Module ida_regfinder

Functions

find_nearest_rvi(rvi: reg_value_info_t, ea: ea_t, reg: int const [2]) ‑> int

find_nearest_rvi(rvi, ea, reg) -> int Find the value of any of the two registers using the register tracker. First, this function tries to find the registers in the basic block of EA, and if it could not do this, then it tries to find in the entire function.

rvi: (C++: reg_value_info_t *) the found value with additional attributes
ea: (C++: ea_t) the address to find a value at
reg: (C++: const int) the registers to find
return: the index of the found register or -1

find_reg_value(ea: ea_t, reg: int) ‑> uint64 *

find_reg_value(ea, reg) -> int Find register value using the register tracker. note: The returned value is valid before executing the instruction.

ea: (C++: ea_t) the address to find a value at
reg: (C++: int) the register to find
retval 0: no value (the value is varying or the find depth is not enough to
          find a value)
retval 1: the found value is in VAL
retval -1: the processor module does not support a register tracker

find_reg_value_info(rvi: reg_value_info_t, ea: ea_t, reg: int, max_depth: int = 0) ‑> bool

find_reg_value_info(rvi, ea, reg, max_depth=0) -> bool Find register value using the register tracker. note: The returned value is valid before executing the instruction. note: The undefined value means that there is no execution flow to EA, e.g. we try to find a value after the call of NORET function. note: The unknown value means that the value is:

  • a result of unsupported instruction, e.g. the result of a call,

  • a function argument,

  • is varying, e.g. it is a loop counter.

rvi: (C++: reg_value_info_t *) the found value with additional attributes
ea: (C++: ea_t) the address to find a value at
reg: (C++: int) the register to find
max_depth: (C++: int) the number of basic blocks to look before aborting the search
                 and returning the unknown value. 0 means the value of
                 REGTRACK_MAX_DEPTH from ida.cfg for ordinal registers or
                 REGTRACK_FUNC_MAX_DEPTH for the function-wide registers, -1
                 means the value of REGTRACK_FUNC_MAX_DEPTH from ida.cfg.
retval 'false': the processor module does not support a register tracker
retval 'true': the found value is in RVI

find_sp_value(ea: ea_t, reg: int = -1) ‑> int64 *

find_sp_value(ea, reg=-1) -> int Find a value of the SP based register using the register tracker. note: The returned value is valid before executing the instruction.

ea: (C++: ea_t) the address to find a value at
reg: (C++: int) the register to find. by default the SP register is used.
retval 0: no value (the value is varying or the find depth is not enough to
          find a value)
retval 1: the found value is in VAL
retval -1: the processor module does not support a register tracker

invalidate_regfinder_cache(*args) ‑> void

invalidate_regfinder_cache(to=BADADDR, _from=BADADDR) The control flow from FROM to TO has changed. Remove from the register tracker cache all values at TO and all dependent values. if TO == BADADDR then clear the entire cache.

to: (C++: ea_t)
from: (C++: ea_t)

Classes

reg_value_def_t(*args)

: Proxy of C++ reg_value_def_t class.

__init__(self) -> reg_value_def_t
__init__(self, _val, ea, _flags=0) -> reg_value_def_t

 _val: uval_t
 ea: ea_t
 _flags: uint16

__init__(self, _val, insn, _flags=0) -> reg_value_def_t

 _val: uval_t
 insn: an ida_ua.insn_t, or an address (C++: const insn_t &)
 _flags: uint16

Class variables

  • NOVAL

  • SPVAL

  • UVAL

Instance variables

  • LIKE_GOT LIKE_GOT

  • PC_BASED PC_BASED

  • SHORT_INSN SHORT_INSN

  • def_ea: ea_t def_ea

  • def_itype: uint16 def_itype

  • flags: uint16 flags

  • val: uval_t val

Methods

  • dstr(self, how: reg_value_def_t::dstr_val_t, pm: procmod_t = None) ‑> qstring dstr(self, how, pm=None) -> qstring Return the string representation.

    how: (C++: dstr_val_t) enum reg_value_def_t::dstr_val_t pm: (C++: const procmod_t *) procmod_t const *

  • is_like_got(self) ‑> bool is_like_got(self) -> bool

  • is_pc_based(self) ‑> bool is_pc_based(self) -> bool

  • is_short_insn(self, *args) ‑> bool is_short_insn(self, insn) -> bool

    insn: an ida_ua.insn_t, or an address (C++: const insn_t &)

    is_short_insn(self) -> bool

reg_value_info_t()

: Proxy of C++ reg_value_info_t class.

