 |
IDAPython 9.0
|
|
IDAPython 9.0
|
Routines for working with functions within the disassembled program. This file also contains routines for working with library signatures (e.g. FLIRT). Each function consists of function chunks. At least one function chunk must be present in the function definition - the function entry chunk. Other chunks are called function tails. There may be several of them for a function. A function tail is a continuous range of addresses. It can be used in the definition of one or more functions. One function using the tail is singled out and called the tail owner. This function is considered as 'possessing' the tail. get_func() on a tail address will return the function possessing the tail. You can enumerate the functions using the tail by using func_parent_iterator_t. Each function chunk in the disassembly is represented as an "range" (a range of addresses, see range.hpp for details) with characteristics. A function entry must start with an instruction (code) byte.
Classes | |
| class | dyn_ea_array |
| class | dyn_range_array |
| class | dyn_regarg_array |
| class | dyn_regvar_array |
| class | dyn_stkpnt_array |
| class | func_item_iterator_t |
| class | func_parent_iterator_t |
| class | func_t |
| class | func_tail_iterator_t |
| class | lock_func |
| class | lock_func_with_tails_t |
| class | regarg_t |
Variables | |
| FUNC_NORET = _ida_funcs.FUNC_NORET | |
| FUNC_FAR = _ida_funcs.FUNC_FAR | |
| FUNC_LIB = _ida_funcs.FUNC_LIB | |
| FUNC_STATICDEF = _ida_funcs.FUNC_STATICDEF | |
| FUNC_FRAME = _ida_funcs.FUNC_FRAME | |
| FUNC_USERFAR = _ida_funcs.FUNC_USERFAR | |
| FUNC_HIDDEN = _ida_funcs.FUNC_HIDDEN | |
| FUNC_THUNK = _ida_funcs.FUNC_THUNK | |
| FUNC_BOTTOMBP = _ida_funcs.FUNC_BOTTOMBP | |
| FUNC_NORET_PENDING = _ida_funcs.FUNC_NORET_PENDING | |
| FUNC_SP_READY = _ida_funcs.FUNC_SP_READY | |
| FUNC_FUZZY_SP = _ida_funcs.FUNC_FUZZY_SP | |
| FUNC_PROLOG_OK = _ida_funcs.FUNC_PROLOG_OK | |
| FUNC_PURGED_OK = _ida_funcs.FUNC_PURGED_OK | |
| FUNC_TAIL = _ida_funcs.FUNC_TAIL | |
| FUNC_LUMINA = _ida_funcs.FUNC_LUMINA | |
| FUNC_OUTLINE = _ida_funcs.FUNC_OUTLINE | |
| FUNC_REANALYZE = _ida_funcs.FUNC_REANALYZE | |
| FUNC_UNWIND = _ida_funcs.FUNC_UNWIND | |
| FUNC_CATCH = _ida_funcs.FUNC_CATCH | |
| MOVE_FUNC_OK = _ida_funcs.MOVE_FUNC_OK | |
| MOVE_FUNC_NOCODE = _ida_funcs.MOVE_FUNC_NOCODE | |
| MOVE_FUNC_BADSTART = _ida_funcs.MOVE_FUNC_BADSTART | |
| MOVE_FUNC_NOFUNC = _ida_funcs.MOVE_FUNC_NOFUNC | |
| MOVE_FUNC_REFUSED = _ida_funcs.MOVE_FUNC_REFUSED | |
| FIND_FUNC_NORMAL = _ida_funcs.FIND_FUNC_NORMAL | |
| FIND_FUNC_DEFINE = _ida_funcs.FIND_FUNC_DEFINE | |
| FIND_FUNC_IGNOREFN = _ida_funcs.FIND_FUNC_IGNOREFN | |
| FIND_FUNC_KEEPBD = _ida_funcs.FIND_FUNC_KEEPBD | |
| FIND_FUNC_UNDEF = _ida_funcs.FIND_FUNC_UNDEF | |
| FIND_FUNC_OK = _ida_funcs.FIND_FUNC_OK | |
| FIND_FUNC_EXIST = _ida_funcs.FIND_FUNC_EXIST | |
| IDASGN_OK = _ida_funcs.IDASGN_OK | |
| IDASGN_BADARG = _ida_funcs.IDASGN_BADARG | |
| IDASGN_APPLIED = _ida_funcs.IDASGN_APPLIED | |
| IDASGN_CURRENT = _ida_funcs.IDASGN_CURRENT | |
| IDASGN_PLANNED = _ida_funcs.IDASGN_PLANNED | |
| LIBFUNC_FOUND = _ida_funcs.LIBFUNC_FOUND | |
| LIBFUNC_NONE = _ida_funcs.LIBFUNC_NONE | |
| LIBFUNC_DELAY = _ida_funcs.LIBFUNC_DELAY | |
| bool add_func | ( | * | args | ) |
Add a new function. If the function end address is BADADDR, then IDA will try to determine the function bounds by calling find_func_bounds(..., FIND_FUNC_DEFINE).
