only for 8bit byte processors.
get_bytes(ea: ea_t, size: unsigned int, gmb_flags: int = 1) ‑> PyObject *
get_bytes(ea, size, gmb_flags=0x01) -> PyObject Get the specified number of bytes of the program.
get_bytes_and_mask(ea: ea_t, size: unsigned int, gmb_flags: int = 1) ‑> PyObject *
get_bytes_and_mask(ea, size, gmb_flags=0x01) -> PyObject Get the specified number of bytes of the program, and a bitmask specifying what bytes are defined and what bytes are not.
get_cmt(ea: ea_t, rptble: bool) ‑> qstring *
get_cmt(ea, rptble) -> str Get an indented comment.
get_custom_data_format(dfid: int) ‑> data_format_t const *
get_custom_data_format(dfid) -> data_format_t Get definition of a registered custom data format.
get_custom_data_formats(out: intvec_t *, dtid: int) ‑> int
get_custom_data_formats(out, dtid) -> int Get list of attached custom data formats for the specified data type.
get_custom_data_type(dtid: int) ‑> data_type_t const *
get_custom_data_type(dtid) -> data_type_t Get definition of a registered custom data type.
get_custom_data_types(*args) ‑> int
get_custom_data_types(out, min_size=0, max_size=BADADDR) -> int Get list of registered custom data type ids.
get_data_elsize(ea: ea_t, F: flags64_t, ti: opinfo_t = None) ‑> asize_t
get_data_elsize(ea, F, ti=None) -> asize_t Get size of data type specified in flags 'F'.
word : 2
etc...
get_data_value(v: uval_t *, ea: ea_t, size: asize_t) ‑> bool
get_data_value(v, ea, size) -> bool Get the value at of the item at 'ea'. This function works with entities up to sizeof(ea_t) (bytes, word, etc)
get_db_byte(ea: ea_t) ‑> uchar
get_db_byte(ea) -> uchar Get one byte (8-bit) of the program at 'ea' from the database. Works even if the debugger is active. See also get_dbg_byte() to read the process memory directly. This function works only for 8bit byte processors.
get_default_radix() ‑> int
get_default_radix() -> int Get default base of number for the current processor.
get_dword(ea: ea_t) ‑> uint32
get_dword(ea) -> uint32 Get one dword (32-bit) of the program at 'ea'. This function takes into account order of bytes specified in idainfo::is_be() This function works only for 8bit byte processors.
get_enum_id(ea: ea_t, n: int) ‑> uchar *
get_enum_id(ea, n) -> tid_t Get enum id of 'enum' operand.
get_first_hidden_range() ‑> hidden_range_t *
get_first_hidden_range() -> hidden_range_t Get pointer to the first hidden range.
get_flags(ea: ea_t) ‑> flags64_t
get_flags(ea) -> flags64_t get flags with FF_IVL & MS_VAL. It is much slower under remote debugging because the kernel needs to read the process memory.
get_flags_by_size(size: size_t) ‑> flags64_t
get_flags_by_size(size) -> flags64_t Get flags from size (in bytes). Supported sizes: 1, 2, 4, 8, 16, 32. For other sizes returns 0
get_flags_ex(ea: ea_t, how: int) ‑> flags64_t
get_flags_ex(ea, how) -> flags64_t Get flags for the specified address, extended form.
get_forced_operand(ea: ea_t, n: int) ‑> qstring *
get_forced_operand(ea, n) -> str Get forced operand.
get_full_data_elsize(ea: ea_t, F: flags64_t, ti: opinfo_t = None) ‑> asize_t
get_full_data_elsize(ea, F, ti=None) -> asize_t Get full size of data type specified in flags 'F'. takes into account processors with wide bytes e.g. returns 2 for a byte element with 16-bit bytes
get_full_flags(ea: ea_t) ‑> flags64_t
get_full_flags(ea) -> flags64_t Get flags value for address 'ea'.
get_hidden_range(ea: ea_t) ‑> hidden_range_t *
get_hidden_range(ea) -> hidden_range_t Get pointer to hidden range structure, in: linear address.
get_hidden_range_num(ea: ea_t) ‑> int
get_hidden_range_num(ea) -> int Get number of a hidden range.
get_hidden_range_qty() ‑> int
get_hidden_range_qty() -> int Get number of hidden ranges.
get_item_end(ea: ea_t) ‑> ea_t
get_item_end(ea) -> ea_t Get the end address of the item at 'ea'. The returned address doesn't belong to the current item. Unexplored bytes are counted as 1 byte entities.
get_item_flag(_from: ea_t, n: int, ea: ea_t, appzero: bool) ‑> flags64_t
get_item_flag(_from, n, ea, appzero) -> flags64_t Get flag of the item at 'ea' even if it is a tail byte of some array or structure. This function is used to get flags of structure members or array elements.
get_item_head(ea: ea_t) ‑> ea_t
get_item_head(ea) -> ea_t Get the start address of the item at 'ea'. If there is no current item, then 'ea' will be returned (see definition at the end of bytes.hpp source)
get_item_refinfo(ri: refinfo_t, ea: ea_t, n: int) ‑> bool
get_item_refinfo(ri, ea, n) -> bool Get refinfo of the item at 'ea'. This function works for a regular offset operand as well as for a tail byte of a structure variable (in this case refinfo to corresponding structure member will be returned)
get_item_size(ea: ea_t) ‑> asize_t
get_item_size(ea) -> asize_t Get size of item (instruction/data) in bytes. Unexplored bytes have length of 1 byte. This function returns 0 only for BADADDR.
