This file contains IDA built-in function declarations and internal bit definitions. Each byte of the program has 32-bit flags (low 8 bits keep the byte value). These 32 bits are used in get_full_flags/get_flags functions.
This file is subject to change without any notice. Future versions of IDA may use other definitions.
Global Variables
ABI_8ALIGN4
ABI_8ALIGN4 = 1
ABI_BIGARG_ALIGN
ABI_BIGARG_ALIGN = 4
ABI_GCC_LAYOUT
ABI_GCC_LAYOUT = 128
ABI_HARD_FLOAT
ABI_HARD_FLOAT = 32
ABI_HUGEARG_ALIGN
ABI_HUGEARG_ALIGN = 512
ABI_MAP_STKARGS
ABI_MAP_STKARGS = 256
ABI_PACK_STKARGS
ABI_PACK_STKARGS = 2
ABI_SET_BY_USER
ABI_SET_BY_USER = 64
ABI_STACK_LDBL
ABI_STACK_LDBL = 8
ABI_STACK_VARARGS
ABI_STACK_VARARGS = 16
ADDSEG_FILLGAP
ADDSEG_FILLGAP = 16
ADDSEG_NOSREG
ADDSEG_NOSREG = 1
ADDSEG_NOTRUNC
ADDSEG_NOTRUNC = 4
ADDSEG_OR_DIE
ADDSEG_OR_DIE = 2
ADDSEG_QUIET
ADDSEG_QUIET = 8
ADDSEG_SPARSE
ADDSEG_SPARSE = 32
AF2_DOEH
AF2_DOEH = 1
AF2_DORTTI
AF2_DORTTI = 2
AF2_MACRO
AF2_MACRO = 4
AF2_MERGESTR
AF2_MERGESTR = 8
AF_ANORET
AF_ANORET = 16384
AF_CHKUNI
AF_CHKUNI = 262144
AF_CODE
AF_CODE = 1
AF_DATOFF
AF_DATOFF = 4194304
AF_DOCODE
AF_DOCODE = 1073741824
AF_DODATA
AF_DODATA = 536870912
AF_DREFOFF
AF_DREFOFF = 1048576
AF_FINAL
AF_FINAL = 2147483648
AF_FIXUP
AF_FIXUP = 524288
AF_FLIRT
AF_FLIRT = 8388608
AF_FTAIL
AF_FTAIL = 256
AF_HFLIRT
AF_HFLIRT = 67108864
AF_IMMOFF
AF_IMMOFF = 2097152
AF_JFUNC
AF_JFUNC = 134217728
AF_JUMPTBL
AF_JUMPTBL = 4
AF_LVAR
AF_LVAR = 512
AF_MARKCODE
AF_MARKCODE = 2
AF_MEMFUNC
AF_MEMFUNC = 32768
AF_NULLSUB
AF_NULLSUB = 268435456
AF_PROC
AF_PROC = 128
AF_PROCPTR
AF_PROCPTR = 64
AF_PURDAT
AF_PURDAT = 8
AF_REGARG
AF_REGARG = 2048
AF_SIGCMT
AF_SIGCMT = 16777216
AF_SIGMLT
AF_SIGMLT = 33554432
AF_STKARG
AF_STKARG = 1024
AF_STRLIT
AF_STRLIT = 131072
AF_TRACE
AF_TRACE = 4096
AF_TRFUNC
AF_TRFUNC = 65536
AF_UNK
AF_UNK = 32
AF_USED
AF_USED = 16
AF_VERSP
AF_VERSP = 8192
APPT_16BIT
APPT_16BIT = 128
APPT_1THREAD
APPT_1THREAD = 32
APPT_32BIT
APPT_32BIT = 256
APPT_CONSOLE
APPT_CONSOLE = 1
APPT_DRIVER
APPT_DRIVER = 16
APPT_GRAPHIC
APPT_GRAPHIC = 2
APPT_LIBRARY
APPT_LIBRARY = 8
APPT_MTHREAD
APPT_MTHREAD = 64
APPT_PROGRAM
APPT_PROGRAM = 4
AP_ALLOWDUPS
AP_ALLOWDUPS = 1
AP_ARRAY
AP_ARRAY = 8
AP_IDXBASEMASK
AP_IDXBASEMASK = 240
AP_IDXBIN
AP_IDXBIN = 48
AP_IDXDEC
AP_IDXDEC = 0
AP_IDXHEX
AP_IDXHEX = 16
AP_IDXOCT
AP_IDXOCT = 32
AP_INDEX
AP_INDEX = 4
AP_SIGNED
AP_SIGNED = 2
AR_LONG
AR_LONG = 65
AR_STR
AR_STR = 83
AU_CODE
AU_CODE = 20
AU_FINAL
AU_FINAL = 200
AU_LIBF
AU_LIBF = 60
AU_PROC
AU_PROC = 30
AU_UNK
AU_UNK = 10
AU_USED
AU_USED = 40
BADADDR
BADADDR = 18446744073709551615
BADSEL
BADSEL = 18446744073709551615
BPLT_ABS
BPLT_ABS = 0
BPLT_REL
BPLT_REL = 1
BPLT_SYM
BPLT_SYM = 2
BPTATTR_COND
BPTATTR_COND = 6
BPTATTR_COUNT
BPTATTR_COUNT = 4
BPTATTR_EA
BPTATTR_EA = 1
BPTATTR_FLAGS
BPTATTR_FLAGS = 5
BPTATTR_PID
BPTATTR_PID = 7
BPTATTR_SIZE
BPTATTR_SIZE = 2
BPTATTR_TID
BPTATTR_TID = 8
BPTATTR_TYPE
BPTATTR_TYPE = 3
BPTCK_ACT
BPTCK_ACT = 2
BPTCK_NO
BPTCK_NO = 0
BPTCK_NONE
BPTCK_NONE = -1
BPTCK_YES
BPTCK_YES = 1
BPT_BRK
BPT_BRK = 1
BPT_DEFAULT
BPT_DEFAULT = 12
BPT_ENABLED
BPT_ENABLED = 8
BPT_EXEC
BPT_EXEC = 8
BPT_LOWCND
BPT_LOWCND = 16
BPT_RDWR
BPT_RDWR = 3
BPT_SOFT
BPT_SOFT = 4
BPT_TRACE
BPT_TRACE = 2
BPT_TRACEON
BPT_TRACEON = 32
BPT_TRACE_BBLK
BPT_TRACE_BBLK = 256
BPT_TRACE_FUNC
BPT_TRACE_FUNC = 128
BPT_TRACE_INSN
BPT_TRACE_INSN = 64
BPT_UPDMEM
BPT_UPDMEM = 4
BPT_WRITE
BPT_WRITE = 1
BPU_1B
BPU_1B = 1
BPU_2B
BPU_2B = 2
BPU_4B
BPU_4B = 4
BREAKPOINT
BREAKPOINT = 16
CHART_GEN_GDL
CHART_GEN_GDL = 16384
CHART_NOLIBFUNCS
CHART_NOLIBFUNCS = 1024
CHART_PRINT_NAMES
CHART_PRINT_NAMES = 4096
CHART_WINGRAPH
CHART_WINGRAPH = 32768
CIC_FUNC
CIC_FUNC = 2
CIC_ITEM
CIC_ITEM = 1
CIC_SEGM
CIC_SEGM = 3
COMP_BC
COMP_BC = 2
COMP_BP
COMP_BP = 8
COMP_GNU
COMP_GNU = 6
COMP_MASK
COMP_MASK = 15
COMP_MS
COMP_MS = 1
COMP_UNK
COMP_UNK = 0
COMP_VISAGE
COMP_VISAGE = 7
COMP_WATCOM
COMP_WATCOM = 3
DBFL_BAK
DBFL_BAK = 4
DBG_ERROR
DBG_ERROR = -1
DBG_TIMEOUT
DBG_TIMEOUT = 0
DEFCOLOR
DEFCOLOR = 4294967295
DELIT_DELNAMES
DELIT_DELNAMES = 2
DELIT_EXPAND
DELIT_EXPAND = 1
DELIT_SIMPLE
DELIT_SIMPLE = 0
DEMNAM_CMNT
DEMNAM_CMNT = 0
DEMNAM_FIRST
DEMNAM_FIRST = 8
DEMNAM_GCC3
DEMNAM_GCC3 = 4
DEMNAM_MASK
DEMNAM_MASK = 3
DEMNAM_NAME
DEMNAM_NAME = 1
DEMNAM_NONE
DEMNAM_NONE = 2
DOPT_BPT_MSGS
DOPT_BPT_MSGS = 16
DOPT_ENTRY_BPT
DOPT_ENTRY_BPT = 4096
DOPT_EXCDLG
DOPT_EXCDLG = 24576
DOPT_INFO_BPT
DOPT_INFO_BPT = 512
DOPT_INFO_MSGS
DOPT_INFO_MSGS = 256
DOPT_LIB_BPT
DOPT_LIB_BPT = 128
DOPT_LIB_MSGS
DOPT_LIB_MSGS = 64
DOPT_LOAD_DINFO
DOPT_LOAD_DINFO = 32768
DOPT_REAL_MEMORY
DOPT_REAL_MEMORY = 1024
DOPT_REDO_STACK
DOPT_REDO_STACK = 2048
DOPT_SEGM_MSGS
DOPT_SEGM_MSGS = 1
DOPT_START_BPT
DOPT_START_BPT = 2
DOPT_THREAD_BPT
DOPT_THREAD_BPT = 8
DOPT_THREAD_MSGS
DOPT_THREAD_MSGS = 4
DSTATE_NOTASK
DSTATE_NOTASK = 0
DSTATE_RUN
DSTATE_RUN = 1
DSTATE_RUN_WAIT_ATTACH
DSTATE_RUN_WAIT_ATTACH = 2
DSTATE_RUN_WAIT_END
DSTATE_RUN_WAIT_END = 3
DSTATE_SUSP
DSTATE_SUSP = -1
DT_TYPE
DT_TYPE = 4026531840
ENFL_REGEX
ENFL_REGEX = 1
EXCDLG_ALWAYS
EXCDLG_ALWAYS = 24576
EXCDLG_NEVER
EXCDLG_NEVER = 0
EXCDLG_UNKNOWN
EXCDLG_UNKNOWN = 8192
EXCEPTION
EXCEPTION = 64
EXC_BREAK
EXC_BREAK = 1
EXC_HANDLE
EXC_HANDLE = 2
E_NEXT
E_NEXT = 2000
E_PREV
E_PREV = 1000
FF_0CHAR
FF_0CHAR = 3145728
FF_0ENUM
FF_0ENUM = 8388608
FF_0FOP
FF_0FOP = 9437184
FF_0NUMB
FF_0NUMB = 6291456
FF_0NUMD
FF_0NUMD = 2097152
FF_0NUMH
FF_0NUMH = 1048576
FF_0NUMO
FF_0NUMO = 7340032
FF_0OFF
FF_0OFF = 5242880
FF_0SEG
FF_0SEG = 4194304
FF_0STK
FF_0STK = 11534336
FF_0STRO
FF_0STRO = 10485760
FF_0VOID
FF_0VOID = 0
FF_1CHAR
FF_1CHAR = 50331648
FF_1ENUM
FF_1ENUM = 134217728
FF_1FOP
FF_1FOP = 150994944
FF_1NUMB
FF_1NUMB = 100663296
FF_1NUMD
FF_1NUMD = 33554432
FF_1NUMH
FF_1NUMH = 16777216
FF_1NUMO
FF_1NUMO = 117440512
FF_1OFF
FF_1OFF = 83886080
FF_1SEG
FF_1SEG = 67108864
FF_1STK
FF_1STK = 184549376
FF_1STRO
FF_1STRO = 167772160
FF_1VOID
FF_1VOID = 0
FF_ALIGN
FF_ALIGN = 2952790016
FF_ANYNAME
FF_ANYNAME = 49152
FF_BYTE
FF_BYTE = 0
FF_CODE
FF_CODE = 1536
FF_COMM
FF_COMM = 2048
FF_DATA
FF_DATA = 1024
FF_DOUBLE
FF_DOUBLE = 2415919104
FF_DWORD
FF_DWORD = 536870912
FF_FLOAT
FF_FLOAT = 2147483648
FF_FLOW
FF_FLOW = 65536