@param ea1: start address
@param ea2: end address
@returns success
| bool add_func_ex | ( | 'func_t' | pfn | ) |
Add a new function. If the fn->end_ea is BADADDR, then IDA will try to determine the function bounds by calling find_func_bounds(..., FIND_FUNC_DEFINE).
@param pfn: ptr to filled function structure
@returns success
| None add_regarg | ( | 'func_t' | pfn, |
| int | reg, | ||
| 'tinfo_t' | tif, | ||
| str | name ) |
| bool append_func_tail | ( | 'func_t' | pfn, |
| ida_idaapi.ea_t | ea1, | ||
| ida_idaapi.ea_t | ea2 ) |
Append a new tail chunk to the function definition. If the tail already exists, then it will simply be added to the function tail list Otherwise a new tail will be created and its owner will be set to be our function If a new tail cannot be created, then this function will fail.
@param pfn: pointer to the function
@param ea1: start of the tail. If a tail already exists at the specified address it must start at 'ea1'
@param ea2: end of the tail. If a tail already exists at the specified address it must end at 'ea2'. If specified as BADADDR, IDA will determine the end address itself.
| int apply_idasgn_to | ( | str | signame, |
| ida_idaapi.ea_t | ea, | ||
| bool | is_startup ) |
Apply a signature file to the specified address.
@param signame: short name of signature file (the file name without path)
@param ea: address to apply the signature
@param is_startup: if set, then the signature is treated as a startup one for startup signature ida doesn't rename the first function of the applied module.
@returns Library function codes
| bool apply_startup_sig | ( | ida_idaapi.ea_t | ea, |
| str | startup ) |
Apply a startup signature file to the specified address.
@param ea: address to apply the signature to; usually idainfo::start_ea
@param startup: the name of the signature file without path and extension
@returns true if successfully applied the signature
| 'asize_t' calc_func_size | ( | 'func_t' | pfn | ) |
Calculate function size. This function takes into account all fragments of the function.
@param pfn: ptr to function structure
| int calc_idasgn_state | ( | int | n | ) |
Get state of a signature in the list of planned signatures
@param n: number of signature in the list (0..get_idasgn_qty()-1)
@returns state of signature or IDASGN_BADARG
| 'ea_t *' calc_thunk_func_target | ( | 'func_t' | pfn | ) |
Calculate target of a thunk function.
@param pfn: pointer to function (may not be nullptr)
@returns the target function or BADADDR
| calc_thunk_func_target | ( | * | args | ) |
Calculate target of a thunk function.
@param pfn: pointer to function (may not be nullptr)
@param fptr: out: will hold address of a function pointer (if indirect jump)
@returns the target function or BADADDR
| bool del_func | ( | ida_idaapi.ea_t | ea | ) |
Delete a function.
@param ea: any address in the function entry chunk
@returns success
| int del_idasgn | ( | int | n | ) |
Remove signature from the list of planned signatures.
@param n: number of signature in the list (0..get_idasgn_qty()-1)
@returns IDASGN_OK, IDASGN_BADARG, IDASGN_APPLIED
| bool f_any | ( | 'flags64_t' | arg1, |
| 'void *' | arg2 ) |
Helper function to accept any address.
| int find_func_bounds | ( | 'func_t' | nfn, |
| int | flags ) |
Determine the boundaries of a new function. This function tries to find the start and end addresses of a new function. It calls the module with processor_t::func_bounds in order to fine tune the function boundaries.
@param nfn: structure to fill with information \\ nfn->start_ea points to the start address of the new function.
@param flags: Find function bounds flags
@returns Find function bounds result codes
| None free_regarg | ( | 'regarg_t' | v | ) |
| bool func_contains | ( | 'func_t' | pfn, |
| ida_idaapi.ea_t | ea ) |
Does the given function contain the given address?
| bool func_does_return | ( | ida_idaapi.ea_t | callee | ) |
Does the function return?. To calculate the answer, FUNC_NORET flag and is_noret() are consulted The latter is required for imported functions in the .idata section. Since in .idata we have only function pointers but not functions, we have to introduce a special flag for them.
| bool func_parent_iterator_set | ( | 'func_parent_iterator_t' | fpi, |
| 'func_t' | pfn ) |
| 'func_t *' func_t__from_ptrval__ | ( | 'size_t' | ptrval | ) |
| bool func_tail_iterator_set | ( | 'func_tail_iterator_t' | fti, |
| 'func_t' | pfn, | ||
| ida_idaapi.ea_t | ea ) |
| bool func_tail_iterator_set_ea | ( | 'func_tail_iterator_t' | fti, |
| ida_idaapi.ea_t | ea ) |
| int get_current_idasgn | ( | ) |
Get number of the the current signature.
@returns 0..n-1
| 'func_t *' get_fchunk | ( | ida_idaapi.ea_t | ea | ) |
Get pointer to function chunk structure by address.
@param ea: any address in a function chunk
@returns ptr to a function chunk or nullptr. This function may return a function entry as well as a function tail.
| int get_fchunk_num | ( | ida_idaapi.ea_t | ea | ) |
Get ordinal number of a function chunk in the global list of function chunks.
@param ea: any address in the function chunk
@returns number of function chunk (0..get_fchunk_qty()-1). -1 means 'no function chunk at the specified address'.
| 'size_t' get_fchunk_qty | ( | ) |
Get total number of function chunks in the program.
| get_fchunk_referer | ( | int | ea, |
| idx ) |
| 'func_t *' get_func | ( | ida_idaapi.ea_t | ea | ) |
Get pointer to function structure by address.
@param ea: any address in a function
@returns ptr to a function or nullptr. This function returns a function entry chunk.
| int get_func_bitness | ( | 'func_t' | pfn | ) |
Get function bitness (which is equal to the function segment bitness). pfn==nullptr => returns 0
@retval 0: 16
@retval 1: 32
@retval 2: 64
| int get_func_bits | ( | 'func_t' | pfn | ) |
Get number of bits in the function addressing.
| int get_func_bytes | ( | 'func_t' | pfn | ) |
Get number of bytes in the function addressing.
| int get_func_chunknum | ( | 'func_t' | pfn, |
| ida_idaapi.ea_t | ea ) |
Get the containing tail chunk of 'ea'.
@retval -1: means 'does not contain ea'
@retval 0: means the 'pfn' itself contains ea
@retval >0: the number of the containing function tail chunk
| str get_func_cmt | ( | 'func_t' | pfn, |
| bool | repeatable ) |
Get function comment.
@param pfn: ptr to function structure
@param repeatable: get repeatable comment?
@returns size of comment or -1 In fact this function works with function chunks too.
| str get_func_name | ( | ida_idaapi.ea_t | ea | ) |
Get function name.
@param ea: any address in the function
@returns length of the function name
| int get_func_num | ( | ida_idaapi.ea_t | ea | ) |
Get ordinal number of a function.
@param ea: any address in the function
@returns number of function (0..get_func_qty()-1). -1 means 'no function at the specified address'.
| 'size_t' get_func_qty | ( | ) |
Get total number of functions in the program.
| ida_idaapi.ea_t get_func_ranges | ( | 'rangeset_t' | ranges, |
| 'func_t' | pfn ) |
Get function ranges.
@param ranges: buffer to receive the range info
@param pfn: ptr to function structure
@returns end address of the last function range (BADADDR-error)
| get_idasgn_desc | ( | n | ) |
Get information about a signature in the list. It returns: (name of signature, names of optional libraries) See also: get_idasgn_desc_with_matches @param n: number of signature in the list (0..get_idasgn_qty()-1) @return: None on failure or tuple(signame, optlibs)
| get_idasgn_desc_with_matches | ( | n | ) |
Get information about a signature in the list. It returns: (name of signature, names of optional libraries, number of matches) @param n: number of signature in the list (0..get_idasgn_qty()-1) @return: None on failure or tuple(signame, optlibs, nmatches)
| int get_idasgn_qty | ( | ) |
Get number of signatures in the list of planned and applied signatures.
@returns 0..n
| str get_idasgn_title | ( | str | name | ) |
Get full description of the signature by its short name.
@param name: short name of a signature
@returns size of signature description or -1
| 'func_t *' get_next_fchunk | ( | ida_idaapi.ea_t | ea | ) |
Get pointer to the next function chunk in the global list.
@param ea: any address in the program
@returns ptr to function chunk or nullptr if next function chunk doesn't exist
| 'func_t *' get_next_func | ( | ida_idaapi.ea_t | ea | ) |
Get pointer to the next function.
@param ea: any address in the program
@returns ptr to function or nullptr if next function doesn't exist
| ida_idaapi.ea_t get_next_func_addr | ( | 'func_t' | pfn, |
| ida_idaapi.ea_t | ea ) |
| 'func_t *' get_prev_fchunk | ( | ida_idaapi.ea_t | ea | ) |
Get pointer to the previous function chunk in the global list.
@param ea: any address in the program
@returns ptr to function chunk or nullptr if previous function chunk doesn't exist
| 'func_t *' get_prev_func | ( | ida_idaapi.ea_t | ea | ) |
Get pointer to the previous function.
@param ea: any address in the program
@returns ptr to function or nullptr if previous function doesn't exist
| ida_idaapi.ea_t get_prev_func_addr | ( | 'func_t' | pfn, |
| ida_idaapi.ea_t | ea ) |
| 'func_t *' getn_fchunk | ( | int | n | ) |
Get pointer to function chunk structure by number.
@param n: number of function chunk, is in range 0..get_fchunk_qty()-1
@returns ptr to a function chunk or nullptr. This function may return a function entry as well as a function tail.
| 'func_t *' getn_func | ( | 'size_t' | n | ) |
Get pointer to function structure by number.
@param n: number of function, is in range 0..get_func_qty()-1
@returns ptr to a function or nullptr. This function returns a function entry chunk.
| bool is_finally_visible_func | ( | 'func_t' | pfn | ) |
Is the function visible (event after considering SCF_SHHID_FUNC)?
| bool is_func_entry | ( | 'func_t' | pfn | ) |
Does function describe a function entry chunk?
| bool is_func_locked | ( | 'func_t' | pfn | ) |
Is the function pointer locked?
| bool is_func_tail | ( | 'func_t' | pfn | ) |
Does function describe a function tail chunk?
| bool is_same_func | ( | ida_idaapi.ea_t | ea1, |
| ida_idaapi.ea_t | ea2 ) |
Do two addresses belong to the same function?
| bool is_visible_func | ( | 'func_t' | pfn | ) |
Is the function visible (not hidden)?
| None lock_func_range | ( | 'func_t' | pfn, |
| bool | lock ) |
Lock function pointer Locked pointers are guaranteed to remain valid until they are unlocked. Ranges with locked pointers cannot be deleted or moved.
| int plan_to_apply_idasgn | ( | str | fname | ) |
Add a signature file to the list of planned signature files.
@param fname: file name. should not contain directory part.
@returns 0 if failed, otherwise number of planned (and applied) signatures
| None read_regargs | ( | 'func_t' | pfn | ) |
| None reanalyze_function | ( | * | args | ) |
Reanalyze a function. This function plans to analyzes all chunks of the given function. Optional parameters (ea1, ea2) may be used to narrow the analyzed range.
@param pfn: pointer to a function
@param ea1: start of the range to analyze
@param ea2: end of range to analyze
@param analyze_parents: meaningful only if pfn points to a function tail. if true, all tail parents will be reanalyzed. if false, only the given tail will be reanalyzed.
| bool reanalyze_noret_flag | ( | ida_idaapi.ea_t | ea | ) |
Plan to reanalyze noret flag. This function does not remove FUNC_NORET if it is already present. It just plans to reanalysis.
| bool remove_func_tail | ( | 'func_t' | pfn, |
| ida_idaapi.ea_t | tail_ea ) |
Remove a function tail. If the tail belongs only to one function, it will be completely removed. Otherwise if the function was the tail owner, the first function using this tail becomes the owner of the tail.
@param pfn: pointer to the function
@param tail_ea: any address inside the tail to remove
| bool set_func_cmt | ( | 'func_t' | pfn, |
| str | cmt, | ||
| bool | repeatable ) |
Set function comment. This function works with function chunks too.
@param pfn: ptr to function structure
@param cmt: comment string, may be multiline (with '
'). Use empty str ("") to delete comment
@param repeatable: set repeatable comment?
| bool set_func_end | ( | ida_idaapi.ea_t | ea, |
| ida_idaapi.ea_t | newend ) |
Move function chunk end address.
@param ea: any address in the function
@param newend: new end address of the function
@returns success
| int set_func_name_if_jumpfunc | ( | 'func_t' | pfn, |
| str | oldname ) |
Give a meaningful name to function if it consists of only 'jump' instruction.
@param pfn: pointer to function (may be nullptr)
@param oldname: old name of function. if old name was in "j_..." form, then we may discard it and set a new name. if oldname is not known, you may pass nullptr.
@returns success
| int set_func_start | ( | ida_idaapi.ea_t | ea, |
| ida_idaapi.ea_t | newstart ) |
Move function chunk start address.
@param ea: any address in the function
@param newstart: new end address of the function
@returns Function move result codes
| bool set_noret_insn | ( | ida_idaapi.ea_t | insn_ea, |
| bool | noret ) |
Signal a non-returning instruction. This function can be used by the processor module to tell the kernel about non-returning instructions (like call exit). The kernel will perform the global function analysis and find out if the function returns at all. This analysis will be done at the first call to func_does_return()
@returns true if the instruction 'noret' flag has been changed
| bool set_tail_owner | ( | 'func_t' | fnt, |
| ida_idaapi.ea_t | new_owner ) |
Set a new owner of a function tail. The new owner function must be already referring to the tail (after append_func_tail).
@param fnt: pointer to the function tail
@param new_owner: the entry point of the new owner function
| None set_visible_func | ( | 'func_t' | pfn, |
| bool | visible ) |
Set visibility of function.
| int try_to_add_libfunc | ( | ida_idaapi.ea_t | ea | ) |
Apply the currently loaded signature file to the specified address. If a library function is found, then create a function and name it accordingly.