get_last_hidden_range() ‑> hidden_range_t *
get_last_hidden_range() -> hidden_range_t Get pointer to the last hidden range.
get_manual_insn(ea: ea_t) ‑> qstring *
get_manual_insn(ea) -> str Retrieve the user-specified string for the manual instruction.
get_mapping(n: size_t) ‑> ea_t *, ea_t *, asize_t *
get_mapping(n) -> bool Get memory mapping range by its number.
get_mappings_qty() ‑> size_t
get_mappings_qty() -> size_t Get number of mappings.
get_max_strlit_length(ea: ea_t, strtype: int32, options: int = 0) ‑> size_t
get_max_strlit_length(ea, strtype, options=0) -> size_t Determine maximum length of string literal.
If the string literal has a length prefix (e.g., STRTYPE_LEN2 has a two-byte length prefix), the length of that prefix (i.e., 2) will be part of the returned value.
get_next_hidden_range(ea: ea_t) ‑> hidden_range_t *
get_next_hidden_range(ea) -> hidden_range_t Get pointer to next hidden range.
get_octet(ogen: octet_generator_t) ‑> uchar *
get_octet(ogen) -> bool
get_operand_flag(typebits: uint8, n: int) ‑> flags64_t
get_operand_flag(typebits, n) -> flags64_t Place operand n's type flag in the right nibble of a 64-bit flags set.
get_operand_type_shift(n: uint32) ‑> int
get_operand_type_shift(n) -> int Get the shift in flags64_t for the nibble representing operand n's type
Note: n must be < UA_MAXOP, and is not checked
get_opinfo(buf: opinfo_t, ea: ea_t, n: int, flags: flags64_t) ‑> opinfo_t *
get_opinfo(buf, ea, n, flags) -> opinfo_t Get additional information about an operand representation.
get_optype_flags0(F: flags64_t) ‑> flags64_t
get_optype_flags0(F) -> flags64_t Get flags for first operand.
get_optype_flags1(F: flags64_t) ‑> flags64_t
get_optype_flags1(F) -> flags64_t Get flags for second operand.
get_original_byte(ea: ea_t) ‑> uint64
get_original_byte(ea) -> uint64 Get original byte value (that was before patching). This function works for wide byte processors too.
get_original_dword(ea: ea_t) ‑> uint64
get_original_dword(ea) -> uint64 Get original dword (that was before patching) This function works for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be()
get_original_qword(ea: ea_t) ‑> uint64
get_original_qword(ea) -> uint64 Get original qword value (that was before patching) This function DOESN'T work for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be()
get_original_word(ea: ea_t) ‑> uint64
get_original_word(ea) -> uint64 Get original word value (that was before patching). This function works for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be()
get_possible_item_varsize(ea: ea_t, tif: tinfo_t) ‑> asize_t
get_possible_item_varsize(ea, tif) -> asize_t Return the possible size of the item at EA of type TIF if TIF is the variable structure.
get_predef_insn_cmt(ins: insn_t const &) ‑> qstring *
get_predef_insn_cmt(ins) -> str Get predefined comment.
get_prev_hidden_range(ea: ea_t) ‑> hidden_range_t *
get_prev_hidden_range(ea) -> hidden_range_t Get pointer to previous hidden range.
get_qword(ea: ea_t) ‑> uint64
get_qword(ea) -> uint64 Get one qword (64-bit) of the program at 'ea'. This function takes into account order of bytes specified in idainfo::is_be() This function works only for 8bit byte processors.
get_radix(F: flags64_t, n: int) ‑> int
get_radix(F, n) -> int Get radix of the operand, in: flags. If the operand is not a number, returns get_default_radix()
get_strlit_contents(ea: ea_t, py_len: PyObject *, type: int32, flags: int = 0) ‑> PyObject *
get_strlit_contents(ea, py_len, type, flags=0) -> PyObject Get contents of string literal, as UTF-8-encoded codepoints. It works even if the string has not been created in the database yet.
Note that the returned value will be of type 'bytes'; if you want auto-conversion to unicode strings (that is: real Python strings), you should probably be using the idautils.Strings class.
get_stroff_path(path: tid_t *, delta: adiff_t *, ea: ea_t, n: int) ‑> int
get_stroff_path(path, delta, ea, n) -> int Get struct path of operand.
get_wide_byte(ea: ea_t) ‑> uint64
get_wide_byte(ea) -> uint64 Get one wide byte of the program at 'ea'. Some processors may access more than 8bit quantity at an address. These processors have 32-bit byte organization from the IDA's point of view.
get_wide_dword(ea: ea_t) ‑> uint64
get_wide_dword(ea) -> uint64 Get two wide words (4 'bytes') of the program at 'ea'. Some processors may access more than 8bit quantity at an address. These processors have 32-bit byte organization from the IDA's point of view. This function takes into account order of bytes specified in idainfo::is_be() note: this function works incorrectly if processor_t::nbits > 16
get_wide_word(ea: ea_t) ‑> uint64
get_wide_word(ea) -> uint64 Get one wide word (2 'byte') of the program at 'ea'. Some processors may access more than 8bit quantity at an address. These processors have 32-bit byte organization from the IDA's point of view. This function takes into account order of bytes specified in idainfo::is_be()
get_word(ea: ea_t) ‑> ushort
get_word(ea) -> ushort Get one word (16-bit) of the program at 'ea'. This function takes into account order of bytes specified in idainfo::is_be() This function works only for 8bit byte processors.
get_zero_ranges(zranges: rangeset_t, range: range_t) ‑> bool
get_zero_ranges(zranges, range) -> bool Return set of ranges with zero initialized bytes. The returned set includes only big zero initialized ranges (at least >1KB). Some zero initialized byte ranges may be not included. Only zero bytes that use the sparse storage method (STT_MM) are reported.
getn_hidden_range(n: int) ‑> hidden_range_t *
getn_hidden_range(n) -> hidden_range_t Get pointer to hidden range structure, in: number of hidden range.
has_any_name(F: flags64_t) ‑> bool
has_any_name(F) -> bool Does the current byte have any name?
has_auto_name(F: flags64_t) ‑> bool
has_auto_name(F) -> bool Does the current byte have auto-generated (no special prefix) name?
has_cmt(F: flags64_t) ‑> bool
has_cmt(F) -> bool Does the current byte have an indented comment?
has_dummy_name(F: flags64_t) ‑> bool
has_dummy_name(F) -> bool Does the current byte have dummy (auto-generated, with special prefix) name?
has_extra_cmts(F: flags64_t) ‑> bool
has_extra_cmts(F) -> bool Does the current byte have additional anterior or posterior lines?
has_immd(F: flags64_t) ‑> bool
has_immd(F) -> bool Has immediate value?
has_name(F: flags64_t) ‑> bool
has_name(F) -> bool Does the current byte have non-trivial (non-dummy) name?
has_user_name(F: flags64_t) ‑> bool
has_user_name(F) -> bool Does the current byte have user-specified name?
has_value(F: flags64_t) ‑> bool
has_value(F) -> bool Do flags contain byte value?
has_xref(F: flags64_t) ‑> bool
has_xref(F) -> bool Does the current byte have cross-references to it?
hex_flag() ‑> flags64_t
hex_flag() -> flags64_t Get number flag of the base, regardless of current processor - better to use num_flag()
is_align(F: flags64_t) ‑> bool
is_align(F) -> bool FF_ALIGN
is_attached_custom_data_format(dtid: int, dfid: int) ‑> bool
is_attached_custom_data_format(dtid, dfid) -> bool Is the custom data format attached to the custom data type?
is_bnot(ea: ea_t, F: flags64_t, n: int) ‑> bool
is_bnot(ea, F, n) -> bool Should we negate the operand?. asm_t::a_bnot should be defined in the idp module in order to work with this function
is_byte(F: flags64_t) ‑> bool
is_byte(F) -> bool FF_BYTE
is_char(F: flags64_t, n: int) ‑> bool
is_char(F, n) -> bool is character constant?
is_char0(F: flags64_t) ‑> bool
is_char0(F) -> bool Is the first operand character constant? (example: push 'a')
is_char1(F: flags64_t) ‑> bool
is_char1(F) -> bool Is the second operand character constant? (example: mov al, 'a')
is_code(F: flags64_t) ‑> bool
is_code(F) -> bool Does flag denote start of an instruction?
is_custfmt(F: flags64_t, n: int) ‑> bool
is_custfmt(F, n) -> bool is custom data format?
is_custfmt0(F: flags64_t) ‑> bool
is_custfmt0(F) -> bool Does the first operand use a custom data representation?
is_custfmt1(F: flags64_t) ‑> bool
is_custfmt1(F) -> bool Does the second operand use a custom data representation?
is_custom(F: flags64_t) ‑> bool
is_custom(F) -> bool FF_CUSTOM
is_data(F: flags64_t) ‑> bool
is_data(F) -> bool Does flag denote start of data?
is_defarg(F: flags64_t, n: int) ‑> bool
is_defarg(F, n) -> bool is defined?
is_defarg0(F: flags64_t) ‑> bool
is_defarg0(F) -> bool Is the first operand defined? Initially operand has no defined representation.
is_defarg1(F: flags64_t) ‑> bool
is_defarg1(F) -> bool Is the second operand defined? Initially operand has no defined representation.
is_double(F: flags64_t) ‑> bool
is_double(F) -> bool FF_DOUBLE
is_dword(F: flags64_t) ‑> bool
is_dword(F) -> bool FF_DWORD
is_enum(F: flags64_t, n: int) ‑> bool
is_enum(F, n) -> bool is enum?
is_enum0(F: flags64_t) ‑> bool
is_enum0(F) -> bool Is the first operand a symbolic constant (enum member)?
is_enum1(F: flags64_t) ‑> bool
is_enum1(F) -> bool Is the second operand a symbolic constant (enum member)?
is_flag_for_operand(F: flags64_t, typebits: uint8, n: int) ‑> bool
is_flag_for_operand(F, typebits, n) -> bool Check that the 64-bit flags set has the expected type for operand n.
is_float(F: flags64_t) ‑> bool
is_float(F) -> bool FF_FLOAT
is_float0(F: flags64_t) ‑> bool
is_float0(F) -> bool Is the first operand a floating point number?
is_float1(F: flags64_t) ‑> bool
is_float1(F) -> bool Is the second operand a floating point number?
is_flow(F: flags64_t) ‑> bool
is_flow(F) -> bool Does the previous instruction exist and pass execution flow to the current byte?
is_fltnum(F: flags64_t, n: int) ‑> bool
is_fltnum(F, n) -> bool is floating point number?
is_forced_operand(ea: ea_t, n: int) ‑> bool
is_forced_operand(ea, n) -> bool Is operand manually defined?.
is_func(F: flags64_t) ‑> bool
is_func(F) -> bool Is function start?
is_head(F: flags64_t) ‑> bool
is_head(F) -> bool Does flag denote start of instruction OR data?
is_invsign(ea: ea_t, F: flags64_t, n: int) ‑> bool
is_invsign(ea, F, n) -> bool Should sign of n-th operand inverted during output?. allowed values of n: 0-first operand, 1-other operands
is_loaded(ea: ea_t) ‑> bool
is_loaded(ea) -> bool Does the specified address have a byte value (is initialized?)
is_lzero(ea: ea_t, n: int) ‑> bool
is_lzero(ea, n) -> bool Display leading zeroes? Display leading zeroes in operands. The global switch for the leading zeroes is in idainfo::s_genflags Note: the leading zeroes doesn't work if for the target assembler octal numbers start with 0.
is_manual(F: flags64_t, n: int) ‑> bool
is_manual(F, n) -> bool is forced operand? (use is_forced_operand())
is_manual_insn(ea: ea_t) ‑> bool
is_manual_insn(ea) -> bool Is the instruction overridden?
is_mapped(ea: ea_t) ‑> bool
is_mapped(ea) -> bool Is the specified address 'ea' present in the program?
is_not_tail(F: flags64_t) ‑> bool
is_not_tail(F) -> bool Does flag denote tail byte?
is_numop(F: flags64_t, n: int) ‑> bool
is_numop(F, n) -> bool is number (bin, oct, dec, hex)?
is_numop0(F: flags64_t) ‑> bool
is_numop0(F) -> bool Is the first operand a number (i.e. binary, octal, decimal or hex?)
is_numop1(F: flags64_t) ‑> bool
is_numop1(F) -> bool Is the second operand a number (i.e. binary, octal, decimal or hex?)
is_off(F: flags64_t, n: int) ‑> bool
is_off(F, n) -> bool is offset?
is_off0(F: flags64_t) ‑> bool
is_off0(F) -> bool Is the first operand offset? (example: push offset xxx)
is_off1(F: flags64_t) ‑> bool
is_off1(F) -> bool Is the second operand offset? (example: mov ax, offset xxx)
is_oword(F: flags64_t) ‑> bool
is_oword(F) -> bool FF_OWORD
is_pack_real(F: flags64_t) ‑> bool
is_pack_real(F) -> bool FF_PACKREAL
is_qword(F: flags64_t) ‑> bool
is_qword(F) -> bool FF_QWORD
is_same_data_type(F1: flags64_t, F2: flags64_t) ‑> bool
is_same_data_type(F1, F2) -> bool Do the given flags specify the same data type?
is_seg(F: flags64_t, n: int) ‑> bool
is_seg(F, n) -> bool is segment?
is_seg0(F: flags64_t) ‑> bool
is_seg0(F) -> bool Is the first operand segment selector? (example: push seg seg001)
is_seg1(F: flags64_t) ‑> bool
is_seg1(F) -> bool Is the second operand segment selector? (example: mov dx, seg dseg)
is_stkvar(F: flags64_t, n: int) ‑> bool
is_stkvar(F, n) -> bool is stack variable?
is_stkvar0(F: flags64_t) ‑> bool
is_stkvar0(F) -> bool Is the first operand a stack variable?
is_stkvar1(F: flags64_t) ‑> bool
is_stkvar1(F) -> bool Is the second operand a stack variable?
is_strlit(F: flags64_t) ‑> bool
is_strlit(F) -> bool FF_STRLIT
is_stroff(F: flags64_t, n: int) ‑> bool
is_stroff(F, n) -> bool is struct offset?
is_stroff0(F: flags64_t) ‑> bool
is_stroff0(F) -> bool Is the first operand an offset within a struct?
is_stroff1(F: flags64_t) ‑> bool
is_stroff1(F) -> bool Is the second operand an offset within a struct?
is_struct(F: flags64_t) ‑> bool
is_struct(F) -> bool FF_STRUCT
is_suspop(ea: ea_t, F: flags64_t, n: int) ‑> bool
is_suspop(ea, F, n) -> bool is suspicious operand?
is_tail(F: flags64_t) ‑> bool
is_tail(F) -> bool Does flag denote tail byte?
is_tbyte(F: flags64_t) ‑> bool
is_tbyte(F) -> bool FF_TBYTE
is_unknown(F: flags64_t) ‑> bool
is_unknown(F) -> bool Does flag denote unexplored byte?
is_varsize_item(ea: ea_t, F: flags64_t, ti: opinfo_t = None, itemsize: asize_t * = None) ‑> int
is_varsize_item(ea, F, ti=None, itemsize=None) -> int Is the item at 'ea' variable size?.
is_word(F: flags64_t) ‑> bool
is_word(F) -> bool FF_WORD
is_yword(F: flags64_t) ‑> bool
is_yword(F) -> bool FF_YWORD
is_zword(F: flags64_t) ‑> bool
is_zword(F) -> bool FF_ZWORD
leading_zero_important(ea: ea_t, n: int) ‑> bool
leading_zero_important(ea, n) -> bool Check if leading zeroes are important.
nbits(ea: ea_t) ‑> int
nbits(ea) -> int Get number of bits in a byte at the given address.
next_addr(ea: ea_t) ‑> ea_t
next_addr(ea) -> ea_t Get next address in the program (i.e. next address which has flags).
next_chunk(ea: ea_t) ‑> ea_t
next_chunk(ea) -> ea_t Get the first address of next contiguous chunk in the program.
next_head(ea: ea_t, maxea: ea_t) ‑> ea_t
next_head(ea, maxea) -> ea_t Get start of next defined item.
next_inited(ea: ea_t, maxea: ea_t) ‑> ea_t
next_inited(ea, maxea) -> ea_t Find the next initialized address.
next_not_tail(ea: ea_t) ‑> ea_t
next_not_tail(ea) -> ea_t Get address of next non-tail byte.
next_that(ea: ea_t, maxea: ea_t, testf: testf_t *) ‑> ea_t
next_that(ea, maxea, testf) -> ea_t Find next address with a flag satisfying the function 'testf'. note: do not pass is_unknown() to this function to find unexplored bytes. It will fail under the debugger. To find unexplored bytes, use next_unknown().
next_unknown(ea: ea_t, maxea: ea_t) ‑> ea_t
next_unknown(ea, maxea) -> ea_t Similar to next_that(), but will find the next address that is unexplored.
next_visea(ea: ea_t) ‑> ea_t
next_visea(ea) -> ea_t Get next visible address.
num_flag() ‑> flags64_t
num_flag() -> flags64_t Get number of default base (bin, oct, dec, hex)
oct_flag() ‑> flags64_t
oct_flag() -> flags64_t Get number flag of the base, regardless of current processor - better to use num_flag()
off_flag() ‑> flags64_t
off_flag() -> flags64_t see FF_opbits
op_adds_xrefs(F: flags64_t, n: int) ‑> bool
op_adds_xrefs(F, n) -> bool Should processor module create xrefs from the operand?. Currently 'offset' and 'structure offset' operands create xrefs
op_based_stroff(insn: insn_t const &, n: int, opval: adiff_t, base: ea_t) ‑> bool
op_based_stroff(insn, n, opval, base) -> bool Set operand representation to be 'struct offset' if the operand likely points to a structure member. For example, let's there is a structure at 1000 1000 stru_1000 Elf32_Sym <...> the operand #8 will be represented as '#Elf32_Sym.st_size' after the call of 'op_based_stroff(..., 8, 0x1000)' By the way, after the call of 'op_plain_offset(..., 0x1000)' it will be represented as '#(stru_1000.st_size - 0x1000)'
op_bin(ea: ea_t, n: int) ‑> bool
op_bin(ea, n) -> bool set op type to bin_flag()
op_chr(ea: ea_t, n: int) ‑> bool
op_chr(ea, n) -> bool set op type to char_flag()
op_custfmt(ea: ea_t, n: int, fid: int) ‑> bool
op_custfmt(ea, n, fid) -> bool Set custom data format for operand (fid-custom data format id)
op_dec(ea: ea_t, n: int) ‑> bool
op_dec(ea, n) -> bool set op type to dec_flag()
op_enum(ea: ea_t, n: int, id: tid_t, serial: uchar = 0) ‑> bool
op_enum(ea, n, id, serial=0) -> bool Set operand representation to be enum type If applied to unexplored bytes, converts them to 16/32bit word data
op_flt(ea: ea_t, n: int) ‑> bool
op_flt(ea, n) -> bool set op type to flt_flag()
op_hex(ea: ea_t, n: int) ‑> bool
op_hex(ea, n) -> bool set op type to hex_flag()
op_num(ea: ea_t, n: int) ‑> bool
op_num(ea, n) -> bool set op type to num_flag()
op_oct(ea: ea_t, n: int) ‑> bool
op_oct(ea, n) -> bool set op type to oct_flag()
op_seg(ea: ea_t, n: int) ‑> bool
op_seg(ea, n) -> bool Set operand representation to be 'segment'. If applied to unexplored bytes, converts them to 16/32bit word data
op_stkvar(ea: ea_t, n: int) ‑> bool
op_stkvar(ea, n) -> bool Set operand representation to be 'stack variable'. Should be applied to an instruction within a function. Should be applied after creating a stack var using insn_t::create_stkvar().
op_stroff(*args) ‑> bool
op_stroff(insn, n, path, path_len, delta) -> bool Set operand representation to be 'struct offset'.
op_stroff(insn, n, path, delta) -> bool
oword_flag() ‑> flags64_t
oword_flag() -> flags64_t Get a flags64_t representing a octaword.
packreal_flag() ‑> flags64_t
packreal_flag() -> flags64_t Get a flags64_t representing a packed decimal real.
parse_binpat_str(out: compiled_binpat_vec_t, ea: ea_t, _in: char const *, radix: int, strlits_encoding: int = 0) ‑> bool
parse_binpat_str(out, ea, _in, radix, strlits_encoding=0) -> bool Convert user-specified binary string to internal representation. The 'in' parameter contains space-separated tokens:
numbers (numeric base is determined by 'radix')
if value of number fits a byte, it is considered as a byte
if value of number fits a word, it is considered as 2 bytes
if value of number fits a dword,it is considered as 4 bytes
"..." string constants
'x' single-character constants
? variable bytes
Note that string constants are surrounded with double quotes.
Here are a few examples (assuming base 16): CD 21 - bytes 0xCD, 0x21 21CD - bytes 0xCD, 0x21 (little endian ) or 0x21, 0xCD (big-endian) "Hello", 0 - the null terminated string "Hello" L"Hello" - 'H', 0, 'e', 0, 'l', 0, 'l', 0, 'o', 0 B8 ? ? ? ? 90 - byte 0xB8, 4 bytes with any value, byte 0x90
patch_byte(ea: ea_t, x: uint64) ‑> bool
patch_byte(ea, x) -> bool Patch a byte of the program. The original value of the byte is saved and can be obtained by get_original_byte(). This function works for wide byte processors too. retval true: the database has been modified, retval false: the debugger is running and the process' memory has value 'x' at address 'ea', or the debugger is not running, and the IDB has value 'x' at address 'ea already.
patch_bytes(ea: ea_t, buf: void const *) ‑> void
patch_bytes(ea, buf) Patch the specified number of bytes of the program. Original values of bytes are saved and are available with get_original...() functions. See also put_bytes().
patch_dword(ea: ea_t, x: uint64) ‑> bool
patch_dword(ea, x) -> bool Patch a dword of the program. The original value of the dword is saved and can be obtained by get_original_dword(). This function DOESN'T work for wide byte processors. This function takes into account order of bytes specified in idainfo::is_be() retval true: the database has been modified, retval false: the debugger is running and the process' memory has value 'x' at address 'ea', or the debugger is not running, and the IDB has value 'x' at address 'ea already.
patch_qword(ea: ea_t, x: uint64) ‑> bool
patch_qword(ea, x) -> bool Patch a qword of the program. The original value of the qword is saved and can be obtained by get_original_qword(). This function DOESN'T work for wide byte processors. This function takes into account order of bytes specified in idainfo::is_be() retval true: the database has been modified, retval false: the debugger is running and the process' memory has value 'x' at address 'ea', or the debugger is not running, and the IDB has value 'x' at address 'ea already.
patch_word(ea: ea_t, x: uint64) ‑> bool
patch_word(ea, x) -> bool Patch a word of the program. The original value of the word is saved and can be obtained by get_original_word(). This function works for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be() retval true: the database has been modified, retval false: the debugger is running and the process' memory has value 'x' at address 'ea', or the debugger is not running, and the IDB has value 'x' at address 'ea already.
prev_addr(ea: ea_t) ‑> ea_t
prev_addr(ea) -> ea_t Get previous address in the program.
prev_chunk(ea: ea_t) ‑> ea_t
prev_chunk(ea) -> ea_t Get the last address of previous contiguous chunk in the program.
prev_head(ea: ea_t, minea: ea_t) ‑> ea_t
prev_head(ea, minea) -> ea_t Get start of previous defined item.
prev_inited(ea: ea_t, minea: ea_t) ‑> ea_t
prev_inited(ea, minea) -> ea_t Find the previous initialized address.
prev_not_tail(ea: ea_t) ‑> ea_t
prev_not_tail(ea) -> ea_t Get address of previous non-tail byte.
prev_that(ea: ea_t, minea: ea_t, testf: testf_t *) ‑> ea_t
prev_that(ea, minea, testf) -> ea_t Find previous address with a flag satisfying the function 'testf'. note: do not pass is_unknown() to this function to find unexplored bytes It will fail under the debugger. To find unexplored bytes, use prev_unknown().
prev_unknown(ea: ea_t, minea: ea_t) ‑> ea_t
prev_unknown(ea, minea) -> ea_t Similar to prev_that(), but will find the previous address that is unexplored.
prev_visea(ea: ea_t) ‑> ea_t
prev_visea(ea) -> ea_t Get previous visible address.
print_strlit_type(strtype: int32, flags: int = 0) ‑> PyObject *
print_strlit_type(strtype, flags=0) -> PyObject Get string type information: the string type name (possibly decorated with hotkey markers), and the tooltip.
put_byte(ea: ea_t, x: uint64) ‑> bool
put_byte(ea, x) -> bool Set value of one byte of the program. This function modifies the database. If the debugger is active then the debugged process memory is patched too. note: The original value of the byte is completely lost and can't be recovered by the get_original_byte() function. See also put_dbg_byte() to write to the process memory directly when the debugger is active. This function can handle wide byte processors.
put_bytes(ea: ea_t, buf: void const *) ‑> void
put_bytes(ea, buf) Modify the specified number of bytes of the program. This function does not save the original values of bytes. See also patch_bytes().
put_dword(ea: ea_t, x: uint64) ‑> void
put_dword(ea, x) Set value of one dword of the program. This function takes into account order of bytes specified in idainfo::is_be() This function works for wide byte processors too.
put_qword(ea: ea_t, x: uint64) ‑> void
put_qword(ea, x) Set value of one qword (8 bytes) of the program. This function takes into account order of bytes specified in idainfo::is_be() This function DOESN'T works for wide byte processors.
put_word(ea: ea_t, x: uint64) ‑> void
put_word(ea, x) Set value of one word of the program. This function takes into account order of bytes specified in idainfo::is_be() This function works for wide byte processors too. note: The original value of the word is completely lost and can't be recovered by the get_original_word() function. ea - linear address x - word value
qword_flag() ‑> flags64_t
qword_flag() -> flags64_t Get a flags64_t representing a quad word.
register_custom_data_format(py_df: PyObject *) ‑> int
register_custom_data_format(py_df) -> int Registers a custom data format with a given data type.
register_custom_data_type(py_dt: PyObject *) ‑> int
register_custom_data_type(py_dt) -> int Registers a custom data type.
register_data_types_and_formats(formats)
Registers multiple data types and formats at once. To register one type/format at a time use register_custom_data_type/register_custom_data_format
It employs a special table of types and formats described below:
The 'formats' is a list of tuples. If a tuple has one element then it is the format to be registered with dtid=0 If the tuple has more than one element, then tuple[0] is the data type and tuple[1:] are the data formats. For example: many_formats = [ (pascal_data_type(), pascal_data_format()), (simplevm_data_type(), simplevm_data_format()), (makedword_data_format(),), (simplevm_data_format(),) ] The first two tuples describe data types and their associated formats. The last two tuples describe two data formats to be used with built-in data types. The data format may be attached to several data types. The id of the data format is stored in the first data_format_t object. For example: assert many_formats[1][1] != -1 assert many_formats[2][0] != -1 assert many_formats[3][0] == -1
revert_byte(ea: ea_t) ‑> bool
revert_byte(ea) -> bool Revert patched byte retval true: byte was patched before and reverted now
seg_flag() ‑> flags64_t
seg_flag() -> flags64_t see FF_opbits
set_cmt(ea: ea_t, comm: char const *, rptble: bool) ‑> bool
set_cmt(ea, comm, rptble) -> bool Set an indented comment.
nullptr: do nothing (return 0)
"" : delete comment rptble: (C++: bool) is repeatable? return: success
set_forced_operand(ea: ea_t, n: int, op: char const *) ‑> bool
set_forced_operand(ea, n, op) -> bool Set forced operand.
nullptr: do nothing (return 0)
"" : delete forced operand return: success
set_immd(ea: ea_t) ‑> bool
set_immd(ea) -> bool Set 'has immediate operand' flag. Returns true if the FF_IMMD bit was not set and now is set
set_lzero(ea: ea_t, n: int) ‑> bool
set_lzero(ea, n) -> bool Set toggle lzero bit. This function changes the display of leading zeroes for the specified operand. If the default is not to display leading zeroes, this function will display them and vice versa.
set_manual_insn(ea: ea_t, manual_insn: char const *) ‑> void
set_manual_insn(ea, manual_insn) Set manual instruction string.
set_op_type(ea: ea_t, type: flags64_t, n: int) ‑> bool
set_op_type(ea, type, n) -> bool (internal function) change representation of operand(s).
set_opinfo(ea: ea_t, n: int, flag: flags64_t, ti: opinfo_t, suppress_events: bool = False) ‑> bool
set_opinfo(ea, n, flag, ti, suppress_events=False) -> bool Set additional information about an operand representation. This function is a low level one. Only the kernel should use it.
stkvar_flag() ‑> flags64_t
stkvar_flag() -> flags64_t see FF_opbits
strlit_flag() ‑> flags64_t
strlit_flag() -> flags64_t Get a flags64_t representing a string literal.
stroff_flag() ‑> flags64_t
stroff_flag() -> flags64_t see FF_opbits
stru_flag() ‑> flags64_t
stru_flag() -> flags64_t Get a flags64_t representing a struct.
tbyte_flag() ‑> flags64_t
tbyte_flag() -> flags64_t Get a flags64_t representing a tbyte.
toggle_bnot(ea: ea_t, n: int) ‑> bool
toggle_bnot(ea, n) -> bool Toggle binary negation of operand. also see is_bnot()
toggle_lzero(ea: ea_t, n: int) ‑> bool
toggle_lzero(ea, n) -> bool Toggle lzero bit.
toggle_sign(ea: ea_t, n: int) ‑> bool
toggle_sign(ea, n) -> bool Toggle sign of n-th operand. allowed values of n: 0-first operand, 1-other operands
unregister_custom_data_format(dfid: int) ‑> bool
unregister_custom_data_format(dfid) -> bool Unregisters a custom data format
unregister_custom_data_type(dtid: int) ‑> bool
unregister_custom_data_type(dtid) -> bool Unregisters a custom data type.
unregister_data_types_and_formats(formats)
As opposed to register_data_types_and_formats(), this function unregisters multiple data types and formats at once.
update_hidden_range(ha: hidden_range_t) ‑> bool
update_hidden_range(ha) -> bool Update hidden range information in the database. You cannot use this function to change the range boundaries
use_mapping(ea: ea_t) ‑> ea_t
use_mapping(ea) -> ea_t Translate address according to current mappings.
visit_patched_bytes(ea1: ea_t, ea2: ea_t, py_callable: PyObject *) ‑> int
visit_patched_bytes(ea1, ea2, py_callable) -> int Enumerates patched bytes in the given range and invokes a callable
word_flag() ‑> flags64_t
word_flag() -> flags64_t Get a flags64_t representing a word.
yword_flag() ‑> flags64_t
yword_flag() -> flags64_t Get a flags64_t representing a ymm word.
zword_flag() ‑> flags64_t
zword_flag() -> flags64_t Get a flags64_t representing a zmm word.
