Module `ida_bytes`

Contains functions that deal with individual byte characteristics.

Each byte of the disassembled program is represented by a 32-bit value. We will call this value 'flags'. The structure of the flags is here.

You are not allowed to inspect individual bits of flags and modify them directly. Use special functions to inspect and/or modify flags.

Flags are kept in a virtual array file (*.id1). Addresses (ea) are all 32-bit (or 64-bit) quantities.

Global variables

var ALOPT_APPEND

if an existing strlit is encountered, then append it to the string.

var ALOPT_IGNCLT

if set, don't stop at codepoints that are not part of the current 'culture'; accept all those that are graphical (this is typically used used by user- initiated actions creating string literals.)

var ALOPT_IGNHEADS

don't stop if another data item is encountered. only the byte values will be used to determine the string length. if not set, a defined data item or instruction will truncate the string

var ALOPT_IGNPRINT

if set, don't stop at non-printable codepoints, but only at the terminating character (or not unicode-mapped character (e.g., 0x8f in CP1252))

var ALOPT_MAX4K

if string length is more than 4K, return the accumulated length

var ALOPT_ONLYTERM

only the termination characters can be at the string end. Without this option illegal characters also terminate the string.

var BIN_SEARCH_BACKWARD

search backward for bytes

var BIN_SEARCH_BITMASK

searching using strict bit mask

var BIN_SEARCH_CASE

case sensitive

var BIN_SEARCH_FORWARD

search forward for bytes

var BIN_SEARCH_INITED

find_byte, find_byter: any initilized value

var BIN_SEARCH_NOBREAK

don't check for Ctrl-Break

var BIN_SEARCH_NOCASE

case insensitive

var BIN_SEARCH_NOSHOW

don't show search progress or update screen

var DELIT_DELNAMES

delete any names at the specified address range (except for the starting address). this bit is valid if nbytes > 1

var DELIT_EXPAND

propagate undefined items; for example if removing an instruction removes all references to the next instruction, then plan to convert to unexplored the next instruction too.

var DELIT_KEEPFUNC

do not undefine the function start. Just delete xrefs, ops e.t.c.

var DELIT_NOCMT

reject to delete if a comment is in address range (except for the starting address). this bit is valid if nbytes > 1

var DELIT_NOTRUNC

don't truncate the current function even if AF_TRFUNC is set

var DELIT_NOUNAME

reject to delete if a user name is in address range (except for the starting address). this bit is valid if nbytes > 1

var DELIT_SIMPLE

simply undefine the specified item(s)

var DTP_NODUP

do not use dup construct

var DT_TYPE

Mask for DATA typing.

var FF_0CHAR

FF_0CHAR = 3145728

var FF_0CUST

FF_0CUST = 13631488

var FF_0ENUM

FF_0ENUM = 8388608

var FF_0FLT

FF_0FLT = 12582912

var FF_0FOP

FF_0FOP = 9437184

var FF_0NUMB

FF_0NUMB = 6291456

var FF_0NUMD

FF_0NUMD = 2097152

var FF_0NUMH

FF_0NUMH = 1048576

var FF_0NUMO

FF_0NUMO = 7340032

var FF_0OFF

FF_0OFF = 5242880

var FF_0SEG

FF_0SEG = 4194304

var FF_0STK

FF_0STK = 11534336

var FF_0STRO

FF_0STRO = 10485760

var FF_0VOID

FF_0VOID = 0

var FF_1CHAR

FF_1CHAR = 50331648

var FF_1CUST

FF_1CUST = 218103808

var FF_1ENUM

FF_1ENUM = 134217728

var FF_1FLT

FF_1FLT = 201326592

var FF_1FOP

FF_1FOP = 150994944

var FF_1NUMB

FF_1NUMB = 100663296

var FF_1NUMD

FF_1NUMD = 33554432

var FF_1NUMH

FF_1NUMH = 16777216

var FF_1NUMO

FF_1NUMO = 117440512

var FF_1OFF

FF_1OFF = 83886080

var FF_1SEG

FF_1SEG = 67108864

var FF_1STK

FF_1STK = 184549376

var FF_1STRO

FF_1STRO = 167772160

var FF_1VOID

FF_1VOID = 0

var FF_ALIGN

alignment directive

var FF_ANYNAME

FF_ANYNAME = 49152

var FF_BNOT

Bitwise negation of operands.

var FF_BYTE

byte

var FF_CODE

Code ?

var FF_COMM

Has comment ?

var FF_CUSTOM

custom data type

var FF_DATA

Data ?

var FF_DOUBLE

double

var FF_DWORD

double word

var FF_FLOAT

float

var FF_FLOW

Exec flow from prev instruction.

var FF_FUNC

function start?

var FF_IMMD

Has Immediate value ?

var FF_IVL

Byte has value ?

var FF_JUMP

Has jump table or switch_info?

var FF_LABL

Has dummy name?

var FF_LINE

Has next or prev lines ?

var FF_NAME

Has name ?

var FF_N_CHAR

Char ('x')?

var FF_N_CUST

Custom representation?

var FF_N_ENUM

Enumeration?

var FF_N_FLT

Floating point number?

var FF_N_FOP

Forced operand?

var FF_N_NUMB

Binary number?

var FF_N_NUMD

Decimal number?

var FF_N_NUMH

Hexadecimal number?

var FF_N_NUMO

Octal number?

var FF_N_OFF

Offset?

var FF_N_SEG

Segment?

var FF_N_STK

Stack variable?

var FF_N_STRO

Struct offset?

var FF_N_VOID

Void (unknown)?

var FF_OWORD

octaword/xmm word (16 bytes/128 bits)

var FF_PACKREAL

packed decimal real

var FF_QWORD

quadro word

var FF_REF

has references

var FF_SIGN

Inverted sign of operands.

var FF_STRLIT

string literal

var FF_STRUCT

struct variable

var FF_TAIL

Tail ?

var FF_TBYTE

tbyte

var FF_UNK

Unknown ?

var FF_UNUSED

unused bit (was used for variable bytes)

var FF_WORD

word

var FF_YWORD

ymm word (32 bytes/256 bits)

var FF_ZWORD

zmm word (64 bytes/512 bits)

var GFE_IDB_VALUE

get flags with FF_IVL & MS_VAL. but never use the debugger memory.

var GFE_VALUE

get flags with FF_IVL & MS_VAL. It is much slower under remote debugging because the kernel needs to read the process memory.

var GMB_READALL

try to read all bytes; if this bit is not set, fail at first uninited byte

var GMB_WAITBOX

show wait box (may return -1 in this case)

var ITEM_END_CANCEL

stop when operation cancelled, it is the responsibility of the caller to show the wait dialog

var ITEM_END_FIXUP

stop at the first fixup

var ITEM_END_INITED

stop when initialization changes i.e.

if is_loaded(ea): stop if uninitialized byte is encountered
if !is_loaded(ea): stop if initialized byte is encountered

var ITEM_END_NAME

stop at the first named location

var ITEM_END_XREF

stop at the first referenced location

var MS_0TYPE

MS_0TYPE = 15728640

var MS_1TYPE

MS_1TYPE = 251658240

var MS_CLS

Mask for typing.

var MS_CODE

Mask for code bits.

var MS_COMM

Mask of common bits.

var MS_N_TYPE

Mask for nth arg (a 64-bit constant)

var MS_VAL

Mask for byte value.

var OPND_ALL

all operands

var OPND_MASK

mask for operand number

var OPND_OUTER

outer offset base (combined with operand number). used only in set, get, del_offset() functions

var PBSENC_ALL

PBSENC_ALL = -1

var PBSENC_DEF1BPU

PBSENC_DEF1BPU = 0

var PSTF_ATTRIB

generate for type attribute usage

var PSTF_ENC

if encoding is specified, append it

var PSTF_HOTKEY

have hotkey markers part of the name

var PSTF_ONLY_ENC

generate only the encoding name

var PSTF_TBRIEF

use brief name (e.g., in the 'Strings' window)

var PSTF_TINLIN

use 'inline' name (e.g., in the structures comments)

var PSTF_TMASK

type mask

var PSTF_TNORM

use normal name

var STRCONV_ESCAPE

convert non-printable characters to C escapes ( , \xNN, \uNNNN)

var STRCONV_INCLLEN

for Pascal-style strings, include the prefixing length byte(s) as C-escaped sequence

var STRCONV_REPLCHAR

convert non-printable characters to the Unicode replacement character (U+FFFD)

Functions

def add_byte(*args) ‑> void

add_byte(ea, value)

Add a value to one byte of the program. This function works for wide byte processors too.

ea: (C++: ea_t) linear address

value: (C++: uint32) byte value

def add_dword(*args) ‑> void

add_dword(ea, value)

Add a value to one dword of the program. This function works for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be()

note: this function works incorrectly if processor_t::nbits > 16

ea: (C++: ea_t) linear address

value: (C++: uint64) byte value

def add_hidden_range(*args) ‑> bool

add_hidden_range(ea1, ea2, description, header, footer, color=bgcolor_t(-1)) -> bool Mark a range of addresses as hidden. The range will be created in the invisible state with the default color

ea1: (C++: ea_t) linear address of start of the address range

ea2: (C++: ea_t) linear address of end of the address range

description: (C++: const char *) ,header,footer: range parameters

header: (C++: const char *) char const *

footer: (C++: const char *) char const *

color: (C++: bgcolor_t) the range color

return: success

def add_mapping(*args) ‑> bool

add_mapping(_from, to, size) -> bool

IDA supports memory mapping. References to the addresses from the mapped range use data and meta-data from the mapping range.

note: You should set flag PR2_MAPPING in ph.flag2 to use memory mapping Add

memory mapping range.

from: (C++: ea_t) start of the mapped range (nonexistent address)

to: (C++: ea_t) start of the mapping range (existent address)

size: (C++: asize_t) size of the range

return: success

def add_qword(*args) ‑> void

add_qword(ea, value)

Add a value to one qword of the program. This function does not work for wide byte processors. This function takes into account order of bytes specified in idainfo::is_be()

ea: (C++: ea_t) linear address

value: (C++: uint64) byte value

def add_word(*args) ‑> void

add_word(ea, value)

Add a value to one word of the program. This function works for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be()

ea: (C++: ea_t) linear address

value: (C++: uint64) byte value

def align_flag(*args) ‑> flags64_t

align_flag() -> flags64_t

Get a flags64_t representing an alignment directive.

def append_cmt(*args) ‑> bool

append_cmt(ea, str, rptble) -> bool

Append to an indented comment. Creates a new comment if none exists. Appends a newline character and the specified string otherwise.

ea: (C++: ea_t) linear address

str: (C++: const char *) comment string to append

rptble: (C++: bool) append to repeatable comment?

return: success

def attach_custom_data_format(*args) ‑> bool

attach_custom_data_format(dtid, dfid) -> bool

Attach the data format to the data type.

dtid: (C++: int) data type id that can use the data format. 0 means all standard

data types. Such data formats can be applied to any data item or instruction operands. For instruction operands, the data_format_t::value_size check is not performed by the kernel.

