Module ida_loader
Definitions of IDP, LDR, PLUGIN module interfaces.
This file also contains:
- functions to load files into the database
- functions to generate output files
- high level functions to work with the database (open, save, close)
The LDR interface consists of one structure: loader_t
The IDP interface consists of one structure: processor_t
The PLUGIN interface consists of one structure: plugin_t
Modules can't use standard FILE* functions. They must use functions from
<fpro.h>
Modules can't use standard memory allocation functions. They must use functions
from <pro.h>
The exported entry #1 in the module should point to the the appropriate
structure. (loader_t for LDR module, for example)
Global variables
var ACCEPT_ARCHIVE
-
Specify that a file format is served by archive loader See loader_t::accept_file
var ACCEPT_CONTINUE
-
Specify that the function must be called another time See loader_t::accept_file
var ACCEPT_FIRST
-
Specify that a file format should be place first in "load file" dialog box. See loader_t::accept_file
var DBFL_BAK
-
create backup file (if !DBFL_KILL)
var DBFL_COMP
-
collect garbage
var DBFL_KILL
-
delete unpacked database
var DBFL_TEMP
-
temporary database
var DLLEXT
-
DLLEXT = 'so'
var FILEREG_NOTPATCHABLE
-
the data is kept in some encoded form in the file.
var FILEREG_PATCHABLE
-
means that the input file may be patched (i.e. no compression, no iterated data, etc)
var GENFLG_ASMINC
-
OFILE_ASM,OFILE_LST: gen information only about types
var GENFLG_ASMTYPE
-
OFILE_ASM,OFILE_LST: gen information about types too
var GENFLG_GENHTML
-
OFILE_ASM,OFILE_LST: generate html (ui_genfile_callback will be used)
var GENFLG_IDCTYPE
-
GENFLG_IDCTYPE = 8
var GENFLG_MAPDMNG
-
GENFLG_MAPDMNG = 4
var GENFLG_MAPLOC
-
GENFLG_MAPLOC = 8
var GENFLG_MAPNAME
-
GENFLG_MAPNAME = 2
var GENFLG_MAPSEG
-
GENFLG_MAPSEG = 1
var IDP_DLL
-
IDP_DLL = '*.so'
var LDRF_RELOAD
-
loader recognizes NEF_RELOAD flag
var LDRF_REQ_PROC
-
Requires a processor to be set. if this bit is not set, load_file() must call set_processor_type(..., SETPROC_LOADER)
var LOADER_DLL
-
LOADER_DLL = '*.so'
var MAX_DATABASE_DESCRIPTION
-
Maximum database snapshot description length.
var MODULE_ENTRY_IDP
-
MODULE_ENTRY_IDP = 'LPH'
var MODULE_ENTRY_LOADER
-
MODULE_ENTRY_LOADER = 'LDSC'
var MODULE_ENTRY_PLUGIN
-
MODULE_ENTRY_PLUGIN = 'PLUGIN'
var NEF_CODE
-
for load_binary_file(): load as a code segment
var NEF_FILL
-
Fill segment gaps.
var NEF_FIRST
-
This is the first file loaded into the database.
var NEF_FLAT
-
Autocreate FLAT group (PE)
var NEF_IMPS
-
Create import segment.
var NEF_LALL
-
Load all segments without questions.
var NEF_LOPT
-
Display additional loader options dialog.
var NEF_MAN
-
Manual load.
var NEF_MINI
-
Create mini database (do not copy segment bytes from the input file; use only the file header metadata)
var NEF_NAME
-
Rename entries.
var NEF_RELOAD
-
reload the file at the same place:
- don't create segments
- don't create fixup info
- don't import segments
- etc.