FF_FUNC
FF_FUNC = 268435456
FF_IMMD
FF_IMMD = 1073741824
FF_IVL
FF_IVL = 256
FF_JUMP
FF_JUMP = 2147483648
FF_LABL
FF_LABL = 32768
FF_LINE
FF_LINE = 8192
FF_NAME
FF_NAME = 16384
FF_OWORD
FF_OWORD = 1879048192
FF_PACKREAL
FF_PACKREAL = 2684354560
FF_QWORD
FF_QWORD = 805306368
FF_REF
FF_REF = 4096
FF_STRLIT
FF_STRLIT = 1342177280
FF_STRUCT
FF_STRUCT = 1610612736
FF_TAIL
FF_TAIL = 512
FF_TBYTE
FF_TBYTE = 1073741824
FF_UNK
FF_UNK = 0
FF_WORD
FF_WORD = 268435456
FIXUPF_CREATED
FIXUPF_CREATED = 8
FIXUPF_EXTDEF
FIXUPF_EXTDEF = 2
FIXUPF_REL
FIXUPF_REL = 1
FIXUPF_UNUSED
FIXUPF_UNUSED = 4
FIXUP_CUSTOM
FIXUP_CUSTOM = 32768
FIXUP_HI16
FIXUP_HI16 = 7
FIXUP_HI8
FIXUP_HI8 = 6
FIXUP_LOW16
FIXUP_LOW16 = 9
FIXUP_LOW8
FIXUP_LOW8 = 8
FIXUP_OFF16
FIXUP_OFF16 = 1
FIXUP_OFF32
FIXUP_OFF32 = 4
FIXUP_OFF64
FIXUP_OFF64 = 12
FIXUP_OFF8
FIXUP_OFF8 = 13
FIXUP_PTR32
FIXUP_PTR32 = 3
FIXUP_PTR48
FIXUP_PTR48 = 5
FIXUP_SEG16
FIXUP_SEG16 = 2
FT_AIXAR
FT_AIXAR = 24
FT_AOUT
FT_AOUT = 20
FT_AR
FT_AR = 16
FT_BIN
FT_BIN = 2
FT_COFF
FT_COFF = 10
FT_COM
FT_COM = 23
FT_COM_OLD
FT_COM_OLD = 1
FT_DRV
FT_DRV = 3
FT_ELF
FT_ELF = 18
FT_EXE
FT_EXE = 22
FT_EXE_OLD
FT_EXE_OLD = 0
FT_HEX
FT_HEX = 5
FT_LE
FT_LE = 8
FT_LOADER
FT_LOADER = 17
FT_LX
FT_LX = 7
FT_MACHO
FT_MACHO = 25
FT_MEX
FT_MEX = 6
FT_NLM
FT_NLM = 9
FT_OMF
FT_OMF = 12
FT_OMFLIB
FT_OMFLIB = 15
FT_PE
FT_PE = 11
FT_PRC
FT_PRC = 21
FT_SREC
FT_SREC = 13
FT_W32RUN
FT_W32RUN = 19
FT_WIN
FT_WIN = 4
FT_ZIP
FT_ZIP = 14
FUNCATTR_ARGSIZE
FUNCATTR_ARGSIZE = 48
FUNCATTR_COLOR
FUNCATTR_COLOR = 64
FUNCATTR_END
FUNCATTR_END = 8
FUNCATTR_FLAGS
FUNCATTR_FLAGS = 16
FUNCATTR_FPD
FUNCATTR_FPD = 56
FUNCATTR_FRAME
FUNCATTR_FRAME = 24
FUNCATTR_FRREGS
FUNCATTR_FRREGS = 40
FUNCATTR_FRSIZE
FUNCATTR_FRSIZE = 32
FUNCATTR_OWNER
FUNCATTR_OWNER = 24
FUNCATTR_REFQTY
FUNCATTR_REFQTY = 32
FUNCATTR_START
FUNCATTR_START = 0
FUNC_BOTTOMBP
FUNC_BOTTOMBP = 256
FUNC_FAR
FUNC_FAR = 2
FUNC_FRAME
FUNC_FRAME = 16
FUNC_HIDDEN
FUNC_HIDDEN = 64
FUNC_LIB
FUNC_LIB = 4
FUNC_LUMINA
FUNC_LUMINA = 65536
FUNC_NORET
FUNC_NORET = 1
FUNC_NORET_PENDING
FUNC_NORET_PENDING = 512
FUNC_OUTLINE
FUNC_OUTLINE = 131072
FUNC_PURGED_OK
FUNC_PURGED_OK = 16384
FUNC_SP_READY
FUNC_SP_READY = 1024
FUNC_STATIC
FUNC_STATIC = 8
FUNC_TAIL
FUNC_TAIL = 32768
FUNC_THUNK
FUNC_THUNK = 128
FUNC_USERFAR
FUNC_USERFAR = 32
GENDSM_FORCE_CODE
GENDSM_FORCE_CODE = 1
GENDSM_MULTI_LINE
GENDSM_MULTI_LINE = 2
GENFLG_ASMINC
GENFLG_ASMINC = 64
GENFLG_ASMTYPE
GENFLG_ASMTYPE = 16
GENFLG_GENHTML
GENFLG_GENHTML = 32
GENFLG_IDCTYPE
GENFLG_IDCTYPE = 8
GENFLG_MAPDMNG
GENFLG_MAPDMNG = 4
GENFLG_MAPLOC
GENFLG_MAPLOC = 8
GENFLG_MAPNAME
GENFLG_MAPNAME = 2
GENFLG_MAPSEG
GENFLG_MAPSEG = 1
GN_COLORED
GN_COLORED = 2
GN_DEMANGLED
GN_DEMANGLED = 4
GN_ISRET
GN_ISRET = 128
GN_LOCAL
GN_LOCAL = 64
GN_LONG
GN_LONG = 32
GN_NOT_ISRET
GN_NOT_ISRET = 256
GN_SHORT
GN_SHORT = 16
GN_STRICT
GN_STRICT = 8
GN_VISIBLE
GN_VISIBLE = 1
IDA_STATUS_READY
IDA_STATUS_READY = 0
IDA_STATUS_THINKING
IDA_STATUS_THINKING = 1
IDA_STATUS_WAITING
IDA_STATUS_WAITING = 2
IDA_STATUS_WORK
IDA_STATUS_WORK = 3
IDB_COMPRESSED
IDB_COMPRESSED = 2
IDB_PACKED
IDB_PACKED = 1
IDB_UNPACKED
IDB_UNPACKED = 0
IDCHK_ARG
IDCHK_ARG = -1
IDCHK_KEY
IDCHK_KEY = -2
IDCHK_MAX
IDCHK_MAX = -3
IDCHK_OK
IDCHK_OK = 0
INFFL_ALLASM
INFFL_ALLASM = 2
INFFL_AUTO
INFFL_AUTO = 1
INFFL_CHKOPS
INFFL_CHKOPS = 32
INFFL_GRAPH_VIEW
INFFL_GRAPH_VIEW = 128
INFFL_LOADIDC
INFFL_LOADIDC = 4
INFFL_NMOPS
INFFL_NMOPS = 64
INFFL_NOUSER
INFFL_NOUSER = 8
INFFL_READONLY
INFFL_READONLY = 16
INFORMATION
INFORMATION = 512
INF_ABIBITS
INF_ABIBITS = 67
INF_AF
INF_AF = 10
INF_AF2
INF_AF2 = 11
INF_APPCALL_OPTIONS
INF_APPCALL_OPTIONS = 68
INF_APPTYPE
INF_APPTYPE = 7
INF_ASMTYPE
INF_ASMTYPE = 8
INF_BASEADDR
INF_BASEADDR = 12
INF_BINPREF
INF_BINPREF = 47
INF_BIN_PREFIX_SIZE
INF_BIN_PREFIX_SIZE = 47
INF_BORDER
INF_BORDER = 46
INF_CC_CM
INF_CC_CM = 58
INF_CC_DEFALIGN
INF_CC_DEFALIGN = 62
INF_CC_ID
INF_CC_ID = 57
INF_CC_SIZE_B
INF_CC_SIZE_B = 60
INF_CC_SIZE_E
INF_CC_SIZE_E = 61
INF_CC_SIZE_I
INF_CC_SIZE_I = 59
INF_CC_SIZE_L
INF_CC_SIZE_L = 64
INF_CC_SIZE_LDBL
INF_CC_SIZE_LDBL = 66
INF_CC_SIZE_LL
INF_CC_SIZE_LL = 65
INF_CC_SIZE_S
INF_CC_SIZE_S = 63
INF_CHANGE_COUNTER
INF_CHANGE_COUNTER = 4
INF_CMTFLAG
INF_CMTFLAG = 45
INF_CMTFLG
INF_CMTFLG = 45
INF_CMT_INDENT
INF_CMT_INDENT = 41
INF_COMMENT
INF_COMMENT = 41
INF_COMPILER
INF_COMPILER = 57
INF_DATABASE_CHANGE_COUNT
INF_DATABASE_CHANGE_COUNT = 4
INF_DATATYPES
INF_DATATYPES = 55
INF_DEMNAMES
INF_DEMNAMES = 38
INF_END_PRIVRANGE
INF_END_PRIVRANGE = 28
INF_FILETYPE
INF_FILETYPE = 5
INF_GENFLAGS
INF_GENFLAGS = 2
INF_HIGHOFF
INF_HIGHOFF = 24
INF_HIGH_OFF
INF_HIGH_OFF = 24
INF_INDENT
INF_INDENT = 40
INF_LENXREF
INF_LENXREF = 43
INF_LFLAGS
INF_LFLAGS = 3
INF_LIMITER
INF_LIMITER = 46
INF_LISTNAMES
INF_LISTNAMES = 39
INF_LONG_DEMNAMES
INF_LONG_DEMNAMES = 37
INF_LONG_DN
INF_LONG_DN = 37
INF_LOWOFF
INF_LOWOFF = 23
INF_LOW_OFF
INF_LOW_OFF = 23
INF_MAIN
INF_MAIN = 18
INF_MARGIN
INF_MARGIN = 42
INF_MAXREF
INF_MAXREF = 25
INF_MAX_AUTONAME_LEN
INF_MAX_AUTONAME_LEN = 34
INF_MAX_EA
INF_MAX_EA = 20
INF_MIN_EA
INF_MIN_EA = 19
INF_MODEL
INF_MODEL = 58
INF_NAMETYPE
INF_NAMETYPE = 35
INF_NETDELTA
INF_NETDELTA = 29
INF_OMAX_EA
INF_OMAX_EA = 22
INF_OMIN_EA
INF_OMIN_EA = 21
INF_OSTYPE
INF_OSTYPE = 6
INF_OUTFLAGS
INF_OUTFLAGS = 44
INF_PREFFLAG
INF_PREFFLAG = 48
INF_PRIVRANGE_END_EA
INF_PRIVRANGE_END_EA = 28
INF_PRIVRANGE_START_EA
INF_PRIVRANGE_START_EA = 27
INF_PROCNAME
INF_PROCNAME = 1
INF_REFCMTNUM
INF_REFCMTNUM = 32
INF_REFCMTS
INF_REFCMTS = 32
INF_SHORT_DEMNAMES
INF_SHORT_DEMNAMES = 36
INF_SHORT_DN
INF_SHORT_DN = 36
INF_SIZEOF_ALGN
INF_SIZEOF_ALGN = 62
INF_SIZEOF_BOOL
INF_SIZEOF_BOOL = 60
INF_SIZEOF_ENUM
INF_SIZEOF_ENUM = 61
INF_SIZEOF_INT
INF_SIZEOF_INT = 59
INF_SIZEOF_LDBL
INF_SIZEOF_LDBL = 66
INF_SIZEOF_LLONG
INF_SIZEOF_LLONG = 65
INF_SIZEOF_LONG
INF_SIZEOF_LONG = 64
INF_SIZEOF_SHORT
INF_SIZEOF_SHORT = 63
INF_SPECSEGS
INF_SPECSEGS = 9
INF_START_CS
INF_START_CS = 14
INF_START_EA
INF_START_EA = 16
INF_START_IP
INF_START_IP = 15
INF_START_PRIVRANGE
INF_START_PRIVRANGE = 27
INF_START_SP
INF_START_SP = 17
INF_START_SS
INF_START_SS = 13
INF_STRLIT_BREAK
INF_STRLIT_BREAK = 50
INF_STRLIT_FLAGS
INF_STRLIT_FLAGS = 49