dfid: (C++: int) data format id

retval true: ok

retval false: no such `dtid', or no such `dfid', or the data format has already

been attached to the data type

def bin_flag(*args) ‑> flags64_t

bin_flag() -> flags64_t

Get number flag of the base, regardless of current processor - better to use

num_flag()

def bin_search(*args) ‑> ea_t

bin_search(start_ea, end_ea, data, flags) -> ea_t

Search for a set of bytes in the program

start_ea: linear address, start of range to search

end_ea: linear address, end of range to search (exclusive)

data: the prepared data to search for (see parse_binpat_str())

flags: combination of BIN_SEARCH_* flags

return: the address of a match, or ida_idaapi.BADADDR if not found

bin_search(start_ea, end_ea, image, imask, step, flags) -> ea_t

start_ea: ea_t

end_ea: ea_t

image: bytevec_t const &

imask: bytevec_t const &

step: int

flags: int

def bin_search3(*args) ‑> size_t *

bin_search3(start_ea, end_ea, data, flags) -> ea_t

Search for a patter in the program.

start_ea: (C++: ea_t) linear address, start of range to search

end_ea: (C++: ea_t) linear address, end of range to search (exclusive)

data: (C++: const compiled_binpat_vec_t &) the prepared data to search for (see parse_binpat_str())

flags: (C++: int) combination of Search flags

return: BADADDR (if pressed Ctrl-Break or not found) or pattern address.

def byte_flag(*args) ‑> flags64_t

byte_flag() -> flags64_t

Get a flags64_t representing a byte.

def bytesize(*args) ‑> int

bytesize(ea) -> int

Get number of bytes required to store a byte at the given address.

ea: (C++: ea_t)

def calc_def_align(*args) ‑> int

calc_def_align(ea, mina, maxa) -> int

Calculate the default alignment exponent.

ea: (C++: ea_t) linear address

mina: (C++: int) minimal possible alignment exponent.

maxa: (C++: int) minimal possible alignment exponent.

def calc_dflags(*args) ‑> flags64_t

calc_dflags(f, force) -> flags64_t

f: flags64_t

force: bool

def calc_max_align(*args) ‑> int

calc_max_align(endea) -> int

Calculate the maximal possible alignment exponent.

endea: (C++: ea_t) end address of the alignment item.

return: a value in the 0..32 range

def calc_max_item_end(*args) ‑> ea_t

calc_max_item_end(ea, how=15) -> ea_t

Calculate maximal reasonable end address of a new item. This function will limit the item with the current segment bounds.

ea: (C++: ea_t) linear address

how: (C++: int) when to stop the search. A combination of Item end search flags

return: end of new item. If it is not possible to create an item, it will

return 'ea'. If operation was cancelled by user, it will return 'ea'

def calc_min_align(*args) ‑> int

calc_min_align(length) -> int

Calculate the minimal possible alignment exponent.

length: (C++: asize_t) size of the item in bytes.

return: a value in the 1..32 range

def can_define_item(*args) ‑> bool

can_define_item(ea, length, flags) -> bool

Can define item (instruction/data) of the specified 'length', starting at 'ea'?

note: if there is an item starting at 'ea', this function ignores it

note: this function converts to unexplored all encountered data items with

fixup information. Should be fixed in the future.

ea: (C++: ea_t) start of the range for the new item

length: (C++: asize_t) length of the new item in bytes

flags: (C++: flags64_t) if not 0, then the kernel will ignore the data types specified by

the flags and destroy them. For example:

1000 dw 5

1002 db 5 ; undef 1003 db 5 ; undef 1004 dw 5 1006 dd 5

can_define_item(1000, 6, 0) - false because of dw at 1004

can_define_item(1000, 6, word_flag()) - true, word at 1004 is destroyed

return: 1-yes, 0-no

a new item would cross segment boundaries
a new item would overlap with existing items (except items specified by 'flags')

def change_storage_type(*args) ‑> error_t

change_storage_type(start_ea, end_ea, stt) -> error_t

Change flag storage type for address range.

start_ea: (C++: ea_t) should be lower than end_ea.

end_ea: (C++: ea_t) does not belong to the range.

stt: (C++: storage_type_t)

return: error code

def char_flag(*args) ‑> flags64_t

char_flag() -> flags64_t

see FF_opbits

def chunk_size(*args) ‑> asize_t

chunk_size(ea) -> asize_t

Get size of the contiguous address block containing 'ea'.

ea: (C++: ea_t)

return: 0 if 'ea' doesn't belong to the program.

def chunk_start(*args) ‑> ea_t

chunk_start(ea) -> ea_t

Get start of the contiguous address block containing 'ea'.

ea: (C++: ea_t)

return: BADADDR if 'ea' doesn't belong to the program.

def clr_lzero(*args) ‑> bool

clr_lzero(ea, n) -> bool

Clear toggle lzero bit. This function reset the display of leading zeroes for the specified operand to the default. If the default is not to display leading zeroes, leading zeroes will not be displayed, as vice versa.

ea: (C++: ea_t) the item (insn/data) address

n: (C++: int) the operand number (0-first operand, 1-other operands)

return: success

def clr_op_type(*args) ‑> bool

clr_op_type(ea, n) -> bool

Remove operand representation information. (set operand representation to be 'undefined')

ea: (C++: ea_t) linear address

n: (C++: int) 0..UA_MAXOP-1 operand number, OPND_ALL all operands

return: success

def code_flag(*args) ‑> flags64_t

code_flag() -> flags64_t

FF_CODE

def combine_flags(*args) ‑> flags64_t

combine_flags(F) -> flags64_t

F: flags64_t

def create_16bit_data(*args) ‑> bool

create_16bit_data(ea, length) -> bool

Convert to 16-bit quantity (take the byte size into account)

ea: (C++: ea_t)

length: (C++: asize_t)

def create_32bit_data(*args) ‑> bool

create_32bit_data(ea, length) -> bool

Convert to 32-bit quantity (take the byte size into account)

ea: (C++: ea_t)

length: (C++: asize_t)

def create_align(*args) ‑> bool

create_align(ea, length, alignment) -> bool

Create an alignment item.

ea: (C++: ea_t) linear address

length: (C++: asize_t) size of the item in bytes. 0 means to infer from ALIGNMENT

alignment: (C++: int) alignment exponent. Example: 3 means align to 8 bytes. 0 means

to infer from LENGTH It is forbidden to specify both LENGTH and ALIGNMENT as 0.

return: success

def create_byte(*args) ‑> bool

create_byte(ea, length, force=False) -> bool

Convert to byte.

ea: (C++: ea_t)

length: (C++: asize_t)

force: (C++: bool)

def create_custdata(*args) ‑> bool

create_custdata(ea, length, dtid, fid, force=False) -> bool

Convert to custom data type.

ea: (C++: ea_t)

length: (C++: asize_t)

dtid: (C++: int)

fid: (C++: int)

force: (C++: bool)

def create_data(*args) ‑> bool

create_data(ea, dataflag, size, tid) -> bool

Convert to data (byte, word, dword, etc). This function may be used to create arrays.

ea: (C++: ea_t) linear address

dataflag: (C++: flags64_t) type of data. Value of function byte_flag(), word_flag(), etc.

size: (C++: asize_t) size of array in bytes. should be divisible by the size of one item

of the specified type. for variable sized items it can be specified as 0, and the kernel will try to calculate the size.

tid: (C++: tid_t) type id. If the specified type is a structure, then tid is structure

id. Otherwise should be BADNODE.

return: success

def create_double(*args) ‑> bool

create_double(ea, length, force=False) -> bool

Convert to double.

ea: (C++: ea_t)

length: (C++: asize_t)

force: (C++: bool)

def create_dword(*args) ‑> bool

create_dword(ea, length, force=False) -> bool

Convert to dword.

ea: (C++: ea_t)

length: (C++: asize_t)

force: (C++: bool)

def create_float(*args) ‑> bool

create_float(ea, length, force=False) -> bool

Convert to float.

ea: (C++: ea_t)

length: (C++: asize_t)

force: (C++: bool)

def create_oword(*args) ‑> bool

create_oword(ea, length, force=False) -> bool

Convert to octaword/xmm word.

ea: (C++: ea_t)

length: (C++: asize_t)

force: (C++: bool)

def create_packed_real(*args) ‑> bool

create_packed_real(ea, length, force=False) -> bool

Convert to packed decimal real.

ea: (C++: ea_t)

length: (C++: asize_t)

force: (C++: bool)

def create_qword(*args) ‑> bool

create_qword(ea, length, force=False) -> bool

Convert to quadword.

ea: (C++: ea_t)

length: (C++: asize_t)

force: (C++: bool)

def create_strlit(*args) ‑> bool

create_strlit(start, len, strtype) -> bool

Convert to string literal and give a meaningful name. 'start' may be higher than 'end', the kernel will swap them in this case

start: (C++: ea_t) starting address

len: (C++: size_t) length of the string in bytes. if 0, then get_max_strlit_length()

will be used to determine the length

strtype: (C++: int32) string type. one of String type codes

return: success

def create_struct(*args) ‑> bool

create_struct(ea, length, tid, force=False) -> bool

Convert to struct.

ea: (C++: ea_t)

length: (C++: asize_t)

tid: (C++: tid_t)

force: (C++: bool)

def create_tbyte(*args) ‑> bool

create_tbyte(ea, length, force=False) -> bool

Convert to tbyte.

ea: (C++: ea_t)

length: (C++: asize_t)

force: (C++: bool)

def create_word(*args) ‑> bool

create_word(ea, length, force=False) -> bool

Convert to word.

ea: (C++: ea_t)

length: (C++: asize_t)

force: (C++: bool)

def create_yword(*args) ‑> bool

create_yword(ea, length, force=False) -> bool

Convert to ymm word.

ea: (C++: ea_t)

length: (C++: asize_t)

force: (C++: bool)

def create_zword(*args) ‑> bool

create_zword(ea, length, force=False) -> bool

Convert to zmm word.

ea: (C++: ea_t)

length: (C++: asize_t)

force: (C++: bool)

def cust_flag(*args) ‑> flags64_t

cust_flag() -> flags64_t

Get a flags64_t representing custom type data.

def custfmt_flag(*args) ‑> flags64_t

custfmt_flag() -> flags64_t

see FF_opbits

def dec_flag(*args) ‑> flags64_t

dec_flag() -> flags64_t

Get number flag of the base, regardless of current processor - better to use

num_flag()

def del_hidden_range(*args) ‑> bool

del_hidden_range(ea) -> bool

Delete hidden range.

ea: (C++: ea_t) any address in the hidden range

return: success

def del_items(*args) ‑> bool

del_items(ea, flags=0, nbytes=1, may_destroy=None) -> bool

Convert item (instruction/data) to unexplored bytes. The whole item (including the head and tail bytes) will be destroyed. It is allowed to pass any address in the item to this function

ea: (C++: ea_t) any address within the first item to delete

flags: (C++: int) combination of Unexplored byte conversion flags

nbytes: (C++: asize_t) number of bytes in the range to be undefined

may_destroy: (C++: may_destroy_cb_t *) optional routine invoked before deleting a head item. If

callback returns false then item is not to be deleted and operation fails

return: true on sucessful operation, otherwise false

def del_mapping(*args) ‑> void

del_mapping(ea)

