Module index

Module ida_loader

IDA Plugin SDK API wrapper: loader

Global variables

var ACCEPT_ARCHIVE
Specify that a file format is served by archive loader See 'loader_t::accept_file'
var ACCEPT_CONTINUE
Specify that the function must be called another time See 'loader_t::accept_file'
var ACCEPT_FIRST
Specify that a file format should be place first in "load file" dialog box. See 'loader_t::accept_file'
var DBFL_BAK
create backup file (if !DBFL_KILL)
var DBFL_COMP
collect garbage
var DBFL_KILL
delete unpacked database
var DBFL_TEMP
temporary database
var DLLEXT
DLLEXT = 'so'
var FILEREG_NOTPATCHABLE
the data is kept in some encoded form in the file.
var FILEREG_PATCHABLE
means that the input file may be patched (i.e. no compression, no iterated data, etc)
var GENFLG_ASMINC
'OFILE_ASM' , 'OFILE_LST' : gen information only about types
var GENFLG_ASMTYPE
'OFILE_ASM' , 'OFILE_LST' : gen information about types too
var GENFLG_GENHTML
'OFILE_ASM' , 'OFILE_LST' : generate html ( 'ui_genfile_callback' will be used)
var GENFLG_IDCTYPE
'OFILE_IDC' : gen only information about types
var GENFLG_MAPDMNG
'OFILE_MAP' : demangle names
var GENFLG_MAPLOC
'OFILE_MAP' : include local names
var GENFLG_MAPNAME
'OFILE_MAP' : include dummy names
var GENFLG_MAPSEG
'OFILE_MAP' : generate map of segments
var IDP_DLL
IDP_DLL = '*.so'
var LDRF_RELOAD
loader recognizes 'NEF_RELOAD' flag
var LDRF_REQ_PROC
Requires a processor to be set. if this bit is not set, load_file() must call set_processor_type(..., SETPROC_LOADER)
var LOADER_DLL
LOADER_DLL = '*.so'
var MAX_DATABASE_DESCRIPTION
Maximum database snapshot description length.
var MODULE_ENTRY_IDP
MODULE_ENTRY_IDP = 'LPH'
var MODULE_ENTRY_LOADER
MODULE_ENTRY_LOADER = 'LDSC'
var MODULE_ENTRY_PLUGIN
MODULE_ENTRY_PLUGIN = 'PLUGIN'
var NEF_CODE
for 'load_binary_file()' : load as a code segment
var NEF_FILL
Fill segment gaps.
var NEF_FIRST
This is the first file loaded into the database.
var NEF_FLAT
Autocreate FLAT group (PE)
var NEF_IMPS
Create import segment.
var NEF_LALL
Load all segments without questions.
var NEF_LOPT
Display additional loader options dialog.
var NEF_MAN
Manual load.
var NEF_MINI
Create mini database (do not copy segment bytes from the input file; use only the file header metadata)
var NEF_NAME
Rename entries.
var NEF_RELOAD
reload the file at the same place:don't create segmentsdon't create fixup infodon't import segmentsetc load only the bytes into the base. a loader should have 'LDRF_RELOAD' bit set
var NEF_RSCS
Load resources.
var NEF_SEGS
Create segments.
var OFILE_ASM
OFILE_ASM = 4
var OFILE_DIF
OFILE_DIF = 5
var OFILE_EXE
OFILE_EXE = 1
var OFILE_IDC
OFILE_IDC = 2
var OFILE_LST
OFILE_LST = 3
var OFILE_MAP
OFILE_MAP = 0
var PATH_TYPE_CMD
PATH_TYPE_CMD = 0
var PATH_TYPE_ID0
PATH_TYPE_ID0 = 2
var PATH_TYPE_IDB
PATH_TYPE_IDB = 1
var PLUGIN_DLL
Pattern to find plugin files.
var SSF_AUTOMATIC
automatic snapshot
var SSUF_DESC
Update the description.
var SSUF_FLAGS
Update the flags.
var SSUF_PATH
Update the path.