INF_STRLIT_PREF
INF_STRLIT_PREF = 53
INF_STRLIT_SERNUM
INF_STRLIT_SERNUM = 54
INF_STRLIT_ZEROES
INF_STRLIT_ZEROES = 51
INF_STRTYPE
INF_STRTYPE = 52
INF_TYPE_XREFNUM
INF_TYPE_XREFNUM = 31
INF_TYPE_XREFS
INF_TYPE_XREFS = 31
INF_VERSION
INF_VERSION = 0
INF_XREFFLAG
INF_XREFFLAG = 33
INF_XREFNUM
INF_XREFNUM = 30
INF_XREFS
INF_XREFS = 33
LFLG_64BIT
LFLG_64BIT = 4
LFLG_COMPRESS
LFLG_COMPRESS = 1024
LFLG_DBG_NOPATH
LFLG_DBG_NOPATH = 128
LFLG_FLAT_OFF32
LFLG_FLAT_OFF32 = 16
LFLG_IS_DLL
LFLG_IS_DLL = 8
LFLG_KERNMODE
LFLG_KERNMODE = 2048
LFLG_MSF
LFLG_MSF = 32
LFLG_PACK
LFLG_PACK = 512
LFLG_PC_FLAT
LFLG_PC_FLAT = 2
LFLG_PC_FPP
LFLG_PC_FPP = 1
LFLG_SNAPSHOT
LFLG_SNAPSHOT = 256
LFLG_WIDE_HBF
LFLG_WIDE_HBF = 64
LIB_LOADED
LIB_LOADED = 128
LIB_UNLOADED
LIB_UNLOADED = 256
LMT_EMPTY
LMT_EMPTY = 4
LMT_THICK
LMT_THICK = 2
LMT_THIN
LMT_THIN = 1
LN_AUTO
LN_AUTO = 4
LN_NORMAL
LN_NORMAL = 1
LN_PUBLIC
LN_PUBLIC = 2
LN_WEAK
LN_WEAK = 8
MAXADDR
MAXADDR = 18374686479671623680
MOVE_SEGM_CHUNK
MOVE_SEGM_CHUNK = -4
MOVE_SEGM_IDP
MOVE_SEGM_IDP = -3
MOVE_SEGM_LOADER
MOVE_SEGM_LOADER = -5
MOVE_SEGM_ODD
MOVE_SEGM_ODD = -6
MOVE_SEGM_OK
MOVE_SEGM_OK = 0
MOVE_SEGM_PARAM
MOVE_SEGM_PARAM = -1
MOVE_SEGM_ROOM
MOVE_SEGM_ROOM = -2
MSF_FIXONCE
MSF_FIXONCE = 8
MSF_LDKEEP
MSF_LDKEEP = 4
MSF_NOFIX
MSF_NOFIX = 2
MSF_SILENT
MSF_SILENT = 1
MS_0TYPE
MS_0TYPE = 15728640
MS_1TYPE
MS_1TYPE = 251658240
MS_CLS
MS_CLS = 1536
MS_CODE
MS_CODE = 4026531840
MS_COMM
MS_COMM = 1046528
MS_VAL
MS_VAL = 255
NEF_CODE
NEF_CODE = 256
NEF_FILL
NEF_FILL = 16
NEF_FIRST
NEF_FIRST = 128
NEF_FLAT
NEF_FLAT = 1024
NEF_IMPS
NEF_IMPS = 32
NEF_MAN
NEF_MAN = 8
NEF_NAME
NEF_NAME = 4
NEF_RELOAD
NEF_RELOAD = 512
NEF_RSCS
NEF_RSCS = 2
NEF_SEGS
NEF_SEGS = 1
NM_EA
NM_EA = 6
NM_EA4
NM_EA4 = 7
NM_EA8
NM_EA8 = 8
NM_NAM_EA
NM_NAM_EA = 5
NM_NAM_OFF
NM_NAM_OFF = 2
NM_PTR_EA
NM_PTR_EA = 4
NM_PTR_OFF
NM_PTR_OFF = 1
NM_REL_EA
NM_REL_EA = 3
NM_REL_OFF
NM_REL_OFF = 0
NM_SERIAL
NM_SERIAL = 10
NM_SHORT
NM_SHORT = 9
NOTASK
NOTASK = -2
OFILE_ASM
OFILE_ASM = 4
OFILE_DIF
OFILE_DIF = 5
OFILE_EXE
OFILE_EXE = 1
OFILE_IDC
OFILE_IDC = 2
OFILE_LST
OFILE_LST = 3
OFILE_MAP
OFILE_MAP = 0
OFLG_GEN_ASSUME
OFLG_GEN_ASSUME = 512
OFLG_GEN_NULL
OFLG_GEN_NULL = 16
OFLG_GEN_ORG
OFLG_GEN_ORG = 256
OFLG_GEN_TRYBLKS
OFLG_GEN_TRYBLKS = 1024
OFLG_LZERO
OFLG_LZERO = 128
OFLG_PREF_SEG
OFLG_PREF_SEG = 64
OFLG_SHOW_AUTO
OFLG_SHOW_AUTO = 4
OFLG_SHOW_PREF
OFLG_SHOW_PREF = 32
OFLG_SHOW_VOID
OFLG_SHOW_VOID = 2
OPND_OUTER
OPND_OUTER = 128
OSTYPE_MSDOS
OSTYPE_MSDOS = 1
OSTYPE_NETW
OSTYPE_NETW = 8
OSTYPE_OS2
OSTYPE_OS2 = 4
OSTYPE_WIN
OSTYPE_WIN = 2
PDF_DEF_BASE
PDF_DEF_BASE = 4
PDF_DEF_FWD
PDF_DEF_FWD = 2
PDF_HEADER_CMT
PDF_HEADER_CMT = 8
PDF_INCL_DEPS
PDF_INCL_DEPS = 1
PREF_FNCOFF
PREF_FNCOFF = 2
PREF_PFXTRUNC
PREF_PFXTRUNC = 8
PREF_SEGADR
PREF_SEGADR = 1
PREF_STACK
PREF_STACK = 4
PROCESS_ATTACHED
PROCESS_ATTACHED = 1024
PROCESS_DETACHED
PROCESS_DETACHED = 2048
PROCESS_EXITED
PROCESS_EXITED = 2
PROCESS_STARTED
PROCESS_STARTED = 1
PROCESS_SUSPENDED
PROCESS_SUSPENDED = 4096
PRTYPE_1LINCMT
PRTYPE_1LINCMT = 8192
PRTYPE_1LINE
PRTYPE_1LINE = 0
PRTYPE_COLORED
PRTYPE_COLORED = 2048
PRTYPE_CPP
PRTYPE_CPP = 16
PRTYPE_DEF
PRTYPE_DEF = 32
PRTYPE_METHODS
PRTYPE_METHODS = 4096
PRTYPE_MULTI
PRTYPE_MULTI = 1
PRTYPE_NOARGS
PRTYPE_NOARGS = 64
PRTYPE_NOARRS
PRTYPE_NOARRS = 128
PRTYPE_NOREGEX
PRTYPE_NOREGEX = 1024
PRTYPE_NORES
PRTYPE_NORES = 256
PRTYPE_PRAGMA
PRTYPE_PRAGMA = 4
PRTYPE_RESTORE
PRTYPE_RESTORE = 512
PRTYPE_SEMI
PRTYPE_SEMI = 8
PRTYPE_TYPE
PRTYPE_TYPE = 2
PT_FILE
PT_FILE = 65536
PT_HIGH
PT_HIGH = 128
PT_LOWER
PT_LOWER = 256
PT_NDC
PT_NDC = 2
PT_PACKMASK
PT_PACKMASK = 112
PT_PAK1
PT_PAK1 = 16
PT_PAK16
PT_PAK16 = 80
PT_PAK2
PT_PAK2 = 32
PT_PAK4
PT_PAK4 = 48
PT_PAK8
PT_PAK8 = 64
PT_PAKDEF
PT_PAKDEF = 0
PT_RAWARGS
PT_RAWARGS = 1024
PT_REPLACE
PT_REPLACE = 512
PT_SIL
PT_SIL = 1
PT_SILENT
PT_SILENT = 1
PT_TYP
PT_TYP = 4
PT_VAR
PT_VAR = 8
REFINFO_NOBASE
REFINFO_NOBASE = 128
REFINFO_PASTEND
REFINFO_PASTEND = 32
REFINFO_RVA
REFINFO_RVA = 16
REFINFO_SIGNEDOP
REFINFO_SIGNEDOP = 512
REFINFO_SUBTRACT
REFINFO_SUBTRACT = 256
REF_HIGH16
REF_HIGH16 = 6
REF_HIGH8
REF_HIGH8 = 5
REF_LOW16
REF_LOW16 = 4
REF_LOW8
REF_LOW8 = 3
REF_OFF16
REF_OFF16 = 1
REF_OFF32
REF_OFF32 = 2
REF_OFF64
REF_OFF64 = 9
REF_OFF8
REF_OFF8 = 10
SCF_ALLCMT
SCF_ALLCMT = 2
SCF_LINNUM
SCF_LINNUM = 8
SCF_NOCMT
SCF_NOCMT = 4
SCF_RPTCMT
SCF_RPTCMT = 1
SCF_SHHID_FUNC
SCF_SHHID_FUNC = 64
SCF_SHHID_ITEM
SCF_SHHID_ITEM = 32
SCF_SHHID_SEGM
SCF_SHHID_SEGM = 128
SCF_TESTMODE
SCF_TESTMODE = 16
SEGATTR_ALIGN
SEGATTR_ALIGN = 40
SEGATTR_BITNESS
SEGATTR_BITNESS = 43
SEGATTR_COLOR
SEGATTR_COLOR = 188
SEGATTR_COMB
SEGATTR_COMB = 41
SEGATTR_CS
SEGATTR_CS = 64
SEGATTR_DS
SEGATTR_DS = 80
SEGATTR_END
SEGATTR_END = 8
SEGATTR_ES
SEGATTR_ES = 56
SEGATTR_FLAGS
SEGATTR_FLAGS = 44
SEGATTR_FS
SEGATTR_FS = 88
SEGATTR_GS
SEGATTR_GS = 96
SEGATTR_ORGBASE
SEGATTR_ORGBASE = 32
SEGATTR_PERM
SEGATTR_PERM = 42
SEGATTR_SEL
SEGATTR_SEL = 48
SEGATTR_SS
SEGATTR_SS = 72
SEGATTR_START
SEGATTR_START = 0
SEGATTR_TYPE
SEGATTR_TYPE = 184
SEGMOD_KEEP
SEGMOD_KEEP = 2
SEGMOD_KILL
SEGMOD_KILL = 1
SEGMOD_SILENT
SEGMOD_SILENT = 4
SEG_ABSSYM
SEG_ABSSYM = 10
SEG_BSS
SEG_BSS = 9
SEG_CODE
SEG_CODE = 2
SEG_COMM
SEG_COMM = 11
SEG_DATA
SEG_DATA = 3
SEG_GRP
SEG_GRP = 6
SEG_IMEM
SEG_IMEM = 12
SEG_IMP
SEG_IMP = 4
SEG_NORM
SEG_NORM = 0
SEG_NULL
SEG_NULL = 7
SEG_UNDF
SEG_UNDF = 8
SEG_XTRN
SEG_XTRN = 1
SETPROC_IDB
SETPROC_IDB = 0
SETPROC_LOADER
SETPROC_LOADER = 1
SETPROC_LOADER_NON_FATAL
SETPROC_LOADER_NON_FATAL = 2
SETPROC_USER
SETPROC_USER = 3
SFL_COMORG
SFL_COMORG = 1
SFL_DEBUG
SFL_DEBUG = 8
SFL_HIDDEN
SFL_HIDDEN = 4
SFL_HIDETYPE
SFL_HIDETYPE = 32
SFL_LOADER
SFL_LOADER = 16
SFL_OBOK
SFL_OBOK = 2
SIZE_MAX
SIZE_MAX = 18446744073709551615
SN_AUTO
SN_AUTO = 32
SN_CHECK
SN_CHECK = 0
SN_LOCAL
SN_LOCAL = 512
SN_NOCHECK
SN_NOCHECK = 1
SN_NOLIST
SN_NOLIST = 128
SN_NON_AUTO
SN_NON_AUTO = 64
SN_NON_PUBLIC
SN_NON_PUBLIC = 4
SN_NON_WEAK
SN_NON_WEAK = 16
SN_NOWARN
SN_NOWARN = 256
SN_PUBLIC
SN_PUBLIC = 2
SN_WEAK
SN_WEAK = 8
SR_auto
SR_auto = 3
SR_autostart
SR_autostart = 4
SR_inherit
SR_inherit = 1
SR_user
SR_user = 2
STEP
STEP = 32
STRF_AUTO
STRF_AUTO = 2
STRF_COMMENT
STRF_COMMENT = 16