Delete memory mapping range.

ea: (C++: ea_t) any address in the mapped range

def del_value(*args) ‑> void

del_value(ea)

Delete byte value from flags. The corresponding byte becomes uninitialized.

ea: (C++: ea_t)

def detach_custom_data_format(*args) ‑> bool

detach_custom_data_format(dtid, dfid) -> bool

Detach the data format from the data type. Unregistering a custom data type detaches all attached data formats, no need to detach them explicitly. You still need unregister them. Unregistering a custom data format detaches it from all attached data types.

dtid: (C++: int) data type id to detach data format from

dfid: (C++: int) data format id to detach

retval true: ok

retval false: no such `dtid', or no such `dfid', or the data format was not

attached to the data type

def disable_flags(*args) ‑> error_t

disable_flags(start_ea, end_ea) -> error_t

Deallocate flags for address range. Exit with an error message if not enough disk space (this may occur too).

start_ea: (C++: ea_t) should be lower than end_ea.

end_ea: (C++: ea_t) does not belong to the range.

return: 0 if ok, otherwise return error code

def double_flag(*args) ‑> flags64_t

double_flag() -> flags64_t

Get a flags64_t representing a double.

def dword_flag(*args) ‑> flags64_t

dword_flag() -> flags64_t

Get a flags64_t representing a double word.

def enable_flags(*args) ‑> error_t

enable_flags(start_ea, end_ea, stt) -> error_t

Allocate flags for address range. This function does not change the storage type of existing ranges. Exit with an error message if not enough disk space.

start_ea: (C++: ea_t) should be lower than end_ea.

end_ea: (C++: ea_t) does not belong to the range.

stt: (C++: storage_type_t)

return: 0 if ok, otherwise an error code

def enum_flag(*args) ‑> flags64_t

enum_flag() -> flags64_t

see FF_opbits

def equal_bytes(*args) ‑> bool

equal_bytes(ea, image, mask, len, bin_search_flags) -> bool

Compare 'len' bytes of the program starting from 'ea' with 'image'.

ea: (C++: ea_t) linear address

image: (C++: const uchar *) bytes to compare with

mask: (C++: const uchar *) array of mask bytes, it's length is 'len'. if the flag

BIN_SEARCH_BITMASK is passsed, 'bitwise AND' is used to compare. if not; 1 means to perform the comparison of the corresponding byte. 0 means not to perform. if mask == nullptr, then all bytes of 'image' will be compared. if mask == SKIP_FF_MASK then 0xFF bytes will be skipped

len: (C++: size_t) length of block to compare in bytes.

bin_search_flags: (C++: int) combination of Search flags

retval 1: equal

retval 0: not equal

def f_has_cmt(*args) ‑> bool

f_has_cmt(f, arg2) -> bool

f: flags64_t

arg2: void *

def f_has_dummy_name(*args) ‑> bool

f_has_dummy_name(f, arg2) -> bool

Does the current byte have dummy (auto-generated, with special prefix) name?

f: (C++: flags64_t)

arg2: void *

def f_has_extra_cmts(*args) ‑> bool

f_has_extra_cmts(f, arg2) -> bool

f: flags64_t

arg2: void *

def f_has_name(*args) ‑> bool

f_has_name(f, arg2) -> bool

Does the current byte have non-trivial (non-dummy) name?

f: (C++: flags64_t)

arg2: void *

def f_has_user_name(*args) ‑> bool

f_has_user_name(F, arg2) -> bool

Does the current byte have user-specified name?

F: (C++: flags64_t)

arg2: void *

def f_has_xref(*args) ‑> bool

f_has_xref(f, arg2) -> bool

Does the current byte have cross-references to it?

f: (C++: flags64_t)

arg2: void *

def f_is_align(*args) ‑> bool

f_is_align(F, arg2) -> bool

See is_align()

F: (C++: flags64_t)

arg2: void *

def f_is_byte(*args) ‑> bool

f_is_byte(F, arg2) -> bool

See is_byte()

F: (C++: flags64_t)

arg2: void *

def f_is_code(*args) ‑> bool

f_is_code(F, arg2) -> bool

Does flag denote start of an instruction?

F: (C++: flags64_t)

arg2: void *

def f_is_custom(*args) ‑> bool

f_is_custom(F, arg2) -> bool

See is_custom()

F: (C++: flags64_t)

arg2: void *

def f_is_data(*args) ‑> bool

f_is_data(F, arg2) -> bool

Does flag denote start of data?

F: (C++: flags64_t)

arg2: void *

def f_is_double(*args) ‑> bool

f_is_double(F, arg2) -> bool

See is_double()

F: (C++: flags64_t)

arg2: void *

def f_is_dword(*args) ‑> bool

f_is_dword(F, arg2) -> bool

See is_dword()

F: (C++: flags64_t)

arg2: void *

def f_is_float(*args) ‑> bool

f_is_float(F, arg2) -> bool

See is_float()

F: (C++: flags64_t)

arg2: void *

def f_is_head(*args) ‑> bool

f_is_head(F, arg2) -> bool

Does flag denote start of instruction OR data?

F: (C++: flags64_t)

arg2: void *

def f_is_not_tail(*args) ‑> bool

f_is_not_tail(F, arg2) -> bool

Does flag denote tail byte?

F: (C++: flags64_t)

arg2: void *

def f_is_oword(*args) ‑> bool

f_is_oword(F, arg2) -> bool

See is_oword()

F: (C++: flags64_t)

arg2: void *

def f_is_pack_real(*args) ‑> bool

f_is_pack_real(F, arg2) -> bool

See is_pack_real()

F: (C++: flags64_t)

arg2: void *

def f_is_qword(*args) ‑> bool

f_is_qword(F, arg2) -> bool

See is_qword()

F: (C++: flags64_t)

arg2: void *

def f_is_strlit(*args) ‑> bool

f_is_strlit(F, arg2) -> bool

See is_strlit()

F: (C++: flags64_t)

arg2: void *

def f_is_struct(*args) ‑> bool

f_is_struct(F, arg2) -> bool

See is_struct()

F: (C++: flags64_t)

arg2: void *

def f_is_tail(*args) ‑> bool

f_is_tail(F, arg2) -> bool

Does flag denote tail byte?

F: (C++: flags64_t)

arg2: void *

def f_is_tbyte(*args) ‑> bool

f_is_tbyte(F, arg2) -> bool

See is_tbyte()

F: (C++: flags64_t)

arg2: void *

def f_is_word(*args) ‑> bool

f_is_word(F, arg2) -> bool

See is_word()

F: (C++: flags64_t)

arg2: void *

def f_is_yword(*args) ‑> bool

f_is_yword(F, arg2) -> bool

See is_yword()

F: (C++: flags64_t)

arg2: void *

def find_byte(*args) ‑> ea_t

find_byte(sEA, size, value, bin_search_flags) -> ea_t

Find forward a byte with the specified value (only 8-bit value from the database). example: ea=4 size=3 will inspect addresses 4, 5, and 6

sEA: (C++: ea_t) linear address

size: (C++: asize_t) number of bytes to inspect

value: (C++: uchar) value to find

bin_search_flags: (C++: int) combination of Search flags

return: address of byte or BADADDR

def find_byter(*args) ‑> ea_t

find_byter(sEA, size, value, bin_search_flags) -> ea_t

Find reverse a byte with the specified value (only 8-bit value from the database). example: ea=4 size=3 will inspect addresses 6, 5, and 4

sEA: (C++: ea_t) the lower address of the search range

size: (C++: asize_t) number of bytes to inspect

value: (C++: uchar) value to find

bin_search_flags: (C++: int) combination of Search flags

return: address of byte or BADADDR

def find_custom_data_format(*args) ‑> int

find_custom_data_format(name) -> int

Get id of a custom data format.

name: (C++: const char *) name of the custom data format

return: id or -1

def find_custom_data_type(*args) ‑> int

find_custom_data_type(name) -> int

Get id of a custom data type.

name: (C++: const char *) name of the custom data type

return: id or -1

def find_free_chunk(*args) ‑> ea_t

find_free_chunk(start, size, alignment) -> ea_t

Search for a hole in the addressing space of the program.

start: (C++: ea_t) Address to start searching from

size: (C++: asize_t) Size of the desired empty range

alignment: (C++: asize_t) Alignment bitmask, must be a pow2-1. (for example, 0xF would

align the returned range to 16 bytes).

return: Start of the found empty range or BADADDR

def float_flag(*args) ‑> flags64_t

float_flag() -> flags64_t

Get a flags64_t representing a float.

def flt_flag(*args) ‑> flags64_t

flt_flag() -> flags64_t

see FF_opbits

def free_chunk(*args) ‑> ea_t

free_chunk(bottom, size, step) -> ea_t

bottom: ea_t

size: asize_t

step: int32

def get_16bit(*args) ‑> uint32

get_16bit(ea) -> uint32

Get 16bits of the program at 'ea'.

ea: (C++: ea_t)

return: 1 byte (getFullByte()) if the current processor has 16-bit byte,

otherwise return get_word()

def get_32bit(*args) ‑> uint32

get_32bit(ea) -> uint32

Get not more than 32bits of the program at 'ea'.

ea: (C++: ea_t)

return: 32 bit value, depending on processor_t::nbits:

if ( nbits <= 8 ) return get_dword(ea);
if ( nbits <= 16) return get_wide_word(ea);
return get_wide_byte(ea);

def get_64bit(*args) ‑> uint64

get_64bit(ea) -> uint64

Get not more than 64bits of the program at 'ea'.

ea: (C++: ea_t)

return: 64 bit value, depending on processor_t::nbits:

if ( nbits <= 8 ) return get_qword(ea);
if ( nbits <= 16) return get_wide_dword(ea);
return get_wide_byte(ea);

def get_8bit(*args) ‑> PyObject *

get_8bit(ea, v, nbit) -> PyObject *

ea: ea_t

v: uint32

nbit: int

def get_byte(*args) ‑> uchar

get_byte(ea) -> uchar

Get one byte (8-bit) of the program at 'ea'. This function works only for 8bit byte processors.

ea: (C++: ea_t)

def get_bytes(*args) ‑> PyObject *

get_bytes(ea, size, gmb_flags=0x01) -> bytes or None

Get the specified number of bytes of the program.

ea: program address

size: number of bytes to return

gmb_flags: int

return: the bytes (as a str), or None in case of failure

def get_bytes_and_mask(*args) ‑> PyObject *

get_bytes_and_mask(ea, size, gmb_flags=0x01) -> PyObject *

Get the specified number of bytes of the program, and a bitmask specifying what bytes are defined and what bytes are not.

ea: program address

size: number of bytes to return

gmb_flags: int

return: a tuple (bytes, mask), or None in case of failure.

