Module `ida_xref`

Functions that deal with cross-references.

There are 2 types of xrefs: CODE and DATA references. All xrefs are kept in the bTree except ordinary execution flow to the next instruction. Ordinary execution flow to the next instruction is kept in flags (see bytes.hpp)

The source address of a cross-reference must be an item head (is_head) or a structure member id.

Cross-references are automatically sorted.

Global variables

var XREF_ALL: return all references
var XREF_BASE: Reference to the base part of an offset.
var XREF_DATA: return data references only
var XREF_FAR: don't return ordinary flow xrefs
var XREF_MASK: Mask to get xref type.
var XREF_PASTEND: Reference is past item. This bit may be passed to add_dref() functions but it won't be saved in the database. It will prevent the destruction of eventual alignment directives.
var XREF_TAIL: Reference to tail byte in extrn symbols.
var XREF_USER: User specified xref. This xref will not be deleted by IDA. This bit should be combined with the existing xref types (cref_t & dref_t) Cannot be used for fl_F xrefs
var dr_I: Informational (a derived java class references its base class informationally)
var dr_O: Offset The reference uses 'offset' of data rather than its value OR The reference appeared because the "OFFSET" flag of instruction is set. The meaning of this type is IDP dependent.
var dr_R: Read access.
var dr_S: Reference to enum member (symbolic constant)
var dr_T: Text (for forced operands only) Name of data is used in manual operand
var dr_U: Unknown - for compatibility with old versions. Should not be used anymore.
var dr_W: Write access.
var fl_CF: Call Far This xref creates a function at the referenced location
var fl_CN: Call Near This xref creates a function at the referenced location
var fl_F: Ordinary flow: used to specify execution flow to the next instruction.
var fl_JF: Jump Far.
var fl_JN: Jump Near.
var fl_U: unknown - for compatibility with old versions. Should not be used anymore.
var fl_USobsolete: User specified (obsolete)

Functions

def add_cref(*args) ‑> bool

add_cref(frm, to, type) -> bool

Create a code cross-reference.

from: (C++: ea_t) linear address of referencing instruction

to: (C++: ea_t) linear address of referenced instruction

type: (C++: cref_t) cross-reference type

return: success

def add_dref(*args) ‑> bool

add_dref(frm, to, type) -> bool

Create a data cross-reference.

from: (C++: ea_t) linear address of referencing instruction or data

to: (C++: ea_t) linear address of referenced data

type: (C++: dref_t) cross-reference type

return: success (may fail if user-defined xref exists from->to)

def calc_switch_cases(*args) ‑> cases_and_targets_t *

calc_switch_cases(ea, si) -> cases_and_targets_t

Get information about a switch's cases.

The returned information can be used as follows:

for idx in range(len(results.cases)):

cur_case = results.cases[idx] for cidx in range(len(cur_case)):

print("case: %d" % cur_case[cidx])

print(" goto 0x%x" % results.targets[idx])

ea: address of the 'indirect jump' instruction

si: switch information

return: a structure with 2 members: 'cases', and 'targets'.

def create_switch_table(*args) ‑> bool

create_switch_table(ea, si) -> bool

Create switch table from the switch information

ea: address of the 'indirect jump' instruction

si: switch information

return: Boolean

def create_switch_xrefs(*args) ‑> bool

create_switch_xrefs(ea, si) -> bool

This function creates xrefs from the indirect jump.

Usually there is no need to call this function directly because the kernel will call it for switch tables

Note: Custom switch information are not supported yet.

ea: address of the 'indirect jump' instruction

si: switch information

return: Boolean

def del_cref(*args) ‑> bool

del_cref(frm, to, expand) -> bool

Delete a code cross-reference.

from: (C++: ea_t) linear address of referencing instruction

to: (C++: ea_t) linear address of referenced instruction

expand: (C++: bool) policy to delete the referenced instruction

1: plan to delete the referenced instruction if it has no more references.
0: don't delete the referenced instruction even if no more cross-references point to it

retval true: if the referenced instruction will be deleted

def del_dref(*args) ‑> void

del_dref(frm, to)

Delete a data cross-reference.

from: (C++: ea_t) linear address of referencing instruction or data

to: (C++: ea_t) linear address of referenced data

def delete_switch_table(*args) ‑> void

delete_switch_table(jump_ea, si)

jump_ea: ea_t

si: switch_info_t const &

def get_first_cref_from(*args) ‑> ea_t

get_first_cref_from(frm) -> ea_t

Get first instruction referenced from the specified instruction. If the specified instruction passes execution to the next instruction then the next instruction is returned. Otherwise the lowest referenced address is returned (remember that xrefs are kept sorted!).