__init__(self) -> reg_value_info_t

Class variables

  • ADD

  • AND

  • AND_NOT

  • CONTAINED

  • CONTAINS

  • EQUAL

  • MOVT

  • NEG

  • NOT

  • NOT_COMPARABLE

  • OR

  • SLL

  • SLR

  • SUB

  • XOR

Static methods

  • make_aborted(bblk_ea: ea_t) ‑> reg_value_info_t make_aborted(bblk_ea) -> reg_value_info_t Return the value after aborting. @see: aborted()

    bblk_ea: (C++: ea_t)

  • make_badinsn(insn_ea: ea_t) ‑> reg_value_info_t make_badinsn(insn_ea) -> reg_value_info_t Return the unknown value after a bad insn. @see: is_badinsn()

    insn_ea: (C++: ea_t)

  • make_dead_end(dead_end_ea: ea_t) ‑> reg_value_info_t make_dead_end(dead_end_ea) -> reg_value_info_t Return the undefined value because of a dead end. @see: is_dead_end()

    dead_end_ea: (C++: ea_t)

  • make_initial_sp(func_ea: ea_t) ‑> reg_value_info_t make_initial_sp(func_ea) -> reg_value_info_t Return the value that is the initial stack pointer. @see: is_spd()

    func_ea: (C++: ea_t)

  • make_num(*args) ‑> ida_regfinder.reg_value_info_t make_num(rval, insn, val_flags=0) -> reg_value_info_t Return the value that is the RVAL number. @see: is_num()

    rval: (C++: uval_t) insn: an ida_ua.insn_t, or an address (C++: const insn_t &) val_flags: (C++: uint16)

    make_num(rval, val_ea, val_flags=0) -> reg_value_info_t

    rval: uval_t val_ea: ea_t val_flags: uint16

  • make_unkfunc(func_ea: ea_t) ‑> reg_value_info_t make_unkfunc(func_ea) -> reg_value_info_t Return the unknown value from the function start. @see: is_unkfunc()

    func_ea: (C++: ea_t)

  • make_unkinsn(insn: insn_t const &) ‑> reg_value_info_t make_unkinsn(insn) -> reg_value_info_t Return the unknown value after executing the insn. @see: is_unkinsn()

    insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)

  • make_unkloop(bblk_ea: ea_t) ‑> reg_value_info_t make_unkloop(bblk_ea) -> reg_value_info_t Return the unknown value if it changes in a loop. @see: is_unkloop()

    bblk_ea: (C++: ea_t)

  • make_unkmult(bblk_ea: ea_t) ‑> reg_value_info_t make_unkmult(bblk_ea) -> reg_value_info_t Return the unknown value if the register has incompatible values. @see: is_unkmult()

    bblk_ea: (C++: ea_t)

Methods

  • aborted(self) ‑> bool aborted(self) -> bool Return 'true' if the tracking process was aborted.

  • add(self, r: reg_value_info_t, insn: insn_t const &) ‑> void add(self, r, insn) Add R to the value, save INSN as a defining instruction. note: Either THIS or R must have a single value.

    r: (C++: const reg_value_info_t &) reg_value_info_t const & insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)

  • add_num(self, *args) ‑> void add_num(self, r, insn) Add R to the value, do not change the defining instructions. note: This method do nothing for unknown values.

    r: (C++: uval_t) insn: an ida_ua.insn_t, or an address (C++: const insn_t &)

    add_num(self, r)

    r: uval_t

  • band(self, r: reg_value_info_t, insn: insn_t const &) ‑> void band(self, r, insn) Make bitwise AND of R to the value, save INSN as a defining instruction. note: Either THIS or R must have a single value.

    r: (C++: const reg_value_info_t &) reg_value_info_t const & insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)

  • bandnot(self, r: reg_value_info_t, insn: insn_t const &) ‑> void bandnot(self, r, insn) Make bitwise AND of the inverse of R to the value, save INSN as a defining instruction. note: Either THIS or R must have a single value.