Functions

def base2file(*args) ‑> int
Unload database to a binary file. This function works for wide byte processors too.
base2file(fp, pos, ea1, ea2) -> int
fp: pointer to file (C++: FILE *)
pos: position in the file (C++: qoff64_t)
ea1: range of source linear addresses (C++: ea_t)
ea2: range of source linear addresses (C++: ea_t)
return: 1-ok(always), write error leads to immediate exit
def build_snapshot_tree(*args) ‑> bool
Build the snapshot tree.
build_snapshot_tree(root) -> bool
root: snapshot root that will contain the snapshot tree
elements. (C++: snapshot_t *)
return: success
def clr_database_flag(*args) ‑> void
clr_database_flag(dbfl)
dbfl (C++: uint32)
def extract_module_from_archive(*args) ‑> PyObject *
Extract a module for an archive file. Parse an archive file, show the list of modules to the user, allow him to select a module, extract the selected module to a file (if the extract module is an archive, repeat the process). This function can handle ZIP, AR, AIXAR, OMFLIB files. The temporary file will be automatically deleted by IDA at the end.
extract_module_from_archive(fname, is_remote=False) -> PyObject *
fname: char const *
is_remote: is the input file remote? (C++: bool)
retval: true - ok
retval: false - something bad happened (error message has been
displayed to the user)
def file2base(*args) ‑> int
Load portion of file into the database. This function will include (ea1..ea2) into the addressing space of the program (make it enabled).The storage type of the specified range will be changed to STT_VA.
file2base(li, pos, ea1, ea2, patchable) -> int
li: pointer of input source (C++: linput_t *)
pos: position in the file (C++: qoff64_t)
ea1: range of destination linear addresses (C++: ea_t)
ea2: range of destination linear addresses (C++: ea_t)
patchable: should the kernel remember correspondence of file
offsets to linear addresses. (C++: int)
retval: 1 - ok
retval: 0 - read error, a warning is displayed
def find_plugin(*args) ‑> plugin_t *
Find a user-defined plugin and optionally load it.
find_plugin(name, load_if_needed=False) -> plugin_t *
name: short plugin name without path and extension, or absolute
path to the file name (C++: const char *)
load_if_needed: if the plugin is not present in the memory, try
to load it (C++: bool)
return: pointer to plugin description block
def flush_buffers(*args) ‑> int
Flush buffers to the disk.
def gen_exe_file(*args) ‑> int
Generate an exe file (unload the database in binary form).
gen_exe_file(fp) -> int
fp (C++: FILE *)
return: fp the output file handle. if fp == NULL then return: 1:
can generate an executable file 0: can't generate an executable file
retval: 1 - ok
retval: 0 - failed
def gen_file(*args) ‑> int
Generate an output file. 'OFILE_EXE' :
gen_file(otype, fp, ea1, ea2, flags) -> int
otype: type of output file. (C++: ofile_type_t)
fp: the output file handle (C++: FILE *)
ea1: start address. For some file types this argument is
ignored (C++: ea_t)
ea2: end address. For some file types this argument is ignored
as usual in ida, the end address of the range is not included (C++: ea_t)
flags: Generate file flags (C++: int)
return: number of the generated lines. -1 if an error occurred
retval: 0 - can't generate exe file
retval: 1 - ok
def get_basic_file_type(*args) ‑> filetype_t
Get the input file type. This function can recognize libraries and zip files.
get_basic_file_type(li) -> filetype_t
li (C++: linput_t *)
def get_elf_debug_file_directory(*args) ‑> char const *
Get the value of the ELF_DEBUG_FILE_DIRECTORY configuration directive.
def get_file_type_name(*args) ‑> size_t
Get name of the current file type. The current file type is kept in
\inf{filetype}
.
def get_fileregion_ea(*args) ‑> ea_t
Get linear address which corresponds to the specified input file offset. If can't be found, return 'BADADDR'
get_fileregion_ea(offset) -> ea_t
offset (C++: qoff64_t)
def get_fileregion_offset(*args) ‑> qoff64_t
Get offset in the input file which corresponds to the given ea. If the specified ea can't be mapped into the input file offset, return -1.
get_fileregion_offset(ea) -> qoff64_t
ea (C++: ea_t)
def get_path(*args) ‑> char const *
Get the file path
get_path(pt) -> char const *
pt: file path type Types of the file pathes (C++: path_type_t)
return: file path, never returns NULL
def get_plugin_options(*args) ‑> char const *
Get plugin options from the command line. If the user has specified the options in the -Oplugin_name:options format, them this function will return the 'options' part of it The 'plugin' parameter should denote the plugin name Returns NULL if there we no options specified