from: (C++: ea_t) linear address of referencing instruction

return: first referenced address. If the specified instruction doesn't

reference to other instructions then returns BADADDR.

def get_first_cref_to(*args) ‑> ea_t

get_first_cref_to(to) -> ea_t

Get first instruction referencing to the specified instruction. If the specified instruction may be executed immediately after its previous instruction then the previous instruction is returned. Otherwise the lowest referencing address is returned. (remember that xrefs are kept sorted!).

to: (C++: ea_t) linear address of referenced instruction

return: linear address of the first referencing instruction or BADADDR.

def get_first_dref_from(*args) ‑> ea_t

get_first_dref_from(frm) -> ea_t

Get first data referenced from the specified address.

from: (C++: ea_t) linear address of referencing instruction or data

return: linear address of first (lowest) data referenced from the specified

address. Return BADADDR if the specified instruction/data doesn't reference to anything.

def get_first_dref_to(*args) ‑> ea_t

get_first_dref_to(to) -> ea_t

Get address of instruction/data referencing to the specified data.

to: (C++: ea_t) linear address of referencing instruction or data

return: BADADDR if nobody refers to the specified data.

def get_first_fcref_from(*args) ‑> ea_t

get_first_fcref_from(frm) -> ea_t

from: ea_t

def get_first_fcref_to(*args) ‑> ea_t

get_first_fcref_to(to) -> ea_t

to: ea_t

def get_next_cref_from(*args) ‑> ea_t

get_next_cref_from(frm, current) -> ea_t

Get next instruction referenced from the specified instruction.

from: (C++: ea_t) linear address of referencing instruction

current: (C++: ea_t) linear address of current referenced instruction This value is

returned by get_first_cref_from() or previous call to get_next_cref_from() functions.

return: next referenced address or BADADDR.

def get_next_cref_to(*args) ‑> ea_t

get_next_cref_to(to, current) -> ea_t

Get next instruction referencing to the specified instruction.

to: (C++: ea_t) linear address of referenced instruction

current: (C++: ea_t) linear address of current referenced instruction This value is

returned by get_first_cref_to() or previous call to get_next_cref_to() functions.

return: linear address of the next referencing instruction or BADADDR.

def get_next_dref_from(*args) ‑> ea_t

get_next_dref_from(frm, current) -> ea_t

Get next data referenced from the specified address.

from: (C++: ea_t) linear address of referencing instruction or data

current: (C++: ea_t) linear address of current referenced data. This value is

returned by get_first_dref_from() or previous call to get_next_dref_from() functions.

return: linear address of next data or BADADDR.

def get_next_dref_to(*args) ‑> ea_t

get_next_dref_to(to, current) -> ea_t

Get address of instruction/data referencing to the specified data

to: (C++: ea_t) linear address of referencing instruction or data

current: (C++: ea_t) current linear address. This value is returned by

get_first_dref_to() or previous call to get_next_dref_to() functions.

return: BADADDR if nobody refers to the specified data.

def get_next_fcref_from(*args) ‑> ea_t

get_next_fcref_from(frm, current) -> ea_t

from: ea_t

current: ea_t

def get_next_fcref_to(*args) ‑> ea_t

get_next_fcref_to(to, current) -> ea_t

to: ea_t

current: ea_t

def has_external_refs(*args) ‑> bool

has_external_refs(pfn, ea) -> bool

Does 'ea' have references from outside of 'pfn'?

pfn: (C++: func_t *)

ea: (C++: ea_t)

def xrefchar(*args) ‑> char

xrefchar(xrtype) -> char

Get character describing the xref type.

xrtype: (C++: char) combination of Cross-Reference type flags and a cref_t of dref_t

value

Classes

class cases_and_targets_t (*args)

Proxy of C++ cases_and_targets_t class.

__init__(self) -> cases_and_targets_t

Instance variables

var cases: cases
var targets: targets

class casevec_t (*args)

Proxy of C++ qvector< qvector< sval_t > > class.

