Module index

Module ida_frame

IDA Plugin SDK API wrapper: frame

Global variables

var FPC_ARGS
FPC_ARGS = 0
var FPC_LVARS
FPC_LVARS = 3
var FPC_RETADDR
FPC_RETADDR = 1
var FPC_SAVREGS
FPC_SAVREGS = 2
var REGVAR_ERROR_ARG
function arguments are bad
var REGVAR_ERROR_NAME
the provided name(s) can't be accepted
var REGVAR_ERROR_OK
all ok
var REGVAR_ERROR_RANGE
the definition range is bad
var STKVAR_VALID_SIZE
x.dtyp contains correct variable type (for insns like 'lea' this bit must be off) in general, dr_O references do not allow to determine the variable size

Functions

def add_auto_stkpnt(*args) ‑> bool
Add automatic SP register change point.
add_auto_stkpnt(pfn, ea, delta) -> bool
pfn: pointer to function. may be NULL. (C++: func_t *)
ea: linear address where SP changes. usually this is the end of
the instruction which modifies the stack pointer (\cmd{ea} +\cmd{size}) (C++: ea_t)
delta: difference between old and new values of SP (C++:
sval_t)
return: success
def add_frame(*args) ‑> bool
Add function frame.
add_frame(pfn, frsize, frregs, argsize) -> bool
pfn: pointer to function structure (C++: func_t *)
frsize: size of function local variables (C++: sval_t)
frregs: size of saved registers (C++: ushort)
argsize: size of function arguments range which will be purged
upon return. this parameter is used for __stdcall and __pascal calling conventions. for other calling conventions please pass 0. (C++: asize_t)
retval: 1 - ok
retval: 0 - failed (no function, frame already exists)
def add_regvar(*args) ‑> int
Define a register variable.
add_regvar(pfn, ea1, ea2, canon, user, cmt) -> int
pfn: function in which the definition will be created (C++:
func_t *)
ea1: range of addresses within the function where the
definition will be used (C++: ea_t)
ea2: range of addresses within the function where the
definition will be used (C++: ea_t)
canon: name of a general register (C++: const char *)
user: user-defined name for the register (C++: const char *)
cmt: comment for the definition (C++: const char *)
return: Register variable error codes
def add_user_stkpnt(*args) ‑> bool
Add user-defined SP register change point.
add_user_stkpnt(ea, delta) -> bool
ea: linear address where SP changes (C++: ea_t)
delta: difference between old and new values of SP (C++:
sval_t)
return: success
def build_stkvar_name(*args) ‑> qstring *
Build automatic stack variable name.
build_stkvar_name(pfn, v) -> str
pfn: pointer to function (can't be NULL!) (C++: const func_t
*)
v: value of variable offset (C++: sval_t)
return: length of stack variable name or -1
def build_stkvar_xrefs(*args) ‑> void
Fill 'out' with a list of all the xrefs made from function 'pfn', to the argument or variable 'mptr' in 'pfn's stack frame.
build_stkvar_xrefs(out, pfn, mptr)
out: the list of xrefs to fill. (C++: xreflist_t *)
pfn: the function to scan. (C++: func_t *)
mptr: the argument/variable in pfn's stack frame. (C++: const
member_t *)
def calc_stkvar_struc_offset(*args) ‑> ea_t
Calculate offset of stack variable in the frame structure.
calc_stkvar_struc_offset(pfn, insn, n) -> ea_t
pfn: pointer to function (can't be NULL!) (C++: func_t *)
insn: the instruction - an ida_ua.insn_t, or an address (C++:
const insn_t &)
n: number of operand: (0.. UA_MAXOP -1) -1 if error, return
BADADDR (C++: int)
return: BADADDR if some error (issue a warning if stack frame is
bad)
def define_stkvar(*args) ‑> bool
Define/redefine a stack variable.
define_stkvar(pfn, name, off, flags, ti, nbytes) -> bool
pfn: pointer to function (C++: func_t *)
name: variable name, NULL means autogenerate a name (C++: const
char *)
off: offset of the stack variable in the frame. negative values
denote local variables, positive - function arguments. (C++: sval_t)
flags: variable type flags ( byte_flag() for a byte variable,
for example) (C++: flags_t)
ti: additional type information (like offsets, structs, etc)
(C++: const opinfo_t *)
nbytes: number of bytes occupied by the variable (C++: asize_t)
return: success
def del_frame(*args) ‑> bool
Delete a function frame.
del_frame(pfn) -> bool
pfn: pointer to function structure (C++: func_t *)
return: success
def del_regvar(*args) ‑> int