Both 'bytes' and 'mask' are 'str' instances.

def get_cmt(*args) ‑> qstring *

get_cmt(ea, rptble) -> str

Get an indented comment.

ea: (C++: ea_t) linear address. may point to tail byte, the function will find start

of the item

rptble: (C++: bool) get repeatable comment?

return: size of comment or -1

def get_custom_data_format(*args) ‑> data_format_t const *

get_custom_data_format(dfid) -> data_format_t

Get definition of a registered custom data format.

dfid: (C++: int) data format id

return: data format definition or nullptr

def get_custom_data_formats(*args) ‑> int

get_custom_data_formats(out, dtid) -> int

Get list of attached custom data formats for the specified data type.

out: (C++: intvec_t *) buffer for the output. may be nullptr

dtid: (C++: int) data type id

return: number of returned custom data formats. if error, returns -1

def get_custom_data_type(*args) ‑> data_type_t const *

get_custom_data_type(dtid) -> data_type_t

Get definition of a registered custom data type.

dtid: (C++: int) data type id

return: data type definition or nullptr

def get_custom_data_types(*args) ‑> int

get_custom_data_types(out, min_size=0, max_size=BADADDR) -> int

Get list of registered custom data type ids.

out: (C++: intvec_t *) buffer for the output. may be nullptr

min_size: (C++: asize_t) minimum value size

max_size: (C++: asize_t) maximum value size

return: number of custom data types with the specified size limits

def get_data_elsize(*args) ‑> asize_t

get_data_elsize(ea, F, ti=None) -> asize_t

Get size of data type specified in flags 'F'.

ea: (C++: ea_t) linear address of the item

F: (C++: flags64_t) flags

ti: (C++: const opinfo_t *) additional information about the data type. For example, if the

current item is a structure instance, then ti->tid is structure id. Otherwise is ignored (may be nullptr). If specified as nullptr, will be automatically retrieved from the database

return: * byte : 1

word : 2
etc...

def get_data_value(*args) ‑> bool

get_data_value(v, ea, size) -> bool

Get the value at of the item at 'ea'. This function works with entities up to sizeof(ea_t) (bytes, word, etc)

v: (C++: uval_t *) pointer to the result. may be nullptr

ea: (C++: ea_t) linear address

size: (C++: asize_t) size of data to read. If 0, then the item type at 'ea' will be used

return: success

def get_db_byte(*args) ‑> uchar

get_db_byte(ea) -> uchar

Get one byte (8-bit) of the program at 'ea' from the database. Works even if the debugger is active. See also get_dbg_byte() to read the process memory directly. This function works only for 8bit byte processors.

ea: (C++: ea_t)

def get_default_radix(*args) ‑> int

get_default_radix() -> int

Get default base of number for the current processor.

return: 2, 8, 10, 16

def get_dword(*args) ‑> uint32

get_dword(ea) -> uint32

Get one dword (32-bit) of the program at 'ea'. This function takes into account order of bytes specified in idainfo::is_be() This function works only for 8bit byte processors.

ea: (C++: ea_t)

def get_enum_id(*args) ‑> uchar *

get_enum_id(ea, n) -> enum_t

Get enum id of 'enum' operand.

ea: (C++: ea_t) linear address

n: (C++: int) 0..UA_MAXOP-1 operand number, OPND_ALL one of the operands

return: id of enum or BADNODE

def get_first_hidden_range(*args) ‑> hidden_range_t *

get_first_hidden_range() -> hidden_range_t

Get pointer to the first hidden range.

return: ptr to hidden range or nullptr

def get_flags(*args) ‑> flags64_t

get_flags(ea) -> flags64_t

get flags with FF_IVL & MS_VAL. It is much slower under remote debugging because the kernel needs to read the process memory.

ea: (C++: ea_t)

def get_flags_by_size(*args) ‑> flags64_t

get_flags_by_size(size) -> flags64_t

Get flags from size (in bytes). Supported sizes: 1, 2, 4, 8, 16, 32. For other sizes returns 0

size: (C++: size_t)

def get_flags_ex(*args) ‑> flags64_t

get_flags_ex(ea, how) -> flags64_t

Get flags for the specified address, extended form.

ea: (C++: ea_t)

how: (C++: int)

def get_forced_operand(*args) ‑> qstring *

get_forced_operand(ea, n) -> str

Get forced operand.

ea: (C++: ea_t) linear address

n: (C++: int) 0..UA_MAXOP-1 operand number

return: size of forced operand or -1

def get_full_data_elsize(*args) ‑> asize_t

get_full_data_elsize(ea, F, ti=None) -> asize_t

Get full size of data type specified in flags 'F'. takes into account processors with wide bytes e.g. returns 2 for a byte element with 16-bit bytes

ea: (C++: ea_t)

F: (C++: flags64_t)

ti: (C++: const opinfo_t *) opinfo_t const *

def get_full_flags(*args) ‑> flags64_t

get_full_flags(ea) -> flags64_t

Get flags value for address 'ea'.

ea: (C++: ea_t)

return: 0 if address is not present in the program

def get_hidden_range(*args) ‑> hidden_range_t *

get_hidden_range(ea) -> hidden_range_t

Get pointer to hidden range structure, in: linear address.

ea: (C++: ea_t) any address in the hidden range

def get_hidden_range_num(*args) ‑> int

get_hidden_range_num(ea) -> int

Get number of a hidden range.

ea: (C++: ea_t) any address in the hidden range

return: number of hidden range (0..get_hidden_range_qty()-1)

def get_hidden_range_qty(*args) ‑> int

get_hidden_range_qty() -> int

Get number of hidden ranges.

def get_item_end(*args) ‑> ea_t

get_item_end(ea) -> ea_t

Get the end address of the item at 'ea'. The returned address doesn't belong to the current item. Unexplored bytes are counted as 1 byte entities.

ea: (C++: ea_t)

def get_item_flag(*args) ‑> flags64_t

get_item_flag(_from, n, ea, appzero) -> flags64_t

Get flag of the item at 'ea' even if it is a tail byte of some array or structure. This function is used to get flags of structure members or array elements.

from: (C++: ea_t) linear address of the instruction which refers to 'ea'

n: (C++: int) operand number which refers to 'ea' or OPND_ALL for one of the

operands

ea: (C++: ea_t) the referenced address

appzero: (C++: bool) append a struct field name if the field offset is zero?

meaningful only if the name refers to a structure.

return: flags or 0 (if failed)

def get_item_head(*args) ‑> ea_t

get_item_head(ea) -> ea_t

Get the start address of the item at 'ea'. If there is no current item, then 'ea' will be returned (see definition at the end of bytes.hpp source)

ea: (C++: ea_t)

def get_item_refinfo(*args) ‑> bool

get_item_refinfo(ri, ea, n) -> bool

Get refinfo of the item at 'ea'. This function works for a regular offset operand as well as for a tail byte of a structure variable (in this case refinfo to corresponding structure member will be returned)

ri: (C++: refinfo_t *) refinfo holder

ea: (C++: ea_t) the item address

n: (C++: int) operand number which refers to 'ea' or OPND_ALL for one of the

operands

return: success

def get_item_size(*args) ‑> asize_t

get_item_size(ea) -> asize_t

Get size of item (instruction/data) in bytes. Unexplored bytes have length of 1 byte. This function returns 0 only for BADADDR.

ea: (C++: ea_t)

def get_last_hidden_range(*args) ‑> hidden_range_t *

get_last_hidden_range() -> hidden_range_t

Get pointer to the last hidden range.

return: ptr to hidden range or nullptr

def get_manual_insn(*args) ‑> qstring *

get_manual_insn(ea) -> str

Retrieve the user-specified string for the manual instruction.

ea: (C++: ea_t) linear address of the instruction or data item

return: size of manual instruction or -1

def get_mapping(*args) ‑> ea_t *, ea_t *, asize_t *

get_mapping(n) -> bool

Get memory mapping range by its number.

n: (C++: size_t) number of mapping range (0..get_mappings_qty()-1)

return: false if the specified range doesn't exist, otherwise returns `from',

`to', `size'

def get_mappings_qty(*args) ‑> size_t

get_mappings_qty() -> size_t

Get number of mappings.

def get_max_strlit_length(*args) ‑> size_t

get_max_strlit_length(ea, strtype, options=0) -> size_t

Determine maximum length of string literal.

If the string literal has a length prefix (e.g., STRTYPE_LEN2 has a two-byte length prefix), the length of that prefix (i.e., 2) will be part of the returned value.

ea: (C++: ea_t) starting address

strtype: (C++: int32) string type. one of String type codes

options: (C++: int) combination of string literal length options

return: length of the string in octets (octet==8bit)

def get_next_hidden_range(*args) ‑> hidden_range_t *

get_next_hidden_range(ea) -> hidden_range_t

Get pointer to next hidden range.

ea: (C++: ea_t) any address in the program

return: ptr to hidden range or nullptr if next hidden range doesn't exist

def get_octet(*args) ‑> PyObject *

get_octet(ea, v, nbit) -> (int, int, int, int)

ea: ea_t

v: uint64

nbit: int

def get_octet2(*args) ‑> uchar *

get_octet2(ogen) -> bool

ogen: octet_generator_t *

def get_operand_flag(*args) ‑> flags64_t

get_operand_flag(typebits, n) -> flags64_t

Place operand n's type flag in the right nibble of a 64-bit flags set.

typebits: (C++: uint8) the type bits (one of FF\_N\_)

n: (C++: int) the operand number

return: the shift to the nibble

def get_operand_type_shift(*args) ‑> int

get_operand_type_shift(n) -> int

Get the shift in flags64\_t for the nibble representing operand n's type

Note: n must be < UA_MAXOP, and is not checked

n: (C++: uint32) the operand number

return: the shift to the nibble

def get_opinfo(*args) ‑> opinfo_t *

get_opinfo(buf, ea, n, flags) -> opinfo_t

Get additional information about an operand representation.

buf: (C++: opinfo_t *) buffer to receive the result. may not be nullptr

ea: (C++: ea_t) linear address of item

n: (C++: int) number of operand, 0 or 1

flags: (C++: flags64_t) flags of the item

return: nullptr if no additional representation information

def get_optype_flags0(*args) ‑> flags64_t

get_optype_flags0(F) -> flags64_t

Get flags for first operand.

F: (C++: flags64_t)

def get_optype_flags1(*args) ‑> flags64_t

get_optype_flags1(F) -> flags64_t

Get flags for second operand.

