 |
IDAPython 9.0
|
|
IDAPython 9.0
|
Functions that deal with the disassembling of program instructions. There are 2 kinds of functions: * functions that are called from the kernel to disassemble an instruction. These functions call IDP module for it. * functions that are called from IDP module to disassemble an instruction. We will call them 'helper functions'. Disassembly of an instruction is made in three steps: 0. analysis: ana.cpp 1. emulation: emu.cpp 2. conversion to text: out.cpp The kernel calls the IDP module to perform these steps. At first, the kernel always calls the analysis. The analyzer must decode the instruction and fill the insn_t instance that it receives through its callback. It must not change anything in the database. The second step, the emulation, is called for each instruction. This step must make necessary changes to the database, plan analysis of subsequent instructions, track register values, memory contents, etc. Please keep in mind that the kernel may call the emulation step for any address in the program - there is no ordering of addresses. Usually, the emulation is called for consecutive addresses but this is not guaranteed. The last step, conversion to text, is called each time an instruction is displayed on the screen. The kernel will always call the analysis step before calling the text conversion step. The emulation and the text conversion steps should use the information stored in the insn_t instance they receive. They should not access the bytes of the instruction and decode it again - this should only be done in the analysis step.
Classes | |
| class | insn_t |
| class | macro_constructor_t |
| class | op_t |
| class | operands_array |
| class | outctx_base_t |
| class | outctx_t |
Variables | |
| cvar = _ida_ua.cvar | |
| o_void = cvar.o_void | |
| o_reg = cvar.o_reg | |
| o_mem = cvar.o_mem | |
| o_phrase = cvar.o_phrase | |
| o_displ = cvar.o_displ | |
| o_imm = cvar.o_imm | |
| o_far = cvar.o_far | |
| o_near = cvar.o_near | |
| o_idpspec0 = cvar.o_idpspec0 | |
| o_idpspec1 = cvar.o_idpspec1 | |
| o_idpspec2 = cvar.o_idpspec2 | |
| o_idpspec3 = cvar.o_idpspec3 | |
| o_idpspec4 = cvar.o_idpspec4 | |
| o_idpspec5 = cvar.o_idpspec5 | |
| OF_NO_BASE_DISP = _ida_ua.OF_NO_BASE_DISP | |
| OF_OUTER_DISP = _ida_ua.OF_OUTER_DISP | |
| PACK_FORM_DEF = _ida_ua.PACK_FORM_DEF | |
| OF_NUMBER = _ida_ua.OF_NUMBER | |
| OF_SHOW = _ida_ua.OF_SHOW | |
| dt_byte = _ida_ua.dt_byte | |
| dt_word = _ida_ua.dt_word | |
| dt_dword = _ida_ua.dt_dword | |
| dt_float = _ida_ua.dt_float | |
| dt_double = _ida_ua.dt_double | |
| dt_tbyte = _ida_ua.dt_tbyte | |
| dt_packreal = _ida_ua.dt_packreal | |
| dt_qword = _ida_ua.dt_qword | |
| dt_byte16 = _ida_ua.dt_byte16 | |
| dt_code = _ida_ua.dt_code | |
| dt_void = _ida_ua.dt_void | |
| dt_fword = _ida_ua.dt_fword | |
| dt_bitfild = _ida_ua.dt_bitfild | |