STRF_GEN
STRF_GEN = 1
STRF_SAVECASE
STRF_SAVECASE = 32
STRF_SERIAL
STRF_SERIAL = 4
STRF_UNICODE
STRF_UNICODE = 8
STRLYT_MASK
STRLYT_MASK = 252
STRLYT_PASCAL1
STRLYT_PASCAL1 = 1
STRLYT_PASCAL2
STRLYT_PASCAL2 = 2
STRLYT_PASCAL4
STRLYT_PASCAL4 = 3
STRLYT_SHIFT
STRLYT_SHIFT = 2
STRLYT_TERMCHR
STRLYT_TERMCHR = 0
STRTYPE_C
STRTYPE_C = 0
STRTYPE_C16
STRTYPE_C16 = 1
STRTYPE_C_16
STRTYPE_C_16 = 1
STRTYPE_C_32
STRTYPE_C_32 = 2
STRTYPE_LEN2
STRTYPE_LEN2 = 8
STRTYPE_LEN2_16
STRTYPE_LEN2_16 = 9
STRTYPE_LEN4
STRTYPE_LEN4 = 12
STRTYPE_LEN4_16
STRTYPE_LEN4_16 = 13
STRTYPE_PASCAL
STRTYPE_PASCAL = 4
STRTYPE_PASCAL_16
STRTYPE_PASCAL_16 = 5
STRTYPE_TERMCHR
STRTYPE_TERMCHR = 0
STRWIDTH_1B
STRWIDTH_1B = 0
STRWIDTH_2B
STRWIDTH_2B = 1
STRWIDTH_4B
STRWIDTH_4B = 2
STRWIDTH_MASK
STRWIDTH_MASK = 3
STT_MM
STT_MM = 1
STT_VA
STT_VA = 0
ST_ALREADY_LOGGED
ST_ALREADY_LOGGED = 4
ST_OVER_DEBUG_SEG
ST_OVER_DEBUG_SEG = 1
ST_OVER_LIB_FUNC
ST_OVER_LIB_FUNC = 2
ST_SKIP_LOOPS
ST_SKIP_LOOPS = 8
SW_SEGXRF
SW_SEGXRF = 1
SW_XRFFNC
SW_XRFFNC = 4
SW_XRFMRK
SW_XRFMRK = 2
SW_XRFVAL
SW_XRFVAL = 8
TEV_BPT
TEV_BPT = 4
TEV_CALL
TEV_CALL = 2
TEV_EVENT
TEV_EVENT = 6
TEV_INSN
TEV_INSN = 1
TEV_MEM
TEV_MEM = 5
TEV_NONE
TEV_NONE = 0
TEV_RET
TEV_RET = 3
THREAD_EXITED
THREAD_EXITED = 8
THREAD_STARTED
THREAD_STARTED = 4
TINFO_DEFINITE
TINFO_DEFINITE = 1
TINFO_DELAYFUNC
TINFO_DELAYFUNC = 2
TINFO_GUESSED
TINFO_GUESSED = 0
TRACE_FUNC
TRACE_FUNC = 2
TRACE_INSN
TRACE_INSN = 1
TRACE_STEP
TRACE_STEP = 0
WFNE_ANY
WFNE_ANY = 1
WFNE_CONT
WFNE_CONT = 8
WFNE_NOWAIT
WFNE_NOWAIT = 16
WFNE_SILENT
WFNE_SILENT = 4
WFNE_SUSP
WFNE_SUSP = 2
WORDMASK
WORDMASK = 18446744073709551615
XREF_USER
XREF_USER = 32
dr_I
dr_I = 5
dr_O
dr_O = 1
dr_R
dr_R = 3
dr_T
dr_T = 4
dr_W
dr_W = 2
fl_CF
fl_CF = 16
fl_CN
fl_CN = 17
fl_F
fl_F = 21
fl_JF
fl_JF = 18
fl_JN
fl_JN = 19
o_cond
o_cond = 14
o_crb
o_crb = 12
o_creg
o_creg = 11
o_creglist
o_creglist = 10
o_crf
o_crf = 11
o_crreg
o_crreg = 10
o_dbreg
o_dbreg = 9
o_dcr
o_dcr = 13
o_displ
o_displ = 4
o_far
o_far = 6
o_fpreg
o_fpreg = 11
o_fpreglist
o_fpreglist = 12
o_idpspec0
o_idpspec0 = 8
o_idpspec1
o_idpspec1 = 9
o_idpspec2
o_idpspec2 = 10
o_idpspec3
o_idpspec3 = 11
o_idpspec4
o_idpspec4 = 12
o_idpspec5
o_idpspec5 = 13
o_imm
o_imm = 5
o_mem
o_mem = 2
o_mmxreg
o_mmxreg = 12
o_near
o_near = 7
o_phrase
o_phrase = 3
o_reg
o_reg = 1
o_reglist
o_reglist = 9
o_shmbme
o_shmbme = 10
o_spr
o_spr = 8
o_text
o_text = 13
o_trreg
o_trreg = 8
o_twofpr
o_twofpr = 9
o_void
o_void = 0
o_xmmreg
o_xmmreg = 13
saAbs
saAbs = 0
saGroup
saGroup = 7
saRel32Bytes
saRel32Bytes = 8
saRel4K
saRel4K = 6
saRel64Bytes
saRel64Bytes = 9
saRelByte
saRelByte = 1
saRelDble
saRelDble = 5
saRelPage
saRelPage = 4
saRelPara
saRelPara = 3
saRelQword
saRelQword = 10
saRelWord
saRelWord = 2
scCommon
scCommon = 6
scPriv
scPriv = 0
scPub
scPub = 2
scPub2
scPub2 = 4
scPub3
scPub3 = 7
scStack
scStack = 5
Functions
AddSeg(startea, endea, base, use32, align, comb)
AutoMark(ea, qtype)
Plan to analyze an address
EVAL_FAILURE(code)
Check the result of eval_idc() for evaluation failures
code: result of eval_idc()
return: True if there was an evaluation error
GetDisasm(ea)
Get disassembly line
ea: linear address of instruction
return: "" - could not decode instruction at the specified location
note: this function may not return exactly the same mnemonics
as you see on the screen.
GetDouble(ea)
Get value of a floating point number (8 bytes) This function assumes number stored using IEEE format and in the same endianness as integers.
ea: linear address
return: double
GetFloat(ea)
Get value of a floating point number (4 bytes) This function assumes number stored using IEEE format and in the same endianness as integers.
ea: linear address
return: float
GetLocalType(ordinal, flags)
Retrieve a local type declaration flags: any of PRTYPE_* constants return: local type as a C declaration or ""
LoadFile(filepath, pos, ea, size)
Load file into IDA database
filepath: path to input file
pos: position in the file
ea: linear address to load
size: number of bytes to load
return: 0 - error, 1 - ok
MakeVar(ea)
SaveFile(filepath, pos, ea, size)
Save from IDA database to file
filepath: path to output file
pos: position in the file
ea: linear address to save from
size: number of bytes to save
return: 0 - error, 1 - ok
SetPrcsr(processor)
SetType(ea, newtype)
Set type of function/variable
ea: the address of the object
newtype: the type string in C declaration form.
Must contain the closing ';'
if specified as an empty string, then the
item associated with 'ea' will be deleted.
return: 1-ok, 0-failed.
SizeOf(typestr)
Returns the size of the type. It is equivalent to IDC's sizeof(). typestr: can be specified as a typeinfo tuple (e.g. the result of get_tinfo()), serialized type byte string, or a string with C declaration (e.g. "int") return: -1 if typestring is not valid or has no size. otherwise size of the type
add_auto_stkpnt(func_ea, ea, delta)
Add automatic SP register change point func_ea: function start ea: linear address where SP changes usually this is the end of the instruction which modifies the stack pointer (insn.ea+insn.size) delta: difference between old and new values of SP return: 1-ok, 0-failed
add_default_til(name)
Load a type library
name: name of type library.
return: 1-ok, 0-failed.
add_enum(idx, name, flag)
Add a new enum type
idx: is not used anymore
name: name of the enum.
flag: flags for representation of numeric constants
in the definition of enum.
return: id of new enum or BADADDR
add_enum_member(enum_id, name, value, bmask=-1)
Add a member of enum - a symbolic constant
enum_id: id of enum
name: name of symbolic constant. Must be unique in the program.
value: value of symbolic constant.
bmask: bitmask of the constant
ordinary enums accept only -1 as a bitmask
all bits set in value should be set in bmask too
return: 0-ok, otherwise error code (one of ENUM_MEMBER_ERROR_*)
startea: linear address of the start of the segment
endea: linear address of the end of the segment
this address will not belong to the segment
'endea' should be higher than 'startea'
base: base paragraph or selector of the segment.
a paragraph is 16byte memory chunk.