get_plugin_options(plugin) -> char const *
plugin (C++: const char *)
def is_database_flag(*args) ‑> bool
Get the current database flag
is_database_flag(dbfl) -> bool
dbfl: flag Database flags (C++: uint32)
return: the state of the flag (set or cleared)
def is_trusted_idb(*args) ‑> bool
Is the database considered as trusted?
def load_and_run_plugin(*args) ‑> bool
Load & run a plugin.
load_and_run_plugin(name, arg) -> bool
name (C++: const char *)
arg (C++: size_t)
def load_binary_file(*args) ‑> bool
Load a binary file into the database. This function usually is called from ui.
load_binary_file(filename, li, _neflags, fileoff, basepara, binoff, nbytes) -> bool
filename: the name of input file as is (if the input file is
from library, then this is the name from the library) (C++: const char *)
li: loader input source (C++: linput_t *)
_neflags: Load file flags . For the first file, the flag
NEF_FIRST must be set. (C++: ushort)
fileoff: Offset in the input file (C++: qoff64_t)
basepara: Load address in paragraphs (C++: ea_t)
binoff: Load offset (load_address=(basepara<<4)+binoff) (C++:
ea_t)
nbytes: Number of bytes to load from the file. 0: up to the
end of the file (C++: uint64)
retval: true - ok
retval: false - failed (couldn't open the file)
def load_ids_module(*args) ‑> int
Load and apply IDS file. This function loads the specified IDS file and applies it to the database. If the program imports functions from a module with the same name as the name of the ids file being loaded, then only functions from this module will be affected. Otherwise (i.e. when the program does not import a module with this name) any function in the program may be affected.
load_ids_module(fname) -> int
fname: name of file to apply (C++: char *)
retval: 1 - ok
retval: 0 - some error (a message is displayed). if the ids file does
not exist, no message is displayed
def load_plugin(*args) ‑> PyObject *
load_plugin(name) -> PyObject *
Loads a plugin
return:
  • None if plugin could not be loaded
  • An opaque object representing the loaded plugin
def mem2base(*args) ‑> int
mem2base(py_mem, ea, fpos=-1) -> int
Load database from the memory.
mem: the buffer
ea: start linear addresses
fpos: position in the input file the data is taken from.
if == -1, then no file position correspond to the data.
return:
  • Returns zero if the passed buffer was not a string
  • Otherwise 1 is returned
def process_archive(*args) ‑> qstring *
Calls 'loader_t::process_archive()' For parameters and return value description look at 'loader_t::process_archive()' . Additional parameter:
process_archive(temp_file, li, module_name, neflags, defmember, loader) -> str
temp_file (C++: qstring *)
li (C++: linput_t *)
module_name (C++: qstring *)
neflags (C++: ushort *)
defmember (C++: const char *)
loader: pointer to load_info_t structure. (C++: const
load_info_t *)
def reload_file(*args) ‑> bool
Reload the input file. This function reloads the byte values from the input file. It doesn't modify the segmentation, names, comments, etc.
reload_file(file, is_remote) -> bool
file: name of the input file. if file == NULL then returns:
1: can reload the input file 0: can't reload the input file (C++: const char *)
is_remote: is the file located on a remote computer with the
debugger server? (C++: bool)
return: success
def run_plugin(*args) ‑> bool
run_plugin(plg, arg) -> bool
Runs a plugin
plg: A plugin object (returned by load_plugin())
return: Boolean
def save_database(*args) ‑> bool
Save current database using a new file name.when both root and attr are not NULL then the snapshot attributes will be updated, otherwise the snapshot attributes will be inherited from the current database.
save_database(outfile, flags, root=None, attr=None) -> bool
outfile: output database file name (C++: const char *)
flags: Database flags (C++: uint32)
root: optional: snapshot tree root. (C++: const snapshot_t *)
attr: optional: snapshot attributes (C++: const snapshot_t *)
return: success
def set_database_flag(*args) ‑> void
Set or clear database flag
set_database_flag(dbfl, cnd=True)
dbfl: flag Database flags (C++: uint32)
cnd: set if true or clear flag otherwise (C++: bool)
def set_path(*args) ‑> void
Set the file path
set_path(pt, path)
pt: file path type Types of the file pathes (C++: path_type_t)
path: new file path, use NULL or empty string to clear the file
path (C++: const char *)