| dt_string = _ida_ua.dt_string | |
| dt_unicode = _ida_ua.dt_unicode | |
| dt_ldbl = _ida_ua.dt_ldbl | |
| dt_byte32 = _ida_ua.dt_byte32 | |
| dt_byte64 = _ida_ua.dt_byte64 | |
| dt_half = _ida_ua.dt_half | |
| INSN_MACRO = _ida_ua.INSN_MACRO | |
| INSN_MODMAC = _ida_ua.INSN_MODMAC | |
| INSN_64BIT = _ida_ua.INSN_64BIT | |
| STKVAR_VALID_SIZE = _ida_ua.STKVAR_VALID_SIZE | |
| CTXF_MAIN = _ida_ua.CTXF_MAIN | |
| CTXF_MULTI = _ida_ua.CTXF_MULTI | |
| CTXF_CODE = _ida_ua.CTXF_CODE | |
| CTXF_STACK = _ida_ua.CTXF_STACK | |
| CTXF_GEN_XREFS = _ida_ua.CTXF_GEN_XREFS | |
| CTXF_XREF_STATE = _ida_ua.CTXF_XREF_STATE | |
| XREFSTATE_NONE = _ida_ua.XREFSTATE_NONE | |
| XREFSTATE_GO = _ida_ua.XREFSTATE_GO | |
| XREFSTATE_DONE = _ida_ua.XREFSTATE_DONE | |
| CTXF_GEN_CMT = _ida_ua.CTXF_GEN_CMT | |
| CTXF_CMT_STATE = _ida_ua.CTXF_CMT_STATE | |
| COMMSTATE_NONE = _ida_ua.COMMSTATE_NONE | |
| COMMSTATE_GO = _ida_ua.COMMSTATE_GO | |
| COMMSTATE_DONE = _ida_ua.COMMSTATE_DONE | |
| CTXF_VOIDS = _ida_ua.CTXF_VOIDS | |
| CTXF_NORMAL_LABEL = _ida_ua.CTXF_NORMAL_LABEL | |
| CTXF_DEMANGLED_LABEL = _ida_ua.CTXF_DEMANGLED_LABEL | |
| CTXF_LABEL_OK = _ida_ua.CTXF_LABEL_OK | |
| CTXF_DEMANGLED_OK = _ida_ua.CTXF_DEMANGLED_OK | |
| CTXF_OVSTORE_PRNT = _ida_ua.CTXF_OVSTORE_PRNT | |
| CTXF_OUTCTX_T = _ida_ua.CTXF_OUTCTX_T | |
| CTXF_DBLIND_OPND = _ida_ua.CTXF_DBLIND_OPND | |
| CTXF_BINOP_STATE = _ida_ua.CTXF_BINOP_STATE | |
| BINOPSTATE_NONE = _ida_ua.BINOPSTATE_NONE | |
| BINOPSTATE_GO = _ida_ua.BINOPSTATE_GO | |
| BINOPSTATE_DONE = _ida_ua.BINOPSTATE_DONE | |
| CTXF_HIDDEN_ADDR = _ida_ua.CTXF_HIDDEN_ADDR | |
| CTXF_BIT_PREFIX = _ida_ua.CTXF_BIT_PREFIX | |
| OOF_SIGNMASK = _ida_ua.OOF_SIGNMASK | |
| OOFS_IFSIGN = _ida_ua.OOFS_IFSIGN | |
| OOFS_NOSIGN = _ida_ua.OOFS_NOSIGN | |
| OOFS_NEEDSIGN = _ida_ua.OOFS_NEEDSIGN | |
| OOF_SIGNED = _ida_ua.OOF_SIGNED | |
| OOF_NUMBER = _ida_ua.OOF_NUMBER | |
| OOF_WIDTHMASK = _ida_ua.OOF_WIDTHMASK | |
| OOFW_IMM = _ida_ua.OOFW_IMM | |
| OOFW_8 = _ida_ua.OOFW_8 | |
| OOFW_16 = _ida_ua.OOFW_16 | |
| OOFW_24 = _ida_ua.OOFW_24 | |
| OOFW_32 = _ida_ua.OOFW_32 | |
| OOFW_64 = _ida_ua.OOFW_64 | |
| OOF_ADDR = _ida_ua.OOF_ADDR | |
| OOF_OUTER = _ida_ua.OOF_OUTER | |
| OOF_ZSTROFF = _ida_ua.OOF_ZSTROFF | |
| OOF_NOBNOT = _ida_ua.OOF_NOBNOT | |
| OOF_SPACES = _ida_ua.OOF_SPACES | |
| OOF_ANYSERIAL = _ida_ua.OOF_ANYSERIAL | |
| OOF_LZEROES = _ida_ua.OOF_LZEROES | |
| OOF_NO_LZEROES = _ida_ua.OOF_NO_LZEROES | |
| DEFAULT_INDENT = _ida_ua.DEFAULT_INDENT | |
| MAKELINE_NONE = _ida_ua.MAKELINE_NONE | |
| MAKELINE_BINPREF = _ida_ua.MAKELINE_BINPREF | |
| MAKELINE_VOID = _ida_ua.MAKELINE_VOID | |
| MAKELINE_STACK = _ida_ua.MAKELINE_STACK | |
| GH_PRINT_PROC = _ida_ua.GH_PRINT_PROC | |
| GH_PRINT_ASM = _ida_ua.GH_PRINT_ASM | |
| GH_PRINT_BYTESEX = _ida_ua.GH_PRINT_BYTESEX | |
| GH_PRINT_HEADER = _ida_ua.GH_PRINT_HEADER | |