Load only the bytes into the base. A loader should have the LDRF_RELOAD bit set. var NEF_RSCS
-
Load resources.
var NEF_SEGS
-
Create segments.
var OFILE_ASM
-
Assembly.
var OFILE_DIF
-
Difference.
var OFILE_EXE
-
Executable file.
var OFILE_IDC
-
IDC file.
var OFILE_LST
-
Disassembly listing.
var OFILE_MAP
-
MAP file.
var PATH_TYPE_CMD
-
full path to the file specified in the command line
var PATH_TYPE_ID0
-
full path of ID0 file
var PATH_TYPE_IDB
-
full path of IDB file
var PLUGIN_DLL
-
Pattern to find plugin files.
var SSF_AUTOMATIC
-
automatic snapshot
var SSUF_DESC
-
Update the description.
var SSUF_FLAGS
-
Update the flags.
var SSUF_PATH
-
Update the path.
Functions
def base2file(*args) ‑> int
-
base2file(fp, pos, ea1, ea2) -> intUnload database to a binary file. This function works for wide byte processors too.fp: (C++: FILE *) pointer to filepos: (C++: qoff64_t) position in the fileea1: (C++: ea_t) ,ea2: range of source linear addressesea2: (C++: ea_t)return: 1-ok(always), write error leads to immediate exit
def build_snapshot_tree(*args) ‑> bool
-
build_snapshot_tree(root) -> boolBuild the snapshot tree.root: (C++: snapshot_t *) snapshot root that will contain the snapshot tree elements.return: success
def clr_database_flag(*args) ‑> void
-
clr_database_flag(dbfl)dbfl: uint32
def extract_module_from_archive(*args) ‑> PyObject *
-
extract_module_from_archive(fname, is_remote=False) -> (NoneType, NoneType), (str, str)Extract a module for an archive file. Parse an archive file, show the list of modules to the user, allow him to select a module, extract the selected module to a file (if the extract module is an archive, repeat the process). This function can handle ZIP, AR, AIXAR, OMFLIB files. The temporary file will be automatically deleted by IDA at the end.filename: (C++: char *) in: input file. out: name of the selected module.is_remote: (C++: bool) is the input file remote?retval true: okretval false: something bad happened (error message has been displayed to theuser)
def file2base(*args) ‑> int
-
file2base(li, pos, ea1, ea2, patchable) -> intLoad portion of file into the database. This function will include (ea1..ea2) into the addressing space of the program (make it enabled).li: (C++: linput_t *) pointer of input sourcepos: (C++: qoff64_t) position in the fileea1: (C++: ea_t) ,ea2: range of destination linear addressespatchable: (C++: int) should the kernel remember correspondence of file offsets tolinear addresses.retval 1: okretval 0: read error, a warning is displayednote: The storage type of the specified range will be changed to STT_VA.patchable: (C++: int) should the kernel remember correspondence of file offsets tolinear addresses.retval 1: okretval 0: read error, a warning is displayednote: The storage type of the specified range will be changed to STT_VA.
def find_plugin(*args) ‑> plugin_t *
-
find_plugin(name, load_if_needed=False) -> plugin_t *Find a user-defined plugin and optionally load it.name: (C++: const char *) short plugin name without path and extension, or absolute path tothe file nameload_if_needed: (C++: bool) if the plugin is not present in the memory, try to loaditreturn: pointer to plugin description block
def flush_buffers(*args) ‑> int
-
flush_buffers() -> intFlush buffers to the disk.
def gen_exe_file(*args) ‑> int
-
gen_exe_file(fp) -> intGenerate an exe file (unload the database in binary form).fp: (C++: FILE *)return: fp the output file handle. if fp == nullptr then return:
- 1: can generate an executable file
- 0: can't generate an executable file
retval 1: okretval 0: failed def gen_file(*args) ‑> int
-
gen_file(otype, fp, ea1, ea2, flags) -> intGenerate an output file.otype: (C++: ofile_type_t) type of output file.fp: (C++: FILE *) the output file handleea1: (C++: ea_t) start address. For some file types this argument is ignoredea2: (C++: ea_t) end address. For some file types this argument is ignored as usualin ida, the end address of the range is not includedflags: (C++: int) Generate file flagsOFILE_EXE:retval 0: can't generate exe fileretval 1: okreturn: number of the generated lines. -1 if an error occurred
def get_basic_file_type(*args) ‑> filetype_t
-
get_basic_file_type(li) -> filetype_tGet the input file type. This function can recognize libraries and zip files.li: (C++: linput_t *)
def get_elf_debug_file_directory(*args) ‑> char const *
-
get_elf_debug_file_directory() -> char const *Get the value of the ELF_DEBUG_FILE_DIRECTORY configuration directive.