If a selector value is specified, the selector should be
already defined.
use32: 0: 16bit segment, 1: 32bit segment, 2: 64bit segment
align: segment alignment. see below for alignment values
comb: segment combination. see below for combination values.
flags: combination of ADDSEG_... bits
return: 0-failed, 1-ok
add_struc(index, name, is_union)
Define a new structure type
index: -1
name: name of the new structure type.
is_union: 0: structure
1: union
return: -1 if can't define structure type because of
bad structure name: the name is ill-formed or is
already used in the program.
otherwise returns ID of the new structure type
sid: structure type ID
name: name of the new member
offset: offset of the new member
-1 means to add at the end of the structure
flag: type of the new member. Should be one of
FF_BYTE..FF_PACKREAL (see above) combined with FF_DATA
typeid: if is_struct(flag) then typeid specifies the structure id for the member
if is_off0(flag) then typeid specifies the offset base.
if is_strlit(flag) then typeid specifies the string type (STRTYPE_...).
if is_stroff(flag) then typeid specifies the structure id
if is_enum(flag) then typeid specifies the enum id
if is_custom(flags) then typeid specifies the dtid and fid: dtid|(fid<<16)
Otherwise typeid should be -1.
nbytes: number of bytes in the new member
target: target address of the offset expr. You may specify it as
-1, ida will calculate it itself
tdelta: offset target delta. usually 0
reftype: see REF_... definitions
note: The remaining arguments are allowed only if is_off0(flag) and you want
to specify a complex offset expression
return: 0 - ok, otherwise error code (one of typeinf.TERR_*)
append_func_tail(funcea, ea1, ea2)
Append a function chunk to the function
funcea: any address in the function
ea1: start of function tail
ea2: end of function tail
return: 0 if failed, 1 if success
note: If a chunk exists at the specified addresses, it must have exactly
the specified boundaries
apply_type(ea, py_type, flags=1)
Apply the specified type to the address
ea: the address of the object
py_type: typeinfo tuple (type, fields) as get_tinfo() returns
or tuple (name, type, fields) as parse_decl() returns
or None
if specified as None, then the
item associated with 'ea' will be deleted.
flags: combination of TINFO_... constants or 0
return: Boolean
atoa(ea)
Convert address value to a string Return address in the form 'seg000:1234' (the same as in line prefixes)
ea: address to format
atol(s)
batch(batch)
Enable/disable batch mode of operation
batch: batch mode
0 - ida will display dialog boxes and wait for the user input
1 - ida will not display dialog boxes, warnings, etc.
return: old balue of batch flag
byte_value(F)
Get byte value from flags Get value of byte provided that the byte is initialized. This macro works ok only for 8-bit byte machines.
call_system(command)
Execute an OS command.
command: command line to execute
return: error code from OS
note:
IDA will wait for the started program to finish. In order to start the command in parallel, use OS methods. For example, you may start another program in parallel using "start" command.
can_exc_continue()
Can it continue after EXCEPTION event?
return: boolean
choose_func(title)
Ask the user to select a function
Arguments:
title: title of the dialog box
return: -1 - user refused to select a function
otherwise returns the selected function start address
clear_trace(filename)
Clear the current trace buffer
create_array(name)
Create array.
name: The array name.
return: -1 in case of failure, a valid array_id otherwise.
create_byte(ea)
Convert the current item to a byte
ea: linear address
return: 1-ok, 0-failure
create_double(ea)
Convert the current item to a double floating point (8 bytes)
ea: linear address
return: 1-ok, 0-failure
create_dword(ea)
Convert the current item to a double word (4 bytes)
ea: linear address
return: 1-ok, 0-failure
create_float(ea)
Convert the current item to a floating point (4 bytes)
ea: linear address
return: 1-ok, 0-failure
create_oword(ea)
Convert the current item to an octa word (16 bytes/128 bits)
ea: linear address
return: 1-ok, 0-failure
create_pack_real(ea)
Convert the current item to a packed real (10 or 12 bytes)
ea: linear address
return: 1-ok, 0-failure
create_qword(ea)
Convert the current item to a quadro word (8 bytes)
ea: linear address
return: 1-ok, 0-failure
create_strlit(ea, endea)
Create a string.
This function creates a string (the string type is determined by the value of get_inf_attr(INF_STRTYPE))
ea: linear address
endea: ending address of the string (excluded)
if endea == BADADDR, then length of string will be calculated
by the kernel
return: 1-ok, 0-failure
note: The type of an existing string is returned by get_str_type()
create_struct(ea, size, strname)
Convert the current item to a structure instance
ea: linear address
size: structure size in bytes. -1 means that the size
will be calculated automatically
strname: name of a structure type
return: 1-ok, 0-failure
create_tbyte(ea)
Convert the current item to a tbyte (10 or 12 bytes)
ea: linear address
return: 1-ok, 0-failure
create_word(ea)
Convert the current item to a word (2 bytes)
ea: linear address
return: 1-ok, 0-failure
create_yword(ea)
Convert the current item to a ymm word (32 bytes/256 bits)
ea: linear address
return: 1-ok, 0-failure
define_local_var(start, end, location, name)
Create a local variable
start: start of address range for the local variable
end: end of address range for the local variable
location: the variable location in the "[bp+xx]" form where xx is
a number. The location can also be specified as a
register name.
name: name of the local variable
return: 1-ok, 0-failure
note: For the stack variables the end address is ignored.
If there is no function at 'start' then this function.
will fail.
del_array_element(tag, array_id, idx)
Delete an array element.
tag: Tag of array, specifies one of two array types: AR_LONG, AR_STR
array_id: The array ID.
idx: Index of an element.
return: 1 in case of success, 0 otherwise.
del_enum(enum_id)
Delete an enum type
enum_id: id of enum
return: success
del_enum_member(enum_id, value, serial, bmask=-1)
Delete a member of enum - a symbolic constant
enum_id: id of enum
value: value of symbolic constant.
serial: serial number of the constant in the
enumeration. See op_enum() for for details.
bmask: bitmask of the constant ordinary enums accept
only -1 as a bitmask
return: 1-ok, 0-failed
del_hash_string(hash_id, key)
Delete a hash element.
hash_id: The hash ID.
key: Key of an element
return: 1 upon success, 0 otherwise.
del_stkpnt(func_ea, ea)
Delete SP register change point
func_ea: function start
ea: linear address
return: 1-ok, 0-failed
del_struc(sid)
Delete a structure type
sid: structure type ID
return: 0 if bad structure type ID is passed
1 otherwise the structure type is deleted. All data
and other structure types referencing to the
deleted structure type will be displayed as array
of bytes.
del_struc_member(sid, member_offset)
Delete structure member
sid: structure type ID
member_offset: offset of the member
return: != 0 - ok.
note: IDA allows 'holes' between members of a
structure. It treats these 'holes'
as unnamed arrays of bytes.
delete_all_segments()
Delete all segments, instructions, comments, i.e. everything except values of bytes.
delete_array(array_id)
Delete array, by its ID.
array_id: The ID of the array to delete.
demangle_name(name, disable_mask)
demangle_name a name
name: name to demangle
disable_mask: a mask that tells how to demangle the name
it is a good idea to get this mask using
get_inf_attr(INF_SHORT_DN) or get_inf_attr(INF_LONG_DN)
return: a demangled name
If the input name cannot be demangled, returns None
enable_tracing(trace_level, enable)
Enable step tracing
trace_level: what kind of trace to modify
enable: 0: turn off, 1: turn on
return: success
eval_idc(expr)
Evaluate an IDC expression
expr: an expression
return: the expression value. If there are problems, the returned value will be "IDC_FAILURE: xxx"
where xxx is the error description
note: Python implementation evaluates IDC only, while IDC can call other registered languages
expand_struc(sid, offset, delta, recalc=True)
Expand or shrink a structure type id: structure type ID offset: offset in the structure delta: how many bytes to add or remove recalc: is not used anymore return: != 0 - ok
fclose(handle)
fgetc(handle)
filelength(handle)
find_func_end(ea)
Determine a new function boundaries
ea: starting address of a new function
return: if a function already exists, then return its end address.
If a function end cannot be determined, the return BADADDR
otherwise return the end address of the new function
find_selector(val)
Find a selector which has the specified value
val: value to search for
return: the selector number if found,
otherwise the input value (val & 0xFFFF)
note: selector values are always in paragraphs
first_func_chunk(funcea)
Get the first function chunk of the specified function
funcea: any address in the function
return: the function entry point or BADADDR
note: This function returns the first (main) chunk of the specified function
fopen(f, mode)
force_bl_call(ea)
Force BL instruction to be a call
ea: address of the BL instruction
return: 1-ok, 0-failed
force_bl_jump(ea)
Some ARM compilers in Thumb mode use BL (branch-and-link) instead of B (branch) for long jumps, since BL has more range. By default, IDA tries to determine if BL is a jump or a call. You can override IDA's decision using commands in Edit/Other menu (Force BL call/Force BL jump) or the following two functions.
Force BL instruction to be a jump
ea: address of the BL instruction
return: 1-ok, 0-failed
form(format, *args)
fprintf(handle, format, *args)
fputc(byte, handle)
fseek(handle, offset, origin)
ftell(handle)
func_contains(func_ea, ea)
Does the given function contain the given address?
func_ea: any address belonging to the function
ea: linear address
return: success
gen_file(filetype, path, ea1, ea2, flags)
Generate an output file
filetype: type of output file. One of OFILE_... symbols. See below.
path: the output file path (will be overwritten!)
ea1: start address. For some file types this argument is ignored
ea2: end address. For some file types this argument is ignored
flags: bit combination of GENFLG_...
returns: number of the generated lines.
-1 if an error occurred
OFILE_EXE: 0-can't generate exe file, 1-ok
gen_flow_graph(outfile, title, ea1, ea2, flags)
Generate a flow chart GDL file
outfile: output file name. GDL extension will be used
title: graph title
ea1: beginning of the range to flow chart
ea2: end of the range to flow chart.
flags: combination of CHART_... constants
note: If ea2 == BADADDR then ea1 is treated as an address within a function.