| GH_BYTESEX_HAS_HIGHBYTE = _ida_ua.GH_BYTESEX_HAS_HIGHBYTE | |
| GH_PRINT_PROC_AND_ASM = _ida_ua.GH_PRINT_PROC_AND_ASM | |
| GH_PRINT_PROC_ASM_AND_BYTESEX = _ida_ua.GH_PRINT_PROC_ASM_AND_BYTESEX | |
| GH_PRINT_ALL = _ida_ua.GH_PRINT_ALL | |
| GH_PRINT_ALL_BUT_BYTESEX = _ida_ua.GH_PRINT_ALL_BUT_BYTESEX | |
| FCBF_CONT = _ida_ua.FCBF_CONT | |
| FCBF_ERR_REPL = _ida_ua.FCBF_ERR_REPL | |
| FCBF_FF_LIT = _ida_ua.FCBF_FF_LIT | |
| FCBF_DELIM = _ida_ua.FCBF_DELIM | |
| str | ua_mnem = print_insn_mnem |
| ida_idaapi.ea_t calc_dataseg | ( | 'insn_t' | insn, |
| int | n = -1, | ||
| int | rgnum = -1 ) |
| bool can_decode | ( | ida_idaapi.ea_t | ea | ) |
Can the bytes at address 'ea' be decoded as instruction?
@param ea: linear address
@returns whether or not the contents at that address could be a valid instruction
| construct_macro | ( | * | args | ) |
See ua.hpp's construct_macro().
This function has the following signatures
1. construct_macro(insn: insn_t, enable: bool, build_macro: callable) -> bool
2. construct_macro(constuctor: macro_constructor_t, insn: insn_t, enable: bool) -> bool
@param insn: the instruction to build the macro for
@param enable: enable macro generation
@param build_macro: a callable with 2 arguments: an insn_t, and
whether it is ok to consider the next instruction
for the macro
@param constructor: a macro_constructor_t implementation
@return: success
| int create_insn | ( | ida_idaapi.ea_t | ea, |
| 'insn_t' | out = None ) |
Create an instruction at the specified address. This function checks if an instruction is present at the specified address and will try to create one if there is none. It will fail if there is a data item or other items hindering the creation of the new instruction. This function will also fill the 'out' structure.
@param ea: linear address
@param out: the resulting instruction
@returns the length of the instruction or 0
| 'outctx_base_t *' create_outctx | ( | ida_idaapi.ea_t | ea, |
| 'flags64_t' | F = 0, | ||
| int | suspop = 0 ) |
Create a new output context. To delete it, just use "delete pctx"
| int decode_insn | ( | 'insn_t' | out, |
| ida_idaapi.ea_t | ea ) |
Analyze the specified address and fill 'out'. This function does not modify the database. It just tries to interpret the specified address as an instruction and fills the 'out' structure.
@param out: the resulting instruction
@param ea: linear address
@returns the length of the (possible) instruction or 0
| Tuple[ ida_idaapi.ea_t, bool] decode_preceding_insn | ( | insn_t | out, |
| ida_idaapi.ea_t | ea ) |
Decodes the preceding instruction. @param out: instruction storage @param ea: current ea @return: tuple(preceeding_ea or BADADDR, farref = Boolean)
| ida_idaapi.ea_t decode_prev_insn | ( | 'insn_t' | out, |
| ida_idaapi.ea_t | ea ) |
Decode previous instruction if it exists, fill 'out'.