    r: (C++: const reg_value_info_t &) reg_value_info_t const & insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)

  • bnot(self, insn: insn_t const &) ‑> void bnot(self, insn) Make bitwise inverse of the value, save INSN as a defining instruction.

    insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)

  • bor(self, r: reg_value_info_t, insn: insn_t const &) ‑> void bor(self, r, insn) Make bitwise OR of R to the value, save INSN as a defining instruction. note: Either THIS or R must have a single value.

    r: (C++: const reg_value_info_t &) reg_value_info_t const & insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)

  • bxor(self, r: reg_value_info_t, insn: insn_t const &) ‑> void bxor(self, r, insn) Make bitwise eXclusive OR of R to the value, save INSN as a defining instruction. note: Either THIS or R must have a single value.

    r: (C++: const reg_value_info_t &) reg_value_info_t const & insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)

  • clear(self) ‑> void clear(self) Undefine the value.

  • empty(self) ‑> bool empty(self) -> bool Return 'true' if we know nothing about a value.

  • extend(self, pm: procmod_t, width: int, is_signed: bool) ‑> void extend(self, pm, width, is_signed) Sign-, or zero-extend the number or SP delta value to full size. The initial value is considered to be of size WIDTH. note: This method do nothing for unknown values.

    pm: (C++: const procmod_t &) procmod_t const & width: (C++: int) is_signed: (C++: bool)

  • get_def_ea(self) ‑> ea_t get_def_ea(self) -> ea_t Return the defining address.

  • get_def_itype(self) ‑> uint16 get_def_itype(self) -> uint16 Return the defining instruction code (processor specific).

  • get_num(self) ‑> bool get_num(self) -> bool Return the number if the value is a constant. @see: is_num()

  • get_spd(self) ‑> bool get_spd(self) -> bool Return the SP delta if the value depends on the stack pointer. @see: is_spd()

  • have_all_vals_flag(self, val_flags: uint16) ‑> bool have_all_vals_flag(self, val_flags) -> bool Check the given flag for each value.

    val_flags: (C++: uint16)

  • is_all_vals_like_got(self) ‑> bool is_all_vals_like_got(self) -> bool

  • is_all_vals_pc_based(self) ‑> bool is_all_vals_pc_based(self) -> bool

  • is_badinsn(self) ‑> bool is_badinsn(self) -> bool Return 'true' if the value is unknown because of a bad insn.

  • is_dead_end(self) ‑> bool is_dead_end(self) -> bool Return 'true' if the value is undefined because of a dead end.

  • is_known(self) ‑> bool is_known(self) -> bool Return 'true' if the value is known (i.e. it is a number or SP delta).

  • is_num(self) ‑> bool is_num(self) -> bool Return 'true' if the value is a constant.

  • is_spd(self) ‑> bool is_spd(self) -> bool Return 'true' if the value depends on the stack pointer.

  • is_special(self) ‑> bool is_special(self) -> bool Return 'true' if the value requires special handling.

  • is_unkfunc(self) ‑> bool is_unkfunc(self) -> bool Return 'true' if the value is unknown from the function start.

  • is_unkinsn(self) ‑> bool is_unkinsn(self) -> bool Return 'true' if the value is unknown after executing the insn.

  • is_unkloop(self) ‑> bool is_unkloop(self) -> bool Return 'true' if the value is unknown because it changes in a loop.

  • is_unkmult(self) ‑> bool is_unkmult(self) -> bool Return 'true' if the value is unknown because the register has incompatible values (a number and SP delta).

  • is_unknown(self) ‑> bool is_unknown(self) -> bool Return 'true' if the value is unknown.

  • is_value_unique(self) ‑> bool is_value_unique(self) -> bool Check that the value is unique.

