Module ida_loader

This file also contains:

  • functions to load files into the database

  • functions to generate output files

  • high level functions to work with the database (open, save, close)

The LDR interface consists of one structure: loader_t The IDP interface consists of one structure: processor_t The PLUGIN interface consists of one structure: plugin_t

Modules can't use standard FILE* functions. They must use functions from <fpro.h>

Modules can't use standard memory allocation functions. They must use functions from <pro.h>

The exported entry #1 in the module should point to the the appropriate structure. (loader_t for LDR module, for example)

Global Variables

ACCEPT_ARCHIVE

ACCEPT_ARCHIVE = 8192

ACCEPT_CONTINUE

ACCEPT_CONTINUE = 16384

ACCEPT_FIRST

ACCEPT_FIRST = 32768

DBFL_BAK

DBFL_BAK = 4

DBFL_COMP

DBFL_COMP = 2

DBFL_KILL

DBFL_KILL = 1

DBFL_TEMP

DBFL_TEMP = 8

DLLEXT

DLLEXT = 'so'

FILEREG_NOTPATCHABLE

FILEREG_NOTPATCHABLE = 0

FILEREG_PATCHABLE

FILEREG_PATCHABLE = 1

GENFLG_ASMINC

GENFLG_ASMINC = 64

GENFLG_ASMTYPE

GENFLG_ASMTYPE = 16

GENFLG_GENHTML

GENFLG_GENHTML = 32

GENFLG_IDCTYPE

GENFLG_IDCTYPE = 8

GENFLG_MAPDMNG

GENFLG_MAPDMNG = 4

GENFLG_MAPLOC

GENFLG_MAPLOC = 8

GENFLG_MAPNAME

GENFLG_MAPNAME = 2

GENFLG_MAPSEG

GENFLG_MAPSEG = 1

IDP_DLL

IDP_DLL = '*.so'

LDRF_RELOAD

LDRF_RELOAD = 1

LDRF_REQ_PROC

LDRF_REQ_PROC = 2

LOADER_DLL

LOADER_DLL = '*.so'

MAX_DATABASE_DESCRIPTION

MAX_DATABASE_DESCRIPTION = 128

MODULE_ENTRY_IDP

MODULE_ENTRY_IDP = 'LPH'

MODULE_ENTRY_LOADER

MODULE_ENTRY_LOADER = 'LDSC'

MODULE_ENTRY_PLUGIN

MODULE_ENTRY_PLUGIN = 'PLUGIN'

NEF_CODE

NEF_CODE = 256

NEF_FILL

NEF_FILL = 16

NEF_FIRST

NEF_FIRST = 128

NEF_FLAT

NEF_FLAT = 1024

NEF_IMPS

NEF_IMPS = 32

NEF_LALL

NEF_LALL = 8192

NEF_LOPT

NEF_LOPT = 4096

NEF_MAN

NEF_MAN = 8

NEF_MINI

NEF_MINI = 2048

NEF_NAME

NEF_NAME = 4

NEF_RELOAD

NEF_RELOAD = 512

NEF_RSCS

NEF_RSCS = 2

NEF_SEGS

NEF_SEGS = 1

OFILE_ASM

OFILE_ASM = 4

OFILE_DIF

OFILE_DIF = 5

OFILE_EXE

OFILE_EXE = 1

OFILE_IDC

OFILE_IDC = 2

OFILE_LST

OFILE_LST = 3

OFILE_MAP

OFILE_MAP = 0

PATH_TYPE_CMD

PATH_TYPE_CMD = 0

PATH_TYPE_ID0

PATH_TYPE_ID0 = 2

PATH_TYPE_IDB

PATH_TYPE_IDB = 1

PLUGIN_DLL

PLUGIN_DLL = '*.so'

SSF_AUTOMATIC

SSF_AUTOMATIC = 1

SSUF_DESC

SSUF_DESC = 1

SSUF_FLAGS

SSUF_FLAGS = 4

SSUF_PATH

SSUF_PATH = 2

Functions

base2file(fp: FILE *, pos: qoff64_t, ea1: ea_t, ea2: ea_t) ‑> int

base2file(fp, pos, ea1, ea2) -> int Unload database to a binary file. This function works for wide byte processors too.