@param out: the resulting instruction
@param ea: the address to decode the previous instruction from
@returns the previous instruction address (BADADDR-no such insn)
| int get_dtype_by_size | ( | 'asize_t' | size | ) |
Get op_t::dtype from size.
| 'flags64_t' get_dtype_flag | ( | 'op_dtype_t' | dtype | ) |
Get flags for op_t::dtype field.
| 'size_t' get_dtype_size | ( | 'op_dtype_t' | dtype | ) |
Get size of opt_::dtype field.
| 'PyObject *' get_immvals | ( | ida_idaapi.ea_t | ea, |
| int | n, | ||
| 'flags64_t' | F = 0 ) |
Get immediate values at the specified address. This function decodes instruction at the specified address or inspects the data item. It finds immediate values and copies them to 'out'. This function will store the original value of the operands in 'out', unless the last bits of 'F' are "...0 11111111", in which case the transformed values (as needed for printing) will be stored instead.
@param ea: address to analyze
@param n: 0..UA_MAXOP-1 operand number, OPND_ALL all the operands
@param F: flags for the specified address
@returns number of immediate values (0..2*UA_MAXOP)
| int get_lookback | ( | ) |
Number of instructions to look back. This variable is not used by the kernel. Its value may be specified in ida.cfg: LOOKBACK = <number>. IDP may use it as you like it. (TMS module uses it)
| 'PyObject *' get_printable_immvals | ( | ida_idaapi.ea_t | ea, |
| int | n, | ||
| 'flags64_t' | F = 0 ) |
Get immediate ready-to-print values at the specified address
@param ea: address to analyze
@param n: 0..UA_MAXOP-1 operand number, OPND_ALL all the operands
@param F: flags for the specified address
@returns number of immediate values (0..2*UA_MAXOP)
| None insn_add_cref | ( | 'insn_t' | insn, |
| ida_idaapi.ea_t | to, | ||
| int | opoff, | ||
| 'cref_t' | type ) |
| None insn_add_dref | ( | 'insn_t' | insn, |
| ida_idaapi.ea_t | to, | ||
| int | opoff, | ||
| 'dref_t' | type ) |
| ida_idaapi.ea_t insn_add_off_drefs | ( | 'insn_t' | insn, |
| 'op_t' | x, | ||
| 'dref_t' | type, | ||
| int | outf ) |
| 'insn_t *' insn_t__from_ptrval__ | ( | 'size_t' | ptrval | ) |
| bool is_floating_dtype | ( | 'op_dtype_t' | dtype | ) |
Is a floating type operand?
| ida_idaapi.ea_t map_code_ea | ( | * | args | ) |
| ida_idaapi.ea_t map_data_ea | ( | * | args | ) |
| ida_idaapi.ea_t map_ea | ( | * | args | ) |
| 'op_t *' op_t__from_ptrval__ | ( | 'size_t' | ptrval | ) |
| 'outctx_base_t *' outctx_base_t__from_ptrval__ | ( | 'size_t' | ptrval | ) |
| 'outctx_t *' outctx_t__from_ptrval__ | ( | 'size_t' | ptrval | ) |
| str print_insn_mnem | ( | ida_idaapi.ea_t | ea | ) |
Print instruction mnemonics.
@param ea: linear address of the instruction
@returns success
| str print_operand | ( | ida_idaapi.ea_t | ea, |
| int | n, | ||
| int | getn_flags = 0, | ||
| 'printop_t' | newtype = None ) |
Generate text representation for operand #n. This function will generate the text representation of the specified operand (includes color codes.)
@param ea: the item address (instruction or data)
@param n: 0..UA_MAXOP-1 operand number, meaningful only for instructions
@param getn_flags: Name expression flags Currently only GETN_NODUMMY is accepted.