def get_file_type_name(*args) ‑> size_t
-
get_file_type_name() -> strGet name of the current file type. The current file type is kept in idainfo::filetype.return: size of answer, this function always succeeds
def get_fileregion_ea(*args) ‑> ea_t
-
get_fileregion_ea(offset) -> ea_tGet linear address which corresponds to the specified input file offset. If can't be found, return BADADDRoffset: (C++: qoff64_t)
def get_fileregion_offset(*args) ‑> qoff64_t
-
get_fileregion_offset(ea) -> qoff64_tGet offset in the input file which corresponds to the given ea. If the specified ea can't be mapped into the input file offset, return -1.ea: (C++: ea_t)
def get_path(*args) ‑> char const *
-
get_path(pt) -> char const *Get the file pathpt: (C++: path_type_t) file path type Types of the file pathesreturn: file path, never returns nullptr
def get_plugin_options(*args) ‑> char const *
-
get_plugin_options(plugin) -> char const *Get plugin options from the command line. If the user has specified the options in the -Oplugin_name:options format, them this function will return the 'options' part of it The 'plugin' parameter should denote the plugin name Returns nullptr if there we no options specifiedplugin: (C++: const char *) char const *
def is_database_flag(*args) ‑> bool
-
is_database_flag(dbfl) -> boolGet the current database flagdbfl: (C++: uint32) flag Database flagsreturn: the state of the flag (set or cleared)
def is_trusted_idb(*args) ‑> bool
-
is_trusted_idb() -> boolIs the database considered as trusted?
def load_and_run_plugin(*args) ‑> bool
-
load_and_run_plugin(name, arg) -> boolLoad & run a plugin.name: (C++: const char *) char const *arg: (C++: size_t)
def load_binary_file(*args) ‑> bool
-
load_binary_file(filename, li, _neflags, fileoff, basepara, binoff, nbytes) -> boolLoad a binary file into the database. This function usually is called from ui.filename: (C++: const char *) the name of input file as is (if the input file is fromlibrary, then this is the name from the library)li: (C++: linput_t *) loader input source_neflags: (C++: ushort) Load file flags. For the first file, the flag NEF_FIRST must beset.fileoff: (C++: qoff64_t) Offset in the input filebasepara: (C++: ea_t) Load address in paragraphsbinoff: (C++: ea_t) Load offset (load_address=(basepara<<4)+binoff)nbytes: (C++: uint64) Number of bytes to load from the file.