fp: (C++: FILE *) pointer to file
pos: (C++: qoff64_t) position in the file
ea1: (C++: ea_t) ,ea2: range of source linear addresses
ea2: (C++: ea_t)
return: 1-ok(always), write error leads to immediate exit

build_snapshot_tree(root: snapshot_t) ‑> bool

build_snapshot_tree(root) -> bool Build the snapshot tree.

root: (C++: snapshot_t *) snapshot root that will contain the snapshot tree elements.
return: success

clr_database_flag(dbfl: uint32) ‑> void

clr_database_flag(dbfl)

dbfl: uint32

extract_module_from_archive(fname: char const *, is_remote: bool = False) ‑> PyObject *

extract_module_from_archive(fname, is_remote=False) -> PyObject Extract a module for an archive file. Parse an archive file, show the list of modules to the user, allow him to select a module, extract the selected module to a file (if the extract module is an archive, repeat the process). This function can handle ZIP, AR, AIXAR, OMFLIB files. The temporary file will be automatically deleted by IDA at the end.

filename: (C++: char *) in: input file. out: name of the selected module.
is_remote: (C++: bool) is the input file remote?
retval true: ok
retval false: something bad happened (error message has been displayed to the
              user)

file2base(li: linput_t *, pos: qoff64_t, ea1: ea_t, ea2: ea_t, patchable: int) ‑> int

file2base(li, pos, ea1, ea2, patchable) -> int Load portion of file into the database. This function will include (ea1..ea2) into the addressing space of the program (make it enabled).

li: (C++: linput_t *) pointer of input source
pos: (C++: qoff64_t) position in the file
ea1: (C++: ea_t) ,ea2: range of destination linear addresses
patchable: (C++: int) should the kernel remember correspondence of file offsets to
                 linear addresses.
retval 1: ok
retval 0: read error, a warning is displayed
note: The storage type of the specified range will be changed to STT_VA.
patchable: (C++: int) should the kernel remember correspondence of file offsets to
                 linear addresses.
retval 1: ok
retval 0: read error, a warning is displayed
note: The storage type of the specified range will be changed to STT_VA.

find_plugin(name: char const *, load_if_needed: bool = False) ‑> plugin_t *

find_plugin(name, load_if_needed=False) -> plugin_t Find a user-defined plugin and optionally load it.

name: (C++: const char *) short plugin name without path and extension, or absolute path to
            the file name
load_if_needed: (C++: bool) if the plugin is not present in the memory, try to load
                      it
return: pointer to plugin description block

flush_buffers() ‑> int

flush_buffers() -> int Flush buffers to the disk.

gen_exe_file(fp: FILE *) ‑> int

gen_exe_file(fp) -> int Generate an exe file (unload the database in binary form).

fp: (C++: FILE *)
return: fp the output file handle. if fp == nullptr then return:

  • 1: can generate an executable file

  • 0: can't generate an executable file retval 1: ok retval 0: failed

gen_file(otype: ofile_type_t, fp: FILE *, ea1: ea_t, ea2: ea_t, flags: int) ‑> int

gen_file(otype, fp, ea1, ea2, flags) -> int Generate an output file.

otype: (C++: ofile_type_t) type of output file.
fp: (C++: FILE *) the output file handle
ea1: (C++: ea_t) start address. For some file types this argument is ignored
ea2: (C++: ea_t) end address. For some file types this argument is ignored as usual
           in ida, the end address of the range is not included
flags: (C++: int) Generate file flagsOFILE_EXE:
retval 0: can't generate exe file
retval 1: ok
return: number of the generated lines. -1 if an error occurred

get_basic_file_type(li: linput_t *) ‑> filetype_t

get_basic_file_type(li) -> filetype_t Get the input file type. This function can recognize libraries and zip files.