@param newtype: if specified, print the operand using the specified type
@returns success
| BINOPSTATE_DONE = _ida_ua.BINOPSTATE_DONE |
| BINOPSTATE_GO = _ida_ua.BINOPSTATE_GO |
| BINOPSTATE_NONE = _ida_ua.BINOPSTATE_NONE |
| COMMSTATE_DONE = _ida_ua.COMMSTATE_DONE |
| COMMSTATE_GO = _ida_ua.COMMSTATE_GO |
| COMMSTATE_NONE = _ida_ua.COMMSTATE_NONE |
| CTXF_BINOP_STATE = _ida_ua.CTXF_BINOP_STATE |
| CTXF_BIT_PREFIX = _ida_ua.CTXF_BIT_PREFIX |
| CTXF_CMT_STATE = _ida_ua.CTXF_CMT_STATE |
| CTXF_CODE = _ida_ua.CTXF_CODE |
| CTXF_DBLIND_OPND = _ida_ua.CTXF_DBLIND_OPND |
| CTXF_DEMANGLED_LABEL = _ida_ua.CTXF_DEMANGLED_LABEL |
| CTXF_DEMANGLED_OK = _ida_ua.CTXF_DEMANGLED_OK |
| CTXF_GEN_CMT = _ida_ua.CTXF_GEN_CMT |
| CTXF_GEN_XREFS = _ida_ua.CTXF_GEN_XREFS |
| CTXF_HIDDEN_ADDR = _ida_ua.CTXF_HIDDEN_ADDR |
| CTXF_LABEL_OK = _ida_ua.CTXF_LABEL_OK |
| CTXF_MAIN = _ida_ua.CTXF_MAIN |
| CTXF_MULTI = _ida_ua.CTXF_MULTI |
| CTXF_NORMAL_LABEL = _ida_ua.CTXF_NORMAL_LABEL |
| CTXF_OUTCTX_T = _ida_ua.CTXF_OUTCTX_T |
| CTXF_OVSTORE_PRNT = _ida_ua.CTXF_OVSTORE_PRNT |
| CTXF_STACK = _ida_ua.CTXF_STACK |
| CTXF_VOIDS = _ida_ua.CTXF_VOIDS |
| CTXF_XREF_STATE = _ida_ua.CTXF_XREF_STATE |
| cvar = _ida_ua.cvar |
| DEFAULT_INDENT = _ida_ua.DEFAULT_INDENT |
| dt_bitfild = _ida_ua.dt_bitfild |
| dt_byte = _ida_ua.dt_byte |
| dt_byte16 = _ida_ua.dt_byte16 |
| dt_byte32 = _ida_ua.dt_byte32 |
| dt_byte64 = _ida_ua.dt_byte64 |
| dt_code = _ida_ua.dt_code |
| dt_double = _ida_ua.dt_double |
| dt_dword = _ida_ua.dt_dword |
| dt_float = _ida_ua.dt_float |
| dt_fword = _ida_ua.dt_fword |
| dt_half = _ida_ua.dt_half |
| dt_ldbl = _ida_ua.dt_ldbl |
| dt_packreal = _ida_ua.dt_packreal |
| dt_qword = _ida_ua.dt_qword |
| dt_string = _ida_ua.dt_string |
| dt_tbyte = _ida_ua.dt_tbyte |
| dt_unicode = _ida_ua.dt_unicode |
| dt_void = _ida_ua.dt_void |
| dt_word = _ida_ua.dt_word |
| FCBF_CONT = _ida_ua.FCBF_CONT |
| FCBF_DELIM = _ida_ua.FCBF_DELIM |
| FCBF_ERR_REPL = _ida_ua.FCBF_ERR_REPL |
| FCBF_FF_LIT = _ida_ua.FCBF_FF_LIT |
| GH_BYTESEX_HAS_HIGHBYTE = _ida_ua.GH_BYTESEX_HAS_HIGHBYTE |
| GH_PRINT_ALL = _ida_ua.GH_PRINT_ALL |
| GH_PRINT_ALL_BUT_BYTESEX = _ida_ua.GH_PRINT_ALL_BUT_BYTESEX |