F: (C++: flags64_t)

def get_original_byte(*args) ‑> uint64

get_original_byte(ea) -> uint64

Get original byte value (that was before patching). This function works for wide byte processors too.

ea: (C++: ea_t)

def get_original_dword(*args) ‑> uint64

get_original_dword(ea) -> uint64

Get original dword (that was before patching) This function works for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be()

ea: (C++: ea_t)

def get_original_qword(*args) ‑> uint64

get_original_qword(ea) -> uint64

Get original qword value (that was before patching) This function DOESN'T work for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be()

ea: (C++: ea_t)

def get_original_word(*args) ‑> uint64

get_original_word(ea) -> uint64

Get original word value (that was before patching). This function works for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be()

ea: (C++: ea_t)

def get_possible_item_varsize(*args) ‑> asize_t

get_possible_item_varsize(ea, tif) -> asize_t

Return the possible size of the item at EA of type TIF if TIF is the variable structure.

ea: (C++: ea_t) the linear address of the item

tif: (C++: const tinfo_t &) the item type

return: the possible size

retval asize_t(-1): TIF is not a variable structure

def get_predef_insn_cmt(*args) ‑> qstring *

get_predef_insn_cmt(ins) -> str

Get predefined comment.

ins: (C++: const insn_t &) current instruction information

return: size of comment or -1

def get_prev_hidden_range(*args) ‑> hidden_range_t *

get_prev_hidden_range(ea) -> hidden_range_t

Get pointer to previous hidden range.

ea: (C++: ea_t) any address in the program

return: ptr to hidden range or nullptr if previous hidden range doesn't exist

def get_qword(*args) ‑> uint64

get_qword(ea) -> uint64

Get one qword (64-bit) of the program at 'ea'. This function takes into account order of bytes specified in idainfo::is_be() This function works only for 8bit byte processors.

ea: (C++: ea_t)

def get_radix(*args) ‑> int

get_radix(F, n) -> int

Get radix of the operand, in: flags. If the operand is not a number, returns

get_default_radix()

F: (C++: flags64_t) flags

n: (C++: int) number of operand (0, 1, -1)

return: 2, 8, 10, 16

def get_strlit_contents(*args) ‑> PyObject *

get_strlit_contents(ea, py_len, type, flags=0) -> bytes or None

Get contents of string literal, as UTF-8-encoded codepoints. It works even if the string has not been created in the database yet.

Note that the returned value will be of type 'bytes'; if you want auto-conversion to unicode strings (that is: real Python strings), you should probably be using the idautils.Strings class.

ea: linear address of the string

py_len: length of the string in bytes (including terminating 0)

type: type of the string. Represents both the character encoding,

<u>and</u> the 'type' of string at the given location.

flags: combination of STRCONV_..., to perform output conversion.

return: a bytes-filled str object.

def get_stroff_path(*args) ‑> int

get_stroff_path(path, delta, ea, n) -> int

Get struct path of operand.

path: (C++: tid_t *) buffer for structure path (strpath). see nalt.hpp for more info.

delta: (C++: adiff_t *) struct offset delta

ea: (C++: ea_t) linear address

n: (C++: int) 0..UA_MAXOP-1 operand number, OPND_ALL one of the operands

return: length of strpath

def get_wide_byte(*args) ‑> uint64

get_wide_byte(ea) -> uint64

Get one wide byte of the program at 'ea'. Some processors may access more than 8bit quantity at an address. These processors have 32-bit byte organization from the IDA's point of view.

ea: (C++: ea_t)

def get_wide_dword(*args) ‑> uint64

get_wide_dword(ea) -> uint64

Get two wide words (4 'bytes') of the program at 'ea'. Some processors may access more than 8bit quantity at an address. These processors have 32-bit byte organization from the IDA's point of view. This function takes into account order of bytes specified in idainfo::is_be()

note: this function works incorrectly if processor_t::nbits > 16

ea: (C++: ea_t)

def get_wide_word(*args) ‑> uint64

get_wide_word(ea) -> uint64

Get one wide word (2 'byte') of the program at 'ea'. Some processors may access more than 8bit quantity at an address. These processors have 32-bit byte organization from the IDA's point of view. This function takes into account order of bytes specified in idainfo::is_be()

ea: (C++: ea_t)

def get_word(*args) ‑> ushort

get_word(ea) -> ushort

Get one word (16-bit) of the program at 'ea'. This function takes into account order of bytes specified in idainfo::is_be() This function works only for 8bit byte processors.

ea: (C++: ea_t)

def get_zero_ranges(*args) ‑> bool

get_zero_ranges(zranges, range) -> bool

Return set of ranges with zero initialized bytes. The returned set includes only big zero initialized ranges (at least >1KB). Some zero initialized byte ranges may be not included. Only zero bytes that use the sparse storage method (STT_MM) are reported.

zranges: (C++: rangeset_t *) pointer to the return value. cannot be nullptr

range: (C++: const range_t *) the range of addresses to verify. can be nullptr - means all

ranges

return: true if the result is a non-empty set

def getn_hidden_range(*args) ‑> hidden_range_t *

getn_hidden_range(n) -> hidden_range_t

Get pointer to hidden range structure, in: number of hidden range.

n: (C++: int) number of hidden range, is in range 0..get_hidden_range_qty()-1

def has_any_name(*args) ‑> bool

has_any_name(F) -> bool

Does the current byte have any name?

F: (C++: flags64_t)

def has_auto_name(*args) ‑> bool

has_auto_name(F) -> bool

Does the current byte have auto-generated (no special prefix) name?

F: (C++: flags64_t)

def has_cmt(*args) ‑> bool

has_cmt(F) -> bool

Does the current byte have an indented comment?

F: (C++: flags64_t)

def has_dummy_name(*args) ‑> bool

has_dummy_name(F) -> bool

Does the current byte have dummy (auto-generated, with special prefix) name?

F: (C++: flags64_t)

def has_extra_cmts(*args) ‑> bool

has_extra_cmts(F) -> bool

Does the current byte have additional anterior or posterior lines?

F: (C++: flags64_t)

def has_immd(*args) ‑> bool

has_immd(F) -> bool

Has immediate value?

F: (C++: flags64_t)

def has_name(*args) ‑> bool

has_name(F) -> bool

Does the current byte have non-trivial (non-dummy) name?

F: (C++: flags64_t)

def has_user_name(*args) ‑> bool

has_user_name(F) -> bool

Does the current byte have user-specified name?

F: (C++: flags64_t)

def has_value(*args) ‑> bool

has_value(F) -> bool

Do flags contain byte value?

F: (C++: flags64_t)

def has_xref(*args) ‑> bool

has_xref(F) -> bool

Does the current byte have cross-references to it?

F: (C++: flags64_t)

def hex_flag(*args) ‑> flags64_t

hex_flag() -> flags64_t

Get number flag of the base, regardless of current processor - better to use

num_flag()

def is_align(*args) ‑> bool

is_align(F) -> bool

FF_ALIGN

F: (C++: flags64_t)

def is_attached_custom_data_format(*args) ‑> bool

is_attached_custom_data_format(dtid, dfid) -> bool

Is the custom data format attached to the custom data type?

dtid: (C++: int) data type id

dfid: (C++: int) data format id

return: true or false

def is_bnot(*args) ‑> bool

is_bnot(ea, F, n) -> bool

Should we negate the operand?. asm_t::a_bnot should be defined in the idp module in order to work with this function

ea: (C++: ea_t)

F: (C++: flags64_t)

n: (C++: int)

def is_byte(*args) ‑> bool

is_byte(F) -> bool

FF_BYTE

F: (C++: flags64_t)

def is_char(*args) ‑> bool

is_char(F, n) -> bool

is character constant?

F: (C++: flags64_t)

n: (C++: int)

def is_char0(*args) ‑> bool

is_char0(F) -> bool

Is the first operand character constant? (example: push 'a')

F: (C++: flags64_t)

def is_char1(*args) ‑> bool

is_char1(F) -> bool

Is the second operand character constant? (example: mov al, 'a')

F: (C++: flags64_t)

def is_code(*args) ‑> bool

is_code(F) -> bool

Does flag denote start of an instruction?

F: (C++: flags64_t)

def is_custfmt(*args) ‑> bool

is_custfmt(F, n) -> bool

is custom data format?

F: (C++: flags64_t)

n: (C++: int)

def is_custfmt0(*args) ‑> bool

is_custfmt0(F) -> bool

Does the first operand use a custom data representation?

F: (C++: flags64_t)

def is_custfmt1(*args) ‑> bool

is_custfmt1(F) -> bool

Does the second operand use a custom data representation?

F: (C++: flags64_t)

def is_custom(*args) ‑> bool

is_custom(F) -> bool

FF_CUSTOM

F: (C++: flags64_t)

def is_data(*args) ‑> bool

is_data(F) -> bool

Does flag denote start of data?

F: (C++: flags64_t)

def is_defarg(*args) ‑> bool

is_defarg(F, n) -> bool

is defined?

F: (C++: flags64_t)

n: (C++: int)

def is_defarg0(*args) ‑> bool

is_defarg0(F) -> bool

Is the first operand defined? Initially operand has no defined representation.

F: (C++: flags64_t)

def is_defarg1(*args) ‑> bool

is_defarg1(F) -> bool

Is the second operand defined? Initially operand has no defined representation.

F: (C++: flags64_t)

def is_double(*args) ‑> bool

is_double(F) -> bool

FF_DOUBLE

F: (C++: flags64_t)

def is_dword(*args) ‑> bool

is_dword(F) -> bool

FF_DWORD

F: (C++: flags64_t)

def is_enum(*args) ‑> bool

is_enum(F, n) -> bool

is enum?

F: (C++: flags64_t)

n: (C++: int)

def is_enum0(*args) ‑> bool

is_enum0(F) -> bool

Is the first operand a symbolic constant (enum member)?

F: (C++: flags64_t)

def is_enum1(*args) ‑> bool

is_enum1(F) -> bool

Is the second operand a symbolic constant (enum member)?

F: (C++: flags64_t)

def is_flag_for_operand(*args) ‑> bool

is_flag_for_operand(F, typebits, n) -> bool

Check that the 64-bit flags set has the expected type for operand n.

F: (C++: flags64_t) the flags

typebits: (C++: uint8) the type bits (one of FF\_N\_)

n: (C++: int) the operand number

return: success

def is_float(*args) ‑> bool

is_float(F) -> bool

FF_FLOAT

F: (C++: flags64_t)

def is_float0(*args) ‑> bool

is_float0(F) -> bool

Is the first operand a floating point number?

F: (C++: flags64_t)

def is_float1(*args) ‑> bool

is_float1(F) -> bool

Is the second operand a floating point number?

F: (C++: flags64_t)

def is_flow(*args) ‑> bool

is_flow(F) -> bool

Does the previous instruction exist and pass execution flow to the current byte?

F: (C++: flags64_t)

def is_fltnum(*args) ‑> bool

is_fltnum(F, n) -> bool

is floating point number?

F: (C++: flags64_t)

n: (C++: int)

def is_forced_operand(*args) ‑> bool

is_forced_operand(ea, n) -> bool

Is operand manually defined?.

ea: (C++: ea_t) linear address

n: (C++: int) 0..UA_MAXOP-1 operand number

def is_func(*args) ‑> bool

is_func(F) -> bool

Is function start?

F: (C++: flags64_t)

def is_head(*args) ‑> bool

is_head(F) -> bool

Does flag denote start of instruction OR data?