li: (C++: linput_t *)

get_elf_debug_file_directory() ‑> char const *

get_elf_debug_file_directory() -> char const * Get the value of the ELF_DEBUG_FILE_DIRECTORY configuration directive.

get_file_type_name() ‑> size_t

get_file_type_name() -> str Get name of the current file type. The current file type is kept in idainfo::filetype.

return: size of answer, this function always succeeds

get_fileregion_ea(offset: qoff64_t) ‑> ea_t

get_fileregion_ea(offset) -> ea_t Get linear address which corresponds to the specified input file offset. If can't be found, return BADADDR

offset: (C++: qoff64_t)

get_fileregion_offset(ea: ea_t) ‑> qoff64_t

get_fileregion_offset(ea) -> qoff64_t Get offset in the input file which corresponds to the given ea. If the specified ea can't be mapped into the input file offset, return -1.

ea: (C++: ea_t)

get_path(pt: path_type_t) ‑> char const *

get_path(pt) -> char const * Get the file path

pt: (C++: path_type_t) file path type Types of the file pathes
return: file path, never returns nullptr

get_plugin_options(plugin: char const *) ‑> char const *

get_plugin_options(plugin) -> char const * Get plugin options from the command line. If the user has specified the options in the -Oplugin_name:options format, them this function will return the 'options' part of it The 'plugin' parameter should denote the plugin name Returns nullptr if there we no options specified

plugin: (C++: const char *) char const *

is_database_flag(dbfl: uint32) ‑> bool

is_database_flag(dbfl) -> bool Get the current database flag

dbfl: (C++: uint32) flag Database flags
return: the state of the flag (set or cleared)

is_trusted_idb() ‑> bool

is_trusted_idb() -> bool Is the database considered as trusted?

load_and_run_plugin(name: char const *, arg: size_t) ‑> bool

load_and_run_plugin(name, arg) -> bool Load & run a plugin.

name: (C++: const char *) char const *
arg: (C++: size_t)

load_binary_file(filename: char const *, li: linput_t *, _neflags: ushort, fileoff: qoff64_t, basepara: ea_t, binoff: ea_t, nbytes: uint64) ‑> bool

load_binary_file(filename, li, _neflags, fileoff, basepara, binoff, nbytes) -> bool Load a binary file into the database. This function usually is called from ui.

filename: (C++: const char *) the name of input file as is (if the input file is from
                library, then this is the name from the library)
li: (C++: linput_t *) loader input source
_neflags: (C++: ushort) Load file flags. For the first file, the flag NEF_FIRST must be
                set.
fileoff: (C++: qoff64_t) Offset in the input file
basepara: (C++: ea_t) Load address in paragraphs
binoff: (C++: ea_t) Load offset (load_address=(basepara<<4)+binoff)
nbytes: (C++: uint64) Number of bytes to load from the file.

  • 0: up to the end of the file retval true: ok retval false: failed (couldn't open the file)

load_ids_module(fname: char *) ‑> int

load_ids_module(fname) -> int Load and apply IDS file. This function loads the specified IDS file and applies it to the database. If the program imports functions from a module with the same name as the name of the ids file being loaded, then only functions from this module will be affected. Otherwise (i.e. when the program does not import a module with this name) any function in the program may be affected.

fname: (C++: char *) name of file to apply
retval 1: ok
retval 0: some error (a message is displayed). if the ids file does not exist,
          no message is displayed

load_plugin(name: char const *) ‑> PyObject *

load_plugin(name) -> PyCapsule or None Loads a plugin

name: char const *
return:     - None if plugin could not be loaded
   - An opaque object representing the loaded plugin

mem2base(py_mem: PyObject *, ea: ea_t, fpos: qoff64_t = -1) ‑> int

mem2base(py_mem, ea, fpos=-1) -> int Load database from the memory.