- 0: up to the end of the file
retval true: okretval false: failed (couldn't open the file) def load_ids_module(*args) ‑> int
-
load_ids_module(fname) -> intLoad and apply IDS file. This function loads the specified IDS file and applies it to the database. If the program imports functions from a module with the same name as the name of the ids file being loaded, then only functions from this module will be affected. Otherwise (i.e. when the program does not import a module with this name) any function in the program may be affected.fname: (C++: char *) name of file to applyretval 1: okretval 0: some error (a message is displayed). if the ids file does not exist,no message is displayed
def load_plugin(*args) ‑> PyObject *
-
load_plugin(name) -> PyCapsule or NoneLoads a pluginname: char const *return: - None if plugin could not be loaded
- An opaque object representing the loaded plugin
def mem2base(*args) ‑> int
-
mem2base(py_mem, ea, fpos=-1) -> intLoad database from the memory.py_mem: the bufferea: start linear addressesfpos: position in the input file the data is taken from.if == -1, then no file position correspond to the data.return: - Returns zero if the passed buffer was not a string
- Otherwise 1 is returned
def process_archive(*args) ‑> qstring *
-
process_archive(temp_file, li, module_name, neflags, defmember, loader) -> strCalls loader_t::process_archive() For parameters and return value description look at loader_t::process_archive(). Additional parameter 'loader' is a pointer to load_info_t structure.temp_file: (C++: qstring *)li: (C++: linput_t *)module_name: (C++: qstring *)neflags: (C++: ushort *)defmember: (C++: const char *) char const *loader: (C++: const load_info_t *) load_info_t const *
def reload_file(*args) ‑> bool
-
reload_file(file, is_remote) -> boolReload the input file. This function reloads the byte values from the input file. It doesn't modify the segmentation, names, comments, etc.file: (C++: const char *) name of the input file. if file == nullptr then returns:
- 1: can reload the input file
- 0: can't reload the input file
is_remote: (C++: bool) is the file located on a remote computer with the debuggerserver?return: success def run_plugin(*args) ‑> bool
-
run_plugin(plg, arg) -> boolRuns a pluginplg: A plugin object (returned by load_plugin())arg: size_treturn: Boolean
def save_database(*args) ‑> bool
-
save_database(outfile, flags, root=None, attr=None) -> boolSave current database using a new file name.outfile: (C++: const char *) output database file nameflags: (C++: uint32) Database flagsroot: (C++: const snapshot_t *) optional: snapshot tree root.attr: (C++: const snapshot_t *) optional: snapshot attributesnote: when both root and attr are not nullptr then the snapshot attributes willbe updated, otherwise the snapshot attributes will be inherited from the current database.return: success
def set_database_flag(*args) ‑> void
-
set_database_flag(dbfl, cnd=True)Set or clear database flagdbfl: (C++: uint32) flag Database flagscnd: (C++: bool) set if true or clear flag otherwise
def set_import_name(*args) ‑> void
-
set_import_name(modnode, ea, name)Set information about the named import entry. This function performs 'modnode.supset_ea(ea, name);'modnode: (C++: uval_t) node with information about imported entriesea: (C++: ea_t) linear address of the entryname: (C++: const char *) name of the entry
def set_import_ordinal(*args) ‑> void
-
set_import_ordinal(modnode, ea, ord)Set information about the ordinal import entry. This function performs 'modnode.altset(ord, ea2node(ea));'modnode: (C++: uval_t) node with information about imported entriesea: (C++: ea_t) linear address of the entryord: (C++: uval_t) ordinal number of the entry
def set_path(*args) ‑> void
-
set_path(pt, path)Set the file pathpt: (C++: path_type_t) file path type Types of the file pathespath: (C++: const char *) new file path, use nullptr or empty string to clear the file path
Classes
class idp_desc_t (*args)
-
Proxy of C++ idp_desc_t class.__init__(self) -> idp_desc_t
Instance variables
var checked
-
internal, for cache management
var family
-
processor's family
var is_script
-
the processor module is a script
var mtime
-
time of last modification
var names
-
processor names
var path
-
module file name
class idp_name_t (*args)
-
Proxy of C++ idp_name_t class.__init__(self) -> idp_name_t
Instance variables
-
is hidden
var lname
-
long processor name
var sname
-
short processor name
-
class loader_t (*args)
-
Proxy of C++ loader_t class.__init__(self) -> loader_t
Instance variables
var flags
-
Loader flags
var version
-
api version, should be IDP_INTERFACE_VERSION
class plugin_info_t (*args)
-
Proxy of C++ plugin_info_t class.__init__(self) -> plugin_info_t
Instance variables
var arg
-
argument used to call the plugin
var comment
-
a copy of plugin_t::comment
var dllmem
-
dllmem
var entry
-
pointer to the plugin if it is already loaded
var flags
-
a copy of plugin_t::flags
var hotkey
-
current hotkey to run the plugin
var name
-
short name of the plugin it will appear in the menu
var next
-
next plugin information
var org_hotkey
-
original hotkey to run the plugin
var org_name
-
original short name of the plugin
var path
-
full path to the plugin
class qvector_snapshotvec_t (*args)
-
Proxy of C++ qvector< snapshot_t * > class.__init__(self) -> qvector_snapshotvec_t__init__(self, x) -> qvector_snapshotvec_tx: qvector< snapshot_t * > const &
Methods
def add_unique(self, *args) ‑> bool
-
add_unique(self, x) -> boolx: snapshot_t *const &
def at(self, *args) ‑> snapshot_t *const &
-
at(self, _idx) -> snapshot_t_idx: size_t
def back(self)
def begin(self, *args) ‑> qvector< snapshot_t * >::const_iterator
-
begin(self) -> qvector< snapshot_t * >::iteratorbegin(self) -> qvector< snapshot_t * >::const_iterator
def capacity(self, *args) ‑> size_t
-
capacity(self) -> size_t
def clear(self, *args) ‑> void
-
clear(self)
def empty(self, *args) ‑> bool
-
empty(self) -> bool
def end(self, *args) ‑> qvector< snapshot_t * >::const_iterator
-
end(self) -> qvector< snapshot_t * >::iteratorend(self) -> qvector< snapshot_t * >::const_iterator
def erase(self, *args) ‑> qvector< snapshot_t * >::iterator
-
erase(self, it) -> qvector< snapshot_t * >::iteratorit: qvector< snapshot_t * >::iteratorerase(self, first, last) -> qvector< snapshot_t * >::iteratorfirst: qvector< snapshot_t * >::iteratorlast: qvector< snapshot_t * >::iterator
def extract(self, *args) ‑> snapshot_t **
-
extract(self) -> snapshot_t **
def find(self, *args) ‑> qvector< snapshot_t * >::const_iterator
-
find(self, x) -> qvector< snapshot_t * >::iteratorx: snapshot_t *const &find(self, x) -> qvector< snapshot_t * >::const_iteratorx: snapshot_t *const &
def front(self)
def has(self, *args) ‑> bool
-
has(self, x) -> boolx: snapshot_t *const &
def inject(self, *args) ‑> void
-
inject(self, s, len)s: snapshot_t **len: size_t
def insert(self, *args) ‑> qvector< snapshot_t * >::iterator
-
insert(self, it, x) -> qvector< snapshot_t * >::iteratorit: qvector< snapshot_t * >::iteratorx: snapshot_t *const &
def pop_back(self, *args) ‑> void
-
pop_back(self)
def push_back(self, *args) ‑> snapshot_t *&
-
push_back(self, x)x: snapshot_t *const &push_back(self) -> snapshot_t *&
def qclear(self, *args) ‑> void
-
qclear(self)
def reserve(self, *args) ‑> void
-
reserve(self, cnt)cnt: size_t
def resize(self, *args) ‑> void
-
resize(self, _newsize, x)_newsize: size_tx: snapshot_t *const &resize(self, _newsize)_newsize: size_t
def size(self, *args) ‑> size_t
-
size(self) -> size_t
def swap(self, *args) ‑> void
-
swap(self, r)r: qvector< snapshot_t * > &
def truncate(self, *args) ‑> void
-
truncate(self)
class snapshot_t (*args)
-
Proxy of C++ snapshot_t class.__init__(self) -> snapshot_t
Instance variables
var children
-
snapshot children
var desc
-
snapshot description
var filename
-
snapshot file name
var flags
-
Snapshot flags
var id
-
snapshot ID. This value is computed using qgettimeofday()
Methods
def clear(self, *args) ‑> void
-
clear(self)