Delete a register variable definition.
del_regvar(pfn, ea1, ea2, canon) -> int
pfn: function in question (C++: func_t *)
ea1: range of addresses within the function where the
definition holds (C++: ea_t)
ea2: range of addresses within the function where the
definition holds (C++: ea_t)
canon: name of a general register (C++: const char *)
return: Register variable error codes
def del_stkpnt(*args) ‑> bool
Delete SP register change point.
del_stkpnt(pfn, ea) -> bool
pfn: pointer to function. may be NULL. (C++: func_t *)
ea: linear address (C++: ea_t)
return: success
def delete_unreferenced_stkvars(*args) ‑> int
delete_unreferenced_stkvars(pfn) -> int
pfn (C++: func_t *)
def delete_wrong_stkvar_ops(*args) ‑> int
delete_wrong_stkvar_ops(pfn) -> int
pfn (C++: func_t *)
def find_regvar(*args) ‑> regvar_t *
Find a register variable definition (powerful version). One of 'canon' and 'user' should be NULL. If both 'canon' and 'user' are NULL it returns the first regvar definition in the range.
find_regvar(pfn, ea1, ea2, canon, user) -> regvar_t
pfn: function in question (C++: func_t *)
ea1: range of addresses to search. ea1==BADADDR means the
entire function (C++: ea_t)
ea2: range of addresses to search. ea1==BADADDR means the
entire function (C++: ea_t)
canon: name of a general register (C++: const char *)
user: user-defined name for the register (C++: const char *)
return: NULL-not found, otherwise ptr to regvar_t
find_regvar(pfn, ea, canon) -> regvar_t
pfn: function in question (C++: func_t *) ea: ea_t
canon: name of a general register (C++: const char *)
return: NULL-not found, otherwise ptr to regvar_t
def frame_off_args(*args) ‑> ea_t
Get starting address of arguments section.
frame_off_args(pfn) -> ea_t
pfn (C++: const func_t *)
def frame_off_lvars(*args) ‑> ea_t
Get start address of local variables section.
frame_off_lvars(pfn) -> ea_t
pfn (C++: const func_t *)
def frame_off_retaddr(*args) ‑> ea_t
Get starting address of return address section.
frame_off_retaddr(pfn) -> ea_t
pfn (C++: const func_t *)
def frame_off_savregs(*args) ‑> ea_t
Get starting address of saved registers section.
frame_off_savregs(pfn) -> ea_t
pfn (C++: const func_t *)
def free_regvar(*args) ‑> void
free_regvar(v)
v (C++: struct regvar_t *)
def get_effective_spd(*args) ‑> sval_t
Get effective difference between the initial and current values of ESP. This function returns the sp-diff used by the instruction. The difference between 'get_spd()' and 'get_effective_spd()' is present only for instructions like "pop [esp+N]": they modify sp and use the modified value.
get_effective_spd(pfn, ea) -> sval_t
pfn: pointer to function. may be NULL. (C++: func_t *)
ea: linear address (C++: ea_t)
return: 0 or the difference, usually a negative number
def get_frame(*args) ‑> struc_t *
Get pointer to function frame.
get_frame(pfn) -> struc_t
pfn: pointer to function structure (C++: const func_t *)
get_frame(ea) -> struc_t *
ea: ea_t
def get_frame_part(*args) ‑> void
Get offsets of the frame part in the frame.
get_frame_part(range, pfn, part)
range: pointer to the output buffer with the frame part
start/end(exclusive) offsets, can't be NULL (C++: range_t *)
pfn: pointer to function structure, can't be NULL (C++: const
func_t *)
part: frame part (C++: frame_part_t)
def get_frame_retsize(*args) ‑> int
Get size of function return address.
get_frame_retsize(pfn) -> int
pfn: pointer to function structure, can't be NULL (C++: const
func_t *)
def get_frame_size(*args) ‑> asize_t
Get full size of a function frame. This function takes into account size of local variables + size of saved registers + size of return address + number of purged bytes. The purged bytes correspond to the arguments of the functions with __stdcall and __fastcall calling conventions.
get_frame_size(pfn) -> asize_t
pfn: pointer to function structure, may be NULL (C++: const
func_t *)
return: size of frame in bytes or zero
def get_func_by_frame(*args) ‑> ea_t
Get function by its frame id.this function works only with databases created by IDA > 5.6
get_func_by_frame(frame_id) -> ea_t
frame_id: id of the function frame (C++: tid_t)
return: start address of the function or BADADDR
def get_min_spd_ea(*args) ‑> ea_t