py_mem: the buffer
ea: start linear addresses
fpos: position in the input file the data is taken from.
            if == -1, then no file position correspond to the data.
return:     - Returns zero if the passed buffer was not a string
   - Otherwise 1 is returned

process_archive(temp_file: qstring *, li: linput_t *, module_name: qstring *, neflags: ushort *, defmember: char const *, loader: load_info_t const *) ‑> qstring *

process_archive(temp_file, li, module_name, neflags, defmember, loader) -> str Calls loader_t::process_archive() For parameters and return value description look at loader_t::process_archive(). Additional parameter 'loader' is a pointer to load_info_t structure.

temp_file: (C++: qstring *)
li: (C++: linput_t *)
module_name: (C++: qstring *)
neflags: (C++: ushort *)
defmember: (C++: const char *) char const *
loader: (C++: const load_info_t *) load_info_t const *

reload_file(file: char const *, is_remote: bool) ‑> bool

reload_file(file, is_remote) -> bool Reload the input file. This function reloads the byte values from the input file. It doesn't modify the segmentation, names, comments, etc.

file: (C++: const char *) name of the input file. if file == nullptr then returns:

  • 1: can reload the input file

  • 0: can't reload the input file is_remote: (C++: bool) is the file located on a remote computer with the debugger server? return: success

run_plugin(plg: PyObject *, arg: size_t) ‑> bool

run_plugin(plg, arg) -> bool Runs a plugin

plg: A plugin object (returned by load_plugin())
arg: size_t
return: Boolean

save_database(outfile: char const * = None, flags: uint32 = -1, root: snapshot_t = None, attr: snapshot_t = None) ‑> bool

save_database(outfile=None, flags=-1, root=None, attr=None) -> bool Save current database using a new file name.

outfile: (C++: const char *) output database file name; nullptr means the current path
flags: (C++: uint32) Database flags; -1 means the current flags
root: (C++: const snapshot_t *) optional: snapshot tree root.
attr: (C++: const snapshot_t *) optional: snapshot attributes
note: when both root and attr are not nullptr then the snapshot attributes will
      be updated, otherwise the snapshot attributes will be inherited from the
      current database.
return: success

set_database_flag(dbfl: uint32, cnd: bool = True) ‑> void

set_database_flag(dbfl, cnd=True) Set or clear database flag

dbfl: (C++: uint32) flag Database flags
cnd: (C++: bool) set if true or clear flag otherwise

set_import_name(modnode: uval_t, ea: ea_t, name: char const *) ‑> void

set_import_name(modnode, ea, name) Set information about the named import entry. This function performs 'modnode.supset_ea(ea, name);'

modnode: (C++: uval_t) node with information about imported entries
ea: (C++: ea_t) linear address of the entry
name: (C++: const char *) name of the entry

set_import_ordinal(modnode: uval_t, ea: ea_t, ord: uval_t) ‑> void

set_import_ordinal(modnode, ea, ord) Set information about the ordinal import entry. This function performs 'modnode.altset(ord, ea2node(ea));'

modnode: (C++: uval_t) node with information about imported entries
ea: (C++: ea_t) linear address of the entry
ord: (C++: uval_t) ordinal number of the entry

set_path(pt: path_type_t, path: char const *) ‑> void

set_path(pt, path) Set the file path

pt: (C++: path_type_t) file path type Types of the file pathes
path: (C++: const char *) new file path, use nullptr or empty string to clear the file path

Classes

idp_desc_t()

: Proxy of C++ idp_desc_t class.

__init__(self) -> idp_desc_t

Instance variables

  • checked: bool checked

  • family: qstring family

  • is_script: bool is_script

  • mtime: time_t mtime

  • names: idp_names_t names

  • path: qstring path

idp_name_t()

: Proxy of C++ idp_name_t class.

__init__(self) -> idp_name_t

Instance variables

  • hidden: bool hidden

  • lname: qstring lname

  • sname: qstring sname

loader_t()

: Proxy of C++ loader_t class.

__init__(self) -> loader_t

Instance variables

  • flags: uint32 flags

  • version: uint32 version

plugin_info_t()

: Proxy of C++ plugin_info_t class.