  • movt(self, r: reg_value_info_t, insn: insn_t const &) ‑> void movt(self, r, insn) Replace the top 16 bits with bottom 16 bits of R, leaving the bottom 16 bits untouched, save INSN as a defining instruction. note: Either THIS or R must have a single value.

    r: (C++: const reg_value_info_t &) reg_value_info_t const & insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)

  • neg(self, insn: insn_t const &) ‑> void neg(self, insn) Negate the value, save INSN as a defining instruction.

    insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)

  • set_aborted(self, bblk_ea: ea_t) ‑> void set_aborted(self, bblk_ea) Set the value after aborting. @see: aborted()

    bblk_ea: (C++: ea_t)

  • set_badinsn(self, insn_ea: ea_t) ‑> void set_badinsn(self, insn_ea) Set the value to be unknown after a bad insn. @see: is_badinsn()

    insn_ea: (C++: ea_t)

  • set_dead_end(self, dead_end_ea: ea_t) ‑> void set_dead_end(self, dead_end_ea) Set the value to be undefined because of a dead end. @see: is_dead_end()

    dead_end_ea: (C++: ea_t)

  • set_num(self, *args) ‑> void set_num(self, rval, insn, val_flags=0) Set the value to be a number before an address. @see: is_num()

    rval: (C++: uval_t) insn: an ida_ua.insn_t, or an address (C++: const insn_t &) val_flags: (C++: uint16)

    set_num(self, rvals, insn)

    rvals: uvalvec_t * insn: an ida_ua.insn_t, or an address (C++: const insn_t &)

    set_num(self, rval, val_ea, val_flags=0)

    rval: uval_t val_ea: ea_t val_flags: uint16

  • set_unkfunc(self, func_ea: ea_t) ‑> void set_unkfunc(self, func_ea) Set the value to be unknown from the function start. @see: is_unkfunc()

    func_ea: (C++: ea_t)

  • set_unkinsn(self, insn: insn_t const &) ‑> void set_unkinsn(self, insn) Set the value to be unknown after executing the insn. @see: is_unkinsn()

    insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)

  • set_unkloop(self, bblk_ea: ea_t) ‑> void set_unkloop(self, bblk_ea) Set the value to be unknown because it changes in a loop. @see: is_unkloop()

    bblk_ea: (C++: ea_t)

  • set_unkmult(self, bblk_ea: ea_t) ‑> void set_unkmult(self, bblk_ea) Set the value to be unknown because the register has incompatible values. @see: is_unkmult()

    bblk_ea: (C++: ea_t)

  • shift_left(self, r: uval_t) ‑> void shift_left(self, r) Shift the value left by R, do not change the defining instructions. note: This method do nothing for unknown values.

    r: (C++: uval_t)

  • shift_right(self, r: uval_t) ‑> void shift_right(self, r) Shift the value right by R, do not change the defining instructions. note: This method do nothing for unknown values.

    r: (C++: uval_t)

  • sll(self, r: reg_value_info_t, insn: insn_t const &) ‑> void sll(self, r, insn) Shift the value left by R, save INSN as a defining instruction. note: Either THIS or R must have a single value.

    r: (C++: const reg_value_info_t &) reg_value_info_t const & insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)

  • slr(self, r: reg_value_info_t, insn: insn_t const &) ‑> void slr(self, r, insn) Shift the value right by R, save INSN as a defining instruction. note: Either THIS or R must have a single value.

    r: (C++: const reg_value_info_t &) reg_value_info_t const & insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)

  • sub(self, r: reg_value_info_t, insn: insn_t const &) ‑> void sub(self, r, insn) Subtract R from the value, save INSN as a defining instruction. note: Either THIS or R must have a single value.

    r: (C++: const reg_value_info_t &) reg_value_info_t const & insn: (C++: const insn_t &) an ida_ua.insn_t, or an address (C++: const insn_t &)

  • trunc_uval(self, pm: procmod_t) ‑> void trunc_uval(self, pm) Truncate the number to the application bitness. note: This method do nothing for non-number values.

    pm: (C++: const procmod_t &) procmod_t const &

  • vals_union(self, r: reg_value_info_t) ‑> reg_value_info_t::set_compare_res_t vals_union(self, r) -> reg_value_info_t::set_compare_res_t Add values from R into THIS ignoring duplicates. note: This method is the only way to get multiple values. retval EQUAL: THIS is not changed retval CONTAINS: THIS is not changed retval CONTAINED: THIS is a copy of R retval NOT_COMPARABLE: values from R are added to THIS

    r: (C++: const reg_value_info_t &) reg_value_info_t const &

PreviousModule ida_rangeNextModule ida_registry

Last updated