State-of-the-art binary code analysis tools

Detailed Description

A function is a set of continuous ranges of addresses with characteristics.

Inherits range_t.

Public Attributes

uint64 flags
 Function flags
 
union {
   struct {
      uval_t   frame
 netnode id of frame structure - see frame.hpp
 
      asize_t   frsize
 size of local variables part of frame in bytes. More...
 
      ushort   frregs
 size of saved registers in frame. More...
 
      asize_t   argsize
 number of bytes purged from the stack upon returning
 
      asize_t   fpd
 frame pointer delta. More...
 
      bgcolor_t   color
 user defined function color
 
      uint32   pntqty
 number of SP change points
 
      stkpnt_t *   points
 array of SP change points. More...
 
      int   regvarqty
 number of register variables (-1-not read in yet) use find_regvar() to read register variables
 
      regvar_t *   regvars
 array of register variables. More...
 
      int   llabelqty
 number of local labels
 
      llabel_t *   llabels
 local labels. More...
 
      int   regargqty
 number of register arguments. More...
 
      regarg_t *   regargs
 unsorted array of register arguments. More...
 
      int   tailqty
 number of function tails
 
      range_t *   tails
 array of tails, sorted by ea. More...
 
   } 
 attributes of a function entry chunk
 
   struct {
      ea_t   owner
 the address of the main function possessing this tail
 
      int   refqty
 number of referers
 
      ea_t *   referers
 array of referers (function start addresses). More...
 
   } 
 attributes of a function tail chunk
 
}; 
 
- Public Attributes inherited from range_t
ea_t start_ea
 start_ea included
 
ea_t end_ea
 end_ea excluded
 

Public Member Functions

bool is_far (void) const
 Is a far function?
 
bool does_return (void) const
 Does function return?
 
bool analyzed_sp (void) const
 Has SP-analysis been performed?
 
bool need_prolog_analysis (void) const
 Needs prolog analysis?
 
 func_t (ea_t start=0, ea_t end=0, flags_t f=0)
 
- Public Member Functions inherited from range_t
 range_t (void)
 Constructor.
 
 range_t (ea_t ea1, ea_t ea2)
 Constructor.
 
int compare (const range_t &r) const
 Compare two range_t instances, based on the start_ea.
 
bool operator== (const range_t &r) const
 Compare two range_t's with '=='.
 
bool operator != (const range_t &r) const
 Compare two range_t's with '!='.
 
bool operator > (const range_t &r) const
 Compare two range_t's with '<'.
 
bool operator< (const range_t &r) const
 Compare two range_t's with '>'.
 
bool contains (ea_t ea) const
 Is 'ea' in the address range?
 
bool contains (const range_t &r) const
 Is every ea in 'r' also in this range_t?
 
bool overlaps (const range_t &r) const
 Is there an ea in 'r' that is also in this range_t?
 
void clear (void)
 Set start_ea, end_ea to 0.
 
bool empty (void) const
 Is the size of the range_t <= 0?
 
asize_t size (void) const
 Get end_ea - start_ea.
 
void intersect (const range_t &r)
 Assign the range_t to the intersection between the range_t and 'r'.
 
void extend (ea_t ea)
 Ensure that the range_t includes 'ea'.
 
size_t print (char *buf, size_t bufsize) const
 Print the range_t. More...
 

Member Data Documentation

◆ frsize

asize_t func_t::frsize

size of local variables part of frame in bytes.

If FUNC_FRAME is set and fpd==0, the frame pointer (EBP) is assumed to point to the top of the local variables range.

◆ frregs

ushort func_t::frregs

size of saved registers in frame.

This range is immediately above the local variables range.

◆ fpd

asize_t func_t::fpd

frame pointer delta.

(usually 0, i.e. realBP==typicalBP) use update_fpd() to modify it.

◆ points

stkpnt_t* func_t::points

array of SP change points.

use ...stkpnt...() functions to access this array.

◆ regvars

regvar_t* func_t::regvars

array of register variables.

this array is sorted by: start_ea. use ...regvar...() functions to access this array.

◆ llabels

llabel_t* func_t::llabels

local labels.

this array shouldn't be accessed directly; name.hpp functions should be used instead.

◆ regargqty

int func_t::regargqty

number of register arguments.

During analysis IDA tries to guess the register arguments. It stores store the guessing outcome in this field. As soon as it determines the final function prototype, regargqty is set to zero.

◆ regargs

regarg_t* func_t::regargs

unsorted array of register arguments.

use ...regarg...() functions to access this array. regargs are destroyed when the full function type is determined.

◆ tails

range_t* func_t::tails

array of tails, sorted by ea.

use func_tail_iterator_t to access function tails.

◆ referers

ea_t* func_t::referers

array of referers (function start addresses).

use func_parent_iterator_t to access the referers.


The documentation for this class was generated from the following file: