Module ida_funcs
This file also contains routines for working with library signatures (e.g. FLIRT).
Each function consists of function chunks. At least one function chunk must be present in the function definition - the function entry chunk. Other chunks are called function tails. There may be several of them for a function.
A function tail is a continuous range of addresses. It can be used in the definition of one or more functions. One function using the tail is singled out and called the tail owner. This function is considered as 'possessing' the tail. get_func() on a tail address will return the function possessing the tail. You can enumerate the functions using the tail by using func_parent_iterator_t.
Each function chunk in the disassembly is represented as an "range" (a range of addresses, see range.hpp for details) with characteristics.
A function entry must start with an instruction (code) byte.
Global Variables
FIND_FUNC_DEFINE
FIND_FUNC_EXIST
FIND_FUNC_IGNOREFN
FIND_FUNC_KEEPBD
FIND_FUNC_NORMAL
FIND_FUNC_OK
FIND_FUNC_UNDEF
FUNC_BOTTOMBP
FUNC_CATCH
FUNC_FAR
FUNC_FRAME
FUNC_FUZZY_SP
FUNC_HIDDEN
FUNC_LIB
FUNC_LUMINA
FUNC_NORET
FUNC_NORET_PENDING
FUNC_OUTLINE
FUNC_PROLOG_OK
FUNC_PURGED_OK
FUNC_REANALYZE
FUNC_SP_READY
FUNC_STATICDEF
FUNC_TAIL
FUNC_THUNK
FUNC_UNWIND
FUNC_USERFAR
IDASGN_APPLIED
IDASGN_BADARG
IDASGN_CURRENT
IDASGN_OK
IDASGN_PLANNED
LIBFUNC_DELAY
LIBFUNC_FOUND
LIBFUNC_NONE
MOVE_FUNC_BADSTART
MOVE_FUNC_NOCODE
MOVE_FUNC_NOFUNC
MOVE_FUNC_OK
MOVE_FUNC_REFUSED
Functions
add_func(*args) ‑> bool
add_func(ea1, ea2=BADADDR) -> bool Add a new function. If the function end address is BADADDR, then IDA will try to determine the function bounds by calling find_func_bounds(..., FIND_FUNC_DEFINE).
add_func_ex(pfn: func_t) ‑> bool
add_func_ex(pfn) -> bool Add a new function. If the fn->end_ea is BADADDR, then IDA will try to determine the function bounds by calling find_func_bounds(..., FIND_FUNC_DEFINE).
add_regarg(pfn: func_t, reg: int, tif: tinfo_t, name: char const *) ‑> void
add_regarg(pfn, reg, tif, name)
append_func_tail(pfn: func_t, ea1: ea_t, ea2: ea_t) ‑> bool
append_func_tail(pfn, ea1, ea2) -> bool Append a new tail chunk to the function definition. If the tail already exists, then it will simply be added to the function tail list Otherwise a new tail will be created and its owner will be set to be our function If a new tail cannot be created, then this function will fail.
apply_idasgn_to(signame: char const *, ea: ea_t, is_startup: bool) ‑> int
apply_idasgn_to(signame, ea, is_startup) -> int Apply a signature file to the specified address.
apply_startup_sig(ea: ea_t, startup: char const *) ‑> bool
apply_startup_sig(ea, startup) -> bool Apply a startup signature file to the specified address.
calc_func_size(pfn: func_t) ‑> asize_t
calc_func_size(pfn) -> asize_t Calculate function size. This function takes into account all fragments of the function.
calc_idasgn_state(n: int) ‑> int
calc_idasgn_state(n) -> int Get state of a signature in the list of planned signatures
calc_thunk_func_target(*args)
calc_thunk_func_target(pfn) -> ea_t Calculate target of a thunk function.
del_func(ea: ea_t) ‑> bool
del_func(ea) -> bool Delete a function.
del_idasgn(n: int) ‑> int
del_idasgn(n) -> int Remove signature from the list of planned signatures.
f_any(arg1: flags64_t, arg2: void *) ‑> bool
f_any(arg1, arg2) -> bool Helper function to accept any address.
find_func_bounds(nfn: func_t, flags: int) ‑> int
find_func_bounds(nfn, flags) -> int Determine the boundaries of a new function. This function tries to find the start and end addresses of a new function. It calls the module with processor_t::func_bounds in order to fine tune the function boundaries.
free_regarg(v: regarg_t) ‑> void
free_regarg(v)
func_contains(pfn: func_t, ea: ea_t) ‑> bool
func_contains(pfn, ea) -> bool Does the given function contain the given address?
func_does_return(callee: ea_t) ‑> bool
func_does_return(callee) -> bool Does the function return?. To calculate the answer, FUNC_NORET flag and is_noret() are consulted The latter is required for imported functions in the .idata section. Since in .idata we have only function pointers but not functions, we have to introduce a special flag for them.
func_parent_iterator_set(fpi: func_parent_iterator_t, pfn: func_t) ‑> bool
func_parent_iterator_set(fpi, pfn) -> bool
func_t__from_ptrval__(ptrval: size_t) ‑> func_t *
func_t__from_ptrval__(ptrval) -> func_t
func_tail_iterator_set(fti: func_tail_iterator_t, pfn: func_t, ea: ea_t) ‑> bool
func_tail_iterator_set(fti, pfn, ea) -> bool
func_tail_iterator_set_ea(fti: func_tail_iterator_t, ea: ea_t) ‑> bool
func_tail_iterator_set_ea(fti, ea) -> bool
get_current_idasgn() ‑> int
get_current_idasgn() -> int Get number of the the current signature.
get_fchunk(ea: ea_t) ‑> func_t *
get_fchunk(ea) -> func_t Get pointer to function chunk structure by address.
get_fchunk_num(ea: ea_t) ‑> int
get_fchunk_num(ea) -> int Get ordinal number of a function chunk in the global list of function chunks.
get_fchunk_qty() ‑> size_t
get_fchunk_qty() -> size_t Get total number of function chunks in the program.
get_fchunk_referer(ea: ea_t, idx: size_t) ‑> ea_t
get_fchunk_referer(ea, idx) -> ea_t
get_func(ea: ea_t) ‑> func_t *
get_func(ea) -> func_t Get pointer to function structure by address.
get_func_bitness(pfn: func_t) ‑> int
get_func_bitness(pfn) -> int Get function bitness (which is equal to the function segment bitness). pfn==nullptr => returns 0 retval 0: 16 retval 1: 32 retval 2: 64
get_func_bits(pfn: func_t) ‑> int
get_func_bits(pfn) -> int Get number of bits in the function addressing.
get_func_bytes(pfn: func_t) ‑> int
get_func_bytes(pfn) -> int Get number of bytes in the function addressing.
get_func_chunknum(pfn: func_t, ea: ea_t) ‑> int
get_func_chunknum(pfn, ea) -> int Get the containing tail chunk of 'ea'. retval -1: means 'does not contain ea' retval 0: means the 'pfn' itself contains ea retval >0: the number of the containing function tail chunk
get_func_cmt(pfn: func_t, repeatable: bool) ‑> qstring *
get_func_cmt(pfn, repeatable) -> str Get function comment.
get_func_name(ea: ea_t) ‑> qstring *
get_func_name(ea) -> str Get function name.
get_func_num(ea: ea_t) ‑> int
get_func_num(ea) -> int Get ordinal number of a function.
get_func_qty() ‑> size_t
get_func_qty() -> size_t Get total number of functions in the program.
get_func_ranges(ranges: rangeset_t, pfn: func_t) ‑> ea_t
get_func_ranges(ranges, pfn) -> ea_t Get function ranges.
get_idasgn_desc(n: int) ‑> PyObject *
get_idasgn_desc(n) -> (str, str) Get information about a signature in the list. It returns: (name of signature, names of optional libraries)
See also: get_idasgn_desc_with_matches
get_idasgn_desc_with_matches(n: int) ‑> PyObject *
get_idasgn_desc_with_matches(n) -> (str, str, int) Get information about a signature in the list. It returns: (name of signature, names of optional libraries, number of matches)
get_idasgn_qty() ‑> int
get_idasgn_qty() -> int Get number of signatures in the list of planned and applied signatures.
get_idasgn_title(name: char const *) ‑> qstring *
get_idasgn_title(name) -> str Get full description of the signature by its short name.
get_next_fchunk(ea: ea_t) ‑> func_t *
get_next_fchunk(ea) -> func_t Get pointer to the next function chunk in the global list.
get_next_func(ea: ea_t) ‑> func_t *
get_next_func(ea) -> func_t Get pointer to the next function.
get_next_func_addr(pfn: func_t, ea: ea_t) ‑> ea_t
get_next_func_addr(pfn, ea) -> ea_t
get_prev_fchunk(ea: ea_t) ‑> func_t *
get_prev_fchunk(ea) -> func_t Get pointer to the previous function chunk in the global list.
get_prev_func(ea: ea_t) ‑> func_t *
get_prev_func(ea) -> func_t Get pointer to the previous function.
get_prev_func_addr(pfn: func_t, ea: ea_t) ‑> ea_t
get_prev_func_addr(pfn, ea) -> ea_t
getn_fchunk(n: int) ‑> func_t *
getn_fchunk(n) -> func_t Get pointer to function chunk structure by number.
getn_func(n: size_t) ‑> func_t *
getn_func(n) -> func_t Get pointer to function structure by number.
is_finally_visible_func(pfn: func_t) ‑> bool
is_finally_visible_func(pfn) -> bool Is the function visible (event after considering SCF_SHHID_FUNC)?
is_func_entry(pfn: func_t) ‑> bool
is_func_entry(pfn) -> bool Does function describe a function entry chunk?
is_func_locked(pfn: func_t) ‑> bool
is_func_locked(pfn) -> bool Is the function pointer locked?
is_func_tail(pfn: func_t) ‑> bool
is_func_tail(pfn) -> bool Does function describe a function tail chunk?
is_same_func(ea1: ea_t, ea2: ea_t) ‑> bool
is_same_func(ea1, ea2) -> bool Do two addresses belong to the same function?
is_visible_func(pfn: func_t) ‑> bool
is_visible_func(pfn) -> bool Is the function visible (not hidden)?
lock_func_range(pfn: func_t, lock: bool) ‑> void
lock_func_range(pfn, lock) Lock function pointer Locked pointers are guaranteed to remain valid until they are unlocked. Ranges with locked pointers cannot be deleted or moved.
plan_to_apply_idasgn(fname: char const *) ‑> int
plan_to_apply_idasgn(fname) -> int Add a signature file to the list of planned signature files.
read_regargs(pfn: func_t) ‑> void
read_regargs(pfn)
reanalyze_function(*args) ‑> void
reanalyze_function(pfn, ea1=0, ea2=BADADDR, analyze_parents=False) Reanalyze a function. This function plans to analyzes all chunks of the given function. Optional parameters (ea1, ea2) may be used to narrow the analyzed range.
reanalyze_noret_flag(ea: ea_t) ‑> bool
reanalyze_noret_flag(ea) -> bool Plan to reanalyze noret flag. This function does not remove FUNC_NORET if it is already present. It just plans to reanalysis.
remove_func_tail(pfn: func_t, tail_ea: ea_t) ‑> bool
remove_func_tail(pfn, tail_ea) -> bool Remove a function tail. If the tail belongs only to one function, it will be completely removed. Otherwise if the function was the tail owner, the first function using this tail becomes the owner of the tail.
set_func_cmt(pfn: func_t, cmt: char const *, repeatable: bool) ‑> bool
set_func_cmt(pfn, cmt, repeatable) -> bool Set function comment. This function works with function chunks too.
'). Use empty str ("") to delete comment repeatable: (C++: bool) set repeatable comment?
set_func_end(ea: ea_t, newend: ea_t) ‑> bool
set_func_end(ea, newend) -> bool Move function chunk end address.
set_func_name_if_jumpfunc(pfn: func_t, oldname: char const *) ‑> int
set_func_name_if_jumpfunc(pfn, oldname) -> int Give a meaningful name to function if it consists of only 'jump' instruction.
set_func_start(ea: ea_t, newstart: ea_t) ‑> int
set_func_start(ea, newstart) -> int Move function chunk start address.
set_noret_insn(insn_ea: ea_t, noret: bool) ‑> bool
set_noret_insn(insn_ea, noret) -> bool Signal a non-returning instruction. This function can be used by the processor module to tell the kernel about non-returning instructions (like call exit). The kernel will perform the global function analysis and find out if the function returns at all. This analysis will be done at the first call to func_does_return()
set_tail_owner(fnt: func_t, new_owner: ea_t) ‑> bool
set_tail_owner(fnt, new_owner) -> bool Set a new owner of a function tail. The new owner function must be already referring to the tail (after append_func_tail).
set_visible_func(pfn: func_t, visible: bool) ‑> void
set_visible_func(pfn, visible) Set visibility of function.
try_to_add_libfunc(ea: ea_t) ‑> int
try_to_add_libfunc(ea) -> int Apply the currently loaded signature file to the specified address. If a library function is found, then create a function and name it accordingly.
update_func(pfn: func_t) ‑> bool
update_func(pfn) -> bool Update information about a function in the database (func_t). You must not change the function start and end addresses using this function. Use set_func_start() and set_func_end() for it.
Classes
dyn_ea_array(_data: unsigned long long *, _count: size_t)
: Proxy of C++ dynamic_wrapped_array_t< ea_t > class.
Instance variables
count: size_t
count
data: unsigned long long *
data
dyn_range_array(_data: range_t, _count: size_t)
: Proxy of C++ dynamic_wrapped_array_t< range_t > class.
Instance variables
count: size_t
count
data: range_t *
data
dyn_regarg_array(_data: regarg_t, _count: size_t)
: Proxy of C++ dynamic_wrapped_array_t< regarg_t > class.
Instance variables
count: size_t
count
data: regarg_t *
data
dyn_regvar_array(_data: regvar_t *, _count: size_t)
: Proxy of C++ dynamic_wrapped_array_t< regvar_t > class.
Instance variables
count: size_t
count
data: regvar_t *
data
dyn_stkpnt_array(_data: stkpnt_t *, _count: size_t)
: Proxy of C++ dynamic_wrapped_array_t< stkpnt_t > class.
Instance variables
count: size_t
count
data: stkpnt_t *
data
func_item_iterator_t(*args)
: Proxy of C++ func_item_iterator_t class.
Methods
addresses(self) Provide an iterator on addresses contained within the function
chunk(self) ‑> range_t const & chunk(self) -> range_t
code_items(self) Provide an iterator on code items contained within the function
current(self) ‑> ea_t current(self) -> ea_t
data_items(self) Provide an iterator on data items contained within the function
decode_preceding_insn(self, visited: eavec_t *, p_farref: bool *, out: insn_t *) ‑> bool decode_preceding_insn(self, visited, p_farref, out) -> bool
visited: eavec_t * p_farref: bool * out: insn_t *
decode_prev_insn(self, out: insn_t *) ‑> bool decode_prev_insn(self, out) -> bool
out: insn_t *
first(self) ‑> bool first(self) -> bool
head_items(self) Provide an iterator on item heads contained within the function
last(self) ‑> bool last(self) -> bool
next(self, func: testf_t *) ‑> bool next(self, func) -> bool
func: testf_t *
next_addr(self) ‑> bool next_addr(self) -> bool
next_code(self) ‑> bool next_code(self) -> bool
next_data(self) ‑> bool next_data(self) -> bool
next_head(self) ‑> bool next_head(self) -> bool
next_not_tail(self) ‑> bool next_not_tail(self) -> bool
not_tails(self) Provide an iterator on non-tail addresses contained within the function
prev(self, func: testf_t *) ‑> bool prev(self, func) -> bool
func: testf_t *
prev_addr(self) ‑> bool prev_addr(self) -> bool
prev_code(self) ‑> bool prev_code(self) -> bool
prev_data(self) ‑> bool prev_data(self) -> bool
prev_head(self) ‑> bool prev_head(self) -> bool
prev_not_tail(self) ‑> bool prev_not_tail(self) -> bool
set(self, *args) ‑> bool set(self, pfn, _ea=BADADDR) -> bool Set a function range. if pfn == nullptr then a segment range will be set.
pfn: (C++: func_t *) _ea: (C++: ea_t)
set_ea(self, _ea: ea_t) ‑> bool set_ea(self, _ea) -> bool
_ea: ea_t
set_range(self, ea1: ea_t, ea2: ea_t) ‑> bool set_range(self, ea1, ea2) -> bool Set an arbitrary range.
ea1: (C++: ea_t) ea2: (C++: ea_t)
succ(self, func: testf_t *) ‑> bool succ(self, func) -> bool Similar to next(), but succ() iterates the chunks from low to high addresses, while next() iterates through chunks starting at the function entry chunk
func: (C++: testf_t *)
succ_code(self) ‑> bool succ_code(self) -> bool
func_parent_iterator_t(*args)
: Proxy of C++ func_parent_iterator_t class.
Methods
first(self) ‑> bool first(self) -> bool
last(self) ‑> bool last(self) -> bool
next(self) ‑> bool next(self) -> bool
parent(self) ‑> ea_t parent(self) -> ea_t
prev(self) ‑> bool prev(self) -> bool
reset_fnt(self, _fnt: func_t) ‑> void reset_fnt(self, _fnt)
_fnt: func_t *
set(self, _fnt: func_t) ‑> bool set(self, _fnt) -> bool
_fnt: func_t *
func_t(start: ea_t = 0, end: ea_t = 0, f: flags64_t = 0)
: Proxy of C++ func_t class.
Ancestors (in MRO)
Instance variables
argsize: asize_t
argsize
color: bgcolor_t
color
flags: uint64
flags
fpd: asize_t
fpd
frame: uval_t
frame
frregs: ushort
frregs
frsize: asize_t
frsize
owner: ea_t
owner
pntqty: uint32
pntqty
points: dynamic_wrapped_array_t< stkpnt_t >
__get_points__(self) -> dyn_stkpnt_array
referers: dynamic_wrapped_array_t< ea_t >
__get_referers__(self) -> dyn_ea_array
refqty: int
refqty
regargqty: int
regargqty
regargs: dynamic_wrapped_array_t< regarg_t >
__get_regargs__(self) -> dyn_regarg_array
regvarqty: int
regvarqty
regvars: dynamic_wrapped_array_t< regvar_t >
__get_regvars__(self) -> dyn_regvar_array
tailqty: int
tailqty
tails: dynamic_wrapped_array_t< range_t >
__get_tails__(self) -> dyn_range_array
Methods
addresses(self) Alias for func_item_iterator_t(self).addresses()
analyzed_sp(self) ‑> bool analyzed_sp(self) -> bool Has SP-analysis been performed?
code_items(self) Alias for func_item_iterator_t(self).code_items()
data_items(self) Alias for func_item_iterator_t(self).data_items()
does_return(self) ‑> bool does_return(self) -> bool Does function return?
head_items(self) Alias for func_item_iterator_t(self).head_items()
is_far(self) ‑> bool is_far(self) -> bool Is a far function?
need_prolog_analysis(self) ‑> bool need_prolog_analysis(self) -> bool Needs prolog analysis?
not_tails(self) Alias for func_item_iterator_t(self).not_tails()
func_tail_iterator_t(*args)
: Proxy of C++ func_tail_iterator_t class.
Methods
chunk(self) ‑> range_t const & chunk(self) -> range_t
first(self) ‑> bool first(self) -> bool
last(self) ‑> bool last(self) -> bool
main(self) ‑> bool main(self) -> bool
next(self) ‑> bool next(self) -> bool
prev(self) ‑> bool prev(self) -> bool
set(self, *args) ‑> bool set(self, _pfn, ea=BADADDR) -> bool
_pfn: func_t * ea: ea_t
set_ea(self, ea: ea_t) ‑> bool set_ea(self, ea) -> bool
ea: ea_t
set_range(self, ea1: ea_t, ea2: ea_t) ‑> bool set_range(self, ea1, ea2) -> bool
ea1: ea_t ea2: ea_t
lock_func(_pfn: func_t)
: Proxy of C++ lock_func class.
lock_func_with_tails_t(pfn: func_t)
: Proxy of C++ lock_func_with_tails_t class.
regarg_t(*args)
: Proxy of C++ regarg_t class.
Instance variables
name: char *
name
reg: int
reg
type: type_t *
type
Methods
swap(self, r: regarg_t) ‑> void swap(self, r)
r: regarg_t &
Last updated