| GH_PRINT_ASM = _ida_ua.GH_PRINT_ASM |
| GH_PRINT_BYTESEX = _ida_ua.GH_PRINT_BYTESEX |
| GH_PRINT_HEADER = _ida_ua.GH_PRINT_HEADER |
| GH_PRINT_PROC = _ida_ua.GH_PRINT_PROC |
| GH_PRINT_PROC_AND_ASM = _ida_ua.GH_PRINT_PROC_AND_ASM |
| GH_PRINT_PROC_ASM_AND_BYTESEX = _ida_ua.GH_PRINT_PROC_ASM_AND_BYTESEX |
| INSN_64BIT = _ida_ua.INSN_64BIT |
| INSN_MACRO = _ida_ua.INSN_MACRO |
| INSN_MODMAC = _ida_ua.INSN_MODMAC |
| MAKELINE_BINPREF = _ida_ua.MAKELINE_BINPREF |
| MAKELINE_NONE = _ida_ua.MAKELINE_NONE |
| MAKELINE_STACK = _ida_ua.MAKELINE_STACK |
| MAKELINE_VOID = _ida_ua.MAKELINE_VOID |
| o_displ = cvar.o_displ |
| o_far = cvar.o_far |
| o_idpspec0 = cvar.o_idpspec0 |
| o_idpspec1 = cvar.o_idpspec1 |
| o_idpspec2 = cvar.o_idpspec2 |
| o_idpspec3 = cvar.o_idpspec3 |
| o_idpspec4 = cvar.o_idpspec4 |
| o_idpspec5 = cvar.o_idpspec5 |
| o_imm = cvar.o_imm |
| o_mem = cvar.o_mem |
| o_near = cvar.o_near |
| o_phrase = cvar.o_phrase |
| o_reg = cvar.o_reg |
| o_void = cvar.o_void |
| OF_NO_BASE_DISP = _ida_ua.OF_NO_BASE_DISP |
| OF_NUMBER = _ida_ua.OF_NUMBER |
| OF_OUTER_DISP = _ida_ua.OF_OUTER_DISP |
| OF_SHOW = _ida_ua.OF_SHOW |
| OOF_ADDR = _ida_ua.OOF_ADDR |
| OOF_ANYSERIAL = _ida_ua.OOF_ANYSERIAL |
| OOF_LZEROES = _ida_ua.OOF_LZEROES |
| OOF_NO_LZEROES = _ida_ua.OOF_NO_LZEROES |
| OOF_NOBNOT = _ida_ua.OOF_NOBNOT |
| OOF_NUMBER = _ida_ua.OOF_NUMBER |
| OOF_OUTER = _ida_ua.OOF_OUTER |
| OOF_SIGNED = _ida_ua.OOF_SIGNED |
| OOF_SIGNMASK = _ida_ua.OOF_SIGNMASK |
| OOF_SPACES = _ida_ua.OOF_SPACES |
| OOF_WIDTHMASK = _ida_ua.OOF_WIDTHMASK |
| OOF_ZSTROFF = _ida_ua.OOF_ZSTROFF |
| OOFS_IFSIGN = _ida_ua.OOFS_IFSIGN |
| OOFS_NEEDSIGN = _ida_ua.OOFS_NEEDSIGN |
| OOFS_NOSIGN = _ida_ua.OOFS_NOSIGN |
| OOFW_16 = _ida_ua.OOFW_16 |
| OOFW_24 = _ida_ua.OOFW_24 |
| OOFW_32 = _ida_ua.OOFW_32 |
| OOFW_64 = _ida_ua.OOFW_64 |
| OOFW_8 = _ida_ua.OOFW_8 |
| OOFW_IMM = _ida_ua.OOFW_IMM |
| PACK_FORM_DEF = _ida_ua.PACK_FORM_DEF |
| STKVAR_VALID_SIZE = _ida_ua.STKVAR_VALID_SIZE |
| str ua_mnem = print_insn_mnem |
| XREFSTATE_DONE = _ida_ua.XREFSTATE_DONE |
| XREFSTATE_GO = _ida_ua.XREFSTATE_GO |
| XREFSTATE_NONE = _ida_ua.XREFSTATE_NONE |
1.12.0