@param ea: any address in the program
@returns Library function codes
| bool update_func | ( | 'func_t' | pfn | ) |
Update information about a function in the database (func_t). You must not change the function start and end addresses using this function. Use set_func_start() and set_func_end() for it.
@param pfn: ptr to function structure
@returns success
| FIND_FUNC_DEFINE = _ida_funcs.FIND_FUNC_DEFINE |
| FIND_FUNC_EXIST = _ida_funcs.FIND_FUNC_EXIST |
| FIND_FUNC_IGNOREFN = _ida_funcs.FIND_FUNC_IGNOREFN |
| FIND_FUNC_KEEPBD = _ida_funcs.FIND_FUNC_KEEPBD |
| FIND_FUNC_NORMAL = _ida_funcs.FIND_FUNC_NORMAL |
| FIND_FUNC_OK = _ida_funcs.FIND_FUNC_OK |
| FIND_FUNC_UNDEF = _ida_funcs.FIND_FUNC_UNDEF |
| FUNC_BOTTOMBP = _ida_funcs.FUNC_BOTTOMBP |
| FUNC_CATCH = _ida_funcs.FUNC_CATCH |
| FUNC_FAR = _ida_funcs.FUNC_FAR |
| FUNC_FRAME = _ida_funcs.FUNC_FRAME |
| FUNC_FUZZY_SP = _ida_funcs.FUNC_FUZZY_SP |
| FUNC_HIDDEN = _ida_funcs.FUNC_HIDDEN |
| FUNC_LIB = _ida_funcs.FUNC_LIB |
| FUNC_LUMINA = _ida_funcs.FUNC_LUMINA |
| FUNC_NORET = _ida_funcs.FUNC_NORET |
| FUNC_NORET_PENDING = _ida_funcs.FUNC_NORET_PENDING |
| FUNC_OUTLINE = _ida_funcs.FUNC_OUTLINE |
| FUNC_PROLOG_OK = _ida_funcs.FUNC_PROLOG_OK |
| FUNC_PURGED_OK = _ida_funcs.FUNC_PURGED_OK |
| FUNC_REANALYZE = _ida_funcs.FUNC_REANALYZE |
| FUNC_SP_READY = _ida_funcs.FUNC_SP_READY |
| FUNC_STATICDEF = _ida_funcs.FUNC_STATICDEF |
| FUNC_TAIL = _ida_funcs.FUNC_TAIL |
| FUNC_THUNK = _ida_funcs.FUNC_THUNK |
| FUNC_UNWIND = _ida_funcs.FUNC_UNWIND |
| FUNC_USERFAR = _ida_funcs.FUNC_USERFAR |
| IDASGN_APPLIED = _ida_funcs.IDASGN_APPLIED |
| IDASGN_BADARG = _ida_funcs.IDASGN_BADARG |
| IDASGN_CURRENT = _ida_funcs.IDASGN_CURRENT |
| IDASGN_OK = _ida_funcs.IDASGN_OK |
| IDASGN_PLANNED = _ida_funcs.IDASGN_PLANNED |
| LIBFUNC_DELAY = _ida_funcs.LIBFUNC_DELAY |
| LIBFUNC_FOUND = _ida_funcs.LIBFUNC_FOUND |
| LIBFUNC_NONE = _ida_funcs.LIBFUNC_NONE |
| MOVE_FUNC_BADSTART = _ida_funcs.MOVE_FUNC_BADSTART |
| MOVE_FUNC_NOCODE = _ida_funcs.MOVE_FUNC_NOCODE |
| MOVE_FUNC_NOFUNC = _ida_funcs.MOVE_FUNC_NOFUNC |
| MOVE_FUNC_OK = _ida_funcs.MOVE_FUNC_OK |
| MOVE_FUNC_REFUSED = _ida_funcs.MOVE_FUNC_REFUSED |
1.12.0