F: (C++: flags64_t)

def is_invsign(*args) ‑> bool

is_invsign(ea, F, n) -> bool

Should sign of n-th operand inverted during output?. allowed values of n: 0-first operand, 1-other operands

ea: (C++: ea_t)

F: (C++: flags64_t)

n: (C++: int)

def is_loaded(*args) ‑> bool

is_loaded(ea) -> bool

Does the specified address have a byte value (is initialized?)

ea: (C++: ea_t)

def is_lzero(*args) ‑> bool

is_lzero(ea, n) -> bool

Display leading zeroes? Display leading zeroes in operands. The global switch for the leading zeroes is in idainfo::s_genflags Note: the leading zeroes doesn't work if for the target assembler octal numbers start with 0.

ea: (C++: ea_t) the item (insn/data) address

n: (C++: int) the operand number (0-first operand, 1-other operands)

return: success

def is_manual(*args) ‑> bool

is_manual(F, n) -> bool

is forced operand? (use is_forced_operand())

F: (C++: flags64_t)

n: (C++: int)

def is_manual_insn(*args) ‑> bool

is_manual_insn(ea) -> bool

Is the instruction overridden?

ea: (C++: ea_t) linear address of the instruction or data item

def is_mapped(*args) ‑> bool

is_mapped(ea) -> bool

Is the specified address 'ea' present in the program?

ea: (C++: ea_t)

def is_not_tail(*args) ‑> bool

is_not_tail(F) -> bool

Does flag denote tail byte?

F: (C++: flags64_t)

def is_numop(*args) ‑> bool

is_numop(F, n) -> bool

is number (bin, oct, dec, hex)?

F: (C++: flags64_t)

n: (C++: int)

def is_numop0(*args) ‑> bool

is_numop0(F) -> bool

Is the first operand a number (i.e. binary, octal, decimal or hex?)

F: (C++: flags64_t)

def is_numop1(*args) ‑> bool

is_numop1(F) -> bool

Is the second operand a number (i.e. binary, octal, decimal or hex?)

F: (C++: flags64_t)

def is_off(*args) ‑> bool

is_off(F, n) -> bool

is offset?

F: (C++: flags64_t)

n: (C++: int)

def is_off0(*args) ‑> bool

is_off0(F) -> bool

Is the first operand offset? (example: push offset xxx)

F: (C++: flags64_t)

def is_off1(*args) ‑> bool

is_off1(F) -> bool

Is the second operand offset? (example: mov ax, offset xxx)

F: (C++: flags64_t)

def is_oword(*args) ‑> bool

is_oword(F) -> bool

FF_OWORD

F: (C++: flags64_t)

def is_pack_real(*args) ‑> bool

is_pack_real(F) -> bool

FF_PACKREAL

F: (C++: flags64_t)

def is_qword(*args) ‑> bool

is_qword(F) -> bool

FF_QWORD

F: (C++: flags64_t)

def is_same_data_type(*args) ‑> bool

is_same_data_type(F1, F2) -> bool

Do the given flags specify the same data type?

F1: (C++: flags64_t)

F2: (C++: flags64_t)

def is_seg(*args) ‑> bool

is_seg(F, n) -> bool

is segment?

F: (C++: flags64_t)

n: (C++: int)

def is_seg0(*args) ‑> bool

is_seg0(F) -> bool

Is the first operand segment selector? (example: push seg seg001)

F: (C++: flags64_t)

def is_seg1(*args) ‑> bool

is_seg1(F) -> bool

Is the second operand segment selector? (example: mov dx, seg dseg)

F: (C++: flags64_t)

def is_stkvar(*args) ‑> bool

is_stkvar(F, n) -> bool

is stack variable?

F: (C++: flags64_t)

n: (C++: int)

def is_stkvar0(*args) ‑> bool

is_stkvar0(F) -> bool

Is the first operand a stack variable?

F: (C++: flags64_t)

def is_stkvar1(*args) ‑> bool

is_stkvar1(F) -> bool

Is the second operand a stack variable?

F: (C++: flags64_t)

def is_strlit(*args) ‑> bool

is_strlit(F) -> bool

FF_STRLIT

F: (C++: flags64_t)

def is_stroff(*args) ‑> bool

is_stroff(F, n) -> bool

is struct offset?

F: (C++: flags64_t)

n: (C++: int)

def is_stroff0(*args) ‑> bool

is_stroff0(F) -> bool

Is the first operand an offset within a struct?

F: (C++: flags64_t)

def is_stroff1(*args) ‑> bool

is_stroff1(F) -> bool

Is the second operand an offset within a struct?

F: (C++: flags64_t)

def is_struct(*args) ‑> bool

is_struct(F) -> bool

FF_STRUCT

F: (C++: flags64_t)

def is_suspop(*args) ‑> bool

is_suspop(ea, F, n) -> bool

is suspicious operand?

ea: (C++: ea_t)

F: (C++: flags64_t)

n: (C++: int)

def is_tail(*args) ‑> bool

is_tail(F) -> bool

Does flag denote tail byte?

F: (C++: flags64_t)

def is_tbyte(*args) ‑> bool

is_tbyte(F) -> bool

FF_TBYTE

F: (C++: flags64_t)

def is_unknown(*args) ‑> bool

is_unknown(F) -> bool

Does flag denote unexplored byte?

F: (C++: flags64_t)

def is_varsize_item(*args) ‑> int

is_varsize_item(ea, F, ti=None, itemsize=None) -> int

Is the item at 'ea' variable size?.

ea: (C++: ea_t) linear address of the item

F: (C++: flags64_t) flags

ti: (C++: const opinfo_t *) additional information about the data type. For example, if the

current item is a structure instance, then ti->tid is structure id. Otherwise is ignored (may be nullptr). If specified as nullptr, will be automatically retrieved from the database

itemsize: (C++: asize_t *) if not nullptr and the item is varsize, itemsize will contain

the calculated item size (for struct types, the minimal size is returned)

retval 1: varsize item

retval 0: fixed item

retval -1: error (bad data definition)

def is_word(*args) ‑> bool

is_word(F) -> bool

FF_WORD

F: (C++: flags64_t)

def is_yword(*args) ‑> bool

is_yword(F) -> bool

FF_YWORD

F: (C++: flags64_t)

def is_zword(*args) ‑> bool

is_zword(F) -> bool

FF_ZWORD

F: (C++: flags64_t)

def leading_zero_important(*args) ‑> bool

leading_zero_important(ea, n) -> bool

Check if leading zeroes are important.

ea: (C++: ea_t)

n: (C++: int)

def nbits(*args) ‑> int

nbits(ea) -> int

Get number of bits in a byte at the given address.

ea: (C++: ea_t)

return: processor_t::dnbits() if the address doesn't belong to a segment,

otherwise the result depends on the segment type

def next_addr(*args) ‑> ea_t

next_addr(ea) -> ea_t

Get next address in the program (i.e. next address which has flags).

ea: (C++: ea_t)

return: BADADDR if no such address exist.

def next_chunk(*args) ‑> ea_t

next_chunk(ea) -> ea_t

Get the first address of next contiguous chunk in the program.

ea: (C++: ea_t)

return: BADADDR if next chunk doesn't exist.

def next_head(*args) ‑> ea_t

next_head(ea, maxea) -> ea_t

Get start of next defined item.

ea: (C++: ea_t) begin search at this address

maxea: (C++: ea_t) not included in the search range

return: BADADDR if none exists.

def next_inited(*args) ‑> ea_t

next_inited(ea, maxea) -> ea_t

Find the next initialized address.

ea: (C++: ea_t)

maxea: (C++: ea_t)

def next_not_tail(*args) ‑> ea_t

next_not_tail(ea) -> ea_t

Get address of next non-tail byte.

ea: (C++: ea_t)

return: BADADDR if none exists.

def next_that(*args) ‑> ea_t

next_that(ea, maxea, testf) -> ea_t

Find next address with a flag satisfying the function 'testf'.

note: do not pass is_unknown() to this function to find unexplored bytes. It

will fail under the debugger. To find unexplored bytes, use next_unknown().

ea: (C++: ea_t) start searching at this address + 1

maxea: (C++: ea_t) not included in the search range.

testf: (C++: testf_t *) test function to find next address

return: the found address or BADADDR.

def next_unknown(*args) ‑> ea_t

next_unknown(ea, maxea) -> ea_t

Similar to next_that(), but will find the next address that is unexplored.

ea: (C++: ea_t)

maxea: (C++: ea_t)

def next_visea(*args) ‑> ea_t

next_visea(ea) -> ea_t

Get next visible address.

ea: (C++: ea_t)

return: BADADDR if none exists.

def num_flag(*args) ‑> flags64_t

num_flag() -> flags64_t

Get number of default base (bin, oct, dec, hex)

def oct_flag(*args) ‑> flags64_t

oct_flag() -> flags64_t

Get number flag of the base, regardless of current processor - better to use

num_flag()

def off_flag(*args) ‑> flags64_t

off_flag() -> flags64_t

see FF_opbits

def op_adds_xrefs(*args) ‑> bool

op_adds_xrefs(F, n) -> bool

Should processor module create xrefs from the operand?. Currently 'offset' and 'structure offset' operands create xrefs

F: (C++: flags64_t)

n: (C++: int)

def op_based_stroff(*args) ‑> bool

op_based_stroff(insn, n, opval, base) -> bool

Set operand representation to be 'struct offset' if the operand likely points to a structure member. For example, let's there is a structure at 1000 1000 stru_1000 Elf32_Sym <...> the operand #8 will be represented as '#Elf32_Sym.st_size' after the call of 'op_based_stroff(..., 8, 0x1000)' By the way, after the call of 'op_plain_offset(..., 0x1000)' it will be represented as '#(stru_1000.st_size - 0x1000)'

insn: (C++: const insn_t &) the instruction

n: (C++: int) 0..UA_MAXOP-1 operand number, OPND_ALL all operands

opval: (C++: adiff_t) operand value (usually op_t::value or op_t::addr)

base: (C++: ea_t) base reference

return: success

def op_bin(*args) ‑> bool

op_bin(ea, n) -> bool

set op type to bin_flag()

ea: (C++: ea_t)

n: (C++: int)

def op_chr(*args) ‑> bool

op_chr(ea, n) -> bool

set op type to char_flag()

ea: (C++: ea_t)

n: (C++: int)

def op_custfmt(*args) ‑> bool

op_custfmt(ea, n, fid) -> bool

Set custom data format for operand (fid-custom data format id)

ea: (C++: ea_t)

n: (C++: int)

fid: (C++: int)

def op_dec(*args) ‑> bool

op_dec(ea, n) -> bool

set op type to dec_flag()

ea: (C++: ea_t)

n: (C++: int)

def op_enum(*args) ‑> bool

op_enum(ea, n, id, serial=0) -> bool

Set operand representation to be 'enum_t'. If applied to unexplored bytes, converts them to 16/32bit word data

ea: (C++: ea_t) linear address

n: (C++: int) 0..UA_MAXOP-1 operand number, OPND_ALL all operands

id: (C++: enum_t) id of enum

serial: (C++: uchar) the serial number of the constant in the enumeration, usually 0.