__init__(self) -> casevec_t

__init__(self, x) -> casevec_t

x: qvector< qvector< long long > > const &

Methods

def add_unique(self, *args) ‑> bool: add_unique(self, x) -> bool
x: qvector< long long > const &
def append(self, *args) ‑> qvector< long long > &: push_back(self, x)
x: qvector< long long > const &

push_back(self) -> qvector< long long > &
def at(self, *args) ‑> qvector< long long > const &: __getitem__(self, i) -> qvector< long long > const &
i: size_t
def back(self)
def begin(self, *args) ‑> qvector< qvector< long long > >::const_iterator: begin(self) -> qvector< qvector< long long > >::iterator

begin(self) -> qvector< qvector< long long > >::const_iterator
def capacity(self, *args) ‑> size_t: capacity(self) -> size_t
def clear(self, *args) ‑> void: clear(self)
def empty(self, *args) ‑> bool: empty(self) -> bool
def end(self, *args) ‑> qvector< qvector< long long > >::const_iterator: end(self) -> qvector< qvector< long long > >::iterator

end(self) -> qvector< qvector< long long > >::const_iterator
def erase(self, *args) ‑> qvector< qvector< long long > >::iterator: erase(self, it) -> qvector< qvector< long long > >::iterator
it: qvector< qvector< long long > >::iterator

erase(self, first, last) -> qvector< qvector< long long > >::iterator
first: qvector< qvector< long long > >::iterator

last: qvector< qvector< long long > >::iterator
def extract(self, *args) ‑> qvector< long long > *: extract(self) -> qvector< long long > *
def find(self, *args) ‑> qvector< qvector< long long > >::const_iterator: find(self, x) -> qvector< qvector< long long > >::iterator
x: qvector< long long > const &

find(self, x) -> qvector< qvector< long long > >::const_iterator
x: qvector< long long > const &
def front(self)
def grow(self, *args) ‑> void: grow(self, x=qvector< long long >())

x: qvector< long long > const &
def has(self, *args) ‑> bool: has(self, x) -> bool
x: qvector< long long > const &
def inject(self, *args) ‑> void: inject(self, s, len)
s: qvector< long long > *

len: size_t
def insert(self, *args) ‑> qvector< qvector< long long > >::iterator: insert(self, it, x) -> qvector< qvector< long long > >::iterator
it: qvector< qvector< long long > >::iterator

x: qvector< long long > const &
def pop_back(self, *args) ‑> void: pop_back(self)
def push_back(self, *args) ‑> qvector< long long > &: push_back(self, x)
x: qvector< long long > const &

push_back(self) -> qvector< long long > &
def qclear(self, *args) ‑> void: qclear(self)
def reserve(self, *args) ‑> void: reserve(self, cnt)
cnt: size_t
def resize(self, *args) ‑> void: resize(self, _newsize, x)
_newsize: size_t

x: qvector< long long > const &

resize(self, _newsize)
_newsize: size_t
def size(self, *args) ‑> size_t: size(self) -> size_t
def swap(self, *args) ‑> void: swap(self, r)
r: qvector< qvector< long long > > &
def truncate(self, *args) ‑> void: truncate(self)

class xrefblk_t (*args)

Proxy of C++ xrefblk_t class.

__init__(self) -> xrefblk_t

Instance variables

var frm: frm
var iscode: 1-is code reference; 0-is data reference
var to: the referenced address - filled by first_from(), next_from()
var type: type of the last returned reference (cref_t & dref_t)
var user: 1-is user defined xref, 0-defined by ida

Methods

def crefs_from(self, ea): Provide an iterator on code references from ea including flow references
def crefs_to(self, ea): Provide an iterator on code references to ea including flow references
def drefs_from(self, ea): Provide an iterator on data references from ea
def drefs_to(self, ea): Provide an iterator on data references to ea
def fcrefs_from(self, ea): Provide an iterator on code references from ea
def fcrefs_to(self, ea): Provide an iterator on code references to ea
def first_from(self, *args) ‑> bool: first_from(self, _from, flags) -> bool
Get first xref from the given address (store in to)

_from: (C++: ea_t)

flags: (C++: int)
def first_to(self, *args) ‑> bool: first_to(self, _to, flags) -> bool
Get xref to given address (store in from)

_to: (C++: ea_t)

flags: (C++: int)
def next_from(self, *args) ‑> bool: next_from(self) -> bool
Get xref from '_from' that comes after '_to'.

next_from(self, _from, _to, flags) -> bool
_from: ea_t

_to: ea_t

flags: int
def next_to(self, *args) ‑> bool: next_to(self) -> bool
Get xref to '_to' that comes after '_from'.

next_to(self, _from, _to, flags) -> bool
_from: ea_t

_to: ea_t

flags: int
def refs_from(self, ea, flag): Provide an iterator on from reference represented by flag
def refs_to(self, ea, flag): Provide an iterator on to reference represented by flag