get_min_spd_ea(pfn) -> ea_t
pfn (C++: func_t *)
def get_sp_delta(*args) ‑> sval_t
Get modification of SP made at the specified location
get_sp_delta(pfn, ea) -> sval_t
pfn: pointer to function. may be NULL. (C++: func_t *)
ea: linear address (C++: ea_t)
return: 0 if the specified location doesn't contain a SP change
point. otherwise return delta of SP modification.
def get_spd(*args) ‑> sval_t
Get difference between the initial and current values of ESP.
get_spd(pfn, ea) -> sval_t
pfn: pointer to function. may be NULL. (C++: func_t *)
ea: linear address of an instruction (C++: ea_t)
return: 0 or the difference, usually a negative number. returns the
sp-diff before executing the instruction.
def get_stkvar(*args) ‑> PyObject *
get_stkvar(insn, op, v) -> PyObject *
Get pointer to stack variable
op: reference to instruction operand
v: immediate value in the operand (usually op.addr)
return:
  • None on failure
  • tuple(member_t, actval)
    where actval: actual value used to fetch stack variable
def has_regvar(*args) ‑> bool
Is there a register variable definition?
has_regvar(pfn, ea) -> bool
pfn: function in question (C++: func_t *)
ea: current address (C++: ea_t)
def is_funcarg_off(*args) ‑> bool
is_funcarg_off(pfn, frameoff) -> bool
pfn: func_t const * frameoff: uval_t
def lvar_off(*args) ‑> sval_t
lvar_off(pfn, frameoff) -> sval_t
pfn: func_t const * frameoff: uval_t
def recalc_spd(*args) ‑> bool
Recalculate SP delta for an instruction that stops execution. The next instruction is not reached from the current instruction. We need to recalculate SP for the next instruction.This function will create a new automatic SP register change point if necessary. It should be called from the emulator (emu.cpp) when auto_state == 'AU_USED' if the current instruction doesn't pass the execution flow to the next instruction.
recalc_spd(cur_ea) -> bool
cur_ea: linear address of the current instruction (C++: ea_t)
retval: 1 - new stkpnt is added
retval: 0 - nothing is changed
def rename_regvar(*args) ‑> int
Rename a register variable.
rename_regvar(pfn, v, user) -> int
pfn: function in question (C++: func_t *)
v: variable to rename (C++: regvar_t *)
user: new user-defined name for the register (C++: const char
*)
return: Register variable error codes
def set_frame_size(*args) ‑> bool
Set size of function frame. Note: The returned size may not include all stack arguments. It does so only for __stdcall and __fastcall calling conventions. To get the entire frame size for all cases use get_struc_size(get_frame(pfn)).
set_frame_size(pfn, frsize, frregs, argsize) -> bool
pfn: pointer to function structure (C++: func_t *)
frsize: size of function local variables (C++: asize_t)
frregs: size of saved registers (C++: ushort)
argsize: size of function arguments that will be purged from
the stack upon return (C++: asize_t)
return: success
def set_purged(*args) ‑> bool
Set the number of purged bytes for a function or data item (funcptr). This function will update the database and plan to reanalyze items referencing the specified address. It works only for processors with 'PR_PURGING' bit in 16 and 32 bit modes.
set_purged(ea, nbytes, override_old_value) -> bool
ea: address of the function of item (C++: ea_t)
nbytes: number of purged bytes (C++: int)
override_old_value: may overwrite old information about purged
bytes (C++: bool)
return: success
def set_regvar_cmt(*args) ‑> int
Set comment for a register variable.
set_regvar_cmt(pfn, v, cmt) -> int
pfn: function in question (C++: func_t *)
v: variable to rename (C++: regvar_t *)
cmt: new comment (C++: const char *)
return: Register variable error codes
def soff_to_fpoff(*args) ‑> sval_t
Convert struct offsets into fp-relative offsets. This function converts the offsets inside the 'struc_t' object into the frame pointer offsets (for example, EBP-relative).
soff_to_fpoff(pfn, soff) -> sval_t
pfn (C++: func_t *)
soff (C++: uval_t)
def update_fpd(*args) ‑> bool
Update frame pointer delta.
update_fpd(pfn, fpd) -> bool
pfn: pointer to function structure (C++: func_t *)
fpd: new fpd value. cannot be bigger than the local variable
range size. (C++: asize_t)
return: success