the serial numbers are used if the enumeration contains several constants with the same value

return: success

def op_flt(*args) ‑> bool

op_flt(ea, n) -> bool

set op type to flt_flag()

ea: (C++: ea_t)

n: (C++: int)

def op_hex(*args) ‑> bool

op_hex(ea, n) -> bool

set op type to hex_flag()

ea: (C++: ea_t)

n: (C++: int)

def op_num(*args) ‑> bool

op_num(ea, n) -> bool

set op type to num_flag()

ea: (C++: ea_t)

n: (C++: int)

def op_oct(*args) ‑> bool

op_oct(ea, n) -> bool

set op type to oct_flag()

ea: (C++: ea_t)

n: (C++: int)

def op_seg(*args) ‑> bool

op_seg(ea, n) -> bool

Set operand representation to be 'segment'. If applied to unexplored bytes, converts them to 16/32bit word data

ea: (C++: ea_t) linear address

n: (C++: int) 0..UA_MAXOP-1 operand number, OPND_ALL all operands

return: success

def op_stkvar(*args) ‑> bool

op_stkvar(ea, n) -> bool

Set operand representation to be 'stack variable'. Should be applied to an instruction within a function. Should be applied after creating a stack var using insn_t::create_stkvar().

ea: (C++: ea_t) linear address

n: (C++: int) 0..UA_MAXOP-1 operand number, OPND_ALL all operands

return: success

def op_stroff(*args) ‑> bool

op_stroff(insn, n, path, path_len, delta) -> bool

Set operand representation to be 'struct offset'.

insn: (C++: const insn_t &) the instruction

n: (C++: int) 0..UA_MAXOP-1 operand number, OPND_ALL all operands

path: (C++: const tid_t *) structure path (strpath). see nalt.hpp for more info.

path_len: (C++: int) length of the structure path

delta: (C++: adiff_t) struct offset delta. usually 0. denotes the difference between the

structure base and the pointer into the structure.

return: success

op_stroff(insn, n, path, delta) -> bool

insn: an ida_ua.insn_t, or an address (C++: const insn_t &)

n: int

path: qvector< tid_t > const &

delta: adiff_t

def oword_flag(*args) ‑> flags64_t

oword_flag() -> flags64_t

Get a flags64_t representing a octaword.

def packreal_flag(*args) ‑> flags64_t

packreal_flag() -> flags64_t

Get a flags64_t representing a packed decimal real.

def parse_binpat_str(*args) ‑> qstring *

parse_binpat_str(out, ea, _in, radix, strlits_encoding=0) -> str

Convert user-specified binary string to internal representation. The 'in' parameter contains space-separated tokens:

numbers (numeric base is determined by 'radix')
if value of number fits a byte, it is considered as a byte
if value of number fits a word, it is considered as 2 bytes
if value of number fits a dword,it is considered as 4 bytes
"..." string constants
'x' single-character constants
? variable bytes

Note that string constants are surrounded with double quotes.

Here are a few examples (assuming base 16): CD 21 - bytes 0xCD, 0x21 21CD - bytes 0xCD, 0x21 (little endian ) or 0x21, 0xCD (big-endian) "Hello", 0 - the null terminated string "Hello" L"Hello" - 'H', 0, 'e', 0, 'l', 0, 'l', 0, 'o', 0 B8 ? ? ? ? 90 - byte 0xB8, 4 bytes with any value, byte 0x90

out: (C++: compiled_binpat_vec_t *) a vector of compiled binary patterns, for use with bin_search2()

ea: (C++: ea_t) linear address to convert for (the conversion depends on the address,

because the number of bits in a byte depend on the segment type)

in: (C++: const char *) input text string

radix: (C++: int) numeric base of numbers (8,10,16)

strlits_encoding: (C++: int) the target encoding into which the string literals

present in 'in', should be encoded. Can be any from [1, get_encoding_qty()), or the special values PBSENC_*

return: false either in case of parsing error, or if at least one requested

target encoding couldn't encode the string literals present in "in".

def patch_byte(*args) ‑> bool

patch_byte(ea, x) -> bool

Patch a byte of the program. The original value of the byte is saved and can be obtained by get_original_byte(). This function works for wide byte processors too.

retval true: the database has been modified,

retval false: the debugger is running and the process' memory has value 'x' at

address 'ea', or the debugger is not running, and the IDB has value 'x' at address 'ea already.

ea: (C++: ea_t)

x: (C++: uint64)

def patch_bytes(*args) ‑> void

patch_bytes(ea, buf)

Patch the specified number of bytes of the program. Original values of bytes are saved and are available with get_original...() functions. See also put_bytes().

ea: (C++: ea_t) linear address

buf: (C++: const void *) buffer with new values of bytes

def patch_dword(*args) ‑> bool

patch_dword(ea, x) -> bool

Patch a dword of the program. The original value of the dword is saved and can be obtained by get_original_dword(). This function DOESN'T work for wide byte processors. This function takes into account order of bytes specified in idainfo::is_be()

retval true: the database has been modified,

retval false: the debugger is running and the process' memory has value 'x' at

address 'ea', or the debugger is not running, and the IDB has value 'x' at address 'ea already.

ea: (C++: ea_t)

x: (C++: uint64)

def patch_qword(*args) ‑> bool

patch_qword(ea, x) -> bool

Patch a qword of the program. The original value of the qword is saved and can be obtained by get_original_qword(). This function DOESN'T work for wide byte processors. This function takes into account order of bytes specified in idainfo::is_be()

retval true: the database has been modified,

retval false: the debugger is running and the process' memory has value 'x' at

address 'ea', or the debugger is not running, and the IDB has value 'x' at address 'ea already.

ea: (C++: ea_t)

x: (C++: uint64)

def patch_word(*args) ‑> bool

patch_word(ea, x) -> bool

Patch a word of the program. The original value of the word is saved and can be obtained by get_original_word(). This function works for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be()

retval true: the database has been modified,

retval false: the debugger is running and the process' memory has value 'x' at

address 'ea', or the debugger is not running, and the IDB has value 'x' at address 'ea already.

ea: (C++: ea_t)

x: (C++: uint64)

def prev_addr(*args) ‑> ea_t

prev_addr(ea) -> ea_t

Get previous address in the program.

ea: (C++: ea_t)

return: BADADDR if no such address exist.

def prev_chunk(*args) ‑> ea_t

prev_chunk(ea) -> ea_t

Get the last address of previous contiguous chunk in the program.

ea: (C++: ea_t)

return: BADADDR if previous chunk doesn't exist.

def prev_head(*args) ‑> ea_t

prev_head(ea, minea) -> ea_t

Get start of previous defined item.

ea: (C++: ea_t) begin search at this address

minea: (C++: ea_t) included in the search range

return: BADADDR if none exists.

def prev_inited(*args) ‑> ea_t

prev_inited(ea, minea) -> ea_t

Find the previous initialized address.

ea: (C++: ea_t)

minea: (C++: ea_t)

def prev_not_tail(*args) ‑> ea_t

prev_not_tail(ea) -> ea_t

Get address of previous non-tail byte.

ea: (C++: ea_t)

return: BADADDR if none exists.

def prev_that(*args) ‑> ea_t

prev_that(ea, minea, testf) -> ea_t

Find previous address with a flag satisfying the function 'testf'.

note: do not pass is_unknown() to this function to find unexplored bytes It

will fail under the debugger. To find unexplored bytes, use prev_unknown().

ea: (C++: ea_t) start searching from this address - 1.

minea: (C++: ea_t) included in the search range.

testf: (C++: testf_t *) test function to find previous address

return: the found address or BADADDR.

def prev_unknown(*args) ‑> ea_t

prev_unknown(ea, minea) -> ea_t

Similar to prev_that(), but will find the previous address that is unexplored.

ea: (C++: ea_t)

minea: (C++: ea_t)

def prev_visea(*args) ‑> ea_t

prev_visea(ea) -> ea_t

Get previous visible address.

ea: (C++: ea_t)

return: BADADDR if none exists.

def print_strlit_type(*args) ‑> PyObject *

print_strlit_type(strtype, flags=0) -> (str, str)

Get string type information: the string type name (possibly decorated with hotkey markers), and the tooltip.

strtype: (C++: int32) the string type

flags: (C++: int) or'ed PSTF_* constants

return: length of generated text

def put_byte(*args) ‑> bool

put_byte(ea, x) -> bool

Set value of one byte of the program. This function modifies the database. If the debugger is active then the debugged process memory is patched too.

note: The original value of the byte is completely lost and can't be recovered

by the get_original_byte() function. See also put_dbg_byte() to write to the process memory directly when the debugger is active. This function can handle wide byte processors.

ea: (C++: ea_t) linear address

x: (C++: uint64) byte value

return: true if the database has been modified

def put_bytes(*args) ‑> void

put_bytes(ea, buf)

Modify the specified number of bytes of the program. This function does not save the original values of bytes. See also patch_bytes().

ea: (C++: ea_t) linear address

buf: (C++: const void *) buffer with new values of bytes

def put_dword(*args) ‑> void

put_dword(ea, x)

Set value of one dword of the program. This function takes into account order of bytes specified in idainfo::is_be() This function works for wide byte processors too.

ea: (C++: ea_t) linear address

x: (C++: uint64) dword value

note: the original value of the dword is completely lost and can't be recovered

by the get_original_dword() function.

def put_qword(*args) ‑> void

put_qword(ea, x)

Set value of one qword (8 bytes) of the program. This function takes into account order of bytes specified in idainfo::is_be() This function DOESN'T works for wide byte processors.

ea: (C++: ea_t) linear address

x: (C++: uint64) qword value

def put_word(*args) ‑> void

put_word(ea, x)

Set value of one word of the program. This function takes into account order of bytes specified in idainfo::is_be() This function works for wide byte processors too.

note: The original value of the word is completely lost and can't be recovered

by the get_original_word() function. ea - linear address x - word value

ea: (C++: ea_t)

x: (C++: uint64)

def qword_flag(*args) ‑> flags64_t

qword_flag() -> flags64_t

Get a flags64_t representing a quad word.

def register_custom_data_format(*args) ‑> int

register_custom_data_format(py_df) -> int

Registers a custom data format with a given data type.

py_df: an instance of data_format_t

return: < 0 if failed to register

> 0 data format id

def register_custom_data_type(*args) ‑> int

register_custom_data_type(py_dt) -> int

Registers a custom data type.

py_dt: an instance of the data_type_t class

return: < 0 if failed to register

> 0 data type id

def register_data_types_and_formats(formats)

Registers multiple data types and formats at once. To register one type/format at a time use register_custom_data_type/register_custom_data_format

It employs a special table of types and formats described below:

The 'formats' is a list of tuples. If a tuple has one element then it is the format to be registered with dtid=0 If the tuple has more than one element, then tuple[0] is the data type and tuple[1:] are the data formats. For example: many_formats = [

(pascal_data_type(), pascal_data_format()), (simplevm_data_type(), simplevm_data_format()), (makedword_data_format(),), (simplevm_data_format(),)

] The first two tuples describe data types and their associated formats. The last two tuples describe two data formats to be used with built-in data types. The data format may be attached to several data types. The id of the data format is stored in the first data_format_t object. For example: assert many_formats[1][1] != -1 assert many_formats[2][0] != -1 assert many_formats[3][0] == -1

def revert_byte(*args) ‑> bool

revert_byte(ea) -> bool

Revert patched byte

retval true: byte was patched before and reverted now

ea: (C++: ea_t)

def seg_flag(*args) ‑> flags64_t

seg_flag() -> flags64_t

see FF_opbits

def set_cmt(*args) ‑> bool

set_cmt(ea, comm, rptble) -> bool

Set an indented comment.