Classes
compiled_binpat_t()
: Proxy of C++ compiled_binpat_t class.
Instance variables
bytes: bytevec_t
bytes
encidx: int
encidx
mask: bytevec_t
mask
strlits: rangevec_t
strlits
Methods
all_bytes_defined(self) ‑> bool all_bytes_defined(self) -> bool
qclear(self) ‑> void qclear(self)
compiled_binpat_vec_t(*args)
: Proxy of C++ qvector< compiled_binpat_t > class.
Methods
add_unique(self, x: compiled_binpat_t) ‑> bool add_unique(self, x) -> bool
x: compiled_binpat_t const &
at(self, _idx: size_t) ‑> compiled_binpat_t const & at(self, _idx) -> compiled_binpat_t
_idx: size_t
back(self)
begin(self, *args) ‑> qvector< compiled_binpat_t >::const_iterator begin(self) -> compiled_binpat_t
capacity(self) ‑> size_t capacity(self) -> size_t
clear(self) ‑> void clear(self)
empty(self) ‑> bool empty(self) -> bool
end(self, *args) ‑> qvector< compiled_binpat_t >::const_iterator end(self) -> compiled_binpat_t
erase(self, *args) ‑> qvector< compiled_binpat_t >::iterator erase(self, it) -> compiled_binpat_t
it: qvector< compiled_binpat_t >::iterator
erase(self, first, last) -> compiled_binpat_t
first: qvector< compiled_binpat_t >::iterator last: qvector< compiled_binpat_t >::iterator
extract(self) ‑> compiled_binpat_t * extract(self) -> compiled_binpat_t
find(self, *args) ‑> qvector< compiled_binpat_t >::const_iterator find(self, x) -> compiled_binpat_t
x: compiled_binpat_t const &
front(self)
grow(self, *args) ‑> void grow(self, x=compiled_binpat_t())
x: compiled_binpat_t const &
has(self, x: compiled_binpat_t) ‑> bool has(self, x) -> bool
x: compiled_binpat_t const &
inject(self, s: compiled_binpat_t, len: size_t) ‑> void inject(self, s, len)
s: compiled_binpat_t * len: size_t
insert(self, it: compiled_binpat_t, x: compiled_binpat_t) ‑> qvector< compiled_binpat_t >::iterator insert(self, it, x) -> compiled_binpat_t
it: qvector< compiled_binpat_t >::iterator x: compiled_binpat_t const &
pop_back(self) ‑> void pop_back(self)
push_back(self, *args) ‑> compiled_binpat_t & push_back(self, x)
x: compiled_binpat_t const &
push_back(self) -> compiled_binpat_t
qclear(self) ‑> void qclear(self)
reserve(self, cnt: size_t) ‑> void reserve(self, cnt)
cnt: size_t
resize(self, *args) ‑> void resize(self, _newsize, x)
_newsize: size_t x: compiled_binpat_t const &
resize(self, _newsize)
_newsize: size_t
size(self) ‑> size_t size(self) -> size_t
swap(self, r: compiled_binpat_vec_t) ‑> void swap(self, r)
r: qvector< compiled_binpat_t > &
truncate(self) ‑> void truncate(self)
data_format_t(*args)
: Proxy of C++ data_format_t class.
Instance variables
hotkey: char const *
hotkey
id: int
__get_id(self) -> int
menu_name: char const *
menu_name
name: char const *
name
props: int
props
text_width: int32
text_width
value_size: asize_t
value_size
Methods
is_present_in_menus(self) ‑> bool is_present_in_menus(self) -> bool Should this format be shown in UI menus
return: success
data_type_t(*args)
: Proxy of C++ data_type_t class.
Instance variables
asm_keyword: char const *
asm_keyword
hotkey: char const *
hotkey
id: int
__get_id(self) -> int
menu_name: char const *
menu_name
name: char const *
name
props: int
props
value_size: asize_t
value_size
Methods
is_present_in_menus(self) ‑> bool is_present_in_menus(self) -> bool Should this type be shown in UI menus
return: success
hidden_range_t()
: Proxy of C++ hidden_range_t class.
Ancestors (in MRO)
Instance variables
color: bgcolor_t
color
description: char *
description
footer: char *
footer
header: char *
header
visible: bool
visible
octet_generator_t(_ea: ea_t)
: Proxy of C++ octet_generator_t class.
Instance variables
avail_bits: int
avail_bits
ea: ea_t
ea
high_byte_first: bool
high_byte_first
value: uint64
value
Methods
invert_byte_order(self) ‑> void invert_byte_order(self)
Last updated