Classes

class regvar_t (*args)
Proxy of C++ regvar_t class.
__init__(self) -> regvar_t
r: regvar_t const &

Ancestors

Instance variables

var canon
regvar_t_canon_get(self) -> char *
var cmt
regvar_t_cmt_get(self) -> char *
var user
regvar_t_user_get(self) -> char *

Methods

def swap(self, *args) ‑> void
swap(self, r)
r (C++: regvar_t &)

Inherited members

class stkpnt_t (*args)
Proxy of C++ stkpnt_t class.
__init__(self) -> stkpnt_t

Instance variables

var ea
stkpnt_t_ea_get(self) -> ea_t
var spd
stkpnt_t_spd_get(self) -> sval_t

Methods

def compare(self, *args) ‑> int
compare(self, r) -> int
r: stkpnt_t const &
class stkpnts_t (*args)
Proxy of C++ stkpnts_t class.
__init__(self) -> stkpnts_t

Methods

def compare(self, *args) ‑> int
compare(self, r) -> int
r: stkpnts_t const &
class xreflist_entry_t (*args)
Proxy of C++ xreflist_entry_t class.
__init__(self) -> xreflist_entry_t

Instance variables

var ea
xreflist_entry_t_ea_get(self) -> ea_t
var opnum
xreflist_entry_t_opnum_get(self) -> uchar
var type
xreflist_entry_t_type_get(self) -> uchar

Methods

def compare(self, *args) ‑> int
compare(self, r) -> int
r: xreflist_entry_t const &
class xreflist_t (*args)
Proxy of C++ qvector< xreflist_entry_t > class.
__init__(self) -> xreflist_t
x: qvector< xreflist_entry_t > const &

Methods

def add_unique(self, *args) ‑> bool
add_unique(self, x) -> bool
x: xreflist_entry_t const &
def at(self, *args) ‑> xreflist_entry_t const &
at(self, _idx) -> xreflist_entry_t
_idx: size_t
def back(self)
def begin(self, *args) ‑> qvector< xreflist_entry_t >::const_iterator
begin(self) -> xreflist_entry_t
begin(self) -> xreflist_entry_t
def capacity(self, *args) ‑> size_t
capacity(self) -> size_t
def clear(self, *args) ‑> void
clear(self)
def empty(self, *args) ‑> bool
empty(self) -> bool
def end(self, *args) ‑> qvector< xreflist_entry_t >::const_iterator
end(self) -> xreflist_entry_t
end(self) -> xreflist_entry_t
def erase(self, *args) ‑> qvector< xreflist_entry_t >::iterator
erase(self, it) -> xreflist_entry_t
it: qvector< xreflist_entry_t >::iterator
erase(self, first, last) -> xreflist_entry_t
first: qvector< xreflist_entry_t >::iterator last: qvector< xreflist_entry_t >::iterator
def extract(self, *args) ‑> xreflist_entry_t *
extract(self) -> xreflist_entry_t
def find(self, *args) ‑> qvector< xreflist_entry_t >::const_iterator
find(self, x) -> xreflist_entry_t
x: xreflist_entry_t const &
find(self, x) -> xreflist_entry_t
x: xreflist_entry_t const &
def front(self)
def grow(self, *args) ‑> void
grow(self, x=xreflist_entry_t())
x: xreflist_entry_t const &
def has(self, *args) ‑> bool
has(self, x) -> bool
x: xreflist_entry_t const &
def inject(self, *args) ‑> void
inject(self, s, len)
s: xreflist_entry_t * len: size_t
def insert(self, *args) ‑> qvector< xreflist_entry_t >::iterator
insert(self, it, x) -> xreflist_entry_t
it: qvector< xreflist_entry_t >::iterator x: xreflist_entry_t const &
def pop_back(self, *args) ‑> void
pop_back(self)
def push_back(self, *args) ‑> xreflist_entry_t &
push_back(self, x)
x: xreflist_entry_t const &
def qclear(self, *args) ‑> void
qclear(self)
def reserve(self, *args) ‑> void
reserve(self, cnt)
cnt: size_t
def resize(self, *args) ‑> void
resize(self, _newsize, x)
_newsize: size_t x: xreflist_entry_t const &
resize(self, _newsize)
_newsize: size_t
def size(self, *args) ‑> size_t
size(self) -> size_t
def swap(self, *args) ‑> void
swap(self, r)
r: qvector< xreflist_entry_t > &
def truncate(self, *args) ‑> void
truncate(self)