ea: (C++: ea_t) linear address

comm: (C++: const char *) comment string

nullptr: do nothing (return 0)
"" : delete comment

rptble: (C++: bool) is repeatable?

return: success

def set_forced_operand(*args) ‑> bool

set_forced_operand(ea, n, op) -> bool

Set forced operand.

ea: (C++: ea_t) linear address

n: (C++: int) 0..UA_MAXOP-1 operand number

op: (C++: const char *) text of operand

nullptr: do nothing (return 0)
"" : delete forced operand

return: success

def set_immd(*args) ‑> bool

set_immd(ea) -> bool

Set 'has immediate operand' flag. Returns true if the FF_IMMD bit was not set and now is set

ea: (C++: ea_t)

def set_lzero(*args) ‑> bool

set_lzero(ea, n) -> bool

Set toggle lzero bit. This function changes the display of leading zeroes for the specified operand. If the default is not to display leading zeroes, this function will display them and vice versa.

ea: (C++: ea_t) the item (insn/data) address

n: (C++: int) the operand number (0-first operand, 1-other operands)

return: success

def set_manual_insn(*args) ‑> void

set_manual_insn(ea, manual_insn)

Set manual instruction string.

ea: (C++: ea_t) linear address of the instruction or data item

manual_insn: (C++: const char *) "" - delete manual string. nullptr - do nothing

def set_op_type(*args) ‑> bool

set_op_type(ea, type, n) -> bool

(internal function) change representation of operand(s).

ea: (C++: ea_t) linear address

type: (C++: flags64_t) new flag value (should be obtained from char_flag(), num_flag() and

similar functions)

n: (C++: int) 0..UA_MAXOP-1 operand number, OPND_ALL all operands

retval 1: ok

retval 0: failed (applied to a tail byte)

def set_opinfo(*args) ‑> bool

set_opinfo(ea, n, flag, ti, suppress_events=False) -> bool

Set additional information about an operand representation. This function is a low level one. Only the kernel should use it.

ea: (C++: ea_t) linear address of the item

n: (C++: int) number of operand, 0 or 1 (see the note below)

flag: (C++: flags64_t) flags of the item

ti: (C++: const opinfo_t *) additional representation information

suppress_events: (C++: bool) do not generate changing_op_type and op_type_changed

events

return: success

note: for custom formats (if is_custfmt(flag, n) is true) or for offsets (if

is_off(flag, n) is true) N can be in range 0..UA_MAXOP-1 or equal to OPND_ALL. In the case of OPND_ALL the additional information about all operands will be set.

def stkvar_flag(*args) ‑> flags64_t

stkvar_flag() -> flags64_t

see FF_opbits

def strlit_flag(*args) ‑> flags64_t

strlit_flag() -> flags64_t

Get a flags64_t representing a string literal.

def stroff_flag(*args) ‑> flags64_t

stroff_flag() -> flags64_t

see FF_opbits

def stru_flag(*args) ‑> flags64_t

stru_flag() -> flags64_t

Get a flags64_t representing a struct.

def tbyte_flag(*args) ‑> flags64_t

tbyte_flag() -> flags64_t

Get a flags64_t representing a tbyte.

def toggle_bnot(*args) ‑> bool

toggle_bnot(ea, n) -> bool

Toggle binary negation of operand. also see is_bnot()

ea: (C++: ea_t)

n: (C++: int)

def toggle_lzero(*args) ‑> bool

toggle_lzero(ea, n) -> bool

Toggle lzero bit.

ea: (C++: ea_t) the item (insn/data) address

n: (C++: int) the operand number (0-first operand, 1-other operands)

return: success

def toggle_sign(*args) ‑> bool

toggle_sign(ea, n) -> bool

Toggle sign of n-th operand. allowed values of n: 0-first operand, 1-other operands

ea: (C++: ea_t)

n: (C++: int)

def unregister_custom_data_format(*args) ‑> bool

unregister_custom_data_format(dfid) -> bool

Unregisters a custom data format

dfid: data format id

return: Boolean

def unregister_custom_data_type(*args) ‑> bool

unregister_custom_data_type(dtid) -> bool

Unregisters a custom data type.

dtid: the data type id

return: Boolean

def unregister_data_types_and_formats(formats)

As opposed to register_data_types_and_formats(), this function unregisters multiple data types and formats at once.

def update_hidden_range(*args) ‑> bool

update_hidden_range(ha) -> bool

Update hidden range information in the database. You cannot use this function to change the range boundaries

ha: (C++: const hidden_range_t *) range to update

return: success

def use_mapping(*args) ‑> ea_t

use_mapping(ea) -> ea_t

Translate address according to current mappings.

ea: (C++: ea_t) address to translate

return: translated address

def visit_patched_bytes(*args) ‑> int

visit_patched_bytes(ea1, ea2, py_callable) -> int

Enumerates patched bytes in the given range and invokes a callable

ea1: start address

ea2: end address

py_callable: a Python callable with the following prototype:

callable(ea, fpos, org_val, patch_val). If the callable returns non-zero then that value will be returned to the caller and the enumeration will be interrupted.

return: Zero if the enumeration was successful or the return

value of the callback if enumeration was interrupted.

def word_flag(*args) ‑> flags64_t

word_flag() -> flags64_t

Get a flags64_t representing a word.

def yword_flag(*args) ‑> flags64_t

yword_flag() -> flags64_t

Get a flags64_t representing a ymm word.

def zword_flag(*args) ‑> flags64_t

zword_flag() -> flags64_t

Get a flags64_t representing a zmm word.

Classes

class compiled_binpat_t (*args)

Proxy of C++ compiled_binpat_t class.

__init__(self) -> compiled_binpat_t

Instance variables

var bytes: bytes
var encidx: encidx
var mask: mask
var strlits: strlits

Methods

def all_bytes_defined(self, *args) ‑> bool: all_bytes_defined(self) -> bool
def qclear(self, *args) ‑> void: qclear(self)

class compiled_binpat_vec_t (*args)

Proxy of C++ qvector< compiled_binpat_t > class.

__init__(self) -> compiled_binpat_vec_t

__init__(self, x) -> compiled_binpat_vec_t

x: qvector< compiled_binpat_t > const &

Methods

def add_unique(self, *args) ‑> bool: add_unique(self, x) -> bool
x: compiled_binpat_t const &
def at(self, *args) ‑> compiled_binpat_t const &: at(self, _idx) -> compiled_binpat_t
_idx: size_t
def back(self)
def begin(self, *args) ‑> qvector< compiled_binpat_t >::const_iterator: begin(self) -> compiled_binpat_t
def capacity(self, *args) ‑> size_t: capacity(self) -> size_t
def clear(self, *args) ‑> void: clear(self)
def empty(self, *args) ‑> bool: empty(self) -> bool
def end(self, *args) ‑> qvector< compiled_binpat_t >::const_iterator: end(self) -> compiled_binpat_t
def erase(self, *args) ‑> qvector< compiled_binpat_t >::iterator: erase(self, it) -> compiled_binpat_t
it: qvector< compiled_binpat_t >::iterator

erase(self, first, last) -> compiled_binpat_t
first: qvector< compiled_binpat_t >::iterator

last: qvector< compiled_binpat_t >::iterator
def extract(self, *args) ‑> compiled_binpat_t *: extract(self) -> compiled_binpat_t
def find(self, *args) ‑> qvector< compiled_binpat_t >::const_iterator: find(self, x) -> compiled_binpat_t
x: compiled_binpat_t const &
def front(self)
def grow(self, *args) ‑> void: grow(self, x=compiled_binpat_t())

x: compiled_binpat_t const &
def has(self, *args) ‑> bool: has(self, x) -> bool
x: compiled_binpat_t const &
def inject(self, *args) ‑> void: inject(self, s, len)
s: compiled_binpat_t *

len: size_t
def insert(self, *args) ‑> qvector< compiled_binpat_t >::iterator: insert(self, it, x) -> compiled_binpat_t
it: qvector< compiled_binpat_t >::iterator

x: compiled_binpat_t const &
def pop_back(self, *args) ‑> void: pop_back(self)
def push_back(self, *args) ‑> compiled_binpat_t &: push_back(self, x)
x: compiled_binpat_t const &

push_back(self) -> compiled_binpat_t
def qclear(self, *args) ‑> void: qclear(self)
def reserve(self, *args) ‑> void: reserve(self, cnt)
cnt: size_t
def resize(self, *args) ‑> void: resize(self, _newsize, x)
_newsize: size_t

x: compiled_binpat_t const &

resize(self, _newsize)
_newsize: size_t
def size(self, *args) ‑> size_t: size(self) -> size_t
def swap(self, *args) ‑> void: swap(self, r)
r: qvector< compiled_binpat_t > &
def truncate(self, *args) ‑> void: truncate(self)

class data_format_t (*args)

Proxy of C++ data_format_t class.

Instance variables

var hotkey: Hotkey for the corresponding menu item if nullptr, no hotkey will be associated with the menu item
var id : int: __get_id(self) -> int
var menu_name: Visible format name to use in menus if nullptr, no menu item will be created
var name: Format name, must be unique.
var props: properties (currently 0)
var text_width: Usual width of the text representation This value is used to calculate the width of the control to display values of this type
var value_size: size of the value in bytes 0 means any size is ok data formats that are registered for standard types (dtid 0) may be called with any value_size (instruction operands only)

Methods

def is_present_in_menus(self, *args) ‑> bool: is_present_in_menus(self) -> bool
Should this format be shown in UI menus

return: success

class data_type_t (*args)

Proxy of C++ data_type_t class.

Instance variables

var asm_keyword: keyword to use for this type in the assembly if nullptr, the data type cannot be used in the listing it can still be used in cpuregs window
var hotkey: Hotkey for the corresponding menu item if nullptr, no hotkey will be associated with the menu item
var id : int: __get_id(self) -> int
var menu_name: Visible data type name to use in menus if nullptr, no menu item will be created
var name: name of the data type. must be unique
var props: properties
var value_size: size of the value in bytes

Methods

def is_present_in_menus(self, *args) ‑> bool: is_present_in_menus(self) -> bool
Should this type be shown in UI menus

return: success

class hidden_range_t (*args)

Proxy of C++ hidden_range_t class.

__init__(self) -> hidden_range_t

Ancestors

range_t

Instance variables

var color: range color
var description: description to display if the range is collapsed
var footer: footer lines to display if the range is expanded
var header: header lines to display if the range is expanded
var visible: the range state

Inherited members

range_t:
- clear
- compare
- contains
- empty
- end_ea
- extend
- intersect
- overlaps
- size
- start_ea

class octet_generator_t (*args)

Proxy of C++ octet_generator_t class.

__init__(self, _ea) -> octet_generator_t

_ea: ea_t

Instance variables

var avail_bits: avail_bits
var ea: ea
var high_byte_first: high_byte_first
var value: value

Methods

def invert_byte_order(self, *args) ‑> void: invert_byte_order(self)