__init__(self) -> plugin_info_t

Instance variables

  • arg: size_t arg

  • comment: char * comment

  • dllmem: idadll_t dllmem

  • entry: plugin_t * entry

  • flags: int flags

  • hotkey: ushort hotkey

  • idaplg_name: qstring idaplg_name

  • name: char * name

  • next: plugin_info_t * next

  • org_hotkey: ushort org_hotkey

  • org_name: char * org_name

  • path: char * path

qvector_snapshotvec_t(*args)

: Proxy of C++ qvector< snapshot_t * > class.

__init__(self) -> qvector_snapshotvec_t
__init__(self, x) -> qvector_snapshotvec_t

 x: qvector< snapshot_t * > const &

Methods

  • add_unique(self, x: snapshot_t) ‑> bool add_unique(self, x) -> bool

    x: snapshot_t *const &

  • at(self, _idx: size_t) ‑> snapshot_t *const & at(self, _idx) -> snapshot_t

    _idx: size_t

  • back(self)

  • begin(self, *args) ‑> qvector< snapshot_t * >::const_iterator begin(self) -> qvector< snapshot_t * >::iterator begin(self) -> qvector< snapshot_t * >::const_iterator

  • capacity(self) ‑> size_t capacity(self) -> size_t

  • clear(self) ‑> void clear(self)

  • empty(self) ‑> bool empty(self) -> bool

  • end(self, *args) ‑> qvector< snapshot_t * >::const_iterator end(self) -> qvector< snapshot_t * >::iterator end(self) -> qvector< snapshot_t * >::const_iterator

  • erase(self, *args) ‑> qvector< snapshot_t * >::iterator erase(self, it) -> qvector< snapshot_t * >::iterator

    it: qvector< snapshot_t * >::iterator

    erase(self, first, last) -> qvector< snapshot_t * >::iterator

    first: qvector< snapshot_t * >::iterator last: qvector< snapshot_t * >::iterator

  • extract(self) ‑> snapshot_t ** extract(self) -> snapshot_t **

  • find(self, *args) ‑> qvector< snapshot_t * >::const_iterator find(self, x) -> qvector< snapshot_t * >::iterator

    x: snapshot_t *const &

    find(self, x) -> qvector< snapshot_t * >::const_iterator

    x: snapshot_t *const &

  • front(self)

  • has(self, x: snapshot_t) ‑> bool has(self, x) -> bool

    x: snapshot_t *const &

  • inject(self, s: snapshot_t **, len: size_t) ‑> void inject(self, s, len)

    s: snapshot_t ** len: size_t

  • insert(self, it: qvector< snapshot_t * >::iterator, x: snapshot_t) ‑> qvector< snapshot_t * >::iterator insert(self, it, x) -> qvector< snapshot_t * >::iterator

    it: qvector< snapshot_t * >::iterator x: snapshot_t *const &

  • pop_back(self) ‑> void pop_back(self)

  • push_back(self, *args) ‑> snapshot_t *& push_back(self, x)

    x: snapshot_t *const &

    push_back(self) -> snapshot_t *&

  • qclear(self) ‑> void qclear(self)

  • reserve(self, cnt: size_t) ‑> void reserve(self, cnt)

    cnt: size_t

  • resize(self, *args) ‑> void resize(self, _newsize, x)

    _newsize: size_t x: snapshot_t *const &

    resize(self, _newsize)

    _newsize: size_t

  • size(self) ‑> size_t size(self) -> size_t

  • swap(self, r: qvector_snapshotvec_t) ‑> void swap(self, r)

    r: qvector< snapshot_t * > &

  • truncate(self) ‑> void truncate(self)

snapshot_t()

: Proxy of C++ snapshot_t class.

__init__(self) -> snapshot_t

Instance variables

  • children: snapshots_t children

  • desc: char [128] desc

  • filename: char [QMAXPATH] filename

  • flags: uint16 flags

  • id: qtime64_t id

Methods

  • clear(self) ‑> void clear(self)

PreviousModule ida_linesNextModule ida_merge

Last updated