Classes

class idp_desc_t (*args)
Proxy of C++ idp_desc_t class.
__init__(self) -> idp_desc_t

Instance variables

var checked
idp_desc_t_checked_get(self) -> bool
var family
idp_desc_t_family_get(self) -> qstring *
var is_script
idp_desc_t_is_script_get(self) -> bool
var mtime
idp_desc_t_mtime_get(self) -> time_t
var names
idp_desc_t_names_get(self) -> idp_names_t *
var path
idp_desc_t_path_get(self) -> qstring *
class idp_name_t (*args)
Proxy of C++ idp_name_t class.
__init__(self) -> idp_name_t

Instance variables

var hidden
idp_name_t_hidden_get(self) -> bool
var lname
idp_name_t_lname_get(self) -> qstring *
var sname
idp_name_t_sname_get(self) -> qstring *
class loader_t (*args)
Proxy of C++ loader_t class.
__init__(self) -> loader_t

Instance variables

var flags
loader_t_flags_get(self) -> uint32
var version
loader_t_version_get(self) -> uint32
class plugin_info_t (*args)
Proxy of C++ plugin_info_t class.
__init__(self) -> plugin_info_t

Instance variables

var arg
plugin_info_t_arg_get(self) -> size_t
var comment
plugin_info_t_comment_get(self) -> char *
var dllmem
plugin_info_t_dllmem_get(self) -> idadll_t *
var entry
plugin_info_t_entry_get(self) -> plugin_t *
var flags
plugin_info_t_flags_get(self) -> int
var hotkey
plugin_info_t_hotkey_get(self) -> ushort
var name
plugin_info_t_name_get(self) -> char *
var next
plugin_info_t_next_get(self) -> plugin_info_t
var org_hotkey
plugin_info_t_org_hotkey_get(self) -> ushort
var org_name
plugin_info_t_org_name_get(self) -> char *
var path
plugin_info_t_path_get(self) -> char *
class qvector_snapshotvec_t (*args)
Proxy of C++ qvector< snapshot_t * > class.
__init__(self) -> qvector_snapshotvec_t
x: qvector< snapshot_t * > const &

Methods

def add_unique(self, *args) ‑> bool
add_unique(self, x) -> bool
x: snapshot_t *const &
def at(self, *args) ‑> snapshot_t *const &
at(self, _idx) -> snapshot_t
_idx: size_t
def back(self)
def begin(self, *args) ‑> qvector< snapshot_t * >::const_iterator
begin(self) -> qvector< snapshot_t * >::iterator
begin(self) -> qvector< snapshot_t * >::const_iterator
def capacity(self, *args) ‑> size_t
capacity(self) -> size_t
def clear(self, *args) ‑> void
clear(self)
def empty(self, *args) ‑> bool
empty(self) -> bool
def end(self, *args) ‑> qvector< snapshot_t * >::const_iterator
end(self) -> qvector< snapshot_t * >::iterator
end(self) -> qvector< snapshot_t * >::const_iterator
def erase(self, *args) ‑> qvector< snapshot_t * >::iterator
erase(self, it) -> qvector< snapshot_t * >::iterator
it: qvector< snapshot_t * >::iterator
erase(self, first, last) -> qvector< snapshot_t * >::iterator
first: qvector< snapshot_t * >::iterator last: qvector< snapshot_t * >::iterator
def extract(self, *args) ‑> snapshot_t **
extract(self) -> snapshot_t **
def find(self, *args) ‑> qvector< snapshot_t * >::const_iterator
find(self, x) -> qvector< snapshot_t * >::iterator
x: snapshot_t *const &
find(self, x) -> qvector< snapshot_t * >::const_iterator
x: snapshot_t *const &
def front(self)
def has(self, *args) ‑> bool
has(self, x) -> bool
x: snapshot_t *const &
def inject(self, *args) ‑> void
inject(self, s, len)
s: snapshot_t ** len: size_t
def insert(self, *args) ‑> qvector< snapshot_t * >::iterator
insert(self, it, x) -> qvector< snapshot_t * >::iterator
it: qvector< snapshot_t * >::iterator x: snapshot_t *const &
def pop_back(self, *args) ‑> void
pop_back(self)
def push_back(self, *args) ‑> snapshot_t *&
push_back(self, x)
x: snapshot_t *const &
def qclear(self, *args) ‑> void
qclear(self)
def reserve(self, *args) ‑> void
reserve(self, cnt)
cnt: size_t
def resize(self, *args) ‑> void
resize(self, _newsize, x)
_newsize: size_t x: snapshot_t *const &
resize(self, _newsize)
_newsize: size_t
def size(self, *args) ‑> size_t
size(self) -> size_t
def swap(self, *args) ‑> void
swap(self, r)
r: qvector< snapshot_t * > &
def truncate(self, *args) ‑> void
truncate(self)
class snapshot_t (*args)
Proxy of C++ snapshot_t class.
__init__(self) -> snapshot_t

Instance variables

var children
snapshot_t_children_get(self) -> qvector_snapshotvec_t
var desc
snapshot_t_desc_get(self) -> char [128]
var filename
snapshot_t_filename_get(self) -> char [QMAXPATH]
var flags
snapshot_t_flags_get(self) -> uint16
var id
snapshot_t_id_get(self) -> qtime64_t

Methods

def clear(self, *args) ‑> void
clear(self)