That function will be flow charted.
gen_simple_call_chart(outfile, title, flags)
Generate a function call graph GDL file
outfile: output file name. GDL extension will be used
title: graph title
flags: combination of CHART_GEN_GDL, CHART_WINGRAPH, CHART_NOLIBFUNCS
generate_disasm_line(ea, flags)
Get disassembly line
ea: linear address of instruction
flags: combination of the GENDSM_ flags, or 0
return: "" - could not decode instruction at the specified location
note: this function may not return exactly the same mnemonics
as you see on the screen.
get_array_element(tag, array_id, idx)
Get value of array element.
tag: Tag of array, specifies one of two array types: AR_LONG, AR_STR
array_id: The array ID.
idx: Index of an element.
return: Value of the specified array element. Note that
this function may return char or long result. Unexistent
array elements give zero as a result.
get_array_id(name)
Get array array_id, by name.
name: The array name.
return: -1 in case of failure (i.e., no array with that
name exists), a valid array_id otherwise.
get_bmask_cmt(enum_id, bmask, repeatable)
Get bitmask comment (only for bitfields)
enum_id: id of enum
bmask: bitmask of the constant
repeatable: type of comment, 0-regular, 1-repeatable
return: comment attached to bitmask or None
get_bmask_name(enum_id, bmask)
Get bitmask name (only for bitfields)
enum_id: id of enum
bmask: bitmask of the constant
return: name of bitmask or None
get_bpt_attr(ea, bptattr)
Get the characteristics of a breakpoint
ea: any address in the breakpoint range
bptattr: the desired attribute code, one of BPTATTR_... constants
return: the desired attribute value or -1
get_bpt_ea(n)
Get breakpoint address
n: number of breakpoint, is in range 0..get_bpt_qty()-1
return: address of the breakpoint or BADADDR
get_bytes(ea, size, use_dbg=False)
Return the specified number of bytes of the program
ea: linear address
size: size of buffer in normal 8-bit bytes
use_dbg: if True, use debugger memory, otherwise just the database
return: None on failure
otherwise a string containing the read bytes
get_color(ea, what)
Get item color
ea: address of the item
what: type of the item (one of CIC_* constants)
return: color code in RGB (hex 0xBBGGRR)
get_curline()
Get the disassembly line at the cursor
return: string
get_enum(name)
Get enum by name
name: enum type name
return: enum type TID or BADADDR
get_enum_cmt(enum_id)
Get enum comment
enum_id: enum TID
return: enum comment
get_enum_flag(enum_id)
Get flags determining the representation of the enum. (currently they define the numeric base: octal, decimal, hex, bin) and signness.
enum_id: enum TID
return: flag of 0
get_enum_member(enum_id, value, serial, bmask)
Get id of constant
enum_id: id of enum
value: value of constant
serial: serial number of the constant in the
enumeration. See op_enum() for details.
bmask: bitmask of the constant
ordinary enums accept only -1 as a bitmask
return: id of constant or -1 if error
get_enum_member_bmask(const_id)
Get bitmask of an enum member
const_id: id of const
return: member value or None
get_enum_member_by_name(name)
Get a reference to an enum member by its name
name: enum member name
return: enum member TID or BADADDR
get_enum_member_cmt(const_id, repeatable=True)
Get comment of a constant
const_id: id of const
repeatable: not used anymore
return: comment string
get_enum_member_enum(const_id)
Get the parent enum of an enum member
const_id: id of const
return: enum TID or BADADDR
get_enum_member_name(const_id)
Get name of a constant
const_id: id of const
Returns: name of constant
get_enum_member_value(const_id)
Get value of an enum member
const_id: id of const
return: member value or None
get_enum_name(enum_id, flags=0)
Get name of enum
enum_id: enum TID
flags: use ENFL_REGEX to beautify the name
return: enum name or None
get_enum_size(enum_id)
Get the number of the members of the enum
enum_id: enum TID
return: number of members
get_enum_width(enum_id)
Get the width of a enum element allowed values: 0 (unspecified),1,2,4,8,16,32,64
enum_id: enum TID
return: enum width or -1 in case of error
get_event_bpt_hea()
Get hardware address for BREAKPOINT event
return: hardware address
get_event_ea()
Get ea for debug event
return: ea
get_event_exc_code()
Get exception code for EXCEPTION event
return: exception code
get_event_exc_ea()
Get address for EXCEPTION event
return: adress of exception
get_event_exc_info()
Get info for EXCEPTION event
return: info string
get_event_exit_code()
Get exit code for debug event
return: exit code for PROCESS_EXITED, THREAD_EXITED events
get_event_id()
Get ID of debug event
return: event ID
get_event_info()
Get debug event info
return: event info: for THREAD_STARTED (thread name)
for LIB_UNLOADED (unloaded library name)
for INFORMATION (message to display)
get_event_module_base()
Get module base for debug event
return: module base
get_event_module_name()
Get module name for debug event
return: module name
get_event_module_size()
Get module size for debug event
return: module size
get_event_pid()
Get process ID for debug event
return: process ID
get_event_tid()
Get type ID for debug event
return: type ID
get_fchunk_attr(ea, attr)
Get a function chunk attribute
ea: any address in the chunk
attr: one of: FUNCATTR_START, FUNCATTR_END, FUNCATTR_OWNER, FUNCATTR_REFQTY
return: desired attribute or -1
get_first_bmask(enum_id)
Get first bitmask in the enum
enum_id: id of enum
return: id of constant or -1 if error
get_first_enum_member(enum_id, bmask=-1)
Get first constant in the enum
enum_id: id of enum
bmask: bitmask of the constant (ordinary enums accept only -1 as a bitmask)
return: value of constant or idaapi.BADNODE no constants are defined
All constants are sorted by their values as unsigned longs.
get_first_hash_key(hash_id)
Get the first key in the hash.
hash_id: The hash ID.
return: the key, 0 otherwise.
get_first_index(tag, array_id)
Get index of the first existing array element.
tag: Tag of array, specifies one of two array types: AR_LONG, AR_STR
array_id: The array ID.
return: -1 if the array is empty, otherwise index of first array
element of given type.
get_first_module()
Enumerate process modules
return: first module's base address or None on failure
get_first_seg()
Get first segment
return: address of the start of the first segment
BADADDR - no segments are defined
get_fixup_target_dis(ea)
Get fixup target displacement
ea: address to get information about
return: 0 - no fixup at the specified address
otherwise returns fixup target displacement
get_fixup_target_flags(ea)
Get fixup target flags
ea: address to get information about
return: 0 - no fixup at the specified address
otherwise returns fixup target flags
get_fixup_target_off(ea)
Get fixup target offset
ea: address to get information about
return: BADADDR - no fixup at the specified address
otherwise returns fixup target offset
get_fixup_target_sel(ea)
Get fixup target selector
ea: address to get information about
return: BADSEL - no fixup at the specified address
otherwise returns fixup target selector
get_fixup_target_type(ea)
Get fixup target type
ea: address to get information about
return: 0 - no fixup at the specified address
otherwise returns fixup type
get_frame_args_size(ea)
Get size of arguments in function frame which are purged upon return
ea: any address belonging to the function
return: Size of function arguments in bytes.
If the function doesn't have a frame, return 0
If the function doesn't exist, return -1
get_frame_id(ea)
Get ID of function frame structure
ea: any address belonging to the function
return: ID of function frame or None In order to access stack variables
you need to use structure member manipulaion functions with the
obtained ID.
get_frame_lvar_size(ea)
Get size of local variables in function frame
ea: any address belonging to the function
return: Size of local variables in bytes.
If the function doesn't have a frame, return 0
If the function doesn't exist, return None
get_frame_regs_size(ea)
Get size of saved registers in function frame
ea: any address belonging to the function
return: Size of saved registers in bytes.
If the function doesn't have a frame, return 0
This value is used as offset for BP (if FUNC_FRAME is set)
If the function doesn't exist, return None
get_frame_size(ea)
Get full size of function frame
ea: any address belonging to the function
returns: Size of function frame in bytes.
This function takes into account size of local
variables + size of saved registers + size of
return address + size of function arguments
If the function doesn't have a frame, return size of
function return address in the stack.
If the function doesn't exist, return 0
get_func_attr(ea, attr)
Get a function attribute
ea: any address belonging to the function
attr: one of FUNCATTR_... constants
return: BADADDR - error otherwise returns the attribute value
get_func_cmt(ea, repeatable)
Retrieve function comment
ea: any address belonging to the function
repeatable: 1: get repeatable comment
0: get regular comment
return: function comment string
get_func_flags(ea)
Retrieve function flags
ea: any address belonging to the function
return: -1 - function doesn't exist otherwise returns the flags
get_func_name(ea)
Retrieve function name
ea: any address belonging to the function
return: null string - function doesn't exist
otherwise returns function name
get_func_off_str(ea)
Convert address to 'funcname+offset' string
ea: address to convert
return: if the address belongs to a function then return a string
formed as 'name+offset' where 'name' is a function name
'offset' is offset within the function else return null string
get_hash_long(hash_id, key)
Gets the long value of a hash element.
hash_id: The hash ID.
key: Key of an element.
return: the 32bit or 64bit value of the element, or 0 if no such
element.
get_hash_string(hash_id, key)
Gets the string value of a hash element.
hash_id: The hash ID.
key: Key of an element.
return: the string value of the element, or None if no such
element.
get_idb_path()
Get IDB full path
This function returns full path of the current IDB database
get_inf_attr(attr)
Deprecated. Please ida_ida.inf_get_* instead.
get_item_size(ea)
Get size of instruction or data item in bytes
ea: linear address
return: 1..n
get_last_bmask(enum_id)
Get last bitmask in the enum
enum_id: id of enum
return: id of constant or -1 if error
get_last_enum_member(enum_id, bmask=-1)
Get last constant in the enum
enum_id: id of enum
bmask: bitmask of the constant (ordinary enums accept only -1 as a bitmask)
return: value of constant or idaapi.BADNODE no constants are defined
All constants are sorted by their values
as unsigned longs.
get_last_hash_key(hash_id)
Get the last key in the hash.
hash_id: The hash ID.
return: the key, 0 otherwise.
get_last_index(tag, array_id)
Get index of last existing array element.
tag: Tag of array, specifies one of two array types: AR_LONG, AR_STR
array_id: The array ID.
return: -1 if the array is empty, otherwise index of first array
element of given type.
get_local_tinfo(ordinal)
Get local type information as 'typeinfo' object
ordinal: slot number (1...NumberOfLocalTypes)
return: None on failure, or (type, fields) tuple.
get_member_by_idx(sid, idx)
Get member ID by member ordinal number
sid: structure type ID
idx: member ordinal number
return: -1 if bad structure type ID is passed or there is
no member with the specified index
otherwise returns the member ID.
sid: structure type ID
member_offset: member offset. The offset can be
any offset in the member. For example,
is a member is 4 bytes long and starts
at offset 2, then 2,3,4,5 denote
the same structure member.
repeatable: is not used anymore
return: None if bad structure type ID is passed
or no such member in the structure
otherwise returns comment of the specified member.
get_member_id(sid, member_offset)
sid: structure type ID member_offset:. The offset can be any offset in the member. For example, is a member is 4 bytes long and starts at offset 2, then 2,3,4,5 denote the same structure member.
return: -1 if bad structure type ID is passed or there is
no member at the specified offset. otherwise returns the member id.
get_member_name(sid, member_offset)
Get name of a member of a structure
sid: structure type ID
member_offset: member offset. The offset can be
any offset in the member. For example,
is a member is 4 bytes long and starts
at offset 2, then 2,3,4,5 denote
the same structure member.
return: None if bad structure type ID is passed
or no such member in the structure
otherwise returns name of the specified member.
get_member_offset(sid, member_name)
Get offset of a member of a structure by the member name
sid: structure type ID
member_name: name of structure member
return: -1 if bad structure type ID is passed
or no such member in the structure
otherwise returns offset of the specified member.
note: Union members are, in IDA's internals, located
at subsequent byte offsets: member 0 -> offset 0x0,
member 1 -> offset 0x1, etc...
get_member_qty(sid)
Get number of members of a structure
sid: structure type ID
return: -1 if bad structure type ID is passed otherwise
returns number of members.
get_member_size(sid, member_offset)
Get size of a member
sid: structure type ID
member_offset: member offset. The offset can be
any offset in the member. For example,
is a member is 4 bytes long and starts
at offset 2, then 2,3,4,5 denote
the same structure member.
return: None if bad structure type ID is passed,
or no such member in the structure
otherwise returns size of the specified
member in bytes.
get_member_strid(sid, member_offset)
Get structure id of a member
sid: structure type ID
member_offset: member offset. The offset can be
any offset in the member. For example,
is a member is 4 bytes long and starts
at offset 2, then 2,3,4,5 denote
the same structure member.
return: -1 if bad structure type ID is passed
or no such member in the structure
otherwise returns structure id of the member.
If the current member is not a structure, returns -1.
get_min_spd_ea(func_ea)
Return the address with the minimal spd (stack pointer delta) If there are no SP change points, then return BADADDR.
func_ea: function start
return: BADDADDR - no such function
get_module_name(base)
Get process module name
base: the base address of the module
return: required info or None
get_module_size(base)
Get process module size
base: the base address of the module
return: required info or -1
get_name(ea, gtn_flags=0)
Get name at the specified address
ea: linear address
gtn_flags: how exactly the name should be retrieved.
combination of GN_ bits
return: "" - byte has no name
get_name_ea_simple(name)
Get linear address of a name
name: name of program byte
return: address of the name
BADADDR - No such name
get_next_bmask(enum_id, bmask)
Get next bitmask in the enum
enum_id: id of enum
bmask
return: id of constant or -1 if error
get_next_enum_member(enum_id, value, bmask=-1)
Get next constant in the enum
enum_id: id of enum
bmask: bitmask of the constant ordinary enums accept only -1 as a bitmask
value: value of the current constant
return: value of a constant with value higher than the specified
value. idaapi.BADNODE no such constants exist.
All constants are sorted by their values as unsigned longs.
get_next_fchunk(ea)
Get next function chunk
ea: any address
return: the starting address of the next function chunk or BADADDR
note: This function enumerates all chunks of all functions in the database
get_next_func(ea)
Find next function
ea: any address belonging to the function
return: BADADDR - no more functions
otherwise returns the next function start address
get_next_hash_key(hash_id, key)
Get the next key in the hash.
hash_id: The hash ID.
key: The current key.
return: the next key, 0 otherwise
get_next_index(tag, array_id, idx)
Get index of the next existing array element.
tag: Tag of array, specifies one of two array types: AR_LONG, AR_STR
array_id: The array ID.
idx: Index of the current element.
return: -1 if no more elements, otherwise returns index of the
next array element of given type.
get_next_module(base)
Enumerate process modules
base: previous module's base address
return: next module's base address or None on failure
get_next_seg(ea)
Get next segment
ea: linear address
return: start of the next segment
BADADDR - no next segment
get_numbered_type_name(ordinal)
Retrieve a local type name
ordinal: slot number (1...NumberOfLocalTypes)
returns: local type name or None
get_operand_type(ea, n)
Get type of instruction operand
ea: linear address of instruction
n: number of operand:
0 - the first operand
1 - the second operand
return: any of o_* constants or -1 on error
get_operand_value(ea, n)
Get number used in the operand
This function returns an immediate number used in the operand
ea: linear address of instruction
n: the operand number
return: value
operand is an immediate value => immediate value
operand has a displacement => displacement
operand is a direct memory ref => memory address
operand is a register => register number
operand is a register phrase => phrase number
otherwise => -1
get_ordinal_limit()
Get number of local types + 1
return: value >= 1. 1 means that there are no local types.
get_prev_bmask(enum_id, bmask)
Get prev bitmask in the enum
enum_id: id of enum
bmask
return: id of constant or -1 if error
get_prev_enum_member(enum_id, value, bmask=-1)
Get prev constant in the enum
enum_id: id of enum
bmask : bitmask of the constant
ordinary enums accept only -1 as a bitmask
value: value of the current constant
return: value of a constant with value lower than the specified
value. idaapi.BADNODE no such constants exist.
All constants are sorted by their values as unsigned longs.
get_prev_fchunk(ea)
Get previous function chunk
ea: any address
return: the starting address of the function chunk or BADADDR
note: This function enumerates all chunks of all functions in the database
get_prev_func(ea)
Find previous function
ea: any address belonging to the function
return: BADADDR - no more functions
otherwise returns the previous function start address
get_prev_hash_key(hash_id, key)
Get the previous key in the hash.
hash_id: The hash ID.
key: The current key.
return: the previous key, 0 otherwise
get_prev_index(tag, array_id, idx)
Get index of the previous existing array element.
tag: Tag of array, specifies one of two array types: AR_LONG, AR_STR
array_id: The array ID.
idx: Index of the current element.
return: -1 if no more elements, otherwise returns index of the
previous array element of given type.
get_processor_name()
Get name of the current processor return: processor name
get_segm_attr(segea, attr)
Get segment attribute
segea: any address within segment
attr: one of SEGATTR_... constants
get_segm_by_sel(base)
Get segment by segment base
base: segment base paragraph or selector
return: linear address of the start of the segment or BADADDR
if no such segment
get_segm_end(ea)
Get end address of a segment
ea: any address in the segment
return: end of segment (an address past end of the segment)
BADADDR - the specified address doesn't belong to any segment
get_segm_name(ea)
Get name of a segment
ea: any address in the segment
return: "" - no segment at the specified address
get_segm_start(ea)
Get start address of a segment
ea: any address in the segment
return: start of segment
BADADDR - the specified address doesn't belong to any segment
get_sp_delta(ea)
Get modification of SP made by the instruction
ea: end address of the instruction
i.e.the last address of the instruction+1
return: Get modification of SP made at the specified location
If the specified location doesn't contain a SP change point, return 0
Otherwise return delta of SP modification
get_spd(ea)
Get current delta for the stack pointer
ea: end address of the instruction
i.e.the last address of the instruction+1
return: The difference between the original SP upon
entering the function and SP for the specified address
get_sreg(ea, reg)
Get value of segment register at the specified address
ea: linear address
reg: name of segment register
return: the value of the segment register or -1 on error
note: The segment registers in 32bit program usually contain selectors,
so to get paragraph pointed to by the segment register you need to
call sel2para() function.
get_str_type(ea)
Get string type
ea: linear address
return: One of STRTYPE_... constants
get_strlit_contents(ea, length=-1, strtype=0)
Get string contents ea: linear address length: string length. -1 means to calculate the max string length strtype: the string type (one of STRTYPE_... constants)
return: string contents or empty string
get_struc_cmt(tid)
get_struc_id(name)
get_struc_name(tid)
get_struc_size(tid)
get_tinfo(ea)
Get type information of function/variable as 'typeinfo' object
ea: the address of the object
return: None on failure, or (type, fields) tuple.
get_type(ea)
Get type of function/variable
ea: the address of the object
return: type string or None if failed
get_xref_type()
Return type of the last xref obtained by [RD]first/next[B0] functions.
return: constants fl_* or dr_*
guess_type(ea)
Guess type of function/variable
ea: the address of the object, can be the structure member id too
return: type string or None if failed
hasName(F)
hasUserName(F)
has_value(F)
here()
idadir()
Get IDA directory
This function returns the directory where IDA.EXE resides
import_type(idx, type_name)
Copy information from type library to database Copy structure, union, or enum definition from the type library to the IDA database.
idx: -1, ignored
type_name: name of type to copy
return: BADNODE-failed, otherwise the type id (structure id or enum id)
isBin0(F)
isBin1(F)
isDec0(F)
isDec1(F)
isExtra(F)
isHex0(F)
isHex1(F)
isOct0(F)
isOct1(F)
isRef(F)
is_align(F)
is_bf(enum_id)
Is enum a bitmask ?
enum_id: enum TID
return: if it is a bitmask enum return True, otherwise False
is_byte(F)
is_char0(F)
is_char1(F)
is_code(F)
is_data(F)
is_defarg0(F)
is_defarg1(F)
is_double(F)
is_dword(F)
is_enum0(F)
is_enum1(F)
is_event_handled()
Is the debug event handled?
return: boolean
is_float(F)
is_flow(F)
is_head(F)
is_loaded(ea)
Is the byte initialized?
is_manual0(F)
is_manual1(F)
is_mapped(ea)
is_member_id(sid)
Is a member id?
sid: structure type ID
return: True there is structure member with the specified ID
False otherwise
is_off0(F)
is_off1(F)
is_oword(F)
is_pack_real(F)
is_qword(F)
is_seg0(F)
is_seg1(F)
is_stkvar0(F)
is_stkvar1(F)
is_strlit(F)
is_stroff0(F)
is_stroff1(F)
is_struct(F)
is_tail(F)
is_tbyte(F)
is_union(sid)
Is a structure a union?
sid: structure type ID
return: True: yes, this is a union id
False: no
note: Unions are a special kind of structures
is_unknown(F)
is_word(F)
loadfile(filepath, pos, ea, size)
ltoa(n, radix)
make_array(ea, nitems)
Create an array.
ea: linear address
nitems: size of array in items
note: This function will create an array of the items with the same type as
the type of the item at 'ea'. If the byte at 'ea' is undefined, then this function will create an array of bytes.
move_segm(ea, to, flags)
Move a segment to a new address This function moves all information to the new address It fixes up address sensitive information in the kernel The total effect is equal to reloading the segment to the target address
ea: any address within the segment to move
to: new segment start address
flags: combination MFS_... constants
returns: MOVE_SEGM_... error code
next_func_chunk(funcea, tailea)
Get the next function chunk of the specified function
funcea: any address in the function
tailea: any address in the current chunk
return: the starting address of the next function chunk or BADADDR
note: This function returns the next chunk of the specified function
next_head(ea, maxea=18446744073709551615)
Get next defined item (instruction or data) in the program
ea: linear address to start search from
maxea: the search will stop at the address
maxea is not included in the search range
return: BADADDR - no (more) defined items
op_offset_high16(ea, n, target)
Convert operand to a high offset High offset is the upper 16bits of an offset. This type is used by TMS320C6 processors (and probably by other RISC processors too)
ea: linear address
n: number of operand
- 0 - the first operand
- 1 - the second, third and all other operands
- -1 - all operands
target: the full value (all 32bits) of the offset
op_plain_offset(ea, n, base)
Convert operand to an offset (for the explanations of 'ea' and 'n' please see op_bin())
Example:
seg000:2000 dw 1234h
and there is a segment at paragraph 0x1000 and there is a data item
within the segment at 0x1234:
seg000:1234 MyString db 'Hello, world!',0
Then you need to specify a linear address of the segment base to
create a proper offset:
op_plain_offset(["seg000",0x2000],0,0x10000);
and you will have:
seg000:2000 dw offset MyString
Motorola 680x0 processor have a concept of "outer offsets". If you want to create an outer offset, you need to combine number of the operand with the following bit:
Please note that the outer offsets are meaningful only for Motorola 680x0.
ea: linear address
n: number of operand
- 0 - the first operand
- 1 - the second, third and all other operands
- -1 - all operands
base: base of the offset as a linear address
If base == BADADDR then the current operand becomes non-offset
op_stroff(ea, n, strid, delta)
Convert operand to an offset in a structure
ea: linear address
n: number of operand
- 0 - the first operand
- 1 - the second, third and all other operands
- -1 - all operands
strid: id of a structure type
delta: struct offset delta. usually 0. denotes the difference
between the structure base and the pointer into the structure.
parse_decl(inputtype, flags)
Parse type declaration
inputtype: file name or C declarations (depending on the flags)
flags: combination of PT_... constants or 0
return: None on failure or (name, type, fields) tuple
parse_decls(inputtype, flags=0)
Parse type declarations
inputtype: file name or C declarations (depending on the flags)
flags: combination of PT_... constants or 0
return: number of parsing errors (0 no errors)
plan_and_wait(sEA, eEA, final_pass=True)
Perform full analysis of the range
sEA: starting linear address
eEA: ending linear address (excluded)
final_pass: make the final pass over the specified range
return: 1-ok, 0-Ctrl-Break was pressed.
prev_head(ea, minea=0)
Get previous defined item (instruction or data) in the program
ea: linear address to start search from
minea: the search will stop at the address
minea is included in the search range
return: BADADDR - no (more) defined items
print_decls(ordinals, flags)
Print types in a format suitable for use in a header file
ordinals: comma-separated list of type ordinals
flags: combination of PDF_... constants or 0
return: string containing the type definitions
print_insn_mnem(ea)
Get instruction mnemonics
ea: linear address of instruction
return: "" - no instruction at the specified location
note: this function may not return exactly the same mnemonics
as you see on the screen.
print_operand(ea, n)
Get operand of an instruction or data
ea: linear address of the item
n: number of operand:
0 - the first operand
1 - the second operand
return: the current text representation of operand or ""
process_config_line(directive)
Obsolete. Please use ida_idp.process_config_directive().
process_ui_action(name, flags=0)
Invokes an IDA UI action by name
name: Command name
flags: Reserved. Must be zero
return: Boolean
qsleep(milliseconds)
qsleep the specified number of milliseconds This function suspends IDA for the specified amount of time
milliseconds: time to sleep
read_dbg_byte(ea)
Get value of program byte using the debugger memory
ea: linear address
return: The value or None on failure.
read_dbg_dword(ea)
Get value of program double-word using the debugger memory
ea: linear address
return: The value or None on failure.
read_dbg_qword(ea)
Get value of program quadro-word using the debugger memory
ea: linear address
return: The value or None on failure.
read_dbg_word(ea)
Get value of program word using the debugger memory
ea: linear address
return: The value or None on failure.
read_selection_end()
Get end address of the selected range
return: BADADDR - the user has not selected an range
read_selection_start()
Get start address of the selected range returns BADADDR - the user has not selected an range
readlong(handle, mostfirst)
readshort(handle, mostfirst)
readstr(handle)
remove_fchunk(funcea, tailea)
Remove a function chunk from the function
funcea: any address in the function
tailea: any address in the function chunk to remove
return: 0 if failed, 1 if success
rename_array(array_id, newname)
Rename array, by its ID.
id: The ID of the array to rename.
newname: The new name of the array.
return: 1 in case of success, 0 otherwise
resume_process()
rotate_byte(x, count)
rotate_dword(x, count)
rotate_left(value, count, nbits, offset)
Rotate a value to the left (or right)
value: value to rotate
count: number of times to rotate. negative counter means
rotate to the right
nbits: number of bits to rotate
offset: offset of the first bit to rotate
return: the value with the specified field rotated
all other bits are not modified
rotate_word(x, count)
save_database(idbname, flags=0)
Save current database to the specified idb file
idbname: name of the idb file. if empty, the current idb
file will be used.
flags: combination of ida_loader.DBFL_... bits or 0
savefile(filepath, pos, ea, size)
sel2para(sel)
Get a selector value
sel: the selector number
return: selector value if found
otherwise the input value (sel)
note: selector values are always in paragraphs
selector_by_name(segname)
Get segment selector by name
segname: name of segment
return: segment selector or BADADDR
send_dbg_command(cmd)
Sends a command to the debugger module and returns the output string. An exception will be raised if the debugger is not running or the current debugger does not export the 'send_dbg_command' IDC command.
set_array_long(array_id, idx, value)
Sets the long value of an array element.
array_id: The array ID.
idx: Index of an element.
value: 32bit or 64bit value to store in the array
return: 1 in case of success, 0 otherwise
set_array_params(ea, flags, litems, align)
Set array representation format
ea: linear address
flags: combination of AP_... constants or 0
litems: number of items per line. 0 means auto
align: element alignment
- -1: do not align
- 0: automatic alignment
- other values: element width
return: 1-ok, 0-failure
set_array_string(array_id, idx, value)
Sets the string value of an array element.
array_id: The array ID.
idx: Index of an element.
value: String value to store in the array
return: 1 in case of success, 0 otherwise
set_bmask_cmt(enum_id, bmask, cmt, repeatable)
Set bitmask comment (only for bitfields)
enum_id: id of enum
bmask: bitmask of the constant
cmt: comment
repeatable - is not used anymore
return: 1-ok, 0-failed
set_bmask_name(enum_id, bmask, name)
Set bitmask name (only for bitfields)
enum_id: id of enum
bmask: bitmask of the constant
name: name of bitmask
return: 1-ok, 0-failed
set_bpt_attr(address, bptattr, value)
modifiable characteristics of a breakpoint
address: any address in the breakpoint range
bptattr: the attribute code, one of BPTATTR_* constants
BPTATTR_CND is not allowed, see set_bpt_cond()
value: the attribute value
return: success
set_bpt_cond(ea, cnd, is_lowcnd=0)
Set breakpoint condition
ea: any address in the breakpoint range
cnd: breakpoint condition
is_lowcnd: 0 - regular condition, 1 - low level condition
return: success
set_color(ea, what, color)
Set item color
ea: address of the item
what: type of the item (one of CIC_* constants)
color: new color code in RGB (hex 0xBBGGRR)
return: success (True or False)
set_default_sreg_value(ea, reg, value)
Set default segment register value for a segment
ea: any address in the segment
if no segment is present at the specified address
then all segments will be affected
reg: name of segment register
value: default value of the segment register. -1-undefined.
set_enum_bf(enum_id, bf)
Set or clear the 'bitmask' attribute of an enum
enum_id: enum TID
bf: bitmask enum or not
return: success
set_enum_cmt(enum_id, cmt, repeatable)
Set comment for enum type
enum_id: enum TID
cmt: comment
repeatable: is comment repeatable ?
return: 1-ok, 0-failed
ea: address to set fixup information about
fixuptype: fixup type. see get_fixup_target_type()
for possible fixup types.
fixupflags: fixup flags. see get_fixup_target_flags()
for possible fixup types.
targetsel: target selector
targetoff: target offset
displ: displacement
return: none
set_flag(off, bit, value)
set_frame_size(ea, lvsize, frregs, argsize)
Make function frame
ea: any address belonging to the function
lvsize: size of function local variables
frregs: size of saved registers
argsize: size of function arguments
return: ID of function frame or -1
If the function did not have a frame, the frame
will be created. Otherwise the frame will be modified
set_func_attr(ea, attr, value)
Set a function attribute
ea: any address belonging to the function
attr: one of FUNCATTR_... constants
value: new value of the attribute
return: 1-ok, 0-failed
set_func_cmt(ea, cmt, repeatable)
Set function comment
ea: any address belonging to the function
cmt: a function comment line
repeatable: 1: get repeatable comment
0: get regular comment
set_func_flags(ea, flags)
Change function flags
ea: any address belonging to the function
flags: see get_func_flags() for explanations
return: !=0 - ok
set_hash_long(hash_id, key, value)
Sets the long value of a hash element.
hash_id: The hash ID.
key: Key of an element.
value: 32bit or 64bit value to store in the hash
return: 1 in case of success, 0 otherwise
set_hash_string(hash_id, key, value)
Sets the string value of a hash element.
hash_id: The hash ID.
key: Key of an element.
value: string value to store in the hash
return: 1 in case of success, 0 otherwise
set_inf_attr(attr, value)
Deprecated. Please ida_ida.inf_set_* instead.
set_local_type(ordinal, input, flags)
Parse one type declaration and store it in the specified slot
ordinal: slot number (1...NumberOfLocalTypes)
-1 means allocate new slot or reuse the slot
of the existing named type
input: C declaration. Empty input empties the slot
flags: combination of PT_... constants or 0
return: slot number or 0 if error
sid: structure type ID
member_offset: offset of the member
comment: new comment of the structure member
repeatable: 1: change repeatable comment
0: change regular comment
return: != 0 - ok
set_member_name(sid, member_offset, name)
Change structure member name
sid: structure type ID
member_offset: offset of the member
name: new name of the member
return: != 0 - ok.
sid: structure type ID
member_offset: offset of the member
flag: new type of the member. Should be one of
FF_BYTE..FF_PACKREAL (see above) combined with FF_DATA
typeid: if is_struct(flag) then typeid specifies the structure id for the member
if is_off0(flag) then typeid specifies the offset base.
if is_strlit(flag) then typeid specifies the string type (STRTYPE_...).
if is_stroff(flag) then typeid specifies the structure id
if is_enum(flag) then typeid specifies the enum id
if is_custom(flags) then typeid specifies the dtid and fid: dtid|(fid<<16)
Otherwise typeid should be -1.
nitems: number of items in the member
target: target address of the offset expr. You may specify it as
-1, ida will calculate it itself
tdelta: offset target delta. usually 0
reftype: see REF_... definitions
note: The remaining arguments are allowed only if is_off0(flag) and you want
to specify a complex offset expression
return: !=0 - ok.
set_name(ea, name, flags=0)
Rename an address
ea: linear address
name: new name of address. If name == "", then delete old name
flags: combination of SN_... constants
return: 1-ok, 0-failure
set_reg_value(value, name)
Set register value
name: the register name
value: new register value
note: The debugger should be running
It is not necessary to use this function to set register values.
A register name in the left side of an assignment will do too.
set_segm_addressing(ea, bitness)
Change segment addressing
ea: any address in the segment
bitness: 0: 16bit, 1: 32bit, 2: 64bit
return: success (boolean)
set_segm_alignment(ea, alignment)
Change alignment of the segment
ea: any address in the segment
alignment: new alignment of the segment (one of the sa... constants)
return: success (boolean)
set_segm_attr(segea, attr, value)
Set segment attribute
segea: any address within segment
attr: one of SEGATTR_... constants
note: Please note that not all segment attributes are modifiable.
Also some of them should be modified using special functions
like set_segm_addressing, etc.
set_segm_class(ea, segclass)
Change class of the segment
ea: any address in the segment
segclass: new class of the segment
return: success (boolean)
set_segm_combination(segea, comb)
Change combination of the segment
segea: any address in the segment
comb: new combination of the segment (one of the sc... constants)
return: success (boolean)
set_segm_name(ea, name)
Change name of the segment
ea: any address in the segment
name: new name of the segment
return: success (boolean)
set_segm_type(segea, segtype)
Set segment type
segea: any address within segment
segtype: new segment type:
return: !=0 - ok
set_segment_bounds(ea, startea, endea, flags)
Change segment boundaries
ea: any address in the segment
startea: new start address of the segment
endea: new end address of the segment
flags: combination of SEGMOD_... flags
return: boolean success
set_struc_cmt(sid, cmt, repeatable=True)
set_struc_name(sid, name)
set_tail_owner(tailea, funcea)
Change the function chunk owner
tailea: any address in the function chunk
funcea: the starting address of the new owner
return: False if failed, True if success
note: The new owner must already have the chunk appended before the call
sizeof(typestr)
Returns the size of the type. It is equivalent to IDC's sizeof(). typestr: can be specified as a typeinfo tuple (e.g. the result of get_tinfo()), serialized type byte string, or a string with C declaration (e.g. "int") return: -1 if typestring is not valid or has no size. otherwise size of the type
split_sreg_range(ea, reg, value, tag=2)
Set value of a segment register.
ea: linear address
reg: name of a register, like "cs", "ds", "es", etc.
value: new value of the segment register.
tag: of SR_... constants
note: IDA keeps tracks of all the points where segment register change their
values. This function allows you to specify the correct value of a segment
register if IDA is not able to find the correct value.
strlen(s)
strstr(s1, s2)
substr(s, x1, x2)
to_ea(seg, off)
Return value of expression: ((seg<<4) + off)
toggle_bnot(ea, n)
Toggle the bitwise not operator for the operand
ea: linear address
n: number of operand
- 0 - the first operand
- 1 - the second, third and all other operands
- -1 - all operands
update_hidden_range(ea, visible)
Set hidden range state
ea: any address belonging to the hidden range
visible: new state of the range
return: != 0 - ok
validate_idb_names(do_repair=0)
check consistency of IDB name records do_repair: try to repair netnode header it TRUE return: number of inconsistent name records
value_is_float(var)
value_is_func(var)
value_is_int64(var)
value_is_long(var)
value_is_pvoid(var)
value_is_string(var)
write_dbg_memory(ea, data)
Write to debugger memory.
ea: linear address
data: string to write
return: number of written bytes (-1 - network/debugger error)
Thread-safe function (may be called only from the main thread and debthread)
